Presentation is loading. Please wait.

Presentation is loading. Please wait.

Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

Published byCamron Long Modified over 8 years ago

Similar presentations

Presentation on theme: "Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)"— Presentation transcript:

1 Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

2 Public Key Deception Impostor Claims to be a True Party –True party has a public and private key –Impostor also has a public and private key Impostor sends impostor’s own public key to the verifier –Says, “This is the true party’s public key” –This is the critical step in the deception

3 Public Key Deception If verifier accepts the impostor’s public key as the true party’s public key, –Impostor will be authenticated through any public key authentication method, because their private key will work –Impostor can also decrypt messages sent by the verifier if these messages are encrypted with the impostor’s public key

4 Public Key Deception Moral: –Public key encryption for privacy, confidentiality, authentication, and message integrity only works if –The verifier gets the true party’s public key independently of the applicant, –From a trusted third party

5 Digital Certificates Created by a Certificate Authority –Certificate authority is the trusted third party Certificate Authority Certificate Authority Authenticated Party Authenticated Party Digital Certificate Digital Certificate

6 Certificate Authorities Unfortunately, certificate authorities are not regulated You must only use certificate authorities you trust Company can be its own certificate authority for internal authentication among its hardware and software systems

7 Digital Certificates Assert that a true party (named) has the public key contained in the digital certificate –Provides a name-public key pair –Therefore prevents public key deception –Fields and content are standardized by the ITU- T X.509 Standard

8 Digital Certificates Each digital certificate has its own digital signature, signed (encrypted) by the private key of the certificate authority –Provides message integrity so that an impostor cannot change the name field in the digital certificate to its own

9 Digital Certificates Certificate authorities may revoke digital certificates before the expiration date listed in the digital certificate –Revoked certificate ID numbers are placed in a certificate revocation list (CRL) –Verifier must check with the certificate authority to determine if a digital certificate is on the CRL Without the CRL check, digital certificates do not support authentication

10 Digital Certificates Recap –A digital signature gives the public key of a named party –This is needed for public key authentication, to prevent public key deception –However, a digital certificate alone does NOT provide authentication

11 Public Key Infrastructures (PKIs) Private key creation and distribution Digital certificate creation and distribution Certificate Revocation List checking

12 PKIs To use public key methods, an organization must establish a comprehensive Public Key Infrastructure (PKI) –A PKI automates most aspects of using public key encryption and authentication –Uses a PKI Server PKI Server

13 PKIs PKI Server Creates Public Key-Private Key Pairs –Distributes private keys to applicants securely –Often, private keys are embedded in delivered software PKI Server Private Key

14 PKIs PKI Server Provides CRL Checks –Distributes digital certificates to verifiers –Checks certificate revocation list before sending digital certificates PKI Server Digital Certificate

15 PKIs CRL Checks –If applicant gives verifier a digital certificate, –The verifier must check the certificate revocation list PKI Server OK? OK or Revoked CRL

16 Integrated Security System When two parties communicate … –Their software usually handles the details –First, negotiate security methods –Then, authenticate one another –Then, exchange symmetric session key –Then can communicate securely using symmetric session key and message-by-message authentication

17 SSL Integrated Security System SSL –Secure Sockets Layer –Developed by Netscape TLS (now) –Netscape gave IETF control over SSL –IETF renamed it TLS (Transport Layer Security) –Usually still called SSL

18 Location of SSL Below the Application Layer –IETF views it at the transport layer –Protects all application exchanges –Not limited to any single application WWW transactions, e-mail, etc. SSL E-MailWWWE-MailWWW

19 SSL Operation Browser & Webserver Software Implement SSL –User can be unaware

20 SSL Operation SSL ISS Process –Two sides negotiate security parameters –Webserver authenticates itself –Browser may authenticate itself but rarely does –Browser selects a symmetric session key, sends to webserver –Adds a digital signature and encrypts all messages with the symmetric key

21 Importance of SSL Supported by Almost All Browsers –De facto standard for Internet application security Problems –Relatively weak security –Does not involve security on merchant server –Does not validate credit card numbers –Viewed as an available but temporary approach to consumer security

22 Other ISSs SSL is merely an example integrated security system Many other ISSs exist –IPsec (Chapter 9 and Module F) –PPP and PPTP (Module F) –Etc.

23 Other ISSs All ISSs have the same general steps –Negotiate security parameters –Authenticate the partners –Exchange a session key –Communicate with message-by-message privacy, authentication, and message integrity

Download ppt "Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)"

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
CP3397 ECommerce.

CP3397 ECommerce.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Cryptography and Network Security

Cryptography and Network Security
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
VPNs  IETF developing IPsec security standards IP securityIP security At the internet layerAt the internet layer Protects all messages at the transport.

VPNs  IETF developing IPsec security standards IP securityIP security At the internet layerAt the internet layer Protects all messages at the transport.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
PKIs  To use public key methods, an organization must establish a comprehensive Public Key Infrastructure (PKI) A PKI automates most aspects of using.

PKIs  To use public key methods, an organization must establish a comprehensive Public Key Infrastructure (PKI) A PKI automates most aspects of using.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Similar presentations

Ads by Google