Download presentation
Presentation is loading. Please wait.
Published byBetty Short Modified over 9 years ago
1
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications & Information Technology
2
Controller of Certifying Authorities Role of CCA for secure e-Commerce and e-Governance Authentication of entities in cyberspace Prevention of deliberate or accidental Disclosure and/or Amendment/Deletion of data Punishment for cyber crimes Licencing of CAs and establishment of PKI
3
Controller of Certifying Authorities Security Issues :- Confidentiality Integrity Authenticity Non-Repudiability
4
Controller of Certifying Authorities Threats to Authenticity Masquerading Counter Measures Strong Digital Signature - Cryptographically generated credentials.
5
Controller of Certifying Authorities Encryption: Transformation of data to Prevent information being read by unauthorised parties. Sender and Receiver have to know the rules which have been used to encrypt the data. Based on Algorithms which are mathematical functions for combining the data with a string of digits called the Key. The result is the encrypted text. Eg: Adding a fixed number of characters, say 5, to each character in the message that is being encrypted. The word SECURITY then becomes the encrypted text XJHZWNYD
6
Controller of Certifying Authorities Document to be sent Document EncodedDocumentEncodedDocumentEncodedDocumentEncodedDocumentReceivedDocumentReceivedDocument Symmetric key Symmetric Key Encryption Technologies Symmetric Key Cryptography Identical keys are used for encryption and decryption. Requires both parties to a digital conversation to know the key
7
Controller of Certifying Authorities ‘n’ Partners means handling n secret keys Authenticity cannot be proved. Encryption Technologies Symmetric Key Cryptography (contd.)
8
Controller of Certifying Authorities Public key cryptography Each party is assigned a pair of keys – private – known only by the owner public - known by everyone Information encrypted with the private key can only be decrypted by the corresponding public key & vice versa Fulfils requirements of confidentiality, integrity, authenticity and non-repudiability No need to communicate private keys
9
Controller of Certifying Authorities Digital Signatures Pair of keys for every entity One Public key – known to everyone One Private key – known only to the possessor
10
Controller of Certifying Authorities Digital Signatures To digitally sign an electronic document the signer uses his/her Private key. To verify a digital signature the verifier uses the signer’s Public key.
11
Controller of Certifying Authorities Digital Signature The message is encrypted with the sender’s private key Recipient decrypts using the sender’s public key Private SKA DocumentDocument DigitalSignatureDigitalSignature DocumentDocument PublicCONFIRMEDDigitalSignatureCONFIRMEDDigitalSignature DocumentDocument DocumentDocument DigitalSignatureDigitalSignature PKA
12
Controller of Certifying Authorities Message Integrity one-way hash functions use no key original data cannot be generated from hash output No two messages will generate the same hash. SIGN the HASH NOT the entire Message
13
Controller of Certifying Authorities Maintaining Message Integrity message Hash generation function Check Hash message Hash generation function No Reject Message Yes Accept Message SENDERRECEIVER
14
Controller of Certifying Authorities Public Key Cryptography Encryption Technologies Sender A (PKA,SKA) Receiver B (PKB,SKB) DocumentDocument DocumentDocument EncryptedDocumentEncryptedDocumentEncryptedDocumentEncryptedDocument PKB SKB Confidentiality
15
Controller of Certifying Authorities Signed Messages Message + Signature Message + Signature Hash VERIFY Signature With Sender’s Public Key VERIFY Signature With Sender’s Public Key SIGN hash With Sender’s Private key SIGN hash With Sender’s Private key Message + signature Message + signature COMPARE Hash Message Sender Receiver Hash Using Hash function on the message Signed Message DECRYPT DECRYPT Message + signature with Receiver’s Private Key DECRYPT DECRYPT Message + signature with Receiver’s Private Key ENCRYPT ENCRYPT Message + signature with Receiver’s Public Key ENCRYPT ENCRYPT Message + signature with Receiver’s Public Key Encrypted Message Sent thru’ Internet Using Hash Function Confidential
16
Controller of Certifying Authorities Authenticity and Confidentiality A signs message with his own private key A then encodes the resulting message with B’s Public key B decodes the message with his own Private key B applies A’s Public key on the digital signature
17
Controller of Certifying Authorities Authenticity and Confidentiality When A uses his own private key, it demonstrates that he wants to sign the document he wants to reveal his identity he shows his will to conclude that agreement The encoded message travels on the Net, but nobody can read it : confidentiality
18
Controller of Certifying Authorities Authenticity and Integrity B needs to know that A and only A sent the message B uses A’s public key on the signature Only A’s public key can decode the message A cannot repudiate his signature Digital signature cannot be reproduced from the message No one can alter a ciphered message without changing the result of the decoding operation
19
Controller of Certifying Authorities Issues in Public key Cryptosystems How will recipient get senders public key? How will recipient authenticate sender's public key ? How will the sender be prevented from repudiating his/her public key?
20
Controller of Certifying Authorities Certifying Authority An organization which issues public key certificates. Must be widely known and trusted Must have well defined methods of assuring the identity of the parties to whom it issues certificates. Must confirm the attribution of a public key to an identified physical person by means of a public key certificate. Always maintains online access to the public key certificates issued.
21
Controller of Certifying Authorities Public-Key Certification User Name User’s Public Key CA’s Name Validation period Signature of CA User 1 certificate User 2 certificate. Signed by using CA’s private key User Name & other credentials User’s Public key User Certificate Certificate Database Publish Certificate Request
22
Controller of Certifying Authorities Contents of a Public Key Certificate Issued by a CA as a data message and always available online S.No of the Certificate Applicant’s name, Place and Date of Birth, Company Name Applicant’s legal domicile and virtual domicile Validity period of the certificate and the signature CA’s name, legal domicile and virtual domicile User’s public key Information indicating how the recipient of a digitally signed document can verify the sender’s public key CA’s digital signature
23
Controller of Certifying Authorities Certificate Revocation List A list of all known Certificates that have been revoked and declared invalid
24
Controller of Certifying Authorities Technical Infrastructure Controller of Certifying Authorities as the “Root” Authority certifies the technologies and practices of all the Certifying Authorities licensed to issue Digital Signature Certificates
25
Controller of Certifying Authorities Technical Infrastructure..contd The CCA operates the following :- Root Certifying Authority (RCAI) under section 18(b) of the IT Act, and National Repository of Digital Signature Certificates (NRDC) Web site cca.gov.in
26
Controller of Certifying Authorities End entities, subscribers and relying parties The End entities of RCAI are the Licensed CAs in India. Subscribers and relying parties using the certificates issued by a CA need to be assured that the CA is licensed by the CCA. They should be able to verify the licence under which a PKC has been issued by a CA.
27
Controller of Certifying Authorities Strong Room for RCAI Reinforced walls for room housing RCAI 24-hour surveillance through CCTV Access controls through proximity cards and biometric readers Physical security including locks Security personnel
28
Controller of Certifying Authorities National Repository : NRDC National Repository of Digital Certificates Certificate Revocation List
29
Controller of Certifying Authorities Internet Directory Client CA LAN Cert/CRL RCAI CCA NRDC Relying Party Subscriber CA Public Keys Certified by RCAI CA’s Revoked Keys CCA : National Repository of Certificates of Public Keys of CAs and Certificates issued by CAs
30
Controller of Certifying Authorities Thank you
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.