PKI COMPONENTS AND RELATED STANDARDS.

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "PKI COMPONENTS AND RELATED STANDARDS."

Transcription

1 PKI COMPONENTS AND RELATED STANDARDS. COMESA/POTRAZ Zimbabwe 4-6 May Dr. Izzeldin Kamil Amin Associate Professor. Faculty of Mathematical Sciences University of Khartoum.

2 PKI Functions. PKI is based on Mathematical Algorithms to convert intelligent digitally encoded information (e.g. plaintext) into unintelligible digitally coded information and vice versa. This process is referred to as Cryptography. 2

3 Main Purposes of Cryptography. Applications of Cryptography include: Data encryption for Confidentiality Digital signatures to provide Non-repudiation (accountability) and verify data integrity. Issuance of Certificates for Authenticating an entity (e.g. a person, company, people, applications and services,.) Access Control (Authorization) 3

4 Cryptography. The Algorithm of a Cryptography makes use of a unique Number; selected and used in the Algorithm to de-face the digitally coded information to make it unintelligible. This number is normally referred to as a key. 4

5 Functions of Digital Certificates and e-signature. Digital Certificates and Digital Signatures provide: Authenticity (assurance of the genuineness of the source/signer), Integrity(assurance that document hasn't been changed after signing), Confidentiality (Ensuring that Data are kept private, stay private), Availability (Ensuring that data are accessible whenever needed by the owner) and Non-repudiation(the signer cannot later deny signing the document ) to electronic documents. 9 May 2016 A Regional Cyber Security Centre. 5 5

6 PKI Terminology and Concepts 6 Hashing functions Asymmetric encryption and decryption Keys: Key pair Digital signature Digital certificate Registration Authorities (RA) Certification Authorities (CA) Hierarchy of trust 6

7 Hash Functions 7 It was the best of times, it was the worst of times It was the best of thymes, it was the worst of times Hash Function Small Difference Large Difference In the Digest Hash Function 3au8 e43j jm8x g84w Examples: standards Known as MD5 (128 bit), SHA-1 (160 bit) b6hy 8dhy w72k 5pqd Digitally signed documents are signed using the sender's Private Key. Upon receiving the document, a receiver can verify the signature using corresponding sender's Public Key. 7

8 Asymmetric Key Cryptography Encryption 8 Public key Message A Encrypt Private key Encrypted Message Decrypt B Message Eavesdropper 8

9 Public-Key Signature & Verification 9 Transmitted Message Signature Receiver Bob Hash Function Message Digest Signature Hash Function Decrypt Encrypt Message Digest Expected Digest Sender Alice Hashing + Encryption = Signature Creation Regional and Global Cyber Perspective Cyber Security and Cyber Crime If these are the same, then the message has not changed Hashing + Decryption = Signature Verification 9

10 NCDC National Committee for Digital Certification 10 Sudan Root Certificate Authority. SRCA Non Sudanese Root CA Sub-Certification Authorities. Commercial Commercial Commercial Government Government Government Level 1 CA (1) Level 1 CA (2) Level 1 CA (n) Level 1 CA(1) Level 1 CA(2) Level 1 CA(n) LRA LRA LRA LRA Government Level 2 CA(1) LRA LRA Regional and Global Cyber Perspective LRA Cyber Security and Cyber Crime Local Registration Authorities

11 Registration Authority 11 Performs functions for CA by ensuring that the entity to use PKI is what it claims; but does not issue certificates directly 11

12 Certificate Authority 12 An organization that issues certificates Usually a trusted third party Backs the information in the certificate. Processes requests Manages certificate lifecycle Issuance, recovery, revocation, renewal Distributed 12

13 PKI COMPONENTS AND FUNCTIONS Three main functions: The Certificate Authority (CA), an entity which issues certificates. Can be in-house or a trusted third party; e.g. Similar to the documents issued by the Ministry of Interior (IDs or Passports). 13

14 The repository for keys, certificates and Certificate Revocation Lists (CRLs) is usually based on an Lightweight Directory Access Protocol (LDAP)-enabled directory service. A management function, typically implemented via a user interface device used in te process. If the PKI provides automated key recovery, there may also be a key recovery service. Key recovery is an advanced function required to recover data or messages when a key is lost. 14

15 Figure (1): The Three main functions of PKI plus the recovery process. Regional and Global Cyber Perspective Cyber Security and Cyber Crime Adapted from A White Paper by: 15

16 Flow of the Process. The process starts by Registration: User registration is the process of collecting user information and verifying user identity, which is then used to register a user according to a certain policy. In brief: it is the mapping between physical verification and providing keys for the PKI process. Since it is a management process, the Human Resources department (or Ministry of Interior) may manage the Registration Authority (RA) function, for instance, while Information Technology manages the CA. 16

17 A separate RA also makes it harder for any entity subvert the security system. However, every country can choose to have registration handled by a separate RA, or included as part of the Certification Authority (CA) functions. This organization id independent of its implementation: each can be implemented centrally or in distributed way; i.e one single CA (or RA) or more than one CA (or RA). 17

18 CA Functions. Main CA functions include: Issuing Certificates, Revoking Certificates, and creating Certificate Revocation List (CRL). Creating and publishing CRLs, Storing and retrieving certificates and CRLs, and Key Lifecycle Management. Enhanced or emerging functions include time-stamping and policy-based certificate validation. 18

19 Partners and International Cooperation Every country needs to evaluate (and accept or reject) certificates issued by CAs from other countries. This can be accomplished through a number of alternatives that we shall explore in a separate session. 19

20 Work of APPLICATIONS A PKI Applications include: , web browsing, web servers, any Electronic Data Interchange (EDI), All applications that require secure transactions or communication sesssions utilizing: web or in VPNs using protolcols such as S/MIME, SSL, and IPSEC. Applications that require secure items such as digitally signed documents or code. All applications can be made PKI-enabled. The PKI system manages the keys and digital certificates used to implement cryptography within all applications. 20

21 PKI-RELATED STANDARDS Two groups of standards: PKI Standards: those that specifically define the PKI, and user-level standards: that rely on the PKI, but don t define it. PKI standards permit multiple PKIs to interoperate, and multiple applications to interface with a single, consolidated PKI. 21

22 Standard Functions. Standards are necessary for: Enrollment procedures. Certificate formats. CRL formats. Formats for certificate enrollment messages (client requests certificate, server issues certificate). Digital signature formats. Challenge/response protocols. 22

23 PKI Group (IETF Task Force). The primary focus of interoperable PKI standards is the PKI working group of the Internet Engineering Task Force (IETF), known as the PKIX group (for PKI for X.509 certificates ). 23

24 PKIX Component Standards The PKIX specifications are based on two other standards: X.509 set by International Telecommunication Union (ITU) and The Public Key Cryptography Standards (PKCS) from RSA Data Security. X.509 was intended to specify authentication services for X.500 directory services. In fact, the certificate syntax of X.509 has been widely adopted outside X.500 environments. However, X.509 was not intended to define a complete, interoperable PKI. To supplement X.509, vendors, users and standards committees have turned primarily to de facto PKI standards defined in PKCS. 24

25 PKI standards define the PKI. Security standards for Aplication may require, assume or allow the use of PKI. Adapted from A White Paper by: 25

26 X.509 X.509, set by the ITU, is considered the foundational and most universally supported PKI standard. Its primary purpose is to define a standard digital certificate format. 26

27 PKCS It is actually a series of standards covering PKI in areas of certificate enrollment and renewal, and CRL distribution. For PKI interoperability, the three most important PKCS standards are: PKCS #7, Cryptographic Message Syntax Standard, PKCS #10, Certificate Request Syntax Standard, and PKCS #12, Personal Information Exchange Syntax Standard. 27

28 Standards Based on a PKI. Major security standards are designed to work with a PKI: Secure Sockets Layer (SSL), Transport Layer Security (TLS), Secure Multipurpose Internet Mail Extensions (S/MIME), Secure Electronic Transactions (SET) and IP Security (IPSEC), All assume, require or allow the use of a PKI. 28

29 S/MIME S/MIME is the IETF standard for secure messaging. S/MIME assumes a PKI for digitally signing messages and to support encryption of messages and attachments, without requiring prior shared secrets. It was an early standard which is now considered mature. S/MIME committee has led the way in implementing and extending PKI standards, taking advantage of the PKIX standards when possible, and filling in where additional standards were necessary. The most important standards developed by the S/MIME committee are Cryptographic Message Syntax, Message Specification, Certificate Handling, and Certificate Request Syntax. 29

30 SSL and TLS. SSL and the emerging IETF standard, TLS, which is based on SSL, are the most important standards for providing secure access to Web servers. SSL and TLS are also being used for general client/server security in a variety of non-web applications. Both rely on a PKI for certificate issuance for clients and servers. 30

31 Secure Electronic Transactions (SET) SET is utilized in securing an electronic bank card payment. SET uses keys for authentication, confidentiality and data integrity. PKI is a critical underpinning for authentication of the parties involved in a payment transaction. 31

32 IPSEC The IPSEC standard defines protocols for IP encryption, and is one of the primary protocols used for deploying VPNs. IPSEC requires keys for encryption and authentication. Complete PKI standards for IPSEC are still under deveopment, and a PKI is the most scalable way of managing IPSEC keys. The use of IPSEC is still fairly limited, and the need for PKI will grow with IPSEC deployment. 32

33 SOME ISSUES IN PKI DEPLOYMENT Countries need to deploy PKI for limited applications at the beginning; e.g. Electronic Passport, Bank Swift applications,.etc. Strategically, a countr should concentrate on establishing the main necessary architecture.; e.g. ROOT CA and one sub- CA. Interoperability is a main issue! 33

34 How will interoperability be achieved? There are Possibly two basic approaches to PKI interoperability: 1. Focus on a particular vendor s product or OPEN SOURCE products; e.g. Primekey EJBCA (Enterprise Java Beans Cert. Authority). 2. Focus on standards. After reaching a maturing stage, expanding PKI market, vendor-independent standards will increasingly be the method of choice for achieving interoperability and consolidation. 34

35 Thank you for your attendance and Listening. 35

encryption keys, signing keys are not archived, reducing exposure to unauthorized access to the private key.

encryption keys, signing keys are not archived, reducing exposure to unauthorized access to the private key. The way the world does business is changing, and corporate security must change accordingly. For instance, e-mail now carries not only memos and notes, but also contracts and sensitive financial information.

More information

Public-Key Infrastructure

Public-Key Infrastructure Public-Key Infrastructure Technology and Concepts Abstract This paper is intended to help explain general PKI technology and concepts. For the sake of orientation, it also touches on policies and standards

More information

Digital Signature A Digital Signature is a data item that vouches the origin and the integrity of a Message The originator of a message uses a signing

Digital Signature A Digital Signature is a data item that vouches the origin and the integrity of a Message The originator of a message uses a signing Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian Digital Signature A Digital Signature is a data item that vouches the origin and the integrity of a Message The originator of a message uses

More information

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate

More information

Savitribai Phule Pune University

Savitribai Phule Pune University Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter

More information

Public Key Certification Infrastructure

Public Key Certification Infrastructure Public Key Certification Infrastructure Petr Hanácek hanacek@dcse.fee.vutbr.cz Faculty of Electrical Engineering and Computer Science Brno University of Technology Abstract Jan Staudek staudek@fi.muni.cz

More information

Data Security & Privacy Certification Technical Certification Study Guide

Data Security & Privacy Certification Technical Certification Study Guide Data Security & Privacy Certification Technical Certification Study Guide Technical Study Guide Demonstrate your sales and technical knowledge by participating in the Echoworx Data Security & Privacy Certification

More information

Network Security, spring Final Project Report X.509

Network Security, spring Final Project Report X.509 Network Security, spring 2008 Final Project Report X.509 This report is the final report for the Network Security course module of the LP 2 of the second semester in the Network Design course. The course

More information

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0 Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust

More information

Expert Reference Series of White Papers. Fundamentals of the PKI Infrastructure

Expert Reference Series of White Papers. Fundamentals of the PKI Infrastructure Expert Reference Series of White Papers Fundamentals of the PKI Infrastructure 1-800-COURSES www.globalknowledge.com Fundamentals of the PKI Infrastructure Boris Gigovic, Global Knowledge Instructor, CEI,

More information

CS 356 Lecture 28 Internet Authentication. Spring 2013

CS 356 Lecture 28 Internet Authentication. Spring 2013 CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Security Digital Certificate Manager

Security Digital Certificate Manager IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,

More information

Network Security Protocols

Network Security Protocols Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination

More information

Securing Distribution Automation

Securing Distribution Automation Securing Distribution Automation Jacques Benoit, Cooper Power Systems Serge Gagnon, Hydro-Québec Luc Tétreault, Hydro-Québec Western Power Delivery Automation Conference Spokane, Washington April 2010

More information

Security Digital Certificate Manager

Security Digital Certificate Manager System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used

More information

Strong Encryption for Public Key Management through SSL

Strong Encryption for Public Key Management through SSL Strong Encryption for Public Key Management through SSL CH.SUSHMA, D.NAVANEETHA 1,2 Assistant Professor, Information Technology, Bhoj Reddy Engineering College For Women, Hyderabad, India Abstract: Public-key

More information

Some Cryptographic Implementations

Some Cryptographic Implementations Some Cryptographic Implementations October 10 14, 2016 Guinee Conakry By Marcus K. G. Adomey Chief Operations Manager AfricaCERT Email: marcus.adomey@africacert.org OVERVIEW Fingerprint Digital Signature

More information

Grid Computing - X.509

Grid Computing - X.509 Grid Computing - X.509 Sylva Girtelschmid October 20, 2009 Public Key Infrastructure - PKI PKI Digital Certificates IT infrastructure that provides means for private and secure data exchange By using cryptographic

More information

Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999

Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999 Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer February 3, 1999 Frame Relay Frame Relay is an international standard for high-speed access to public wide area data networks

More information

Trustis FPS PKI Glossary of Terms

Trustis FPS PKI Glossary of Terms Trustis FPS PKI Glossary of Terms The following terminology shall have the definitions as given below: Activation Data Asymmetric Cryptosystem Authentication Certificate Certificate Authority (CA) Certificate

More information

Getting started with Digital Certificates Part I

Getting started with Digital Certificates Part I Getting started with Digital Certificates Part I This is a two part presentation where we will attempt to unlock the mysteries of digital certificates. Part I will get you started in the world of Digital

More information

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT

More information

An Introduction to Cryptography as Applied to the Smart Grid

An Introduction to Cryptography as Applied to the Smart Grid An Introduction to Cryptography as Applied to the Smart Grid Jacques Benoit, Cooper Power Systems Western Power Delivery Automation Conference Spokane, Washington March 2011 Agenda > Introduction > Symmetric

More information

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions May 3, 2004 TABLE OF CONTENTS GENERAL PKI QUESTIONS... 1 1. What is PKI?...1 2. What functionality is provided by a

More information

Common security requirements Basic security tools. Example. Secret-key cryptography Public-key cryptography. Online shopping with Amazon

Common security requirements Basic security tools. Example. Secret-key cryptography Public-key cryptography. Online shopping with Amazon 1 Common security requirements Basic security tools Secret-key cryptography Public-key cryptography Example Online shopping with Amazon 2 Alice credit card # is xxxx Internet What could the hacker possibly

More information

Current Initiatives in Global PKI Establishing Trust in Public and Private Sectors. Donald E. Sheehy, CA*CISA, CRISC, CIPP/C Associate Partner

Current Initiatives in Global PKI Establishing Trust in Public and Private Sectors. Donald E. Sheehy, CA*CISA, CRISC, CIPP/C Associate Partner Current Initiatives in Global PKI Establishing Trust in Public and Private Sectors Donald E. Sheehy, CA*CISA, CRISC, CIPP/C Associate Partner This session will discuss Brief introduction of Public Key

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Secure Sockets Layer (SSL) is an application-layer protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through

More information

Introduction to Public Key Technology and the Federal PKI Infrastructure 26 February 2001

Introduction to Public Key Technology and the Federal PKI Infrastructure 26 February 2001 Introduction to Public Key Technology and the Federal PKI Infrastructure 26 February 2001 D. Richard Kuhn Vincent C. Hu W. Timothy Polk Shu-Jen Chang National Institute of Standards and Technology, 2001.

More information

UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION

UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION Foreword. Preface. About the Authors. I. CONCEPTS. 1. Introduction. 2. Public-Key Cryptography. Symmetric versus Asymmetric

More information

Neutralus Certification Practices Statement

Neutralus Certification Practices Statement Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3

More information

PKI-based cryptosystems

PKI-based cryptosystems PKI-based cryptosystems Authentication Symmetric encryption is a relatively lightweight method to protect confidentiality in transit Public key cryptography can be used to transmit the session key But:

More information

Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 15.1

Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 15.1 Chapter 15 Key Management Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 15.1 Symmetric-key Distribution Symmetric-key cryptography is more efficient than asymmetric-key

More information

AD CS. http://technet.microsoft.com/en-us/library/cc731564.aspx

AD CS. http://technet.microsoft.com/en-us/library/cc731564.aspx AD CS AD CS http://technet.microsoft.com/en-us/library/cc731564.aspx Active Directory Certificate Services (AD CS) is an Identity and Access Control security technology that provides customizable services

More information

Public Key Infrastructure for a Higher Education Environment

Public Key Infrastructure for a Higher Education Environment Public Key Infrastructure for a Higher Education Environment Eric Madden and Michael Jeffers 12/13/2001 ECE 646 Agenda Architectural Design Hierarchy Certificate Authority Key Management Applications/Hardware

More information

PUBLIC KEY INFRASTRUCTURE (PKI) BUYERS GUIDE entrust.com

PUBLIC KEY INFRASTRUCTURE (PKI) BUYERS GUIDE entrust.com PUBLIC KEY INFRASTRUCTURE (PKI) BUYERS GUIDE +1-888-690-2424 entrust.com Table of contents Introduction Page 3 Key Considerations When Selecting a PKI Solution Page 4 1. Certification Authority (CA) Page

More information

Public Key Infrastructure

Public Key Infrastructure Motivation: Public Key Infrastructure 1. Numerous people buy/sell over the internet hard to manage security of all possible pairs of connections with secret keys 2. US government subject to the Government

More information

IBM i Version 7.3. Security Digital Certificate Manager IBM

IBM i Version 7.3. Security Digital Certificate Manager IBM IBM i Version 7.3 Security Digital Certificate Manager IBM IBM i Version 7.3 Security Digital Certificate Manager IBM Note Before using this information and the product it supports, read the information

More information

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23 Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

More information

Digital Certificates, Security

Digital Certificates,  Security CEN585 Computer and Network Security Digital Certificates, Email Security Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ksu.edu.sa

More information

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C Cunsheng Ding, HKUST Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1 Part I: Digital Certificates

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

Understanding digital certificates

Understanding digital certificates Understanding digital certificates Mick O Brien and George R S Weir Department of Computer and Information Sciences, University of Strathclyde Glasgow G1 1XH mickobrien137@hotmail.co.uk, george.weir@cis.strath.ac.uk

More information

Danske Bank Group Certificate Policy

Danske Bank Group Certificate Policy Document history Version Date Remarks 1.0 19-05-2011 finalized 1.01 15-11-2012 URL updated after web page restructuring. 2 Table of Contents 1. Introduction... 4 2. Policy administration... 4 2.1 Overview...

More information

IT Networks & Security CERT Luncheon Series: Cryptography

IT Networks & Security CERT Luncheon Series: Cryptography IT Networks & Security CERT Luncheon Series: Cryptography Presented by Addam Schroll, IT Security & Privacy Analyst 1 Outline History Terms & Definitions Symmetric and Asymmetric Algorithms Hashing PKI

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

PKI: Public Key Infrastructure

PKI: Public Key Infrastructure PKI: Public Key Infrastructure What is it, and why should I care? Conference on Higher Education Computing in Kansas June 3, 2004 Wes Hubert Information Services The University of Kansas Why? PKI adoption

More information

PKI Fundamentals. - iq.suite Crypt Pro Basics - Public-Key Infrastructures and the Encryption Methods PGP and S/MIME

PKI Fundamentals. - iq.suite Crypt Pro Basics - Public-Key Infrastructures and the Encryption Methods PGP and S/MIME PKI Fundamentals - iq.suite Crypt Pro Basics - Public-Key Infrastructures and the Encryption Methods PGP and S/MIME Contents 1 Executive Summary... 2 2 Public-Key Infrastructures... 2 2.1 Basic Terms and

More information

Part III-a. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT

Part III-a. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT Part III-a Contents Part III-a Public-Key Infrastructure (PKI) Definition of a PKI and PKI components PKI Trust Models Digital Certificate, X.509 Certificate Management and Life Cycle Public Key Infrastructure

More information

A Noval Approach for S/MIME

A Noval Approach for S/MIME Volume 1, Issue 7, December 2013 International Journal of Advance Research in Computer Science and Management Studies Research Paper Available online at: www.ijarcsms.com A Noval Approach for S/MIME K.Suganya

More information

Integration of a Public Key Infrastructure in a Virtual University

Integration of a Public Key Infrastructure in a Virtual University Integration of a Public Key Infrastructure in a Virtual University Mariana Podestá Christoph Meinel E-mail: {podesta meinel}@ti.fhg.de Institut für Telematik, Bahnhofstr 30 32, 54292 Trier, Germany Fax

More information

USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars October 29, 2013

USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars October 29, 2013 USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars Alternate Title? Boy, am I surprised. The Entrust guy who has mentioned PKI during every Security

More information

An Introduction to Entrust PKI. Last updated: September 14, 2004

An Introduction to Entrust PKI. Last updated: September 14, 2004 An Introduction to Entrust PKI Last updated: September 14, 2004 2004 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. In

More information

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution.

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution. Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution. 1 Opening quote. 2 The topics of cryptographic key management

More information

Key Management and Distribution

Key Management and Distribution Key Management and Distribution Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/

More information

Understanding Digital Certificates and Secure Sockets Layer (SSL)

Understanding Digital Certificates and Secure Sockets Layer (SSL) Understanding Digital Certificates and Secure Sockets Layer (SSL) Author: Peter Robinson January 2001 Version 1.1 Copyright 2001-2003 Entrust. All rights reserved. Digital Certificates What are they?

More information

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K. Cryptosystems Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K. C= E(M, K), Bob sends C Alice receives C, M=D(C,K) Use the same key to decrypt. Public

More information

Certification Practice Statement

Certification Practice Statement FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification

More information

by Bíólá Fáyemí CISSP, CCNP,CCDP Founder/CEO CircuitContext Technologies Inc. Oakville,ON, Canada

by Bíólá Fáyemí CISSP, CCNP,CCDP Founder/CEO CircuitContext Technologies Inc. Oakville,ON, Canada DELIVERED AT THE 11TH INTERNATIONAL CONFERENCE OF THE NIGERIA COMPUTER SOCIETY (NCS) HELD AT THE ROYAL PARK HOTEL, ILOKO-IJESA, THE STATE OF OSUN, NIGERIA (24-26 JULY, 2013) PKI FUNDAMENTALS, STATE OF

More information

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, 2002. Page 1

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, 2002. Page 1 PKI Tutorial Jim Kleinsteiber February 6, 2002 Page 1 Outline Public Key Cryptography Refresher Course Public / Private Key Pair Public-Key Is it really yours? Digital Certificate Certificate Authority

More information

Controller of Certification Authorities of Mauritius

Controller of Certification Authorities of Mauritius Contents Pg. Introduction 2 Public key Infrastructure Basics 2 What is Public Key Infrastructure (PKI)? 2 What are Digital Signatures? 3 Salient features of the Electronic Transactions Act 2000 (as amended)

More information

SBClient SSL. Ehab AbuShmais

SBClient SSL. Ehab AbuShmais SBClient SSL Ehab AbuShmais Agenda SSL Background U2 SSL Support SBClient SSL 2 What Is SSL SSL (Secure Sockets Layer) Provides a secured channel between two communication endpoints Addresses all three

More information

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory. Chapter 11: Active Directory Certificate Services

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory. Chapter 11: Active Directory Certificate Services MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 11: Active Directory Certificate Services Objectives Describe the components of a PKI system Deploy the Active Directory

More information

Digital Certificates Demystified

Digital Certificates Demystified Digital Certificates Demystified Alyson Comer IBM Corporation System SSL Development Endicott, NY Email: comera@us.ibm.com February 7 th, 2013 Session 12534 (C) 2012, 2013 IBM Corporation Trademarks The

More information

Public Key Infrastructures (PKI)

Public Key Infrastructures (PKI) Public Key Infrastructures (PKI) Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-09/

More information

APNIC elearning: Cryptography Basics. Contact: esec02_v1.0

APNIC elearning: Cryptography Basics. Contact: esec02_v1.0 APNIC elearning: Cryptography Basics Contact: training@apnic.net esec02_v1.0 Overview Cryptography Cryptographic Algorithms Encryption Symmetric-Key Algorithm Block and Stream Cipher Asymmetric Key Algorithm

More information

Certificates. Noah Zani, Tim Strasser, Andrés Baumeler

Certificates. Noah Zani, Tim Strasser, Andrés Baumeler Certificates Noah Zani, Tim Strasser, Andrés Baumeler Overview Motivation Introduction Public Key Infrastructure (PKI) Economic Aspects Motivation Need for secure, trusted communication Growing certificate

More information

Public Key Infrastructure

Public Key Infrastructure UT DALLAS Erik Jonsson School of Engineering & Computer Science Public Key Infrastructure Murat Kantarcioglu What is PKI How to ensure the authenticity of public keys How can Alice be sure that Bob s purported

More information

Chapter 6 Electronic Mail Security

Chapter 6 Electronic Mail Security Cryptography and Network Security Chapter 6 Electronic Mail Security Lectured by Nguyễn Đức Thái Outline Pretty Good Privacy S/MIME 2 Electronic Mail Security In virtually all distributed environments,

More information

4. X509 Authentication and Public Key Infrastructure

4. X509 Authentication and Public Key Infrastructure DI-FCT-UNL Computer and Network Systems Security Segurança de Sistemas e Redes de Computadores 2010-2011 4. X509 Authentication and Public Key Infrastructure 2010, Henrique J. Domingos, DI/FCT/UNL 4 X509

More information

Chapter 10. Network Security

Chapter 10. Network Security Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce

More information

CS 392/681 - Computer Security

CS 392/681 - Computer Security CS 392/681 - Computer Security Module 3 Key Exchange Algorithms Nasir Memon Polytechnic University Course Issues HW 3 assigned. Any lab or course issues? Midterm in three weeks. 8/30/04 Module 3 - Key

More information

Authentication Application

Authentication Application Authentication Application KERBEROS In an open distributed environment servers to be able to restrict access to authorized users to be able to authenticate requests for service a workstation cannot be

More information

Chapter 4 Virtual Private Networking

Chapter 4 Virtual Private Networking Chapter 4 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the FVL328 Firewall. VPN tunnels provide secure, encrypted communications between

More information

Case Study for Layer 3 Authentication and Encryption

Case Study for Layer 3 Authentication and Encryption CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client

More information

Introduction to Network Security Key Management and Distribution

Introduction to Network Security Key Management and Distribution Introduction to Network Security Key Management and Distribution Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science and Technology cetinkayae@mst.edu http://web.mst.edu/~cetinkayae/teaching/cpe5420fall2015

More information

Ericsson Group Certificate Value Statement - 2013

Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...

More information

Public Key Infrastructure for a Higher Education Environment

Public Key Infrastructure for a Higher Education Environment Public Key Infrastructure for a Higher Education Environment Eric Madden and Michael Jeffers 12/14/2001 Written for ECE 646, Professor Gaj Table Of Contents Table Of Contents...2 List of Figures...3 List

More information

HKUST CA. Certification Practice Statement

HKUST CA. Certification Practice Statement HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 1.1 Date : 3 March 2000 Prepared by : Information Technology Services Center Hong Kong University of Science

More information

Gandi CA Certification Practice Statement

Gandi CA Certification Practice Statement Gandi CA Certification Practice Statement Gandi SAS 15 Place de la Nation Paris 75011 France Version 1.0 TABLE OF CONTENTS 1.INTRODUCTION...10 1.1.Overview...10 1.2.Document Name and Identification...10

More information

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt 1 Lecture 11: Network Security Reference: Chapter 8 - Computer Networks, Andrew S. Tanenbaum, 4th Edition, Prentice

More information

L@Wtrust Class 3 Registration Authority Charter

L@Wtrust Class 3 Registration Authority Charter Class 3 Registration Authority Charter Version 1.0 applicable from 09 November 2010 Building A, Cambridge Park, 5 Bauhinia Street, Highveld Park, South Africa, 0046 Phone +27 (0)12 676 9240 Fax +27 (0)12

More information

CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS

CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS 70 CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS 4.1 INTRODUCTION In this research work, a new enhanced SGC-PKC has been proposed for improving the electronic commerce and

More information

StartCom Certification Authority

StartCom Certification Authority StartCom Certification Authority Intermediate Certification Authority Policy Appendix Version: 1.5 Status: Final Updated: 05/04/11 Copyright: Start Commercial (StartCom) Ltd. Author: Eddy Nigg Introduction

More information

Key Management Interoperability Protocol (KMIP)

Key Management Interoperability Protocol (KMIP) (KMIP) Addressing the Need for Standardization in Enterprise Key Management Version 1.0, May 20, 2009 Copyright 2009 by the Organization for the Advancement of Structured Information Standards (OASIS).

More information

Purpose of PKI PUBLIC KEY INFRASTRUCTURE (PKI) Terminology in PKIs. Chain of Certificates

Purpose of PKI PUBLIC KEY INFRASTRUCTURE (PKI) Terminology in PKIs. Chain of Certificates Purpose of PKI PUBLIC KEY INFRASTRUCTURE (PKI) Purpose, Methods, Revocation, PKIX To distribute public keys securely Requires - Certificates and Certification Authorities - Method for retrieving certificates

More information

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:

More information

Introduction to Security and PIX Firewall

Introduction to Security and PIX Firewall Introduction to Security and PIX Firewall Agenda Dag 28 Föreläsning LAB PIX Firewall VPN A Virtual Private Network (VPN) is a service offering secure, reliable connectivity over a shared, public network

More information

Impact of Public Key Enabled Applications on the Operation and Maintenance of Commercial Airplanes

Impact of Public Key Enabled Applications on the Operation and Maintenance of Commercial Airplanes AIAA Aviation Technology Integration, and Operations (ATIO) Conference, Belfast, Northern Ireland, 18-20 September 2007 Impact of Public Key Enabled Applications on the Operation and Maintenance of Commercial

More information

Understanding Digital Certificates and Wireless Transport Layer Security (WTLS)

Understanding Digital Certificates and Wireless Transport Layer Security (WTLS) Understanding Digital Certificates and Wireless Transport Layer Security (WTLS) Author: Allan Macphee January 2001 Version 1.1 Copyright 2001-2003 Entrust. All rights reserved. Digital Certificates What

More information

Biometrics, Tokens, & Public Key Certificates

Biometrics, Tokens, & Public Key Certificates Biometrics, Tokens, & Public Key Certificates The Merging of Technologies TOKENEER Workstations WS CA WS WS Certificate Authority (CA) L. Reinert S. Luther Information Systems Security Organization Biometrics,

More information

Cornerstones of Security

Cornerstones of Security Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to

More information

Key Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.

Key Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn. CSC 490 Special Topics Computer and Network Security Key Management Dr. Xiao Qin Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.edu Slide 09-1 Overview Key exchange Session vs. interchange

More information

Ciphire Mail. Abstract

Ciphire Mail. Abstract Ciphire Mail Technical Introduction Abstract Ciphire Mail is cryptographic software providing email encryption and digital signatures. The Ciphire Mail client resides on the user's computer between the

More information

Wireless Mobile Internet Security. 2nd Edition

Wireless Mobile Internet Security. 2nd Edition Brochure More information from http://www.researchandmarkets.com/reports/2330593/ Wireless Mobile Internet Security. 2nd Edition Description: The mobile industry for wireless cellular services has grown

More information

Lecture VII : Public Key Infrastructure (PKI)

Lecture VII : Public Key Infrastructure (PKI) Lecture VII : Public Key Infrastructure (PKI) Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Computer Science Department, National Chiao Tung University 2 Problems with Public

More information

Apple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

Apple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc. Apple Inc. Certificate Policy and Certification Practice Statement Version 2.0 Effective Date: April 10, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.

More information

Incorporating Digital Signing & Encryption in Transactions in the Payment System of Sri Lanka

Incorporating Digital Signing & Encryption in Transactions in the Payment System of Sri Lanka Incorporating Digital Signing & Encryption in Transactions in the Payment System of Sri Lanka Presentation by Sunimal Weerasooriya, CEO LankaClear (Pvt) Ltd. Introduction to LankaClear Originated as Sri

More information

Electronic Mail Security. Email Security. email is one of the most widely used and regarded network services currently message contents are not secure

Electronic Mail Security. Email Security. email is one of the most widely used and regarded network services currently message contents are not secure Electronic Mail Security CSCI 454/554 Email Security email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either in transit or by

More information