March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today Exam clarifications needed?Exam clarifications needed? A ‘minor’ homework.

Slides:

Advertisements

Similar presentations

Chapter 14 – Authentication Applications

Advertisements

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Digital Signatures. Anononymity and the Internet.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

Pretty Good Privacy (PGP). How PGP works PGP uses both public-key cryptography and symmetric key cryptography, and includes a system which binds the public.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

March R. Smith - University of St Thomas - Minnesota QMCS Class Today Handing back the examHanding back the exam ProjectsProjects Certificates.

Online Security Tuesday April 8, 2003 Maxence Crossley.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

CSCI 530L Public Key Infrastructure. Who are we talking to? Problem: We receive an . How do we know who it’s from? address Can be spoofed.

March R. Smith - University of St Thomas - Minnesota QMCS Class Today Cryptography – introductory termsCryptography – introductory terms “Enigma”

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

March R. Smith - University of St Thomas - Minnesota QMCS Class Today Homework due TodayHomework due Today LAN and Internet AddressesLAN and.

March R. Smith - University of St Thomas - Minnesota QMCS Class Today Homework backHomework back Take-home exam will be on Blackboard after.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.

Computer Science Public Key Management Lecture 5.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.

Chapter 31 Network Security

Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.

Masud Hasan Secue VS Hushmail Project 2.

Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.

Introduction to Secure Sockets Layer (SSL) Protocol Based on:

March R. Smith - University of St Thomas - Minnesota CISC Class Today Homework scheduleHomework schedule Upcoming labUpcoming lab RecapRecap.

Configuring Directory Certificate Services Lesson 13.

SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.

King Mongkut’s University of Technology Faculty of Information Technology Network Security Prof. Reuven Aviv 6. Public Key Infrastructure Prof. R. Aviv,

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

Encryption / Security Victor Norman IS333 / CS332 Spring 2014.

DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.

1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.

Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.

Public Key Infrastructure (PKI) Chien-Chung Shen

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Using Public Key Cryptography Key management and public key infrastructures.

Digital Signatures and Digital Certificates Monil Adhikari.

Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

The Hierarchical Trust Model. PGP Certificate Server details Fast, efficient key repository –LDAP, HTTP interfaces Secure remote administration –“Pending”

The Trusted Network · · · LEFIS PKI · · · 2 nd June, 2006 · Sofia by Leonardo Catalinas · May 2006

CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.

Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.

Pertemuan #12 Pretty Good Privacy (Pretty Good Privacy) Kuliah Pengaman Jaringan.

Key management issues in PGP

Public Key Infrastructure (PKI)

SSL Certificates for Secure Websites

S/MIME T ANANDHAN.

Public Key Infrastructure

刘振上海交通大学计算机科学与工程系电信群楼3-509

Electronic Payment Security Technologies

刘振上海交通大学计算机科学与工程系电信群楼3-509

Presentation transcript:

March R. Smith - University of St Thomas - Minnesota QMCS Class Today Exam clarifications needed?Exam clarifications needed? A ‘minor’ homework thingA ‘minor’ homework thing Microsoft’s RNGMicrosoft’s RNG “Real” PK applications“Real” PK applications CertificatesCertificates Homework/QuizHomework/Quiz

March R. Smith - University of St Thomas - Minnesota Homeowork #1: Finish the exam by Friday noon#1: Finish the exam by Friday noon –Deliver it to me #2: See if PGP still works#2: See if PGP still works –You need to be able to encrypt files –Create a PK certificate, if you haven’t already –This is NOT on the web site so far...

March R. Smith - University of St Thomas - Minnesota Microsoft’s random number generator Some guys in Israel just wrote a paperSome guys in Israel just wrote a paper Windows RNG is predictable in both directionsWindows RNG is predictable in both directions If you know the RNG’s current stateIf you know the RNG’s current state –Then you can figure out earlier states (crack older keys) –You can EASILY figure out later states (crack future keys) Paper illustrates several things:Paper illustrates several things: –It’s hard for an OS to do good random numbers –Security Through Obscurity doesn’t work –It’s annoying when people redefine terminology PRNG, “forward” and “backward”PRNG, “forward” and “backward”

March R. Smith - University of St Thomas - Minnesota Using Public Key Diffie HellmanDiffie Hellman –I can share one secret with another D-H user I use the other user’s PUBLIC key with my PRIVATE keyI use the other user’s PUBLIC key with my PRIVATE key RSARSA –If I have a user’s PUBLIC key, I can send them a secret I encrypt the secret with THEIR public keyI encrypt the secret with THEIR public key They decrypt with their own private keyThey decrypt with their own private key –I can use my PRIVATE key to “sign” things I encrypt a hash (checksum) with my PRIVATE keyI encrypt a hash (checksum) with my PRIVATE key Others can check the result with my PUBLIC keyOthers can check the result with my PUBLIC key

March R. Smith - University of St Thomas - Minnesota Real Public Key Applications I.e. places where it really does something valuableI.e. places where it really does something valuable Secrecy (sharing keys)Secrecy (sharing keys) –Secret file sharing (PGP) –SSL: browsers, Secure Shell Integrity (digital signatures)Integrity (digital signatures) –Verifying downloaded software –Verifying messages –Verifying public key “owners”

March R. Smith - University of St Thomas - Minnesota Creating a Certificate People generally trust Honest AbePeople generally trust Honest Abe Abe attests that has the public key 3,5555Abe attests that has the public key 3,5555www.bank.com Abe digitally signs a certificate to say thisAbe digitally signs a certificate to say this Abe is a certificate authority (CA) since he certifies the owners of public keysAbe is a certificate authority (CA) since he certifies the owners of public keys Key: 3,5555 Honest Abe’s Private Key Signature Procedure Key: 3,5555

March R. Smith - University of St Thomas - Minnesota Validating a Certificate The initial strategy in SSL-enabled BrowsersThe initial strategy in SSL-enabled Browsers Every Web server with SSL has a certificateEvery Web server with SSL has a certificate Only one Certificate Authority’s public keyOnly one Certificate Authority’s public key –RSA Security, later Verisign, serves as “Honest Abe” Problems with scalability, delegationProblems with scalability, delegation From Authentication © Used by permission

March R. Smith - University of St Thomas - Minnesota Multiple CAs in the Browser Browsers maintain a list of “Honest Abes”Browsers maintain a list of “Honest Abes” Users can add a new CA when encounteredUsers can add a new CA when encountered –Security issue – is a new CA really honest, or not? From Authentication © Used by permission

March R. Smith - University of St Thomas - Minnesota Public Key Infrastructure A catch-all term for the services required to support the widespread use of public keys Server and client software to support public keysServer and client software to support public keys Software to create and distribute certificatesSoftware to create and distribute certificates Trustworthy organizations to issue reliable certificatesTrustworthy organizations to issue reliable certificates Mechanisms so that organizations can recognize each other’s certificatesMechanisms so that organizations can recognize each other’s certificates

March R. Smith - University of St Thomas - Minnesota Commercial PKI Commercial PKIs use a hierarchical strategy Certificates are created and signed by special certificate authority softwareCertificates are created and signed by special certificate authority software Each certificate authority belongs to an enterprise and carries a unique keyEach certificate authority belongs to an enterprise and carries a unique key The enterprise is responsible for ensuring the accuracy of certificatesThe enterprise is responsible for ensuring the accuracy of certificates –Commercial certifiers like Verisign, Inc., rely on stringent, published rules and procedures defined in their Certification Practices Statement and Certificate Policy –Private corporations may rely on internal controls and limits on certificate usage

March R. Smith - University of St Thomas - Minnesota Alternative to the CA/PKI “Pretty Good Privacy” (PGP) uses web of trust strategy Traditional ‘Web of Trust’Traditional ‘Web of Trust’ –Anyone may sign a certificate –Certificates may carry multiple signatures –Individuals must personally decide on authenticity, based on the signatures –Pairwise trust relationships, extended based upon interpersonal transitive trust Current on-line key directoryCurrent on-line key directory –Directory itself “signs” its certificates –Authenticity based on an exchange (!?!)

March R. Smith - University of St Thomas - Minnesota Issues with PKI StandardizationStandardization InteroperabilityInteroperability Poorly defined trust relationshipsPoorly defined trust relationships Confidentiality of Private/Secret signing keysConfidentiality of Private/Secret signing keys DeploymentDeployment –Infrastructure cost –Infrastructure complexity –Enrollment costs –Client deployment costs

March R. Smith - University of St Thomas - Minnesota “Group quiz” How can I send an encrypted message to 2 other people without sharing a secret with all 3?How can I send an encrypted message to 2 other people without sharing a secret with all 3? Assume we’ve shared public keysAssume we’ve shared public keys Pull out a piece of paperPull out a piece of paper Draw the answer, put the group names on itDraw the answer, put the group names on it

March R. Smith - University of St Thomas - Minnesota That’s it Questions?Questions? Creative Commons License This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA.