Presentation is loading. Please wait.

Presentation is loading. Please wait.

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Published byCarter Rooney Modified over 10 years ago

Similar presentations

Presentation on theme: "Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems."— Presentation transcript:

1 Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems Naval Research Laboratory

2 Abstract n In this paper, we have –identified the models for secure attribute services on the Web –developed n smart certificates based on X.509 –introduced n Possible applications of smart certificates

3 Introduction n WWW (World Wide Web) –synthesizes diverse technologies and components in Web environments –widely used for electronic commerce and business –mostly, Web servers use identity-based access control n scalability problem

4 Background n An attribute –a particular property of an entity n e.g., role, group, clearance, etc. n If attributes are provided securely, –Web servers can use those attributes n e.g., authentication, authorization, access control, electronic commerce, etc. n A successful marriage of the Web and secure attribute services is required

5 User-Pull Model

6 n Each user –pulls appropriate attributes from the Attribute Server –presents attributes and authentication information to Web servers n Each Web server –requires both identification and attributes from users n No new connections for the same attributes

7 Server-Pull Model

8 n Each user –presents only authentication information to Web servers n Each Web server –pulls users attributes from the Attribute Server n Authentication information and attribute do not go together n More convenient for users n Less convenient for Web servers

9 X.509 Certificate n Digitally signed by a certificate authority to confirm the information in the certificate belongs to the holder of the corresponding private key n support security on the Web based on PKI n standard n simply, bind users to keys n have the ability to be extended n Certificate Revocation List (CRL)

10 n Contents –version, serial number, subject, validity period, issuer, optional fields (v2) –subjects public key and algorithm info. –extension fields (v3) –digital signature of CA X.509 Certificate

11

12 Smart Certificates n Short-Lived Lifetime –More secure n typical validity period for X.509 is months (years) n the longer-lived certificates have a higher probability of being attacked –users may leave copies of the corresponding keys behind –No Certificate Revocation List (CRL) n supports simple and less expensive PKI

13 Smart Certificates n Containing Attributes Securely –Web servers can use secure attributes for their purposes –Each authority has independent control on the corresponding information n basic certificate (containing identity information) n each attribute can be added, changed, revoked, or re-issued by the appropriate authority –e.g., role, credit card numbers, clearance, etc.

14 Separate CAs in a Certificate

15 Smart Certificates n Postdated/Renewable Certificates –The certificate becomes valid at some time in the future n It is possible to make a smart certificate valid for a set of duration –The certificate can be renewed until the renewable time n a user keeps renewing it for shorter period n no need for CRL

16 n Confidentiality –Sensitive information can be n encrypted in smart certificates –e.g. passwords, credit card numbers, etc. Smart Certificates

17 Applications of Smart Certificates n On-Duty Control n Compatible with X.509 n User Authentication n Electronic Transaction n Pay-per-Access n Eliminating Single-Point Failure n Attribute-based Access Control

18 Conclusions n In this paper, we have –identified the models for secure attribute services on the Web –developed n smart certificates based on X.509 –introduced n Possible applications of smart certificates

19 A Smart Certificate

Download ppt "Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems."

Similar presentations

What is. Digital Certificate It is an identity.

What is. Digital Certificate It is an identity.
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
DIGITAL CERTIFICATES Prof. Ravi Sandhu. 2 © Ravi Sandhu PUBLIC-KEY CERTIFICATES reliable distribution of public-keys public-key encryption sender needs.

DIGITAL CERTIFICATES Prof. Ravi Sandhu. 2 © Ravi Sandhu PUBLIC-KEY CERTIFICATES reliable distribution of public-keys public-key encryption sender needs.
PKI Introduction Ravi Sandhu 2 © Ravi Sandhu 2002 CRYPTOGRAPHIC TECHNOLOGY PROS AND CONS SECRET KEY SYMMETRIC KEY Faster Not scalable No digital signatures.

PKI Introduction Ravi Sandhu 2 © Ravi Sandhu 2002 CRYPTOGRAPHIC TECHNOLOGY PROS AND CONS SECRET KEY SYMMETRIC KEY Faster Not scalable No digital signatures.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Kerberos and X.509 Fourth Edition by William Stallings

Kerberos and X.509 Fourth Edition by William Stallings
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.
Cryptography and Network Security Chapter 14

Cryptography and Network Security Chapter 14
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Fed/Ed PKI 2008, June Subject Unique Identifier or Equivalent William A. Weems & Mark B. Jones Academic Technology U. Texas Health Science Center at Houston.

Fed/Ed PKI 2008, June Subject Unique Identifier or Equivalent William A. Weems & Mark B. Jones Academic Technology U. Texas Health Science Center at Houston.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

Similar presentations

Ads by Google