An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.

Slides:



Advertisements
Similar presentations
Public Key Infrastructure and Applications
Advertisements

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
1 ITNS and CERIAS CISSP Luncheon Series: Cryptography Presented by Addam Schroll, CISSP.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Public Key Infrastructure (X509 PKI)
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.
Slide 1 Many slides from Vitaly Shmatikov, UT Austin Public-Key Infrastructure CNS F2006.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.
CN8816: Network Security1 Confidentiality, Integrity & Authentication Confidentiality - Symmetric Key Encryption Data Integrity – MD-5, SHA and HMAC Public/Private.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Public Key Infrastructure from the Most Trusted Name in e-Security.
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.
Chapter 5 Digital Signatures MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
©Copyrights 2011 Eom, Hyeonsang All Rights Reserved Distributed Information Processing 20 th Lecture Eom, Hyeonsang ( 엄현상 ) Department of Computer Science.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Java Security Pingping Ma Nov 2 nd, Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)
02/22/2005 Joint Seminer Satoshi Koga Information Technology & Security Lab. Kyushu Univ. A Distributed Online Certificate Status Protocol with Low Communication.
Key Management Workshop November 1-2, Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.
E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.
©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Digital Signatures A Brief Overview by Tim Sigmon April, 2001.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.
Symmetric Encryption Mom’sSecretApplePieRecipe Mom’sSecretApplePieRecipe The same key is used to encrypt and decrypt the data. DES is one example. Pie.
Module 9: Fundamentals of Securing Network Communication.
Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.
Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
Online Certificate Status Protocol ‘OCSP’ Dave Hirose July Outline: What is OCSP? Digital Signatures Certificate Revocation List Technical aspects.
بسم الله. PKI Revealed Ayman Saeed Agenda Cryptography Review. PKI …… WHY and HOW!!!!!. X.509 Certificate. PKI Hierarchies Certification. Practical Implementation.
1 CMPT 471 Networking II Authentication and Encryption © Janice Regan,
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.
Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.
Information Security message M one-way hash fingerprint f = H(M)
Information Security message M one-way hash fingerprint f = H(M)
Information Security message M one-way hash fingerprint f = H(M)
کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)
CompTIA Security+ Study Guide (SY0-401)
CompTIA Security+ Study Guide (SY0-501)
Message Digest Cryptographic checksum One-way function Relevance
PKI (Public Key Infrastructure)
Presentation transcript:

An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations

Encryption Hiding the intent or meaning of a message Hiding the intent or meaning of a message Complex mathematical algorithms Complex mathematical algorithms Should be unbreakable Should be unbreakable Claude Shannon, the Father of Information Theory Claude Shannon, the Father of Information Theory

Shared and Public Key Shared Key Encryption Shared Key Encryption Same Key for Encryption/Decryption Same Key for Encryption/Decryption Key dispatched in secure manner Key dispatched in secure manner DES, 3DES, AES DES, 3DES, AES Public Key Public Key Key Generation Key Generation Encrypt with Public Key Encrypt with Public Key Decrypt with Private Key Decrypt with Private Key RSA RSA

Digital Signatures and Certificates Digital Signature Digital Signature Create Message Digest (MD5, SHA1) Create Message Digest (MD5, SHA1) Sign Hash Sign Hash Append Signed Hash to Message Append Signed Hash to Message Verify by hashing message, public key decrypt of message Verify by hashing message, public key decrypt of message Digital Certificate Digital Certificate Public Key, Authority Signature, Key Information Public Key, Authority Signature, Key Information Mutually trusted authority signature Mutually trusted authority signature

What is PKI? Infrastructure Infrastructure End Entity End Entity Certificate Authority Certificate Authority Registration Authority Registration Authority Directory (X.500, LDAP) Directory (X.500, LDAP) CRL Repository CRL Repository PKI not itself a solution – SSL/TLS PKI not itself a solution – SSL/TLS

Issues with PKI Key Management Key Management CRL Distribution CRL Distribution Trust Trust

Key Management Where? Where? On laptops, desktops? On laptops, desktops? Centrally located (protected)? Centrally located (protected)? Multiple certificates? Multiple certificates? Backing up Keys – why? Backing up Keys – why? Smartcards Smartcards Tamper-resistant Tamper-resistant Work with magnetic-stripe cards Work with magnetic-stripe cards Portable, holds multiple keys Portable, holds multiple keys

Certificate Revocation Lists Performance Performance DoS DoS Frequent Information Frequent Information Solutions Solutions Segmenting Segmenting Over distribution Over distribution Online Certificate Status Protocol (OCSP) Online Certificate Status Protocol (OCSP) Validity real-time Validity real-time Expensive Expensive

Trust How/Why do we Trust CAs? (CSPs) How/Why do we Trust CAs? (CSPs) Do we read/view certificates? Do we read/view certificates? Authentication not authorization Authentication not authorization Usability and Trust Usability and Trust “Web of Trust” “Web of Trust”

Conclusion All-encompassing solution All-encompassing solution Many aspects are implementation-specific Many aspects are implementation-specific Key to evaluate needs of the applications Key to evaluate needs of the applications

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.