Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004."— Presentation transcript:

1 Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004

2 2 Cryptography A secret key is used to transform data to encrypted form and back Distributing the key must occur in a secure channel The strength of the system depends on the algorithm and the complexity of the keys

3 3 Asymmetric Cryptography A pair of keys is used. The only way to decrypt data encrypted by one key is to use the other key of the pair. The private key is kept secret by it’s owner. The public key is published.

4 4 Asymmetric Key Cryptography No need to exchange a secret "key" by some other channel –Invented in 1976 by Whit Diffie and Martin Hellman –Commercialized by RSA Security (Rivest, Shamir, Adelman)

5 5 Encryption Anyone encrypts with public key of recipient. Only the recipient can decrypt with their private key. No secrets need to be exchanged in advance. If the private key is secret, the data is secure.

6 6 Digital Signatures Signer computes content digest, encrypts with their private key. Reader decrypts with signer’s public key. Reader re-computes the content digest and verifies match with original – guarantees no one has modified signed data. If only signer has private key, no one else can produce their digital signature.

7 7 Why PKI? Comprehensive way to address securing many applications No passwords on the wire No need for shared secrets Strong underlying security technology Widely included in Technology Products

8 8 PKI and Passwords Passwords NOT even sent to server –Still using password to unlock key Only user knows password Can recover only if escrow a copy Harder to share, need key in file and password

9 9 Policy - Process Registration: How individual is identified Generating and storing key pair Individual education of best practices Stronger Authentication –Strengthens Authorization Balance Policy/Process with Application’s security requirements

10 10 Basic applications of PKI Authentication and Authorization of Web users and servers Basis for the SSL protocol used to secure web connections Secure e-mail (signed and encrypted) Electronic signatures Data encryption –Business documents, databases, executable code Network data protection (VPN, wireless)

11 11 Authentication with PKI The server challenges the client to encrypt data with their private key. The server decrypts the response with the client’s public key. If the response matches the original data, then the client must have the matching private key. Therefore the client is the entity named in the public key certificate. –Basis for SSL/TSL protocols

12 12 What is X.509? A standard for the format of a public key certificate and related standards for how certificates are used. Current PKI product offerings inter-operate through this standard There are many other possible formulations, eg SDSI/SPKI

13 13 What is a certificate? Signed data structure that binds some information to a public key Trusted entity asserts validity of information in certificate The information is usually a personal identity or a server name Think of it as an electronic ID card

14 14 What is a certificate authority? An organization that creates and publishes certificates Verifies the information in the certificate Protects general security and policies of the system and its records Allows you to check certificates and decide to use them in business transactions

15 15 What is a CA certificate? A certificate authority generates a key pair used to sign the certificates it issues Multiple institutions can collaborate via: –Hierachical structure among their CAs –Bridge Certification Authorities "peer to peer" approach

16 16 Key Validity Duration requirements: –Limited time as defense against compromise –Retain for future decryption –History of Public keys for signature verification Kerberos –PK technology with short lifetime –Authentication only Can issue X.509 certificates with timeframes chosen based on use –Typically longer lived

17 17 Application Changes Add client side SSL to web server configuration Modify application to –Test for presence of https connection –Get user information from environment –Fall through to previous authentication Rewrite rules to bypass https for unaware web browsers

18 18 Application Benefits Authentication - Web Services –Eliminates transmitting passwords on network –Improve on Kerberos infrastructure Digital Signatures –Enables verifiable electronic business processes NIH Pilot - Grant Applications Encryption –Secure sensitive data sent via e-mail or electronic documents

Download ppt "Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Digital Signatures. Anononymity and the Internet.

Digital Signatures. Anononymity and the Internet.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
Copyright Statement Copyright Robert J. Brentrup and Sean W. Smith 2002. This work is the intellectual property of the authors. Permission is granted for.

Copyright Statement Copyright Robert J. Brentrup and Sean W. Smith This work is the intellectual property of the authors. Permission is granted for.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Technology – Broad View1 Networks  For the most part, not a technology, but political/financial issue Available bandwidth continuously increasing (“√2-rule”

Technology – Broad View1 Networks  For the most part, not a technology, but political/financial issue Available bandwidth continuously increasing (“√2-rule”
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Similar presentations

Ads by Google