Presentation is loading. Please wait.

Presentation is loading. Please wait.

Public Key Cryptography: Concepts and Applications Chapter Six Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc. 2007.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Public Key Cryptography: Concepts and Applications Chapter Six Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc. 2007."— Presentation transcript:

1 Public Key Cryptography: Concepts and Applications Chapter Six Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc. 2007

2

3 Chapter Six Objectives 1. Infer various uses of public key cryptography and explain the meaning, characteristics, and uses of digital signature. 2. Understand the role of trust in the Internet business environment. 3. Describe the nature and characteristics of public key infrastructure. 4. Interpret the role of public key cryptography in achieving security objectives. 5. Describe various applications of the public key infrastructure.

4 How do you get the secret key in the hands of the receiver of the message? Key distribution: Distributing secret key in a secured manner. Key agreement: Using a key agreement protocol, key value is determined by sender and receiver of a message. Diffie-Hallman protocol is a widely-used protocol for this purpose.

5 Digital Signature Role of signature: A signature testifies/acknowledges some content. The signor links/binds himself/herself to the content. Digital signature: A way of electronically binding oneself to the content of a message or a document. The way to do this is by encrypting message digest (or the message) using one’s private key.

6 Trust in Public Keys Need for trust Anywhere, anytime, anyone models of doing business have surfaced. Transactions (orders) may come from a person you may never meet. It is therefore necessary to authenticate the person requesting goods or services.

7 Trust Compared to Security Trust means to rely on. Trust has to do with the expectation that the person or an entity relied on will behave in a predictable manner (e.g., pay dues). Trusting is an act of the receiver; security is in the hands of those accountable for information assets. Trust is viewed in the context of use (e.g., value of transaction); security is a constant, regardless of who makes the determination. Therefore, levels of trust can be determined and used depending on the context of use; security has two states, either an information asset is secured, or is unsecured.

8 Sources and Levels of Trust Since context of use will vary, different levels of trust can be identified. Trust level to be established for a $10 transaction would be different than for a $50 million electronic fund transfer. This way of looking at establishing trust also provides cost effectiveness to systems that help determine whether to trust a user (customer, for example). Different organizations or people may trust the same entity to different degrees.

9 Meeting Requirements of Trust Digital (public key) certificate Certification authority Trust levels in digital certificate Web trust models

10 Digital (Public Key) Certificate A certificate provided by a certification authority, certifying owner’s public key. The certificate has a plaintext part and an encrypted part. The plaintext discloses the certificate holder’s name, the issuer (CA), expiration date, etc. The encrypted part is where the CA has stored the subject’s public key, encrypted using the CA’s private key.

11 Certification Authority (CA) An organization that issues digital certificates. The CA performs many tasks: Receive application for keys. Verify applicant’s identity, conduct due diligence appropriate to the trust level, and issue key pairs. Store public keys and protect them from unauthorized modification. Keep a register of valid keys. Revoke and delete keys that are invalid or expired. Maintain a certificate revocation list (CRL). In doing its work, the CA may appoint agents, called registration authorities (RAs). A primary responsibility of RAs is to facilitate the certificate application process.

12 Trust Levels in Digital Certificate Trust levels are implied in digital certificates. If anticipated risk is higher in transactions with a subject, one might seek a higher level of trust in the certificate. The higher the trust level to be assigned to a subject, the greater the depth of due diligence. And greater the cost of issuing the certificate.

13 Web Trust Models The process of establishing trust involves a trust model. A trust model allows users to imply trust based on what they already know. In a hierarchical trust model (upside down tree), the top node (root CA) certifies the next level, which in turn certifies the level below, and so forth until we reach end entities at the lower most level. In a distributed trust model, several independent hierarchies, each with its own root CA, are formed. Root CAs (also called peer CAs) coordinate communication across hierarchies. A Web model is a specific case of the distributed model implemented by storing public keys of root CAs in widely used browsers. A user-centric trust model (web of trust model) relies on the user to act as a de facto CA. Example: Pretty Good Privacy (PGP).

14 Public Key Infrastructure (PKI) An infrastructure is a network that runs behind the scene serving a variety of users having different needs. Public key cryptography permits technical authentication of the sender, and allows for assurance of nonrepudiation. Certification infrastructure, designed using a trust model, provides for trust in public key necessary in the authentication process. Figure 6.5. An overview of PKI PKI Digital Signatures Encryption CA

15 X.509 Is a standard for PKI. Specifies formats for and attributes of public key certificates and trust models. The standard promotes interoperability and consistency, allowing for different software vendors and users to work with the same object. The binding of the public key with the end entity (subject) is usually done using various sources (e.g., email address of the entity for basic level of trust).

16 Structure of a X.509 v3 digital certificate:digital certificate Certificate Version (to identify the version of certificate structure) Serial Number Algorithm ID (to identify the specific encryption algorithm used in digitally signing (certifying) the public key of the subject (often called an end-entity) Issuer (Name of the certification authority) Validity (period for which the certificate is valid) Subject (also called end-entity) Subject Public Key Info Public Key Algorithm used in issuing public-private key pair Subject Public Key (A string of characters that defines the value of the subject’s public key) Issuer Unique Identifier (The identifying number of the certification authority that issued the certificate, e.g., Verisign, RSAsecurity) Subject Unique Identifier (The identifying number of the subject) Extensions (Additional information, if any, about the subject) Certificate Signature Algorithm (Algorithm that the certification authority used to append its digital signature, e.g., MD5) Certificate Signature

17 CompanyUnique features of PKI Dresdner BankDesigned and implemented a universal PKI registration system. Followed specific procedures to register its corporate clients. Deutsche BankScalable over several platforms. The bank reduced losses due to fraudulent transactions and increased use of its applications. It provided customers with digital identities. It also provided for and certified legally binding signatures. Canadian Payments Association The Association is a non-profit, national clearing and settlement operation. Their PKI application is intended to address consumer concerns regarding personal and financial information transmitted via the Internet. The association certifies its members (mostly banks), who in turn issue certificates to their customers. ABN AMRO BankA complete security solution for its internal, bank-to-bank, and customer-to-bank applications. ABN AMRO is the trusted root CA. Australian Health Insurance Commission Processes millions of healthcare payment claims each day and handles sensitive clinical information. The PKI links to disparate applications and systems within the commission. MEDepassIssues a certificate to subscribers and publishes it to the healthcare community. Maintains a CRL. Veterans AffairsCertificates will be used for veterans’ benefits (educational, compensation, pension, vocational rehabilitation, etc.) claims processing. U.S. Government: General Services Administration Digital Signature Trust issues digital certificates to the American public on behalf of federal government agencies. National Institute of HealthDesigned to electronically create, distribute, and sign forms within its Committee Management System and also to sign some forms electronically.

18 Assurance Considerations Specific issues as related to the certification infrastructure include the following: Is the private key secure? Are the risks of private key compromises known to the owner? How was the CA authorized to become a CA? Can you trust the CA? How was trust in implied in the certificate? What level of trust is implied? What data were used to establish trust? How well does the CA protect public keys and the certificates?

19

Download ppt "Public Key Cryptography: Concepts and Applications Chapter Six Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc. 2007."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Cryptography and Network Security Chapter 14

Cryptography and Network Security Chapter 14
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CP3397 ECommerce.

CP3397 ECommerce.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct, 17 2012.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

Similar presentations

Ads by Google