We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byTimothy Green
Modified over 4 years ago
DIGITAL CERTIFICATES Prof. Ravi Sandhu
2 © Ravi Sandhu PUBLIC-KEY CERTIFICATES reliable distribution of public-keys public-key encryption sender needs public key of receiver public-key digital signatures receiver needs public key of sender public-key key agreement both need each others public keys
3 © Ravi Sandhu X.509v1 CERTIFICATE VERSION SERIAL NUMBER SIGNATURE ALGORITHM ISSUER VALIDITY SUBJECT SUBJECT PUBLIC KEY INFO SIGNATURE
4 © Ravi Sandhu X.509v1 CERTIFICATE 1 1234567891011121314 RSA+MD5, 512 C=US, S=VA, O=GMU, OU=ISE 9/9/99-1/1/1 C=US, S=VA, O=GMU, OU=ISE, CN=Ravi Sandhu RSA, 1024, xxxxxxxxxxxxxxxxxxxxxxxxx SIGNATURE
5 © Ravi Sandhu CERTIFICATE TRUST how to acquire public key of the issuer to verify signature whether or not to trust certificates signed by the issuer for this subject
6 © Ravi Sandhu PEM CERTIFICATION GRAPH Internet Policy Registration Authority Policy Certification Authorities (PCAs) HIGH ASSURANCE MID-LEVEL ASSURANCE RESIDENTIAL PERSONA Certification Authorities (CAs) Abrams Sandhu Subjects Sandhu LEO IPRA MITRE GMU ISSE Virginia Fairfax Anonymous
7 © Ravi Sandhu SECURE ELECTRONIC TRANSACTIONS (SET) CA HIERARCHY Root Brand Geo-Political BankAcquirer CustomerMerchant
8 © Ravi Sandhu CRL FORMAT SIGNATURE ALGORITHM ISSUER LAST UPDATE NEXT UPDATE REVOKED CERTIFICATES SIGNATURE SERIAL NUMBER REVOCATION DATE
9 © Ravi Sandhu X.509 CERTIFICATES X.509v1 very basic X.509v2 adds unique identifiers to prevent against reuse of X.500 names X.509v3 adds many extensions can be further extended
10 © Ravi Sandhu X.509v3 CERTIFICATE INNOVATIONS distinguish various certificates signature, encryption, key-agreement identification info in addition to X.500 name internet names: email addresses, host names, URLs issuer can state policy and usage good enough for casual email but not for signing checks limits on use of signature keys for further certification extensible proprietary extensions can be defined and registered attribute certificates ongoing work
11 © Ravi Sandhu X.509v2 CRL INNOVATIONS CRL distribution points indirect CRLs delta CRLs revocation reason push CRLs
12 © Ravi Sandhu GENERAL HIERARCHICAL STRUCTURE Z X Q A Y RST CEGIKMO abcdefghijklmnop
13 © Ravi Sandhu GENERAL HIERARCHICAL STRUCTURE WITH ADDED LINKS Z X Q A Y RST CEGIKMO abcdefghijklmnop
14 © Ravi Sandhu TOP-DOWN HIERARCHICAL STRUCTURE Z X Q A Y RST CEGIKMO abcdefghijklmnop
15 © Ravi Sandhu FOREST OF HIERARCHIES
16 © Ravi Sandhu MULTIPLE ROOT CAs PLUS INTERMEDIATE CAs MODEL X Q A R ST CEGIKMO abcdefghijklmnop
17 © Ravi Sandhu THE CERTIFICATE TRIANGLE user attributepublic-key X.509 identity certificate X.509 attribute certificate SPKI certificate
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
SSL Trust Pitfalls Prof. Ravi Sandhu.
Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
SSL Trust Pitfalls Prof. Ravi Sandhu. 2 © Ravi Sandhu 2002 THE CERTIFICATE TRIANGLE user attributepublic-key X.509 identity certificate X.509 attribute.
PKI Introduction Ravi Sandhu 2 © Ravi Sandhu 2002 CRYPTOGRAPHIC TECHNOLOGY PROS AND CONS SECRET KEY SYMMETRIC KEY Faster Not scalable No digital signatures.
1 APNIC Resource Certification Service Project Routing SIG 7 Sep 2005 APNIC20, Hanoi, Vietnam George Michaelson.
© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
© Rosti/DSI NPS - 02/22/01 1 A Performance Evaluation Study of an X.509 Compliant Public Key Infrastructure Emilia Rosti Joint work with Danilo Bruschi.
0 - 0.
Chapter 14 – Authentication Applications
Kerberos and X.509 Fourth Edition by William Stallings
CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.
Cryptography and Network Security Chapter 14
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CS5204 – Operating Systems 1 Authentication. CS 5204 – Operating Systems2 Authentication Digital signature validation proves: message was not altered.
Grid Computing Basics From the perspective of security or An Introduction to Certificates.
© 2018 SlidePlayer.com Inc. All rights reserved.