Presentation is loading. Please wait.

Presentation is loading. Please wait.

An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations."— Presentation transcript:

1 An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations

2 Encryption Hiding the intent or meaning of a message Hiding the intent or meaning of a message Complex mathematical algorithms Complex mathematical algorithms Should be unbreakable Should be unbreakable Claude Shannon, the Father of Information Theory Claude Shannon, the Father of Information Theory

3 Shared and Public Key Shared Key Encryption Shared Key Encryption Same Key for Encryption/Decryption Same Key for Encryption/Decryption Key dispatched in secure manner Key dispatched in secure manner DES, 3DES, AES DES, 3DES, AES Public Key Public Key Key Generation Key Generation Encrypt with Public Key Encrypt with Public Key Decrypt with Private Key Decrypt with Private Key RSA RSA

4 Digital Signatures and Certificates Digital Signature Digital Signature Create Message Digest (MD5, SHA1) Create Message Digest (MD5, SHA1) Sign Hash Sign Hash Append Signed Hash to Message Append Signed Hash to Message Verify by hashing message, public key decrypt of message Verify by hashing message, public key decrypt of message Digital Certificate Digital Certificate Public Key, Authority Signature, Key Information Public Key, Authority Signature, Key Information Mutually trusted authority signature Mutually trusted authority signature

5 What is PKI? Infrastructure Infrastructure End Entity End Entity Certificate Authority Certificate Authority Registration Authority Registration Authority Directory (X.500, LDAP) Directory (X.500, LDAP) CRL Repository CRL Repository PKI not itself a solution – SSL/TLS PKI not itself a solution – SSL/TLS

6 Issues with PKI Key Management Key Management CRL Distribution CRL Distribution Trust Trust

7 Key Management Where? Where? On laptops, desktops? On laptops, desktops? Centrally located (protected)? Centrally located (protected)? Multiple certificates? Multiple certificates? Backing up Keys – why? Backing up Keys – why? Smartcards Smartcards Tamper-resistant Tamper-resistant Work with magnetic-stripe cards Work with magnetic-stripe cards Portable, holds multiple keys Portable, holds multiple keys

8 Certificate Revocation Lists Performance Performance DoS DoS Frequent Information Frequent Information Solutions Solutions Segmenting Segmenting Over distribution Over distribution Online Certificate Status Protocol (OCSP) Online Certificate Status Protocol (OCSP) Validity real-time Validity real-time Expensive Expensive

9 Trust How/Why do we Trust CAs? (CSPs) How/Why do we Trust CAs? (CSPs) Do we read/view certificates? Do we read/view certificates? Authentication not authorization Authentication not authorization Usability and Trust Usability and Trust “Web of Trust” “Web of Trust”

10 Conclusion All-encompassing solution All-encompassing solution Many aspects are implementation-specific Many aspects are implementation-specific Key to evaluate needs of the applications Key to evaluate needs of the applications

Download ppt "An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations."

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Certificates Last Updated: Aug 29, 2013. A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.

Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP.

1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Public Key Infrastructure (X509 PKI)

Public Key Infrastructure (X509 PKI)
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.
Slide 1 Many slides from Vitaly Shmatikov, UT Austin Public-Key Infrastructure CNS F2006.

Slide 1 Many slides from Vitaly Shmatikov, UT Austin Public-Key Infrastructure CNS F2006.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.

Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Similar presentations

Ads by Google