Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

Public Key Infrastructure and Applications
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
©Copyrights 2011 Eom, Hyeonsang All Rights Reserved Distributed Information Processing 20 th Lecture Eom, Hyeonsang ( 엄현상 ) Department of Computer Science.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Electronic Payments E-payment methods –Credit cards –Electronic funds transfer (EFT) –E-payments Smart cards Digital cash and script Digital checks E-billing.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.
Cryptography, Authentication and Digital Signatures
Configuring Directory Certificate Services Lesson 13.
Cryptography Chapter 14. Learning Objectives Understand the basics of algorithms and how they are used in modern cryptography Identify the differences.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
What is Digital Signature Building confidentiality and trust into networked transactions. Kishankant Yadav
Digital Signatures, Message Digest and Authentication Week-9.
Welcome to the Introduction of Digital Signature Submitted By: Ankit Saxena.
DIGITAL SIGNATURE.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Group 9 Chapter 8.3 – 8.6. Public Key Algorithms  Symmetric Key Algorithms face an inherent problem  Keys must be distributed to all parties but kept.
Chapt. 10 – Key Management Dr. Wayne Summers Department of Computer Science Columbus State University
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.
TAG Presentation 18th May 2004 Paul Butler
Key management issues in PGP
Unit 3 Section 6.4: Internet Security
Authentication, Authorisation and Security
TAG Presentation 18th May 2004 Paul Butler
S/MIME T ANANDHAN.
IS3230 Access Security Unit 9 PKI and Encryption
Lecture 4 - Cryptography
The Secure Sockets Layer (SSL) Protocol
Chapter 3 - Public-Key Cryptography & Authentication
PKI (Public Key Infrastructure)
Presentation transcript:

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002

Inside PKI Vocabulary Vocabulary How PKI Works How PKI Works When it Doesn’t When it Doesn’t

Vocabulary

Asymmetric Cryptography Use of algorithms that use different keys for encryption than decryption and the decryption key cannot be derived from the encryption key.

Authentication Verifying the identity of a person or a computer system.

Certificate Authority (CA) The authority in a network (PKI) that issues and manages security credentials and public keys for message encryption.

Certificate Practice Statement CPS Provides a detailed explanation of how the certificate authority manages the certificates it issues and associated services such as key management. The CPS acts as a contact between the CA and users, describing the obligations and legal limitations and setting the foundation for future audits.

Ciphertext Encrypted text. Plaintext or cleartext is what you have before encryption and ciphertext is the encrypted result.

Digital Certificate A digital document which is generally stored and administered in a central directory. It contains the certificate holder's name, a serial number, expiration dates, public key, and the digital signature of the certificate issuing authority.

Digital Signature An electronic signature that authenticates the identity of the sender, ensures the original content of the message is unchanged, is easily transportable, cannot be easily repudiated, cannot be imitated, and can be automatically time-stamped.

Directory A specialized, highly available database organized to be primarily used for lookup.

Directory Service A collection of software, hardware, processes, policies and administrative procedures involved in organizing the information in a directory and making it available to users.

Hashing A mathematical summary that can be used to provide message integrity popular because it is simple and small.

Integrity The state of being unaltered.

Nonrepudiation The basis of insisting that the document signed by a particular private key represents acknowledgement by the private key owner.

Private Key The private part of a two-part, public key asymmetric cryptography system. The private key is provided by a certificate authority, kept secret and never transmitted over a network.

Public Key The public part of a two-part, public key asymmetric cryptography system. The public key is provided by a certificate authority and can be retrieved over a network.

Public Key Infrastructure (PKI) A system that enables users of a public network to exchange data securely and privately through the use of a public and private cryptographic key pair that is obtained and shared through a trusted authority.

Registration Authority The authority in a Public Key Infrastructure that verifies user requests for a digital certificate and tells the certificate authority it is alright to issue a certificate.

Rivest-Shamir-Adleman (RSA) An algorithm used for key pairs used for authentication, encryption and decryption.

How PKI Works Get a Certificate Get a Certificate Send a Signed Message Send a Signed Message Receive a Signed Message Receive a Signed Message Send an Encrypted Message Send an Encrypted Message Receive an Encrypted Message Receive an Encrypted Message Different Answers! Different Answers!

Get a Certificate Supply information to a Certificate Authority Supply information to a Certificate Authority Certificate Authority generates the keys Certificate Authority generates the keys Certificate Authority creates the certificate Certificate Authority creates the certificate Registration Authority may authorize the certificate Registration Authority may authorize the certificate The private key is delivered to the user The private key is delivered to the user The certificate is stored in a directory The certificate is stored in a directory

Digital Certificate Version of certificate format Version of certificate format Certificate serial number Certificate serial number Signature algorithm identifier Signature algorithm identifier Certificate authority (CA) X.500 name Certificate authority (CA) X.500 name Validity period (start, expiration) Validity period (start, expiration) Subject X.500 name Subject X.500 name Subject public key info (algorithm, public key) Subject public key info (algorithm, public key) Issuer unique identifier (optional) Issuer unique identifier (optional) Subject unique identifier (optional) Subject unique identifier (optional) Extensions Extensions Certificate Authority's digital signature Certificate Authority's digital signature

Private Key One of two numeric keys derived from an algorithm One of two numeric keys derived from an algorithm Can be stored on a computer Can be stored on a computer Can be memorized (not practical) Can be memorized (not practical) Can be held in a token Can be held in a token Can be combined with a biometric or token Can be combined with a biometric or token Must be kept secure Must be kept secure Is not stored in the certificate Is not stored in the certificate

Get a Certificate RA approves the Certificate Information is given to CA The CA creates keys and certificate The Certificate, which contains the Public Key, is filed in a Directory Private Key goes to the User

Send a Signed Message Compose the message Compose the message Sign with your own (sender’s) private key Sign with your own (sender’s) private key Create a message hash Create a message hash Encrypt hash with private key Encrypt hash with private key Send the message and the digital signature Send the message and the digital signature

Receive a Signed Message Receive the message and the signature Receive the message and the signature Get the sender’s public key Get the sender’s public key Use the key to decrypt the signature (hash) Use the key to decrypt the signature (hash) Generate a new hash of the message Generate a new hash of the message Compare the two hashes to assure the integrity of the message and the authentication of the sender Compare the two hashes to assure the integrity of the message and the authentication of the sender

Signed Message Compose the Message Sign the Message with Private Key Send the Message and Digital Signature Receive the Message and Digital Signature Get the Sender’s Public Key Compare the hashes SENDER RECIPIENT

Send an Encrypted Message Compose the message Compose the message Get the receiver’s public key Get the receiver’s public key Encrypt the message Encrypt the message Send the message Send the message But can be more complex, especially for long messages But can be more complex, especially for long messages

Receive an Encrypted Message Receive the message Receive the message Decrypt with you own (receiver’s) private key Decrypt with you own (receiver’s) private key But can be more complex, especially for long messages But can be more complex, especially for long messages

Encrypted Message Compose the Message Get the Recipient’s Public Key Encrypt the Message with Public Key Send the Encrypted Message Get the Encrypted Message Decrypt with Private Key

Different Answers Depending On: Where the public key is stored and how it is managed Where the public key is stored and how it is managed If a user has multiple public keys If a user has multiple public keys If multiple encryption algorithms are used If multiple encryption algorithms are used If both message encryption and digital signature are required If both message encryption and digital signature are required

When PKI Doesn’t Work When it isn’t trusted When it isn’t trusted When the private key isn’t secure When the private key isn’t secure When the CA isn’t trusted by all parties When the CA isn’t trusted by all parties When the authentication required by the CA isn’t adequate for all parties When the authentication required by the CA isn’t adequate for all parties When there’s more than one John Smith When there’s more than one John Smith When the sender and receiver can’t interoperate When the sender and receiver can’t interoperate

Longer Looks at PKI This Group This Group Handout Handout Office of Information Technology Office of Information Technology Other States Other States Vendors Vendors

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.