Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 4 a - X.509 Authentication

Published byMildred Harmon Modified over 7 years ago

Similar presentations

Presentation on theme: "Chapter 4 a - X.509 Authentication"— Presentation transcript:

1 Chapter 4 a - X.509 Authentication
Network Security Spring 2017 Dr. Faisal Khan Office: SS Block

2 X.509 Authentication Service
• An International Telecommunications Union (ITU) recommendation (versus “standard”) for allowing computer host or users to securely identify themselves over a network. • An X.509 certificate purchased from a “Certificate Authority” (trusted third party) allows a merchant to give you his public key in a way that your Browser can generate a session key for a transaction, and securely send that to the merchant for use during the transaction (padlock icon on screen closes to indicate transmissions are encrypted). • Once a session key is established, no one can “high jack” the session (for example, after your enter your credit card information, an intruder can not change the order and delivery address). • User only needs a Browser that can encrypt/decrypt with the appropriate algorithm, and generate session keys from truly random numbers. • Merchant’s Certificate is available to the public, only the secret key must be protected. Certificates can be cancelled if secret key is compromised.

3 Raw “Certificate” has user name, public key, expiration date, ...
CA’s Secure Area Generate hash code of Raw Certificate Raw Cert. MIC Hash Encrypt hash code with CA’s private key to form CA’s signature Signed Cert. Signed Certificate Recipient can verify signature using CA’s public key. Certificate Authority generates the “signature” that is added to raw “Certificate” 3

4 4

5 Information Provided by Browser about a Certificate
This Certificate belongs to: investing.schwab.com trading subnet a 1199 Charles Schwab & Co., Inc. Phoenix, Arizona, US This Certificate was issued by Secure Server Certification Authority RSA Data Security, Inc. US Serial Number: 6B:68:2F:3B:FD:8A:46:73:04:33:10:8A:32:1E:47:5B This Certificate is valid from Wed Nov 03, 1999 to Thu Nov 02, 2000 Certificate Fingerprint: 4B:80:C6:C5:2D:63:14:E7:6F:50:BD:16:39:3C:96:FD 5

6 Certificates Can Be Deleted (and Added)
Are you sure that you want to delete this Site Certificate? This Certificate belongs to: endor.mcom.com Netscape Communications Corp. US This Certificate was issued by: rootca.netscape.com Information Systems Netscape Communications Corporation Serial Number: 01:77 This Certificate is valid from Thu May 15, 1997 to Tue Nov 11, 1997 Certificate Fingerprint: 06:BF:60:88:D9:E7:59:BF:3A:35:74:33:28:8E:26:F6 6

7 X.509 Chain of Authentication
CA<<A>> = CA {A’s id and information} X<<A>> = certificate of A “signed” by X To authenticate X<<A>>, you must get the public key of X from a trusted source, such as Z - your own CA. ( Z<<X>>) Z in turn may have to get X’s certificate from a higher level CA. Ultimately there must be an “Authentication Tree” of CA’s so that a user can work up the tree (from Z) and back down to the issuer of the certificate in question, X. 7

8 Chain of Authentication
In practice, there is no single top-level Certificate Authority (CA), only a group of CA’s that each Browser vendor deems fit to include in the installation program. X.509 Chain of Authentication 8

9 “Root” Certificate Authorities in Firefox (2010)
9 added by user

10 Safari Browser - Google Safe Browsing Service - 2011
Firefox Browser - OCSP 10

Download ppt "Chapter 4 a - X.509 Authentication"

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
CP3397 ECommerce.

CP3397 ECommerce.
Cryptography and Network Security

Cryptography and Network Security
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Chapter 8 Web Security.

Chapter 8 Web Security.
CSCI 6962: Server-side Design and Programming

CSCI 6962: Server-side Design and Programming
Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
Secure Electronic Transaction (SET)

Secure Electronic Transaction (SET)
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.

SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.

E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.
Unit 1: Protection and Security for Grid Computing Part 2

Unit 1: Protection and Security for Grid Computing Part 2
Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Security fundamentals Topic 5 Using a Public Key Infrastructure.

Security fundamentals Topic 5 Using a Public Key Infrastructure.
Chapter 4 - X.509 Authentication TE-405 Network Security and Management Fall 2014 Dr. Faisal Kakar

Chapter 4 - X.509 Authentication TE-405 Network Security and Management Fall Dr. Faisal Kakar

Similar presentations

Ads by Google