Chapter 4 - X.509 Authentication TE-405 Network Security and Management Fall 2014 Dr. Faisal Kakar

Slides:



Advertisements
Similar presentations
What is. Digital Certificate It is an identity.
Advertisements

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
CP3397 ECommerce.
Cryptography and Network Security
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Chapter 8 Web Security.
Computer Science Public Key Management Lecture 5.
CSCI 6962: Server-side Design and Programming
Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
Secure Electronic Transaction (SET)
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Masud Hasan Secue VS Hushmail Project 2.
Secure Socket Layer (SSL)
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Information Security Fundamentals Major Information Security Problems and Solutions Department of Computer Science Southern Illinois University Edwardsville.
Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.
Unit 1: Protection and Security for Grid Computing Part 2
Secure Socket Layer (SSL) and Secure Electronic Transactions (SET) Network Security Fall Dr. Faisal Kakar
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
King Mongkut’s University of Technology Faculty of Information Technology Network Security Prof. Reuven Aviv 6. Public Key Infrastructure Prof. R. Aviv,
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.
Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.
Authentication 3: On The Internet. 2 Readings URL attacks
X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.
1 Normal executable Infected executable Sequence of program instructions Entry Original program Entry Jump Replication and payload Viruses.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Digital Signatures and Digital Certificates Monil Adhikari.
ECE Prof. John A. Copeland fax Office: Klaus 3362.
ECE Prof. John A. Copeland fax Office: GCATT Bldg.
April 20023CSG11 Electronic Commerce Authentication John Wordsworth Department of Computer Science The University of Reading Room.
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.
Mar 18, 2003Mårten Trolin1 Agenda Parts that need to be secured Card authentication Key management.
or call for office visit Chapter 4b - X.509 Authentication
Chapter 4 a - X.509 Authentication
SSL Certificates for Secure Websites
or call for office visit, or call Kathy Cheek,
PAYMENT GATEWAY Presented by SHUJA ASHRAF SHAH ENROLL: 4471
کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)
Secure Electronic Transaction (SET) University of Windsor
Digital Certificates and X.509
Chapter 3 - Public-Key Cryptography & Authentication
Electronic Payment Security Technologies
Cryptography and Network Security
Presentation transcript:

Chapter 4 - X.509 Authentication TE-405 Network Security and Management Fall Dr. Faisal Kakar Office: Room no. 01, FICT Building

X.509 Authentication Service An International Telecommunications Union (ITU) recommendation (versus “ standard ” ) for allowing computer host or users to securely identify themselves over a network. An X.509 certificate purchased from a “ Certificate Authority ” (trusted third party) allows a merchant to give you his public key in a way that your Browser can generate a session key for a transaction, and securely send that to the merchant for use during the transaction (padlock icon on screen closes to indicate transmissions are encrypted). Once a session key is established, no one can “ high jack ” the session (for example, after your enter your credit card information, an intruder can not change the order and delivery address). User only needs a Browser that can encrypt/decrypt with the appropriate algorithm, and generate session keys from truly random numbers. Merchant ’ s Certificate is available to the public, only the secret key must be protected. Certificates can be cancelled if secret key is compromised.

Certificate Authority generates the “ signature ” that is added to raw “ Certificate ” MIC Hash Raw “ Certificate ” has user name, public key, expiration date,... Raw Cert. Signed Cert. 3 Generate hash code of Raw Certificate Encrypt hash code with CA ’ s private key to form CA ’ s signature Signed Certificate Recipient can verify signature using CA ’ s public key. CA ’ s Secure Area

4

This Certificate belongs to: investing.schwab.com trading subnet a 1199 Charles Schwab & Co., Inc. Phoenix, Arizona, US This Certificate was issued by Secure Server Certification Authority RSA Data Security, Inc. US Serial Number: 6B:68:2F:3B:FD:8A:46:73:04:33:10:8A:32:1E:47:5B This Certificate is valid from Wed Nov 03, 1999 to Thu Nov 02, 2000 Certificate Fingerprint: 4B:80:C6:C5:2D:63:14:E7:6F:50:BD:16:39:3C:96:FD 5 Information Provided by Browser about a Certificate

Are you sure that you want to delete this Site Certificate? This Certificate belongs to: endor.mcom.com Netscape Communications Corp. US This Certificate was issued by: rootca.netscape.com Information Systems Netscape Communications Corporation US Serial Number: 01:77 This Certificate is valid from Thu May 15, 1997 to Tue Nov 11, 1997 Certificate Fingerprint: 06:BF:60:88:D9:E7:59:BF:3A:35:74:33:28:8E:26:F6 6 Certificates Can Be Deleted (and Added)

X.509 Chain of Authentication CA > = CA {A ’ s id and information} X > = certificate of A “ signed ” by X To authenticate X >, you must get the public key of X from a trusted source, such as Z - your own CA. ( Z >) Z in turn may have to get X ’ s certificate from a higher level CA. Ultimately there must be an “ Authentication Tree ” of CA ’ s so that a user can work up the tree (from Z) and back down to the issuer of the certificate in question, X. 7

X.509 Chain of Authentication 8 In practice, there is no single top-level Certificate Authority (CA), only a group of CA ’ s that each Browser vendor deems fit to include in the installation program.

9 “ Root ” Certificate Authorities in Firefox (2010) added by user

Safari Browser - Google Safe Browsing Service Firefox Browser - OCSP

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.