Presentation is loading. Please wait.

Presentation is loading. Please wait.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Published bySalvatore Yonge Modified over 10 years ago

Similar presentations

Presentation on theme: "Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002."— Presentation transcript:

1 Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center tic@mail.state.ar.us 3/27/2002

2 Inside PKI Vocabulary Vocabulary How PKI Works How PKI Works When it Doesn’t When it Doesn’t

3 Vocabulary

4 Asymmetric Cryptography Use of algorithms that use different keys for encryption than decryption and the decryption key cannot be derived from the encryption key.

5 Authentication Verifying the identity of a person or a computer system.

6 Certificate Authority (CA) The authority in a network (PKI) that issues and manages security credentials and public keys for message encryption.

7 Certificate Practice Statement CPS Provides a detailed explanation of how the certificate authority manages the certificates it issues and associated services such as key management. The CPS acts as a contact between the CA and users, describing the obligations and legal limitations and setting the foundation for future audits.

8 Ciphertext Encrypted text. Plaintext or cleartext is what you have before encryption and ciphertext is the encrypted result.

9 Digital Certificate A digital document which is generally stored and administered in a central directory. It contains the certificate holder's name, a serial number, expiration dates, public key, and the digital signature of the certificate issuing authority.

10 Digital Signature An electronic signature that authenticates the identity of the sender, ensures the original content of the message is unchanged, is easily transportable, cannot be easily repudiated, cannot be imitated, and can be automatically time-stamped.

11 Directory A specialized, highly available database organized to be primarily used for lookup.

12 Directory Service A collection of software, hardware, processes, policies and administrative procedures involved in organizing the information in a directory and making it available to users.

13 Hashing A mathematical summary that can be used to provide message integrity popular because it is simple and small.

14 Integrity The state of being unaltered.

15 Nonrepudiation The basis of insisting that the document signed by a particular private key represents acknowledgement by the private key owner.

16 Private Key The private part of a two-part, public key asymmetric cryptography system. The private key is provided by a certificate authority, kept secret and never transmitted over a network.

17 Public Key The public part of a two-part, public key asymmetric cryptography system. The public key is provided by a certificate authority and can be retrieved over a network.

18 Public Key Infrastructure (PKI) A system that enables users of a public network to exchange data securely and privately through the use of a public and private cryptographic key pair that is obtained and shared through a trusted authority.

19 Registration Authority The authority in a Public Key Infrastructure that verifies user requests for a digital certificate and tells the certificate authority it is alright to issue a certificate.

20 Rivest-Shamir-Adleman (RSA) An algorithm used for key pairs used for authentication, encryption and decryption.

21 How PKI Works Get a Certificate Get a Certificate Send a Signed Message Send a Signed Message Receive a Signed Message Receive a Signed Message Send an Encrypted Message Send an Encrypted Message Receive an Encrypted Message Receive an Encrypted Message Different Answers! Different Answers!

22 Get a Certificate Supply information to a Certificate Authority Supply information to a Certificate Authority Certificate Authority generates the keys Certificate Authority generates the keys Certificate Authority creates the certificate Certificate Authority creates the certificate Registration Authority may authorize the certificate Registration Authority may authorize the certificate The private key is delivered to the user The private key is delivered to the user The certificate is stored in a directory The certificate is stored in a directory

23 Digital Certificate Version of certificate format Version of certificate format Certificate serial number Certificate serial number Signature algorithm identifier Signature algorithm identifier Certificate authority (CA) X.500 name Certificate authority (CA) X.500 name Validity period (start, expiration) Validity period (start, expiration) Subject X.500 name Subject X.500 name Subject public key info (algorithm, public key) Subject public key info (algorithm, public key) Issuer unique identifier (optional) Issuer unique identifier (optional) Subject unique identifier (optional) Subject unique identifier (optional) Extensions Extensions Certificate Authority's digital signature Certificate Authority's digital signature

24 Private Key One of two numeric keys derived from an algorithm One of two numeric keys derived from an algorithm Can be stored on a computer Can be stored on a computer Can be memorized (not practical) Can be memorized (not practical) Can be held in a token Can be held in a token Can be combined with a biometric or token Can be combined with a biometric or token Must be kept secure Must be kept secure Is not stored in the certificate Is not stored in the certificate

25 Get a Certificate RA approves the Certificate Information is given to CA The CA creates keys and certificate The Certificate, which contains the Public Key, is filed in a Directory Private Key goes to the User

26 Send a Signed Message Compose the message Compose the message Sign with your own (sender’s) private key Sign with your own (sender’s) private key Create a message hash Create a message hash Encrypt hash with private key Encrypt hash with private key Send the message and the digital signature Send the message and the digital signature

27 Receive a Signed Message Receive the message and the signature Receive the message and the signature Get the sender’s public key Get the sender’s public key Use the key to decrypt the signature (hash) Use the key to decrypt the signature (hash) Generate a new hash of the message Generate a new hash of the message Compare the two hashes to assure the integrity of the message and the authentication of the sender Compare the two hashes to assure the integrity of the message and the authentication of the sender

28 Signed Message Compose the Message Sign the Message with Private Key Send the Message and Digital Signature Receive the Message and Digital Signature Get the Sender’s Public Key Compare the hashes SENDER RECIPIENT

29 Send an Encrypted Message Compose the message Compose the message Get the receiver’s public key Get the receiver’s public key Encrypt the message Encrypt the message Send the message Send the message But can be more complex, especially for long messages But can be more complex, especially for long messages

30 Receive an Encrypted Message Receive the message Receive the message Decrypt with you own (receiver’s) private key Decrypt with you own (receiver’s) private key But can be more complex, especially for long messages But can be more complex, especially for long messages

31 Encrypted Message Compose the Message Get the Recipient’s Public Key Encrypt the Message with Public Key Send the Encrypted Message Get the Encrypted Message Decrypt with Private Key

32 Different Answers Depending On: Where the public key is stored and how it is managed Where the public key is stored and how it is managed If a user has multiple public keys If a user has multiple public keys If multiple encryption algorithms are used If multiple encryption algorithms are used If both message encryption and digital signature are required If both message encryption and digital signature are required

33 When PKI Doesn’t Work When it isn’t trusted When it isn’t trusted When the private key isn’t secure When the private key isn’t secure When the CA isn’t trusted by all parties When the CA isn’t trusted by all parties When the authentication required by the CA isn’t adequate for all parties When the authentication required by the CA isn’t adequate for all parties When there’s more than one John Smith When there’s more than one John Smith When the sender and receiver can’t interoperate When the sender and receiver can’t interoperate

34 Longer Looks at PKI This Group This Group Handout Handout Office of Information Technology Office of Information Technology Other States Other States Vendors Vendors

Download ppt "Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.

PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,

 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

Similar presentations

Ads by Google