Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to PKI, Certificates & Public Key Cryptography Erwan Lemonnier.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Introduction to PKI, Certificates & Public Key Cryptography Erwan Lemonnier."— Presentation transcript:

1 Introduction to PKI, Certificates & Public Key Cryptography Erwan Lemonnier

2 Introduction to PKI, Certificates & Public Key Cryptography – erwan@defcom.com Role of Computer Security CIA Confidentiality: protection against data disclosure Integrity: protection against data modification Availability: protection against data disponibility Identification & Authentication (I&A) Provide a way of identifying entities, and controlling this identity Non-repudiability Bind an entity to its actions

3 Introduction to PKI, Certificates & Public Key Cryptography – erwan@defcom.com How to implement CIA, I & A, N-R ? With Cryptography ! Main cryptographic tools: Hash Functions Secret Key Cryptography Public Key Cryptography And their combinations: Certificates PKI

4 Introduction to PKI, Certificates & Public Key Cryptography – erwan@defcom.com Main cryptographic tools Hash Functions: Bind one entity with a unique ID => Signature Hash + Encryption => trusted signature Symmetric Key Cryptography 2 users share a secret key S and an algorithm. S(S(M)) = M Problem: how to exchange secret keys ? =>Secret Key Server (ex: kerberos)

5 Introduction to PKI, Certificates & Public Key Cryptography – erwan@defcom.com Main cryptographic tools Public Key Cryptography: Each user has a public key P and a private key S, and an algorithm A. P(S(M)) = S(P(M)) = M  No shared secret ! Encryption with Public Key CryptoAuthentication with Public Key Crypto

6 Introduction to PKI, Certificates & Public Key Cryptography – erwan@defcom.com Main cryptographic tools, PKI How to distribute public keys ?  Public Key Server (PKS), key exchange protocols Public Key Infrastructure (PKI): PKI = N x (Entities with private keys) + public key exchange system REM: Public Key algorithms are slow  Need to use both Public & Secret Key Cryptography  Public Key Protocols work in 3 phases 1.Authentication via Public Key Cryptography (challenge) 2.Exchange of a session Secret Key, encrypted with Public Key Crypto 3.Session encrypted with Symmetric Cryptography

7 Introduction to PKI, Certificates & Public Key Cryptography – erwan@defcom.com Certificate A certificate binds an entity with its public key. It’s just a digitally signed piece of data.  digital ID card an entity’s description (name, etc.) + entity’s public key + expiration date, serial number, etc. + CA’s name + a signature issued by a CA Certificate = The certificate is issued and signed by a trusted Certificate Authority (CA) Digital signature: CA signature = certificate hash, encrypted with CA’s private key

8 Introduction to PKI, Certificates & Public Key Cryptography – erwan@defcom.com Certificate The certificate’s CA is the only entity able to create/modify the certificate  the CA has to be trusted Certificates enable: Clients to authenticate servers Servers to authenticate clients Public key exchange without Public Key Server  No disclosure of private/secret keys. Certificates are usually stored encrypted. Special features: chains of CAs, to distribute the task of issuing Certificates Certificate Revocation List, to disable certificates

9 Introduction to PKI, Certificates & Public Key Cryptography – erwan@defcom.com Usual cryptographic algorithms & infrastructures Hash:MD4, MD5, SHA-1 Symmetric Key:DES, 3DES, AES (Rijnael), IDEA, RC4 Public/Private Key:RSA, Diffie-Hellman Certificat: X509 PKI:IPSec, SSL, (kerberos)

10 Introduction to PKI, Certificates & Public Key Cryptography – erwan@defcom.com example: IPSec IPSec works at IP level. Provide authentication and encryption. Used to build VPNs. Configuration: 2 transfert modes: tunnel or transport 2 transfert protocols: AH (Authentication Header) => authenticated traffic ESP (Encapsulating Security Payload) => encrypted traffic Key exchange protocols: Internet Key Exchange (IKE), Internet Security Association and Key Management Protocol (ISAKMP), etc.

11 Introduction to PKI, Certificates & Public Key Cryptography – erwan@defcom.com Weaknesses of PKI and Certificates PKI: unsecured server: hackable Public Key/Certificate servers unsecured client:private keys/passwords can be stolen/spied weak algorithm:short keys, implementation or design breach Certificate: unsecured computer: certificates can be stolen, password spied certificate password: certificates are stored encrypted, with weak password untrustable CA: easy to be issued a certificate from a CA users: they seldom check if CA can be trusted before accepting certificates (netscape GUI) Attack example: hack client’s computer, steal certificate & password man in the middle

12 Introduction to PKI, Certificates & Public Key Cryptography – erwan@defcom.com Links Book: Applied cryptography, Bruce Schneier URLs: theory.lcs.mit.edu/~rivest/crypto-security.html www.counterpane.com/pki-risks.html www.csc.gatech.edu/~copeland/8813/slides/ www.iplanet.com/developer/docs/articles/security/pki.html web.mit.edu/6.857/OldStuff/Fall96/www/main.html

Download ppt "Introduction to PKI, Certificates & Public Key Cryptography Erwan Lemonnier."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Introduction to Cryptography

Introduction to Cryptography
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T IKE Tutorial.

W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T IKE Tutorial.

Similar presentations

Ads by Google