We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byTimothy Green
Modified over 2 years ago
DIGITAL CERTIFICATES Prof. Ravi Sandhu
2 © Ravi Sandhu PUBLIC-KEY CERTIFICATES reliable distribution of public-keys public-key encryption sender needs public key of receiver public-key digital signatures receiver needs public key of sender public-key key agreement both need each others public keys
3 © Ravi Sandhu X.509v1 CERTIFICATE VERSION SERIAL NUMBER SIGNATURE ALGORITHM ISSUER VALIDITY SUBJECT SUBJECT PUBLIC KEY INFO SIGNATURE
4 © Ravi Sandhu X.509v1 CERTIFICATE RSA+MD5, 512 C=US, S=VA, O=GMU, OU=ISE 9/9/99-1/1/1 C=US, S=VA, O=GMU, OU=ISE, CN=Ravi Sandhu RSA, 1024, xxxxxxxxxxxxxxxxxxxxxxxxx SIGNATURE
5 © Ravi Sandhu CERTIFICATE TRUST how to acquire public key of the issuer to verify signature whether or not to trust certificates signed by the issuer for this subject
6 © Ravi Sandhu PEM CERTIFICATION GRAPH Internet Policy Registration Authority Policy Certification Authorities (PCAs) HIGH ASSURANCE MID-LEVEL ASSURANCE RESIDENTIAL PERSONA Certification Authorities (CAs) Abrams Sandhu Subjects Sandhu LEO IPRA MITRE GMU ISSE Virginia Fairfax Anonymous
7 © Ravi Sandhu SECURE ELECTRONIC TRANSACTIONS (SET) CA HIERARCHY Root Brand Geo-Political BankAcquirer CustomerMerchant
8 © Ravi Sandhu CRL FORMAT SIGNATURE ALGORITHM ISSUER LAST UPDATE NEXT UPDATE REVOKED CERTIFICATES SIGNATURE SERIAL NUMBER REVOCATION DATE
9 © Ravi Sandhu X.509 CERTIFICATES X.509v1 very basic X.509v2 adds unique identifiers to prevent against reuse of X.500 names X.509v3 adds many extensions can be further extended
10 © Ravi Sandhu X.509v3 CERTIFICATE INNOVATIONS distinguish various certificates signature, encryption, key-agreement identification info in addition to X.500 name internet names: addresses, host names, URLs issuer can state policy and usage good enough for casual but not for signing checks limits on use of signature keys for further certification extensible proprietary extensions can be defined and registered attribute certificates ongoing work
11 © Ravi Sandhu X.509v2 CRL INNOVATIONS CRL distribution points indirect CRLs delta CRLs revocation reason push CRLs
12 © Ravi Sandhu GENERAL HIERARCHICAL STRUCTURE Z X Q A Y RST CEGIKMO abcdefghijklmnop
13 © Ravi Sandhu GENERAL HIERARCHICAL STRUCTURE WITH ADDED LINKS Z X Q A Y RST CEGIKMO abcdefghijklmnop
14 © Ravi Sandhu TOP-DOWN HIERARCHICAL STRUCTURE Z X Q A Y RST CEGIKMO abcdefghijklmnop
15 © Ravi Sandhu FOREST OF HIERARCHIES
16 © Ravi Sandhu MULTIPLE ROOT CAs PLUS INTERMEDIATE CAs MODEL X Q A R ST CEGIKMO abcdefghijklmnop
17 © Ravi Sandhu THE CERTIFICATE TRIANGLE user attributepublic-key X.509 identity certificate X.509 attribute certificate SPKI certificate
PKI Introduction Ravi Sandhu 2 © Ravi Sandhu 2002 CRYPTOGRAPHIC TECHNOLOGY PROS AND CONS SECRET KEY SYMMETRIC KEY Faster Not scalable No digital signatures.
SSL Trust Pitfalls Prof. Ravi Sandhu. 2 © Ravi Sandhu 2002 THE CERTIFICATE TRIANGLE user attributepublic-key X.509 identity certificate X.509 attribute.
Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
© Rosti/DSI NPS - 02/22/01 1 A Performance Evaluation Study of an X.509 Compliant Public Key Infrastructure Emilia Rosti Joint work with Danilo Bruschi.
SSL Trust Pitfalls Prof. Ravi Sandhu. 2 © Ravi Sandhu SERVER-SIDE SSL (OR 1-WAY) HANDSHAKE WITH RSA Record Protocol Handshake Protocol.
SECURING CYBERSPACE: THE OM-AM, RBAC AND PKI ROADMAP Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
Public Key Infrastructures Gene Itkis Based on “Understanding PKI” by Adams & Lloyd.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Authentication Nick Feamster CS 6262 Spring 2009.
Liang ZHAO, PKU EUChinaGrid 3 rd Tutorial Nov.25, 2006 Authentication and Authorization in gLite Liang ZHAO Peking University.
© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.
1 APNIC Resource Certification Service Project Routing SIG 7 Sep 2005 APNIC20, Hanoi, Vietnam George Michaelson.
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
ISA 662 Internet Security Protocols Kerberos Prof. Ravi Sandhu.
Local TA Management A TA is a public key and associated data used as the starting point for certificate path validation It need not be a self-signed certificate.
Prof.Dr.Victor PATRICIU, ROMANIA ITU- E-Commerce Centers for the CEE, CIS & Baltic States Regional Seminar on E-Commerce May, 14-17, 2002, Bucharest, ROMANIA.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 4: There’s more to it than RACF.
A. Steffen, , KSy_Auth.ppt 1 Zürcher Hochschule Winterthur Kommunikationssysteme (KSy) - Block 9 Secure Network Communication Part III Authentication.
1 A Tutorial on Web Security for E-Commerce. 2 Web Concepts for E-Commerce Client/Server Applications Communication Channels TCP/IP.
June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #10-1 Chapter 10: Key Management Session and Interchange Keys Key Exchange.
Tecnologia dei Servizi Grid e cloud computing - Lezione 005b 0 Lezione 5B - 18 Novembre 2009 Il materiale didattico usato in questo corso è stato mutuato.
11/2/2013 2:02:38 AM 5864_ER_FED 1 Importing Certificates into Lotus Notes R6.
An Introduction to Distributed Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
PKI and LOA Establishing a Basis for Trust David L. Wasley PKI Deployment Forum April 2008.
1 Framework for Role-Based Delegation Models (RBDMs) By: Ezedin S.Barka and Ravi Sandhu Laboratory Of Information Security Technology George Mason University.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America CA DEPLOYMENT Considerations about the certification.
Seminar: Solutions and Infrastructure to ensure Trust in E-Commerce Marco Casassa Mont Trusted E-Services Laboratory Hewlett-Packard.
© 2016 SlidePlayer.com Inc. All rights reserved.