Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Digital Signatures. Anononymity and the Internet.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Lecture 23 Internet Authentication Applications
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
Copyright Statement Copyright Robert J. Brentrup and Sean W. Smith This work is the intellectual property of the authors. Permission is granted for.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Technology – Broad View1 Networks  For the most part, not a technology, but political/financial issue Available bandwidth continuously increasing (“√2-rule”
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Cryptographic Technologies
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
1 Authentication Protocols Celia Li Computer Science and Engineering York University.
Computer Science Public Key Management Lecture 5.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.
Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
每时每刻 可信安全 1The DES algorithm is an example of what type of cryptography? A Secret Key B Two-key C Asymmetric Key D Public Key A.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Unit 1: Protection and Security for Grid Computing Part 2
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
DIGITAL SIGNATURE.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
1 Thuy, Le Huu | Pentalog VN Web Services Security.
Digital Signatures and Digital Certificates Monil Adhikari.
Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Chapt. 10 – Key Management Dr. Wayne Summers Department of Computer Science Columbus State University
Fall 2006CS 395: Computer Security1 Key Management.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
1 Internet data security (HTTPS and SSL) Ruiwu Chen.
Digital Signatures.
Web Services Security.
Public Key Infrastructure
Chapt. 10 – Key Management Dr. Wayne Summers
The Secure Sockets Layer (SSL) Protocol
Public-Key, Digital Signatures, Management, Security
Electronic Payment Security Technologies
Fluency with Information Technology Lawrence Snyder
Presentation transcript:

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004

2 Cryptography A secret key is used to transform data to encrypted form and back Distributing the key must occur in a secure channel The strength of the system depends on the algorithm and the complexity of the keys

3 Asymmetric Cryptography A pair of keys is used. The only way to decrypt data encrypted by one key is to use the other key of the pair. The private key is kept secret by it’s owner. The public key is published.

4 Asymmetric Key Cryptography No need to exchange a secret "key" by some other channel –Invented in 1976 by Whit Diffie and Martin Hellman –Commercialized by RSA Security (Rivest, Shamir, Adelman)

5 Encryption Anyone encrypts with public key of recipient. Only the recipient can decrypt with their private key. No secrets need to be exchanged in advance. If the private key is secret, the data is secure.

6 Digital Signatures Signer computes content digest, encrypts with their private key. Reader decrypts with signer’s public key. Reader re-computes the content digest and verifies match with original – guarantees no one has modified signed data. If only signer has private key, no one else can produce their digital signature.

7 Why PKI? Comprehensive way to address securing many applications No passwords on the wire No need for shared secrets Strong underlying security technology Widely included in Technology Products

8 PKI and Passwords Passwords NOT even sent to server –Still using password to unlock key Only user knows password Can recover only if escrow a copy Harder to share, need key in file and password

9 Policy - Process Registration: How individual is identified Generating and storing key pair Individual education of best practices Stronger Authentication –Strengthens Authorization Balance Policy/Process with Application’s security requirements

10 Basic applications of PKI Authentication and Authorization of Web users and servers Basis for the SSL protocol used to secure web connections Secure (signed and encrypted) Electronic signatures Data encryption –Business documents, databases, executable code Network data protection (VPN, wireless)

11 Authentication with PKI The server challenges the client to encrypt data with their private key. The server decrypts the response with the client’s public key. If the response matches the original data, then the client must have the matching private key. Therefore the client is the entity named in the public key certificate. –Basis for SSL/TSL protocols

12 What is X.509? A standard for the format of a public key certificate and related standards for how certificates are used. Current PKI product offerings inter-operate through this standard There are many other possible formulations, eg SDSI/SPKI

13 What is a certificate? Signed data structure that binds some information to a public key Trusted entity asserts validity of information in certificate The information is usually a personal identity or a server name Think of it as an electronic ID card

14 What is a certificate authority? An organization that creates and publishes certificates Verifies the information in the certificate Protects general security and policies of the system and its records Allows you to check certificates and decide to use them in business transactions

15 What is a CA certificate? A certificate authority generates a key pair used to sign the certificates it issues Multiple institutions can collaborate via: –Hierachical structure among their CAs –Bridge Certification Authorities "peer to peer" approach

16 Key Validity Duration requirements: –Limited time as defense against compromise –Retain for future decryption –History of Public keys for signature verification Kerberos –PK technology with short lifetime –Authentication only Can issue X.509 certificates with timeframes chosen based on use –Typically longer lived

17 Application Changes Add client side SSL to web server configuration Modify application to –Test for presence of https connection –Get user information from environment –Fall through to previous authentication Rewrite rules to bypass https for unaware web browsers

18 Application Benefits Authentication - Web Services –Eliminates transmitting passwords on network –Improve on Kerberos infrastructure Digital Signatures –Enables verifiable electronic business processes NIH Pilot - Grant Applications Encryption –Secure sensitive data sent via or electronic documents

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.