Presentation is loading. Please wait.

Presentation is loading. Please wait.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl."— Presentation transcript:

1 November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl

2 November 1, 2006Sarah Wahl / Graduate Student UCCS2 What is PKI? An arrangement that provides for trusted third party vetting of, and vouching for, user identities PKI consists of client software, server software such as a certificate authority, hardware (e.g., smart cards) and operational procedures

3 November 1, 2006Sarah Wahl / Graduate Student UCCS3 Public Key… Public key encryption — keeping a message secret from anyone that does not possess a specific private key. Public key digital signature — allowing anyone to verify that a message was created with a specific private key. Key agreement — generally, allowing two parties that may not initially share a secret key to agree on one.

4 November 1, 2006Sarah Wahl / Graduate Student UCCS4 Public Key Encryption On a high level, a user signs his message with his private key, and when the message gets to the other side the end user decrypts the message using the public key, which is published by the Certificate Authority.

5 November 1, 2006Sarah Wahl / Graduate Student UCCS5 Keys

6 November 1, 2006Sarah Wahl / Graduate Student UCCS6 Keys Continued Like a mail slot. Anyone can put a message in the slot, but only owner can access the messages. Public Key The published key. (Where the mail slot is located) Private Key The secret key (The owner’s key that can unlock the mail slot)

7 November 1, 2006Sarah Wahl / Graduate Student UCCS7 Identity Certificates A certificate which uses a digital signature to bind together a public key with an identity Identity being information on the user- name, organization etc.

8 November 1, 2006Sarah Wahl / Graduate Student UCCS8 Certificate Authorities Verify an applicant's credentials, so that users (relying parties) can trust the information in the CA's certificates This is essential to the PKI scheme, if the CA is compromised then their signed certificates can’t be trusted.

9 November 1, 2006Sarah Wahl / Graduate Student UCCS9 Certificate Authorities Cont. It is not always possible to reach back to the original Certificate Authority. Key Chain, or Certificate Authority Chain. Allows a user to get a certificate from another source. Certificate Authority delegates authority to others.

10 November 1, 2006Sarah Wahl / Graduate Student UCCS10 Certificates Self-Signed Certificate signed by certificate’s author Root Certificate an unsigned public key certificate Authorization Certificates (also known as an attribute certificate) digitally written permission from the issuer to use a service or a resource that the issuer controls or has access to use

11 November 1, 2006Sarah Wahl / Graduate Student UCCS11 Classes of Certificates Class 1 for individuals, intended for email Class 2 for organizations, for which proof of identity is required Class 3 for servers and software signing, for which independent verification and checking of identity and authority is done by the issuing certificate authority (CA).

12 November 1, 2006Sarah Wahl / Graduate Student UCCS12 Digital Signatures Can be used as a broad term encompassing message authentication codes, file integrity hashes and digital pen pad devices. For this discussion a digital signatures is a term to mean cryptographically based signature assurance scheme Used like a notary endorsement

13 November 1, 2006Sarah Wahl / Graduate Student UCCS13 Is it a Valid Certificate? Check the certificate revocation list (CRL) This is a list of certificates that are no longer valid. This list is published by 3rd parties (CA).

14 November 1, 2006Sarah Wahl / Graduate Student UCCS14 OCSP Online Certificate Status Protocol An Internet protocol used for obtaining the revocation status of an X.509 digital certificate. It is described in RFC 2560 and is on the Internet standards track. It was created as an alternative to CRLs

15 November 1, 2006Sarah Wahl / Graduate Student UCCS15 X.509 Certificate A certificate typically includes: The public key being signed. A name, which can refer to a person, a computer or an organization. A validity period. The location (URL) of a revocation center. The digital signature of the certificate, produced by the CA's private key.

16 November 1, 2006Sarah Wahl / Graduate Student UCCS16 The Future of PKI: ECC First, the fact that the security and practicality of a given asymmetric cryptosystems relies upon the difference in difficulty between doing a given operation and its inverse.

17 November 1, 2006Sarah Wahl / Graduate Student UCCS17 Elliptical Curve Cryptography Second, the fact that the difference in difficulty between the forward and the inverse operation in a given system is a function of the key length in use, due to the fact that the difficulty of the forward and the inverse operations increase as very different functions of the key length; the inverse operations get harder faster.

18 November 1, 2006Sarah Wahl / Graduate Student UCCS18 ECC Continued Third, the fact that as you are forced to use longer key lengths to adjust to the greater processing power now available to attack the cryptosystem, even the 'legitimate' forward operations get harder, and require greater resources (chip space and/or processor time), though by a lesser degree than do the inverse operations.

19 November 1, 2006Sarah Wahl / Graduate Student UCCS19 Comparison of Algorithms The difficulty of the forward and inverse operations is at the centre of asymmetric schemes. RSA, it's integer multiplication (forward) and factorization (inverse) Diffie Hellman it's discrete exponentiation (forward) and log (inverse). ECC it's point multiplication (forward) and the elliptic curve discrete logarithm problem (inverse).

20 November 1, 2006Sarah Wahl / Graduate Student UCCS20 Key Sizes

21 November 1, 2006Sarah Wahl / Graduate Student UCCS21 ECDSA vs. RSA (ms)

22 November 1, 2006Sarah Wahl / Graduate Student UCCS22 How ECC Works The way that the elliptic curve operations are defined is what gives ECC its higher security at smaller key sizes. An elliptic curve is defined in a standard, two dimensional x,y Cartesian coordinate system by an equation of the form: y 2 = x 3 + ax + b

23 November 1, 2006Sarah Wahl / Graduate Student UCCS23 Elliptical Curve Example

24 November 1, 2006Sarah Wahl / Graduate Student UCCS24 How ECC Works Continued Point multiplication is simply calculating kP, where k is an integer and P is a point on the elliptic curve defined in the prime field. This is the operation which is the key to the use of elliptic curves for asymmetric cryptography — the critical operation which is itself fairly simple, but whose inverse is very difficult.

25 November 1, 2006Sarah Wahl / Graduate Student UCCS25 The dominant operation in ECC cryptographic schemes is point multiplication.

26 November 1, 2006Sarah Wahl / Graduate Student UCCS26 Why Use ECC? It’s More Secure! It’s Much Faster!!

27 November 1, 2006Sarah Wahl / Graduate Student UCCS27 Conclusion PKI is an ever changing infrastructure. There are new software algorithms being developed. Different methods for interacting with the Certificate Authority.

28 November 1, 2006Sarah Wahl / Graduate Student UCCS28 Questions Any Questions or Comments?

29 November 1, 2006Sarah Wahl / Graduate Student UCCS29 Resources http://en.wikipedia.org/wiki/Public_key_infrastru cture http://www.deviceforge.com/articles/AT4234154 468.html http://csrc.nist.gov/pki http://homes.esat.kuleuven.be/~fvercaut/talks/H ECC.pdf

Download ppt "November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Key Management Nick Feamster CS 6262 Spring 2009.

Key Management Nick Feamster CS 6262 Spring 2009.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Similar presentations

Ads by Google