We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byTimothy Green
Modified over 3 years ago
DIGITAL CERTIFICATES Prof. Ravi Sandhu
2 © Ravi Sandhu PUBLIC-KEY CERTIFICATES reliable distribution of public-keys public-key encryption sender needs public key of receiver public-key digital signatures receiver needs public key of sender public-key key agreement both need each others public keys
3 © Ravi Sandhu X.509v1 CERTIFICATE VERSION SERIAL NUMBER SIGNATURE ALGORITHM ISSUER VALIDITY SUBJECT SUBJECT PUBLIC KEY INFO SIGNATURE
4 © Ravi Sandhu X.509v1 CERTIFICATE RSA+MD5, 512 C=US, S=VA, O=GMU, OU=ISE 9/9/99-1/1/1 C=US, S=VA, O=GMU, OU=ISE, CN=Ravi Sandhu RSA, 1024, xxxxxxxxxxxxxxxxxxxxxxxxx SIGNATURE
5 © Ravi Sandhu CERTIFICATE TRUST how to acquire public key of the issuer to verify signature whether or not to trust certificates signed by the issuer for this subject
6 © Ravi Sandhu PEM CERTIFICATION GRAPH Internet Policy Registration Authority Policy Certification Authorities (PCAs) HIGH ASSURANCE MID-LEVEL ASSURANCE RESIDENTIAL PERSONA Certification Authorities (CAs) Abrams Sandhu Subjects Sandhu LEO IPRA MITRE GMU ISSE Virginia Fairfax Anonymous
7 © Ravi Sandhu SECURE ELECTRONIC TRANSACTIONS (SET) CA HIERARCHY Root Brand Geo-Political BankAcquirer CustomerMerchant
8 © Ravi Sandhu CRL FORMAT SIGNATURE ALGORITHM ISSUER LAST UPDATE NEXT UPDATE REVOKED CERTIFICATES SIGNATURE SERIAL NUMBER REVOCATION DATE
9 © Ravi Sandhu X.509 CERTIFICATES X.509v1 very basic X.509v2 adds unique identifiers to prevent against reuse of X.500 names X.509v3 adds many extensions can be further extended
10 © Ravi Sandhu X.509v3 CERTIFICATE INNOVATIONS distinguish various certificates signature, encryption, key-agreement identification info in addition to X.500 name internet names: addresses, host names, URLs issuer can state policy and usage good enough for casual but not for signing checks limits on use of signature keys for further certification extensible proprietary extensions can be defined and registered attribute certificates ongoing work
11 © Ravi Sandhu X.509v2 CRL INNOVATIONS CRL distribution points indirect CRLs delta CRLs revocation reason push CRLs
12 © Ravi Sandhu GENERAL HIERARCHICAL STRUCTURE Z X Q A Y RST CEGIKMO abcdefghijklmnop
13 © Ravi Sandhu GENERAL HIERARCHICAL STRUCTURE WITH ADDED LINKS Z X Q A Y RST CEGIKMO abcdefghijklmnop
14 © Ravi Sandhu TOP-DOWN HIERARCHICAL STRUCTURE Z X Q A Y RST CEGIKMO abcdefghijklmnop
15 © Ravi Sandhu FOREST OF HIERARCHIES
16 © Ravi Sandhu MULTIPLE ROOT CAs PLUS INTERMEDIATE CAs MODEL X Q A R ST CEGIKMO abcdefghijklmnop
17 © Ravi Sandhu THE CERTIFICATE TRIANGLE user attributepublic-key X.509 identity certificate X.509 attribute certificate SPKI certificate
1 ISA 562 Information Systems Theory and Practice 10. Digital Certificates.
PKI Introduction Ravi Sandhu 2 © Ravi Sandhu 2002 CRYPTOGRAPHIC TECHNOLOGY PROS AND CONS SECRET KEY SYMMETRIC KEY Faster Not scalable No digital signatures.
SSL Prof. Ravi Sandhu. 2 © Ravi Sandhu CONTEXT Mid to late 90’s SSL 1.0 never released SSL 2.0 flawed SSL 3.0 complete redesign TLS from Netscape.
SSL Trust Pitfalls Prof. Ravi Sandhu. 2 © Ravi Sandhu 2002 THE CERTIFICATE TRIANGLE user attributepublic-key X.509 identity certificate X.509 attribute.
CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.
1 Kerberos and X.509 Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Changed by Somesh Jha)
Chapter 14 – Authentication Applications Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal, U of Kentucky)
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
SSL Trust Pitfalls Prof. Ravi Sandhu. 2 © Ravi Sandhu SERVER-SIDE SSL (OR 1-WAY) HANDSHAKE WITH RSA Record Protocol Handshake Protocol.
Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
1 Public Key Infrastructure Dr. Rocky K. C. Chang 25 February, 2002.
© Rosti/DSI NPS - 02/22/01 1 A Performance Evaluation Study of an X.509 Compliant Public Key Infrastructure Emilia Rosti Joint work with Danilo Bruschi.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
COEN 351 Certificates, PKI, X509 Standard. Certificates Key distribution Crucial for authentication, privacy, signing, … Public Key Technology can use.
COEN 351 Certificates, PKI, X509 Standard. Certificates THE authentication mechanism for E- commerce. Allows customers to authenticate the e-merchant.
CS5204 – Operating Systems 1 Authentication. CS 5204 – Operating Systems2 Authentication Digital signature validation proves: message was not altered.
Public Key Cryptography: Concepts and Applications Chapter Six Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Module 4 Network & Application Security: Kerberos – X509 Authentication service – IP security Architecture – Secure socket layer – Electronic mail security.
Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.
CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.
Public Key Management and X.509 Certificates CSCI 5857: Encoding and Encryption.
© 2017 SlidePlayer.com Inc. All rights reserved.