Public-Key Certificates

Slides:



Advertisements
Similar presentations
DIGITAL CERTIFICATES Prof. Ravi Sandhu. 2 © Ravi Sandhu PUBLIC-KEY CERTIFICATES reliable distribution of public-keys public-key encryption sender needs.
Advertisements

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
PKI Introduction Ravi Sandhu 2 © Ravi Sandhu 2002 CRYPTOGRAPHIC TECHNOLOGY PROS AND CONS SECRET KEY SYMMETRIC KEY Faster Not scalable No digital signatures.
Chapter 14 – Authentication Applications
Kerberos and X.509 Fourth Edition by William Stallings
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Cryptography and Network Security Chapter 14
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CS5204 – Operating Systems 1 Authentication. CS 5204 – Operating Systems2 Authentication Digital signature validation proves:  message was not altered.
CP3397 ECommerce.
1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, © Ravi Sandhu World-Leading Research.
Grid Computing Basics From the perspective of security or An Introduction to Certificates.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
1 ISA 562 Information Systems Theory and Practice 10. Digital Certificates.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Public Key Management and X.509 Certificates
1 Federated Identity and Single-Sign On Prof. Ravi Sandhu Executive Director and Endowed Chair February 15, 2013
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)
CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
14 May 2002© TrueTrust Ltd1 Privilege Management in X.509(2000) David W Chadwick BSc PhD.
Secure Electronic Transaction (SET)
Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Module 9: Fundamentals of Securing Network Communication.
Module 4 Network & Application Security: Kerberos – X509 Authentication service – IP security Architecture – Secure socket layer – Electronic mail security.
1 The Quest for Single-Sign On Prof. Ravi Sandhu Executive Director and Endowed Chair February 8, © Ravi Sandhu.
1 Cloud Computing and Security Prof. Ravi Sandhu Executive Director and Endowed Chair April 19, © Ravi Sandhu.
IST E-infrastructure shared between Europe and Latin America ULAGrid Certification Authority Vanessa Hamar Universidad de Los.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
PKI Future Directions 29 November 2001 Russ Housley RSA Laboratories CS – Class of 1981.
Cryptography and Network Security Chapter 14
1 Certification Issue : how do we confidently know the public key of a given user? Authentication : a process for confirming or refuting a claim of identity.
X509 Web Authentication From the perspective of security or An Introduction to Certificates.
GRID-FR French CA Alice de Bignicourt.
Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.
Key management issues in PGP
Computer and Network Security
IT443 – Network Security Administration Instructor: Bo Sheng
Cryptography and Network Security
Asymmetric Cryptography
Authentication Applications
Information Security message M one-way hash fingerprint f = H(M)
کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)
Authentication by Passwords
زير ساخت كليد عمومي و گواهي هويت
Challenge-Response Authentication
Attribute-Based Access Control (ABAC)
APNIC Trial of Certification of IP Addresses and ASes
Secure Electronic Transaction (SET) University of Windsor
جايگاه گواهی ديجيتالی در ايران
Security and Privacy in the Age of the Internet of Things:
Resource Certificate Profile
Digital Certificates and X.509
Authentication and Authorization Federation
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006
Executive Director and Endowed Chair
Challenge-Response Authentication
PKI (Public Key Infrastructure)
Kerberos and X.509 Fourth Edition by William Stallings
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
Attribute-Based Access Control (ABAC)
Presentation transcript:

Public-Key Certificates CS 5323 Public-Key Certificates Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture 4 ravi.utsa@gmail.com www.profsandhu.com © Ravi Sandhu World-Leading Research with Real-World Impact!

Public-Key Certificates authenticated distribution of public-keys public-key encryption sender needs public key of receiver public-key digital signatures receiver needs public key of sender public-key key agreement both need each other’s public keys © Ravi Sandhu World-Leading Research with Real-World Impact! 2

ISSUER (Certificate Authority) SUBJECT PUBLIC KEY INFO X.509v1 Certificate VERSION SERIAL NUMBER SIGNATURE ALGORITHM ISSUER (Certificate Authority) VALIDITY SUBJECT SUBJECT PUBLIC KEY INFO SIGNATURE © Ravi Sandhu World-Leading Research with Real-World Impact! 3

X.509v1 Certificate 1 1234567891011121314 RSA+SHA-3, 2048 C=US, S=TX, O=UTSA, OU=CS 1/1/17-12/31/18 C=US, S=TX, O=UTSA, OU=CS, CN=Ravi Sandhu RSA, 2048, xxxxxxxxxxxxxxxxxxxxxxxxx SIGNATURE © Ravi Sandhu World-Leading Research with Real-World Impact! 4

Certificate Trust how to acquire public key of the issuer to verify signature whether or not to trust certificates signed by the issuer for this subject prefix rule is not universally applicable © Ravi Sandhu World-Leading Research with Real-World Impact! 5

X.509v1 Certificate 1 1234567891011121314 RSA+SHA-3, 2048 C=US, S=VA, O=GMU, OU=ISE 1/1/17-12/31/18 C=US, S=TX, O=UTSA, OU=CS, CN=Ravi Sandhu RSA, 2048, xxxxxxxxxxxxxxxxxxxxxxxxx SIGNATURE © Ravi Sandhu World-Leading Research with Real-World Impact! 6

SET CA Hierarchy Root Brand Brand Brand Geo-Political Bank Acquirer Customer Merchant © Ravi Sandhu World-Leading Research with Real-World Impact! 7

Certificate Revocation Lists (CRLs) SIGNATURE ALGORITHM ISSUER LAST UPDATE NEXT UPDATE REVOKED CERTIFICATES SIGNATURE SERIAL NUMBER REVOCATION DATE © Ravi Sandhu World-Leading Research with Real-World Impact! 8

X.509 Certificates X.509v1 X.509v2 X.509v3 very basic adds unique identifiers to prevent against reuse of X.500 names X.509v3 adds many extensions can be further extended © Ravi Sandhu World-Leading Research with Real-World Impact! 9

X.509v3 Innovations distinguish various certificates signature, encryption, key-agreement identification info in addition to X.500 name internet names: email addresses, host names, URLs issuer can state policy and usage ok for casual email but not for signing checks extensible proprietary extensions can be defined and registered attribute certificates to enable attribute-based authorization © Ravi Sandhu World-Leading Research with Real-World Impact! 10

X.509v2 CRL Innovations CRL distribution points indirect CRLs delta CRLs revocation reason push CRLs © Ravi Sandhu World-Leading Research with Real-World Impact! 11

General Hierarchical Structure Z X Y Q R S T A C E G I K M O a b c d e f g h i j k l m n o p © Ravi Sandhu World-Leading Research with Real-World Impact!

General Hierarchical Structure with Added Links Z X Y Q R S T A C E G I K M O a b c d e f g h i j k l m n o p © Ravi Sandhu World-Leading Research with Real-World Impact!

Top-Down Hierarchical Structure Z X Y Q R S T A C E G I K M O a b c d e f g h i j k l m n o p © Ravi Sandhu World-Leading Research with Real-World Impact!

Forest of Hierarchies World-Leading Research with Real-World Impact! © Ravi Sandhu World-Leading Research with Real-World Impact!

Multiple Root CA’s Plus Intermediate CA’s X S T Q R A C E G I K M O a b c d e f g h i j k l m n o p Model on the web today © Ravi Sandhu World-Leading Research with Real-World Impact!

Certificate Triangle User (Identity) Attributes Public-keys + Secured secrets © Ravi Sandhu World-Leading Research with Real-World Impact!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.