Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 4 - X.509 Authentication TE-405 Network Security and Management Fall 2014 Dr. Faisal Kakar

Published byPierce Blaze Barton Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 4 - X.509 Authentication TE-405 Network Security and Management Fall 2014 Dr. Faisal Kakar"— Presentation transcript:

1 Chapter 4 - X.509 Authentication TE-405 Network Security and Management Fall 2014 http://www.faisalkhan.info/contentPage/Classes Dr. Faisal Kakar faisal.khan@gatech.edu Office: Room no. 01, FICT Building

2 X.509 Authentication Service An International Telecommunications Union (ITU) recommendation (versus “ standard ” ) for allowing computer host or users to securely identify themselves over a network. An X.509 certificate purchased from a “ Certificate Authority ” (trusted third party) allows a merchant to give you his public key in a way that your Browser can generate a session key for a transaction, and securely send that to the merchant for use during the transaction (padlock icon on screen closes to indicate transmissions are encrypted). Once a session key is established, no one can “ high jack ” the session (for example, after your enter your credit card information, an intruder can not change the order and delivery address). User only needs a Browser that can encrypt/decrypt with the appropriate algorithm, and generate session keys from truly random numbers. Merchant ’ s Certificate is available to the public, only the secret key must be protected. Certificates can be cancelled if secret key is compromised.

3 Certificate Authority generates the “ signature ” that is added to raw “ Certificate ” MIC Hash Raw “ Certificate ” has user name, public key, expiration date,... Raw Cert. Signed Cert. 3 Generate hash code of Raw Certificate Encrypt hash code with CA ’ s private key to form CA ’ s signature Signed Certificate Recipient can verify signature using CA ’ s public key. CA ’ s Secure Area

4 4

5 This Certificate belongs to: investing.schwab.com trading subnet a 1199 Charles Schwab & Co., Inc. Phoenix, Arizona, US This Certificate was issued by Secure Server Certification Authority RSA Data Security, Inc. US Serial Number: 6B:68:2F:3B:FD:8A:46:73:04:33:10:8A:32:1E:47:5B This Certificate is valid from Wed Nov 03, 1999 to Thu Nov 02, 2000 Certificate Fingerprint: 4B:80:C6:C5:2D:63:14:E7:6F:50:BD:16:39:3C:96:FD 5 Information Provided by Browser about a Certificate

6 Are you sure that you want to delete this Site Certificate? This Certificate belongs to: endor.mcom.com Netscape Communications Corp. US This Certificate was issued by: rootca.netscape.com Information Systems Netscape Communications Corporation US Serial Number: 01:77 This Certificate is valid from Thu May 15, 1997 to Tue Nov 11, 1997 Certificate Fingerprint: 06:BF:60:88:D9:E7:59:BF:3A:35:74:33:28:8E:26:F6 6 Certificates Can Be Deleted (and Added)

7 X.509 Chain of Authentication CA > = CA {A ’ s id and information} X > = certificate of A “ signed ” by X To authenticate X >, you must get the public key of X from a trusted source, such as Z - your own CA. ( Z >) Z in turn may have to get X ’ s certificate from a higher level CA. Ultimately there must be an “ Authentication Tree ” of CA ’ s so that a user can work up the tree (from Z) and back down to the issuer of the certificate in question, X. 7

8 X.509 Chain of Authentication 8 In practice, there is no single top-level Certificate Authority (CA), only a group of CA ’ s that each Browser vendor deems fit to include in the installation program.

9 9 “ Root ” Certificate Authorities in Firefox (2010) added by user

10 Safari Browser - Google Safe Browsing Service - 2011 Firefox Browser - OCSP - 2011 10

Download ppt "Chapter 4 - X.509 Authentication TE-405 Network Security and Management Fall 2014 Dr. Faisal Kakar"

Similar presentations

What is. Digital Certificate It is an identity.

What is. Digital Certificate It is an identity.
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
CP3397 ECommerce.

CP3397 ECommerce.
Cryptography and Network Security

Cryptography and Network Security
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Certificates Last Updated: Aug 29, 2013. A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.

Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Chapter 8 Web Security.

Chapter 8 Web Security.
Computer Science Public Key Management Lecture 5.

Computer Science Public Key Management Lecture 5.
CSCI 6962: Server-side Design and Programming

CSCI 6962: Server-side Design and Programming
Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

Similar presentations

Ads by Google