Presentation is loading. Please wait.

Presentation is loading. Please wait.

Public-Key Certificates

Published byHandoko Oesman Modified over 5 years ago

Similar presentations

Presentation on theme: "Public-Key Certificates"— Presentation transcript:

1 Public-Key Certificates
CS 5323 Public-Key Certificates Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture 4 © Ravi Sandhu World-Leading Research with Real-World Impact!

2 Public-Key Certificates
authenticated distribution of public-keys public-key encryption sender needs public key of receiver public-key digital signatures receiver needs public key of sender public-key key agreement both need each other’s public keys © Ravi Sandhu World-Leading Research with Real-World Impact! 2

3 ISSUER (Certificate Authority) SUBJECT PUBLIC KEY INFO
X.509v1 Certificate VERSION SERIAL NUMBER SIGNATURE ALGORITHM ISSUER (Certificate Authority) VALIDITY SUBJECT SUBJECT PUBLIC KEY INFO SIGNATURE © Ravi Sandhu World-Leading Research with Real-World Impact! 3

4 X.509v1 Certificate 1 1234567891011121314 RSA+SHA-3, 2048
C=US, S=TX, O=UTSA, OU=CS 1/1/17-12/31/18 C=US, S=TX, O=UTSA, OU=CS, CN=Ravi Sandhu RSA, 2048, xxxxxxxxxxxxxxxxxxxxxxxxx SIGNATURE © Ravi Sandhu World-Leading Research with Real-World Impact! 4

5 Certificate Trust how to acquire public key of the issuer to verify signature whether or not to trust certificates signed by the issuer for this subject prefix rule is not universally applicable © Ravi Sandhu World-Leading Research with Real-World Impact! 5

6 X.509v1 Certificate 1 1234567891011121314 RSA+SHA-3, 2048
C=US, S=VA, O=GMU, OU=ISE 1/1/17-12/31/18 C=US, S=TX, O=UTSA, OU=CS, CN=Ravi Sandhu RSA, 2048, xxxxxxxxxxxxxxxxxxxxxxxxx SIGNATURE © Ravi Sandhu World-Leading Research with Real-World Impact! 6

7 SET CA Hierarchy Root Brand Brand Brand Geo-Political Bank Acquirer
Customer Merchant © Ravi Sandhu World-Leading Research with Real-World Impact! 7

8 Certificate Revocation Lists (CRLs)
SIGNATURE ALGORITHM ISSUER LAST UPDATE NEXT UPDATE REVOKED CERTIFICATES SIGNATURE SERIAL NUMBER REVOCATION DATE © Ravi Sandhu World-Leading Research with Real-World Impact! 8

9 X.509 Certificates X.509v1 X.509v2 X.509v3 very basic
adds unique identifiers to prevent against reuse of X.500 names X.509v3 adds many extensions can be further extended © Ravi Sandhu World-Leading Research with Real-World Impact! 9

10 X.509v3 Innovations distinguish various certificates
signature, encryption, key-agreement identification info in addition to X.500 name internet names: addresses, host names, URLs issuer can state policy and usage ok for casual but not for signing checks extensible proprietary extensions can be defined and registered attribute certificates to enable attribute-based authorization © Ravi Sandhu World-Leading Research with Real-World Impact! 10

11 X.509v2 CRL Innovations CRL distribution points indirect CRLs
delta CRLs revocation reason push CRLs © Ravi Sandhu World-Leading Research with Real-World Impact! 11

12 General Hierarchical Structure
Z X Y Q R S T A C E G I K M O a b c d e f g h i j k l m n o p © Ravi Sandhu World-Leading Research with Real-World Impact!

13 General Hierarchical Structure with Added Links
Z X Y Q R S T A C E G I K M O a b c d e f g h i j k l m n o p © Ravi Sandhu World-Leading Research with Real-World Impact!

14 Top-Down Hierarchical Structure
Z X Y Q R S T A C E G I K M O a b c d e f g h i j k l m n o p © Ravi Sandhu World-Leading Research with Real-World Impact!

15 Forest of Hierarchies World-Leading Research with Real-World Impact!
© Ravi Sandhu World-Leading Research with Real-World Impact!

16 Multiple Root CA’s Plus Intermediate CA’s
X S T Q R A C E G I K M O a b c d e f g h i j k l m n o p Model on the web today © Ravi Sandhu World-Leading Research with Real-World Impact!

17 Certificate Triangle User (Identity) Attributes Public-keys +
Secured secrets © Ravi Sandhu World-Leading Research with Real-World Impact!

Download ppt "Public-Key Certificates"

Similar presentations

DIGITAL CERTIFICATES Prof. Ravi Sandhu. 2 © Ravi Sandhu PUBLIC-KEY CERTIFICATES reliable distribution of public-keys public-key encryption sender needs.

DIGITAL CERTIFICATES Prof. Ravi Sandhu. 2 © Ravi Sandhu PUBLIC-KEY CERTIFICATES reliable distribution of public-keys public-key encryption sender needs.
Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
PKI Introduction Ravi Sandhu 2 © Ravi Sandhu 2002 CRYPTOGRAPHIC TECHNOLOGY PROS AND CONS SECRET KEY SYMMETRIC KEY Faster Not scalable No digital signatures.

PKI Introduction Ravi Sandhu 2 © Ravi Sandhu 2002 CRYPTOGRAPHIC TECHNOLOGY PROS AND CONS SECRET KEY SYMMETRIC KEY Faster Not scalable No digital signatures.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Kerberos and X.509 Fourth Edition by William Stallings

Kerberos and X.509 Fourth Edition by William Stallings
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Cryptography and Network Security Chapter 14

Cryptography and Network Security Chapter 14
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CS5204 – Operating Systems 1 Authentication. CS 5204 – Operating Systems2 Authentication Digital signature validation proves:  message was not altered.

CS5204 – Operating Systems 1 Authentication. CS 5204 – Operating Systems2 Authentication Digital signature validation proves:  message was not altered.
CP3397 ECommerce.

CP3397 ECommerce.
1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, 2013 © Ravi Sandhu World-Leading Research.

1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, © Ravi Sandhu World-Leading Research.
Grid Computing Basics From the perspective of security or An Introduction to Certificates.

Grid Computing Basics From the perspective of security or An Introduction to Certificates.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
1 ISA 562 Information Systems Theory and Practice 10. Digital Certificates.

1 ISA 562 Information Systems Theory and Practice 10. Digital Certificates.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
1 Federated Identity and Single-Sign On Prof. Ravi Sandhu Executive Director and Endowed Chair February 15, 2013

1 Federated Identity and Single-Sign On Prof. Ravi Sandhu Executive Director and Endowed Chair February 15, 2013
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.

Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.

Similar presentations

Ads by Google