Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.

Slides:

Advertisements

Similar presentations

April 19-22, 2005SecureIT-2005 How to Start a PKI A Practical Guide Dr. Javier Torner Information Security Officer Professor of Physics.

Advertisements

Public Key Infrastructure and Applications

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Grid Computing Basics From the perspective of security or An Introduction to Certificates.

Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.

1 HEPKI-TAG Update EDUCAUSE/Dartmouth PKI Summit July 26, 2005 Jim Jokl University of Virginia.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Technology – Broad View1 Networks  For the most part, not a technology, but political/financial issue Available bandwidth continuously increasing (“√2-rule”

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

Cryptography 101 Frank Hecker

1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.

DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.

1 PKI Update September 2002 CSG Meeting Jim Jokl

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Nicholas A. Davis DoIT Middleware September 29, 2005.

每时每刻可信安全 1The DES algorithm is an example of what type of cryptography? A Secret Key B Two-key C Asymmetric Key D Public Key A.

HEPKI-TAG UPDATE Jim Jokl University of Virginia

1 PKI & USHER/HEBCA Fall 2005 Internet2 Member Meeting Jim Jokl September 21, 2005.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.

Cryptography, Authentication and Digital Signatures

CAMP PKI UPDATE August 2002 Jim Jokl

SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Digital Signatures A Brief Overview by Tim Sigmon April, 2001.

1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.

PKI Activities at Virginia September 2000 Jim Jokl

Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

1 Thuy, Le Huu | Pentalog VN Web Services Security.

Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.

Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council

Encryption Name : Maryam Mohammed Alshami ID:H

X509 Web Authentication From the perspective of security or An Introduction to Certificates.

This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

ENGR 101 Compression and Encryption. Todays Lecture  Encryption  Symmetric Ciphers  Public Key Cryptography  Hashing.

Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.

CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.

TAG Presentation 18th May 2004 Paul Butler

Web Applications Security Cryptography 1

TAG Presentation 18th May 2004 Paul Butler

IS3230 Access Security Unit 9 PKI and Encryption

Technical Approach Chris Louden Enspier

Install AD Certificate Services

September 2002 CSG Meeting Jim Jokl

10/7/2019 Created by Omeed Mustafa 1 st Semester M.Sc (Computer Science department) Cyber-Security.

Presentation transcript:

Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl

Cryptography Symmetric key cryptography –A pre-shared secret is used to encrypt the data –Some examples: DES, 3-DES, RC4, etc Public key cryptography –A pair of mathematically related keys are generated One of the keys, the Public Key, is freely distributed The other key, the Private Key, is kept confidential –Given one keys, it is computationally very hard to compute the other

Public Key Cryptography –Data encrypted using the public key can only be decrypted by the person with the private key –Likewise, data encrypted with the private key can be decrypted by anyone having a copy of the public key Assuming that the private key is protected and held by an individual, this is the basis for a digital signature Plain Text Encrypted Text one key the other key

Digital Signatures and Document Encryption Public Key operations are too computationally expensive for large volumes of data Typical digital signature process –Compute the hash of the document –Encrypt the hash using the signer’s private key Typical document encryption process –Generate a random symmetric cipher key –Encrypt the document using this key –Encrypt the symmetric cipher key using the recipient’s public key

Digital Certificates A Digital Certificate is: –An object used to bind the identity of a person to their public key –Contains attributes about the person –Contains some information about the identity binding and infrastructure –Digitally signed by a Certification Authority (CA)

Certificate Profiles A description of the fields in a certificate –Recommended fields to use –Field values –Critical flags –Recommendations for implementers –Example ProfileExample Profile

Certification Authorities (CA) Certification Authorities –Accept certificate requests from users –Validate the user’s identity –Generate and sign the user’s certificate attesting to the mapping of the identity to the public key –Revoke certificates if needed –Operate under a set of policies and practices Levels of Assurance

Certification Authorities and Trust You determine if you trust a certificate by validating all of the certificates starting from the user’s cert up to a root that you trust 100+ root certificates in my Microsoft store The “I” in PKI Root Certificate Intermediate Certificate User A Cert User C Cert User B Cert User D Cert User E Cert

PKI Bridge Path Validation

PKI, Privacy, and the Pseudo- anonymous CA As stated earlier: “A certificate binds a person’s identity to their public key” Typically the “identity” is their name, address, computing identifier, etc –Poses some interesting privacy concerns in some applications A pseudo-anonymous CA uses an opaque identifier instead of name/id information

Operating System Support for PKI Windows 2000/XP –Well integrated out of the box support for PKI –OS-based certificate/key store –APIs for access to crypto providers –Microsoft applications generally support PKI –Many 3 rd party applications use OS PKI services –Bridge path validation in XP –Windows 2000 server includes a CA

Operating System Support for PKI MacOS –Apple has excellent plans to improve their level of OS PKI support to match that of Windows –OS-based certificate/key store exists now and is used by some Apple applications –3 rd party applications should start to use the native support in the future Linux and general Unix –PKI support generally implemented in applications

Trust, Private Key Protection and Non-repudiation Digital signatures - based on the idea that only the user has access their private key A user’s private key is generally protected by the workstation’s operating system –Typical protection is no better than for any password that the user lets the operating system store Hardware tokens can be used for strong private key protection, mobility, and as a component in a non-repudiation strategy

Two classes of campus PKI applications? Existing normal processes –A PKI using a light policy/practices framework –Better technology and ease of use for existing services –New applications where passwords would have been sufficient in the past

Two classes of campus PKI applications? Newer High Assurance services –Access control for critical systems –Authentication for high-value services HiPAA/FERPA/GLBA –Digital signatures for business processes

Some Campus CA Options In-source –Commercial CA software –Develop your own or use freely available CA software (typically based on OpenSSL) –KX509 Outsource to commercial CA –Campus still performs the RA function

Agenda for remainder of session Motivations for campus PKI deployments –Focus on applications using end-user certificates Introduction to likely campus PKI applications National activities –HEBCA, USHER, PKILab, HEPKI, etc Examples of campus PKI deployments Wrap-up and discussion