Certificates, Browsers & You: What is all this certificate crud? Frank J. Nagy God of Kerberos And Associates...

Slides:



Advertisements
Similar presentations
Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
Advertisements

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CS5204 – Operating Systems 1 Authentication. CS 5204 – Operating Systems2 Authentication Digital signature validation proves:  message was not altered.
Grid Computing Basics From the perspective of security or An Introduction to Certificates.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,
Public Key Management and X.509 Certificates
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Certificates, Browsers & You: What is all this certificate crud? Frank J. Nagy God of Kerberos And Associates...
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.
Use of Kerberos-Issued Certificates at Fermilab Kerberos  PKI Translation Matt Crawford & Dane Skow Fermilab.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.
IT:Network:Applications.  Single Key (Symmetric) encryption ◦ One “key” or passphrase used to encrypt and decrypt ◦ FAST – good for large amounts of.
OpenVPN OpenVPN: an open source, cross platform client/server, PKI based VPN.
Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Lecture 5.3: Key Distribution: Public Key Setting CS 436/636/736 Spring 2012 Nitesh Saxena.
Unit 1: Protection and Security for Grid Computing Part 2
Module 9: Fundamentals of Securing Network Communication.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
NDSU Lunchbytes "Are They Really Who They Say They Are?" Digital or Electronic Signature Information Rick Johnson, Theresa Semmens, Lorna Olsen April 24,
15.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Key Management.
Authentication 3: On The Internet. 2 Readings URL attacks
Fall 2010/Lecture 321 CS 426 (Fall 2010) Key Distribution & Agreement.
IST E-infrastructure shared between Europe and Latin America ULAGrid Certification Authority Vanessa Hamar Universidad de Los.
X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.
Security CNS 4650 Fall 2004 Rev. 2 SSL, SASL, PKI.
Washington System Center © 2005 IBM Corporation August 25, 2005 RDS Training Secure Socket Layer (SSL) Overview z/Series Security (Mary Sweat, Greg Boyd)
Topic 14: Secure Communication1 Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
CONTROLLING USER ACCESS: AUTHENTICATION AND AUTHORIZATION DEFIANA ARNALDY, M.SI
Chapter 4 - X.509 Authentication TE-405 Network Security and Management Fall Dr. Faisal Kakar
Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.
Fermilab CA Infrastructure EDG CA Managers Mtg June 13, 2003.
Computer and Network Security - Message Digests, Kerberos, PKI –
Measures to prevent MITM attack and their effectiveness CSCI 5931 Web Security Submitted By Pradeep Rath Date : 23 rd March 2004.
1 Certification Issue : how do we confidently know the public key of a given user? Authentication : a process for confirming or refuting a claim of identity.
X509 Web Authentication From the perspective of security or An Introduction to Certificates.
Project Status: Computer Security June 26, Agenda Background, Technical Going Forward.
Company LOGO January 24 th, 2007 PC Manager Meeting.
GRID-FR French CA Alice de Bignicourt.
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.
Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.
Key management issues in PGP
Authentication, Authorisation and Security
SSL Certificates for Secure Websites
Cryptography and Network Security
Authentication Applications
Information Security message M one-way hash fingerprint f = H(M)
کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)
زير ساخت كليد عمومي و گواهي هويت
Public-Key Certificates
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
Install AD Certificate Services
PKI (Public Key Infrastructure)
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
Presentation transcript:

Certificates, Browsers & You: What is all this certificate crud? Frank J. Nagy God of Kerberos And Associates...

Certificate Talks Introduction and Theory Using get-cert (KCA certificate) under Linux Using get-cert (KCA certificate) under OS X Using Network Identity Manager for Windows More Theory

Public key encryption, Public Key Infrastructure (PKI) Digital Signature {Digital} Certificate X.509 Standard (CCITT) and X.500 Naming Conventions Distinguished and Common Names Certificate Authority (CA) CA Certificate Chain of Trust Secure Socket Layer (SSL)

Public Key Encryption Bob Pat Doug Susan Bob's Co- workers: Anyone can get Bob's Public Key, but Bob keeps his Private Key to himself Bob's keys: (public) (private) "Hey Bob, how about lunch at Taco Bell. I hear they have free refills!" HNFmsEm6Un BejhhyCGKOK JuxhiygSBCEiC 0QYIh/Hn3xgiK BcyLK1UcYiY lxx2lCFHDC/A HNFmsEm6Un BejhhyCGKOK JuxhiygSBCEiC 0QYIh/Hn3xgiK BcyLK1UcYiY lxx2lCFHDC/A HNFmsEm6Un BejhhyCGKOK JuxhiygSBCEiC 0QYIh/Hn3xgiK BcyLK1UcYiY lxx2lCFHDC/A "Hey Bob, how about lunch at Taco Bell. I hear they have free refills!"

Digital Signature

Digital Certificate Bob Info: Name Department Cubical Number Certificate Info: Expiration Date Serial Number Bob's Public Key: Certificate Authority CA Private Key:

Look Inside the Certificate Subject Information: - Organization - Name - (optional) Certificate Information: - Issuer (CA) Name - Validity dates (begin:end) - Serial Number - Usage flags Subject's Public Key Hash Data Signature (by CA Private Key)

Some Certificate Uses Signing messages – Identify author – Make message tamper-evident\ Identify host for SSL connection Web site authentication (common KCA usage) Others

And now for something... Completely specific: The HowTo talks on getting KCA certificates under Linux, Mac OS X and Windows

Certificate Parts Subject (of the certificate) Valid and Expiration Dates Serial Number Public Key of the Subject Issuer of this certificate Hash and signature encoding algorithms Signed by CA Certificate private key Extensions ( address, etc.)

Certificate Parts #2 Distinguished Names (DN) and Common Names (CN) – /DC=org/DC=doegrids/OU=People/CN=Frank J. Nagy – /DC=org/DC=DOEGrids/OU=Certificate Authorities/CN=DOEGrids CA 1 – /DC=gov/DC=fnal/O=Fermilab/OU=Certificate Authorities/CN=Kerberized CA HSM – /DC=gov/DC=fnal/O=Fermilab/OU=People/CN=Frank J. Nagy/CN=UID:nagy Signature makes certificate tamper-evident

Types of Certificates Long-term personal certificates – DOEGrids, Thawte, Verisign, etc. Short-term personal certificates – Fermilab KCA Host/Service certificates – For a particular node – *.fnal.gov

Fermilab Kerberos CA (KCA) Get a certificate based on Kerberos credentials Tied to the Fermilab Infrastructure – KCA uid=nagy is user name in CNAS, etc. Short-term certificate, valid for maximum lifetime (7 days) of the Kerberos ticket

Certificate Authority Validates identity – KCA relies on your having Kerberos credentials Issues certificates signed with CA private key Identified by Certificate Authority Certificate – CA Certificate needed to valid issued certificate Maintains Certificate Revocation List (CRL)

Trust Chain and Root CA Root CA Subordinat e CA End User Subordinat e CA

Further Reading What is a Digital Signature? – – The source of some of the images in my talk. OpenSSL Certificate Cookbook – Certificate Management and Installation with OpenSSL – OpenSSL Certificate Cookbook Wikipedia: Public key certificate –

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.