Presentation is loading. Please wait.

Presentation is loading. Please wait.

Public Key Infrastructure

Published byDaniel Stokes Modified over 6 years ago

Similar presentations

Presentation on theme: "Public Key Infrastructure"— Presentation transcript:

1 Public Key Infrastructure

2 Content Prerequisites Lab materials Public key infrastructure
X509 and Openssl Domain name system Lab materials Issuing and Revoking Certificates Hierarchy of Certificate Authority Threat to Public Key Infrastructure

3 Public Key Infrastructure

4 Symmetric Cryptography

5 Symmetric Cryptography
Enck( ) Enck( )

6 Asymmetric Cryptography

7 Symmetric Cryptography
Encpk_A( ) Encpk_B( )

8 Confidentiality and Authenticity

9 Confidentiality and Authenticity

10 Computational Complexity
All key sizes are provided in bits. These are the minimal sizes for security.TDEA (Triple Data Encryption Algorithm) and AES are specified in [10]. Hash (A): Digital signatures and hash-only applications. Hash (B): HMAC, Key Derivation Functions and Random Number Generation. The security strength for key derivation assumes that the shared secret contains sufficient entropy to support the desired security strength. Same remark applies to the security strength for random number generation.It is always acceptable to use a hash function with a higher estimated maximum security strength. When selecting a block cipher cryptographic algorithm (e.g. AES or TDEA), the block size may also be a factor that should be considered. More information on this issue is provided in SP (*) The assessment of at least 80 bits of security for 2TDEA is based on the assumption that an attacker has no more than 240 matched plaintext and ciphertext blocks.(**) SHA-1 has been demonstrated to provide less than 80 bits of security for digital signatures, which require collision resistance. In 2016, the security strength against digital signature collisions remains a subject of speculation.© 2018 BlueKrypt ( - Version February [1] Recommendation for Key Management, Special Publication Part 1 Rev. 4, NIST, 01/2016. [10] Approved algorithms for block ciphers, NIST.

11 Key Exchange Protocols
I will use the key Ok

12 Key Exchange Protocols
EncpkA( )

13 Man in the Middle attack
EncpkC( ) EncpkA( )

14 Certificate Give me your Public key and certificate
is the certificate and public key

15 Transport Layer Security
client hello, crypto info server hello, ciphersuite, certificate EncpkA(pre_master_key) Client finished Server finished Exchange message

16 Public Key Infrastructure

17 x509 and Openssl

18 x509 Standard format of public key certificates
Used in TLS/SSL, electronic signature Self-signed or signed by certificate authority Certificate revocation list Path validation algorithm

19 Openssl CSR Entities Private keys

20 Openssl CSR Entities Private keys

21 Openssl CSR Entities Private keys

22 Sample commands Generate a Private Key and a CSR
openssl req \ -newkey rsa:2048 -nodes -keyout domain.key \ -out domain.csr Generate a Self-Signed Certificate openssl req \ -newkey rsa:2048 -nodes -keyout domain.key \ -x509 -days 365 -out domain.crt Sign a certificate openssl x509 -req -days 360 -in <CSR-for-the-new-device> -CA <your-intermediate-CA-certificate> -CAkey <your- intermediate-CA-key> -out <your-new-certificate> - set_serial <a random number>

23 Domain Name System

24 Domain names and IP addresses
Where exactly is? Go ask edu Go ask jhu It is XX..XX root edu jhu

25 Connect to DNS through DHCP and ARP
Got a DHCP offer, the DNS server is …

26 Lab Materials

27 Issuing and Revoking Certificates
Draw topology and reserve resources Set up LAMP for web application Set up Certificate Authority Generate certificate and configurate it Revoke the certificate

28 Hierarchy of Certificate Authority
Basically the same as the previous one Replace a single CA with a chain of CA

29 Threat to Public Key Infrastructure
Setup DNS server on attacker’s node Setup web server on server’s node Install tool-sslsplit on attacker’s node Connect web server from client Check whether attacker did intercept messages

Download ppt "Public Key Infrastructure"

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Information Security Principles & Applications Topic 4: Message Authentication 虞慧群

Information Security Principles & Applications Topic 4: Message Authentication 虞慧群
Introduction to PKI, Certificates & Public Key Cryptography Erwan Lemonnier.

Introduction to PKI, Certificates & Public Key Cryptography Erwan Lemonnier.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.

TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.
Secure Socket Layer (SSL)

Secure Socket Layer (SSL)
Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.
Key Management Workshop November 1-2, 2001. 3. Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.

Key Management Workshop November 1-2, Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.
Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.

Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Chapter 21 Public-Key Cryptography and Message Authentication.

Chapter 21 Public-Key Cryptography and Message Authentication.
Internet-security.ppt-1 (2000-11-26) 2000 © Maximilian Riegel Maximilian Riegel Kommunikationsnetz Franken e.V. Internet Security Putting together the.

Internet-security.ppt-1 ( ) 2000 © Maximilian Riegel Maximilian Riegel Kommunikationsnetz Franken e.V. Internet Security Putting together the.

Similar presentations

Ads by Google