Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Slides:

Advertisements

Similar presentations

What is. Digital Certificate It is an identity.

Advertisements

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

DIGITAL CERTIFICATES Prof. Ravi Sandhu. 2 © Ravi Sandhu PUBLIC-KEY CERTIFICATES reliable distribution of public-keys public-key encryption sender needs.

PKI Introduction Ravi Sandhu 2 © Ravi Sandhu 2002 CRYPTOGRAPHIC TECHNOLOGY PROS AND CONS SECRET KEY SYMMETRIC KEY Faster Not scalable No digital signatures.

Chapter 14 – Authentication Applications

Kerberos and X.509 Fourth Edition by William Stallings

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.

Cryptography and Network Security Chapter 14

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Fed/Ed PKI 2008, June Subject Unique Identifier or Equivalent William A. Weems & Mark B. Jones Academic Technology U. Texas Health Science Center at Houston.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)

EEC 688/788 Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

Copyright © 2008, CIBER Norge AS 1 Using eID and PKI – Status from Norway Nina Ingvaldsen and Mona Naomi Lintvedt 22 nd October 2008.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

Secure Electronic Transaction (SET)

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Configuring Directory Certificate Services Lesson 13.

Risks of data manipulation and theft Gateway Average route travelled by an sent via the Internet from A to B Washington DC A's provider Paris A.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.

Attribute Certificate By Ganesh Godavari. Talk About An Internet Attribute Certificate for Authorization -- RFC 3281.

Compliance Defects in Public- key Cryptography “ A public-key security system trusts its users to validate each others’s public keys rigorously and to.

1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev ) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos.

KERBEROS. Introduction trusted key server system from MIT.Part of project Athena (MIT).Developed in mid 1980s. provides centralised private-key third-party.

Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

PKI Future Directions 29 November 2001 Russ Housley RSA Laboratories CS – Class of 1981.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.

A Simple Traceable Pseudonym Certificate System for RSA-based PKI SCGroup Jinhae Kim.

Creating and Managing Digital Certificates Chapter Eleven.

Cryptography and Network Security Chapter 14

Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.

1 Certification Issue : how do we confidently know the public key of a given user? Authentication : a process for confirming or refuting a claim of identity.

1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007.

Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.

Information Security message M one-way hash fingerprint f = H(M)

کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)

Security in ebXML Messaging

Public Key Infrastructure

Digital Certificates and X.509

PKI (Public Key Infrastructure)

Presentation transcript:

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems Naval Research Laboratory

Abstract n In this paper, we have –identified the models for secure attribute services on the Web –developed n smart certificates based on X.509 –introduced n Possible applications of smart certificates

Introduction n WWW (World Wide Web) –synthesizes diverse technologies and components in Web environments –widely used for electronic commerce and business –mostly, Web servers use identity-based access control n scalability problem

Background n An attribute –a particular property of an entity n e.g., role, group, clearance, etc. n If attributes are provided securely, –Web servers can use those attributes n e.g., authentication, authorization, access control, electronic commerce, etc. n A successful marriage of the Web and secure attribute services is required

User-Pull Model

n Each user –pulls appropriate attributes from the Attribute Server –presents attributes and authentication information to Web servers n Each Web server –requires both identification and attributes from users n No new connections for the same attributes

Server-Pull Model

n Each user –presents only authentication information to Web servers n Each Web server –pulls users attributes from the Attribute Server n Authentication information and attribute do not go together n More convenient for users n Less convenient for Web servers

X.509 Certificate n Digitally signed by a certificate authority to confirm the information in the certificate belongs to the holder of the corresponding private key n support security on the Web based on PKI n standard n simply, bind users to keys n have the ability to be extended n Certificate Revocation List (CRL)

n Contents –version, serial number, subject, validity period, issuer, optional fields (v2) –subjects public key and algorithm info. –extension fields (v3) –digital signature of CA X.509 Certificate

Smart Certificates n Short-Lived Lifetime –More secure n typical validity period for X.509 is months (years) n the longer-lived certificates have a higher probability of being attacked –users may leave copies of the corresponding keys behind –No Certificate Revocation List (CRL) n supports simple and less expensive PKI

Smart Certificates n Containing Attributes Securely –Web servers can use secure attributes for their purposes –Each authority has independent control on the corresponding information n basic certificate (containing identity information) n each attribute can be added, changed, revoked, or re-issued by the appropriate authority –e.g., role, credit card numbers, clearance, etc.

Separate CAs in a Certificate

Smart Certificates n Postdated/Renewable Certificates –The certificate becomes valid at some time in the future n It is possible to make a smart certificate valid for a set of duration –The certificate can be renewed until the renewable time n a user keeps renewing it for shorter period n no need for CRL

n Confidentiality –Sensitive information can be n encrypted in smart certificates –e.g. passwords, credit card numbers, etc. Smart Certificates

Applications of Smart Certificates n On-Duty Control n Compatible with X.509 n User Authentication n Electronic Transaction n Pay-per-Access n Eliminating Single-Point Failure n Attribute-based Access Control

Conclusions n In this paper, we have –identified the models for secure attribute services on the Web –developed n smart certificates based on X.509 –introduced n Possible applications of smart certificates

A Smart Certificate