Presentation is loading. Please wait.

Presentation is loading. Please wait.

Report on Attribute Certificates By Ganesh Godavari.

Published byCori Johns Modified over 9 years ago

Similar presentations

Presentation on theme: "Report on Attribute Certificates By Ganesh Godavari."— Presentation transcript:

1 Report on Attribute Certificates By Ganesh Godavari

2 Dept CDept A Issuance of Attribute Certificates Central Applications Central Applications Central Applications Central Applications Department Applications Central Applications Department Applications Dept B External Company ACA Central ACA Local ACA Local ACA Local ACA Devolved User Central Applications

3 Issuance Central issuance - advantages –Suitable for small organizations Local issuance - advantages –Simplified user authentication –Simplified issuance procedures –Reduced administration overhead –Greater control –Simpler distribution

4 Distributing Attribute Certificates Pull Mirrors X.509 identity cert model -- certificates are written to directory (e.g. X.500) Applications requiring attribute certificates may “pull” them as required Push Users supply attribute certificate directly to application (similar to password model) No directory Attribute Certificate Server Attribute Certificate enabled Application Directory Publish Look up Given to user Submitted by user

5 Using Attribute Certificates CA RA CA Operator RA Operator Web Server Attribute Certificate Server User Manager Web Server Proxy Verifies AC Grants access Application Config Manager 1. Get X.509v3 Identity Certificate 2. Get Attribute Certificate 3. Use Identity cert for Authentication 4. Use Attribute Cert for access control Registration Authority (RA) is a person to whom the CA delegates the responsibility for the verification of identity of a person requesting a certificate.

6 Using Attribute Certificates Certificate (PKI) based authentication of user –SSL with client authentication –S/MIME with signature –Challenge response –Signed objects Check attribute certificate is linked to identity Check ACA is allowed Check ACA signature Extract attributes and use

7 Verifying Claimed Privilege Privilege Verifier Bill Alice Bob SOA AA Holder Root CA Signs Alice’s Public Key Bill’s Public Key Bob’s Public Key Issues AC to Issues AC to Issues Command to Checks delegation of privileges Checks all signatures Checks privilege is sufficient

8 Privilege Management Infrastructure The resource must have available to PMI –the root of trust of the PKI (public key of root CA) –the root of trust of the PMI (public key of Source of Authority or a valid PK certificate) –privilege policy (rules specifying privileges) –local variables e.g. time of day –access to revocation information and certificate chains

9 Certificate Management Authority Components of Certificate Management Authority System –Enrollment. You can apply for and obtain a certificate for yourself or for a server that you administer. –Renewal. You can renew a certificate that is about to expire or has already expired. –Revocation. If you are a system administrator, you can revoke a certificate so that it is no longer valid. –Retrieval. You can list all certificates that are available to you or to your server. Cert Requests Request CertificatesExpired certificates Revocation Information Issue Expire Revoke Publish CRL Audit Log

10 Conclusion on certificate management Cumbersome Tedious Who is root CA? What level of certificate chain validation must I go through?

11 Research areas How to define AC for a group? Certificate Management System simplification?

12 Questions ?

13 References Privilege Management in X.509(2000) presentation by David W Chadwick BSc PhD Attribute Certificates presentation by Spiro Alifrangis, Baltimore Technologies

Download ppt "Report on Attribute Certificates By Ganesh Godavari."

Similar presentations

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Deploying and Managing Active Directory Certificate Services

Deploying and Managing Active Directory Certificate Services
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Wednesday, June 03, 2015 © 2001 TrueTrust Ltd1 PERMIS PMI David Chadwick.

Wednesday, June 03, 2015 © 2001 TrueTrust Ltd1 PERMIS PMI David Chadwick.
Use of AIA for Attribute Certificates

Use of AIA for Attribute Certificates
The EC PERMIS Project David Chadwick

The EC PERMIS Project David Chadwick
CS526 – Advanced Internet And Web Systems Semester Project Public Key Infrastructure (PKI) By Samatha Sudarshanam.

CS526 – Advanced Internet And Web Systems Semester Project Public Key Infrastructure (PKI) By Samatha Sudarshanam.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
21 June 2006Copyright 2006 University of Kent1 Delegation of Authority (DyVOSE project) David Chadwick University of Kent.

21 June 2006Copyright 2006 University of Kent1 Delegation of Authority (DyVOSE project) David Chadwick University of Kent.
CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Security Management.

Security Management.

Similar presentations

Ads by Google