Chapter 4 a - X.509 Authentication

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

CP3397 ECommerce.
Cryptography and Network Security
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Chapter 8 Web Security.
CSCI 6962: Server-side Design and Programming
Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
Secure Electronic Transaction (SET)
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.
Unit 1: Protection and Security for Grid Computing Part 2
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Chapter 4 - X.509 Authentication TE-405 Network Security and Management Fall Dr. Faisal Kakar
Digital Signatures and Digital Certificates Monil Adhikari.
ECE Prof. John A. Copeland fax Office: Klaus 3362.
ECE Prof. John A. Copeland fax Office: GCATT Bldg.
ECE Prof. John A. Copeland fax Office: GCATT Bldg.
April 20023CSG11 Electronic Commerce Authentication John Wordsworth Department of Computer Science The University of Reading Room.
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.
Mar 18, 2003Mårten Trolin1 Agenda Parts that need to be secured Card authentication Key management.
1 Internet data security (HTTPS and SSL) Ruiwu Chen.
Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.
Henric Johnson1 Secure Electronic Transactions An open encryption and security specification. Protect credit card transaction on the Internet. Companies.
or call for office visit, or call Kathy Cheek,
Chapter 5a - Pretty Good Privacy (PGP)
Chapter 7 - Secure Socket Layer (SSL)
or call for office visit Chapter 4b - X.509 Authentication
Setting and Upload Products
Security Outline Encryption Algorithms Authentication Protocols
Authentication, Authorisation and Security
SSL Certificates for Secure Websites
or call for office visit, or call Kathy Cheek,
Tutorial on Creating Certificates SSH Kerberos
Cryptography and Network Security
PAYMENT GATEWAY Presented by SHUJA ASHRAF SHAH ENROLL: 4471
Information Security message M one-way hash fingerprint f = H(M)
Uses Uses of cryptography Lab today on RSA
Tutorial on Creating Certificates SSH Kerberos
Information Security message M one-way hash fingerprint f = H(M)
Information Security message M one-way hash fingerprint f = H(M)
Using SSL – Secure Socket Layer
کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)
Cryptography and Network Security
زير ساخت كليد عمومي و گواهي هويت
Message Digest Cryptographic checksum One-way function Relevance
Cryptography and Network Security
Secure Electronic Transaction (SET) University of Windsor
Information Security message M one-way hash fingerprint f = H(M)
Digital Certificates and X.509
CS 465 Certificates Last Updated: Oct 14, 2017.
Lecture 4 - Cryptography
The Secure Sockets Layer (SSL) Protocol
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
e-Security Solutions Penki Kontinentai Vladas Lapinskas
Chapter 3 - Public-Key Cryptography & Authentication
Advanced Computer Networks
Electronic Payment Security Technologies
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
Cryptography and Network Security
Presentation transcript:

Chapter 4 a - X.509 Authentication Network Security Spring 2017 http://www.faisalakhan.info/contentPage/Classes Dr. Faisal Khan faisal.khan@buitms.edu.pk Office: SS Block

X.509 Authentication Service • An International Telecommunications Union (ITU) recommendation (versus “standard”) for allowing computer host or users to securely identify themselves over a network. • An X.509 certificate purchased from a “Certificate Authority” (trusted third party) allows a merchant to give you his public key in a way that your Browser can generate a session key for a transaction, and securely send that to the merchant for use during the transaction (padlock icon on screen closes to indicate transmissions are encrypted). • Once a session key is established, no one can “high jack” the session (for example, after your enter your credit card information, an intruder can not change the order and delivery address). • User only needs a Browser that can encrypt/decrypt with the appropriate algorithm, and generate session keys from truly random numbers. • Merchant’s Certificate is available to the public, only the secret key must be protected. Certificates can be cancelled if secret key is compromised.

Raw “Certificate” has user name, public key, expiration date, ... CA’s Secure Area Generate hash code of Raw Certificate Raw Cert. MIC Hash Encrypt hash code with CA’s private key to form CA’s signature Signed Cert. Signed Certificate Recipient can verify signature using CA’s public key. Certificate Authority generates the “signature” that is added to raw “Certificate” 3

4

Information Provided by Browser about a Certificate This Certificate belongs to: investing.schwab.com trading subnet a 1199 Charles Schwab & Co., Inc. Phoenix, Arizona, US This Certificate was issued by Secure Server Certification Authority RSA Data Security, Inc. US Serial Number: 6B:68:2F:3B:FD:8A:46:73:04:33:10:8A:32:1E:47:5B This Certificate is valid from Wed Nov 03, 1999 to Thu Nov 02, 2000 Certificate Fingerprint: 4B:80:C6:C5:2D:63:14:E7:6F:50:BD:16:39:3C:96:FD 5

Certificates Can Be Deleted (and Added) Are you sure that you want to delete this Site Certificate? This Certificate belongs to: endor.mcom.com Netscape Communications Corp. US This Certificate was issued by: rootca.netscape.com Information Systems Netscape Communications Corporation Serial Number: 01:77 This Certificate is valid from Thu May 15, 1997 to Tue Nov 11, 1997 Certificate Fingerprint: 06:BF:60:88:D9:E7:59:BF:3A:35:74:33:28:8E:26:F6 6

X.509 Chain of Authentication CA<<A>> = CA {A’s id and information} X<<A>> = certificate of A “signed” by X To authenticate X<<A>>, you must get the public key of X from a trusted source, such as Z - your own CA. ( Z<<X>>) Z in turn may have to get X’s certificate from a higher level CA. Ultimately there must be an “Authentication Tree” of CA’s so that a user can work up the tree (from Z) and back down to the issuer of the certificate in question, X. 7

Chain of Authentication In practice, there is no single top-level Certificate Authority (CA), only a group of CA’s that each Browser vendor deems fit to include in the installation program. X.509 Chain of Authentication 8

“Root” Certificate Authorities in Firefox (2010) 9 added by user

Safari Browser - Google Safe Browsing Service - 2011 Firefox Browser - OCSP - 2011 10

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.