Introduction to PKI, Certificates & Public Key Cryptography Erwan Lemonnier.

Slides:



Advertisements
Similar presentations
Internet Protocol Security (IP Sec)
Advertisements

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 5 Network Security Protocols in Practice Part I
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Introduction to Cryptography
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T IKE Tutorial.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Internet Protocol Security (IPSec)
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Cryptography 101 Frank Hecker
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
OpenVPN OpenVPN: an open source, cross platform client/server, PKI based VPN.
©Copyrights 2011 Eom, Hyeonsang All Rights Reserved Distributed Information Processing 20 th Lecture Eom, Hyeonsang ( 엄현상 ) Department of Computer Science.
Secure Socket Layer (SSL)
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)
IT:Network:Apps.  RRAS does nice job of routing ◦ NAT is nice ◦ BASIC firewall ok but somewhat weak  Communication on network (WS to SRV) is in clear.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 21 – Internet Security.
Karlstad University IP security Ge Zhang
Network Security David Lazăr.
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
Authentication 3: On The Internet. 2 Readings URL attacks
4-Jun-164/598N: Computer Networks Differentiated Services Problem with IntServ: scalability Idea: segregate packets into a small number of classes –e.g.,
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.
CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.
1 CMPT 471 Networking II Authentication and Encryption © Janice Regan,
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
Computer and Network Security - Message Digests, Kerberos, PKI –
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Group 9 Chapter 8.3 – 8.6. Public Key Algorithms  Symmetric Key Algorithms face an inherent problem  Keys must be distributed to all parties but kept.
Cryptography and Network Security (CS435) Part Thirteen (IP Security)
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

11 SECURING NETWORK TRAFFIC WITH IPSEC Chapter 6.
Computer and Network Security
Chapter 5 Network Security Protocols in Practice Part I
Version B.00 H7076S Module 3 Slides
SECURING NETWORK TRAFFIC WITH IPSEC
UNIT.4 IP Security.
Module 8: Securing Network Traffic by Using IPSec and Certificates
Module 8: Securing Network Traffic by Using IPSec and Certificates
Presentation transcript:

Introduction to PKI, Certificates & Public Key Cryptography Erwan Lemonnier

Introduction to PKI, Certificates & Public Key Cryptography – Role of Computer Security CIA Confidentiality: protection against data disclosure Integrity: protection against data modification Availability: protection against data disponibility Identification & Authentication (I&A) Provide a way of identifying entities, and controlling this identity Non-repudiability Bind an entity to its actions

Introduction to PKI, Certificates & Public Key Cryptography – How to implement CIA, I & A, N-R ? With Cryptography ! Main cryptographic tools: Hash Functions Secret Key Cryptography Public Key Cryptography And their combinations: Certificates PKI

Introduction to PKI, Certificates & Public Key Cryptography – Main cryptographic tools Hash Functions: Bind one entity with a unique ID => Signature Hash + Encryption => trusted signature Symmetric Key Cryptography 2 users share a secret key S and an algorithm. S(S(M)) = M Problem: how to exchange secret keys ? =>Secret Key Server (ex: kerberos)

Introduction to PKI, Certificates & Public Key Cryptography – Main cryptographic tools Public Key Cryptography: Each user has a public key P and a private key S, and an algorithm A. P(S(M)) = S(P(M)) = M  No shared secret ! Encryption with Public Key CryptoAuthentication with Public Key Crypto

Introduction to PKI, Certificates & Public Key Cryptography – Main cryptographic tools, PKI How to distribute public keys ?  Public Key Server (PKS), key exchange protocols Public Key Infrastructure (PKI): PKI = N x (Entities with private keys) + public key exchange system REM: Public Key algorithms are slow  Need to use both Public & Secret Key Cryptography  Public Key Protocols work in 3 phases 1.Authentication via Public Key Cryptography (challenge) 2.Exchange of a session Secret Key, encrypted with Public Key Crypto 3.Session encrypted with Symmetric Cryptography

Introduction to PKI, Certificates & Public Key Cryptography – Certificate A certificate binds an entity with its public key. It’s just a digitally signed piece of data.  digital ID card an entity’s description (name, etc.) + entity’s public key + expiration date, serial number, etc. + CA’s name + a signature issued by a CA Certificate = The certificate is issued and signed by a trusted Certificate Authority (CA) Digital signature: CA signature = certificate hash, encrypted with CA’s private key

Introduction to PKI, Certificates & Public Key Cryptography – Certificate The certificate’s CA is the only entity able to create/modify the certificate  the CA has to be trusted Certificates enable: Clients to authenticate servers Servers to authenticate clients Public key exchange without Public Key Server  No disclosure of private/secret keys. Certificates are usually stored encrypted. Special features: chains of CAs, to distribute the task of issuing Certificates Certificate Revocation List, to disable certificates

Introduction to PKI, Certificates & Public Key Cryptography – Usual cryptographic algorithms & infrastructures Hash:MD4, MD5, SHA-1 Symmetric Key:DES, 3DES, AES (Rijnael), IDEA, RC4 Public/Private Key:RSA, Diffie-Hellman Certificat: X509 PKI:IPSec, SSL, (kerberos)

Introduction to PKI, Certificates & Public Key Cryptography – example: IPSec IPSec works at IP level. Provide authentication and encryption. Used to build VPNs. Configuration: 2 transfert modes: tunnel or transport 2 transfert protocols: AH (Authentication Header) => authenticated traffic ESP (Encapsulating Security Payload) => encrypted traffic Key exchange protocols: Internet Key Exchange (IKE), Internet Security Association and Key Management Protocol (ISAKMP), etc.

Introduction to PKI, Certificates & Public Key Cryptography – Weaknesses of PKI and Certificates PKI: unsecured server: hackable Public Key/Certificate servers unsecured client:private keys/passwords can be stolen/spied weak algorithm:short keys, implementation or design breach Certificate: unsecured computer: certificates can be stolen, password spied certificate password: certificates are stored encrypted, with weak password untrustable CA: easy to be issued a certificate from a CA users: they seldom check if CA can be trusted before accepting certificates (netscape GUI) Attack example: hack client’s computer, steal certificate & password man in the middle

Introduction to PKI, Certificates & Public Key Cryptography – Links Book: Applied cryptography, Bruce Schneier URLs: theory.lcs.mit.edu/~rivest/crypto-security.html web.mit.edu/6.857/OldStuff/Fall96/www/main.html