Presentation is loading. Please wait.

Presentation is loading. Please wait.

Public Key Infrastructure (PKI)

Published byShon Townsend Modified over 5 years ago

Similar presentations

Presentation on theme: "Public Key Infrastructure (PKI)"— Presentation transcript:

1 Public Key Infrastructure (PKI)

2 What is PKI? “A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential . It is required for activities where simple passwords are an inadequate authentication method and more rigorous proof is required to confirm the identity of the parties involved in the communication and to validate the information being transferred” Wikipedia

3 SWIM Objectives The Yellow Profile (YP) targets:
Support for a wide variety of interactions in a flexible manner and that is affordable for the service consumer The interaction must be able to run over Public Internet and must be sufficiently secured Use of technologies based on standard Web Services The technology must be supported out-of-the-box Keeping as many options open as possible PKI based security solutions supports the above by: Support for message signing to satisfy integrity, identification, authenticity and more PKI is not restricted to yellow profile.

4 Business drivers Provider and consumer interaction build on trust
All involved parties can be trusted (authorized entities only) Exchange mechanism can be trusted (secured, reliable, on-time) Information can be trusted (non-repudiation, accountability) No abuse of information (adequate access control)

5 Comprehensive PKI Certification Authority Certificate Repository
Revocation Key Backup Recovery Automatic Key Update Key History Management Cross Client Software Authentication Integrity Confidentiality Secure Time Stamping Notarization Non-repudiation Support Secure Data Archive Privilege/Policy Creation Privilege/Policy Verification

6 Aeronautical PKI Architecture
USA Root CA / RA EUR USA Bridge Certificates EURRoot FAA Root Policy 1 Policy 2 Policy 3 CA / RA EDxx Airports Example based on discussions with FAA. ICAO’s role have to be further elaborated and coordinated with ICAO.

7 One bridge-two certificates
A bridge between to separate PKI’s consists of two certificates between the PKI’s root certificates USA shows that it trusts EUR by signing EUR’s public key with USA’s private key Thereby issuing a new certificate “USA trusts EUR” EUR shows that it trusts USA by signing USA’s public key with EUR’s private key Thereby issuing a new certificate “EUR trusts USA”

8 The Bridge Only two certificates to administer to trust across the Atlantic ocean Can easily and automatically be revoked from Europe towards USA and vice versa CPH have validated this scenario with standard tools available today on the internet

9 Different types of certificates
All are issued under the X.509 standard The different types of certificates are issued according to different policies and by different intermediate certificate The format and content of the fields can be different Ideas for types and policies of certificates Different certificates (policies) for different purposes (criticality) Airlines, Airports, ANSP, Suppliers / Ground handler Personnel in the above (ATSEP, Cabin Crew, Pilots)

10 Policies and Governance
Who generates the private key for each certificate? How does the public key (certificate) get signed? How to establish initial trust between CA and certificate users (ANSP, Airport, AO)? Who can obtain a certificate? What can they be used for? What is the format and other content? CA / RA EURRoot Policy 1 Policy 2 Policy 3

11 Policy 1 – high criticality example
Who generates the private key for each certificate? By national security service and kept in the “vault” of the national trust store How does the public key (certificate) get signed? Transported by courier and with senior officials from CA present How to establish initial trust between CA and certificate users (ANSP, Airport, AO)? The same way diplomats become accredited Who can obtain a certificate? Only ANSP’s or Military What can they be used for? Only to be used to secure very critical infrastructure What is the format and other content? To be defined, depends on business context

12 Policy 2 – low criticality example
Who generates the private key for each certificate? The CA generates and keeps the private key How does the public key (certificate) get signed? Automatically by the CA’s servers How to establish initial trust between CA and certificate users (ANSP, Airport, AO)? By an from the relevant organization (AO, ANSP, Airport) Who can obtain a certificate? Any organization in the industry What can they be used for? Any information that needs to be kept confidential or signed What is the format and other content? To be defined, depends on business context

13 Additional

Download ppt "Public Key Infrastructure (PKI)"

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
17 March 2010 Workshop on Efficient and Effective eGovernment FASTeTEN : a Flexible Technology in Different European Administrative Contexts

17 March 2010 Workshop on Efficient and Effective eGovernment FASTeTEN : a Flexible Technology in Different European Administrative Contexts
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Public Key Infrastructure Ben Sangster February 23, 2006.

Public Key Infrastructure Ben Sangster February 23, 2006.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.

Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
Public Key Infrastructure Ammar Hasayen 2013. ….

Public Key Infrastructure Ammar Hasayen ….
Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
1 PKI Update September 2002 CSG Meeting Jim Jokl

1 PKI Update September 2002 CSG Meeting Jim Jokl
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies.

Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

Similar presentations

Ads by Google