Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 12 Advanced Cryptography

Size: px
Start display at page:

Download "Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 12 Advanced Cryptography"

Transcription

1 Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 12 Advanced Cryptography

2 Objectives Define digital certificates List the various types of digital certificates and how they are used Describe the components of Public Key Infrastructure (PKI) List the tasks associated with key management Describe the different transport encryption algorithms Security+ Guide to Network Security Fundamentals, Fourth Edition 2

3 Digital Certificates Common application of cryptography Aspects of using digital certificates Understanding their purpose Knowing how they are managed Determining which type of digital certificate is appropriate for different situations Security+ Guide to Network Security Fundamentals, Fourth Edition 3

4 Defining Digital Certificates Digital signature Used to prove a document originated from a valid sender Weakness of using digital signatures Imposter could post a public key under a sender s name Security+ Guide to Network Security Fundamentals, Fourth Edition 4

5 Figure 12-1 Imposter public key Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 5

6 Defining Digital Certificates (cont d.) Trusted third party Used to help solve the problem of verifying identity Verifies the owner and that the public key belongs to that owner Helps prevent man-in-the-middle attack that impersonates owner of public key Information contained in a digital certificate Owner s name or alias Owner s public key Issuer s name Security+ Guide to Network Security Fundamentals, Fourth Edition 6

7 Defining Digital Certificates (cont d.) Information contained in a digital certificate (cont d.) Issuer s digital signature Digital certificate s serial number Expiration date of the public key Security+ Guide to Network Security Fundamentals, Fourth Edition 7

8 Managing Digital Certificates Technologies used for managing digital certificates Certificate Authority (CA) Registration Authority (RA) Certificate Revocation List (CRL) Certificate Repository (CR) Web browser Certificate Authority Trusted third party Responsible for issuing digital certificates Can be internal or external to an organization Security+ Guide to Network Security Fundamentals, Fourth Edition 8

9 Managing Digital Certificates (cont d.) Duties of a CA Generate, issue, an distribute public key certificates Distribute CA certificates Generate and publish certificate status information Provide a means for subscribers to request revocation Revoke public-key certificates Maintain security, availability, and continuity of certificate issuance signing functions Security+ Guide to Network Security Fundamentals, Fourth Edition 9

10 Managing Digital Certificates (cont d.) Subscriber requesting a digital certificate Generates public and private keys Sends public key to CA CA may in some instances create the keys CA inserts public key into certificate Certificates are digitally signed with private key of issuing CA Security+ Guide to Network Security Fundamentals, Fourth Edition 10

11 Managing Digital Certificates (cont d.) Registration Authority Subordinate entity designed to handle specific CA tasks Offloading registration functions creates improved workflow for CA General duties of an RA Receive, authenticate, and process certificate revocation requests Identify and authenticate subscribers Security+ Guide to Network Security Fundamentals, Fourth Edition 11

12 Managing Digital Certificates (cont d.) General duties of an RA (cont d.) Obtain a public key from the subscriber Verify that the subscriber possesses the asymmetric private key corresponding to the public key submitted for certification Primary function of an RA Verify identity of an individual Security+ Guide to Network Security Fundamentals, Fourth Edition 12

13 Managing Digital Certificates (cont d.) Means for a digital certificate requestor to identify themselves to an RA Insufficient for activities that must be very secure Documents Birth certificate, employee badge In person Providing government-issued passport or driver s license Security+ Guide to Network Security Fundamentals, Fourth Edition 13

14 Managing Digital Certificates (cont d.) Certificate Revocation List Lists digital certificates that have been revoked Reasons a certificate would be revoked Certificate is no longer used Details of the certificate have changed, such as user s address Private key has been lost or exposed (or suspected lost or exposed) Security+ Guide to Network Security Fundamentals, Fourth Edition 14

15 Figure 12-2 Certificate Revocation List (CRL) Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 15

16 Managing Digital Certificates (cont d.) Certificate Repository Publicly accessible centralized directory of digital certificates Used to view certificate status Can be managed locally as a storage area connected to the CA server Can be made available through a Web browser interface Security+ Guide to Network Security Fundamentals, Fourth Edition 16

17 Figure 12-3 Certificate Repository (CR) Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 17

18 Managing Digital Certificates (cont d.) Web browser management Modern Web browsers preconfigured with default list of CAs Advantages Users can take advantage of digital certificates without need to manually load information Users do not need to install a CRL manually Automatic updates feature will install them automatically if feature is enabled Security+ Guide to Network Security Fundamentals, Fourth Edition 18

19 Figure 12-4 Web browser default CAs Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 19

20 Types of Digital Certificates Different categories of digital certificates Class 1 through Class 5 Dual-key sided Dual sided Other uses for digital certificates Provide secure communication between clients and servers by encrypting channels Encrypt messages for secure Internet communication Security+ Guide to Network Security Fundamentals, Fourth Edition 20

21 Types of Digital Certificates (cont d.) Other uses for digital certificates (cont d.) Verify the identity of clients and servers on the Web Verify the source and integrity of signed executable code Common categories of digital certificates Personal digital certificates Server digital certificates Software publisher digital certificates Security+ Guide to Network Security Fundamentals, Fourth Edition 21

22 Types of Digital Certificates (cont d.) Class 1: personal digital certificates Issued by an RA directly to individuals Frequently used to secure transmissions Typically only require user s name and address to receive Class 2: server digital certificates Issued from a Web server to a client Ensure authenticity of the Web server Ensure authenticity of the cryptographic connection to the Web server Security+ Guide to Network Security Fundamentals, Fourth Edition 22

23 Figure 12-5 Server digital certificate Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 23

24 Types of Digital Certificates (cont d.) Class 2: server digital certificates (cont d.) Server authentication and secure communication can be combined into one certificate Displays padlock icon in the Web browser Click padlock icon to display information about the digital certificate Extended Validation SSL Certificate (EV SSL) Requires more extensive verification of legitimacy of the business Security+ Guide to Network Security Fundamentals, Fourth Edition 24

25 Figure 12-6 Padlock icon and certificate information Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 25

26 Types of Digital Certificates (cont d.) Class 3: software publisher digital certificates Provided by software publishers Purpose: verify programs are secure and have not been tampered with Dual-key digital certificates Reduce need for storing multiple copies of the signing certificate Facilitate certificate handling in organizations Copies kept in central storage repository Security+ Guide to Network Security Fundamentals, Fourth Edition 26

27 Types of Digital Certificates (cont d.) Dual-sided certificates Provides ability for client to authenticate back to the server Both sides of the session validate themselves X.509 digital certificates Standard for most widely accepted format for digital certificates Security+ Guide to Network Security Fundamentals, Fourth Edition 27

28 Table 12-1 X.509 structure Security+ Guide to Network Security Fundamentals, Fourth Edition 28

29 Public Key Infrastructure (PKI) Important management tool for the use of: Digital certificates: Asymmetric cryptography Aspects of PKI Public-key cryptography standards Trust models Key management Security+ Guide to Network Security Fundamentals, Fourth Edition 29

30 What is Public Key Infrastructure? Need for consistent means to manage digital certificates PKI: framework for all entities involved in digital certificates Certificate management actions facilitated by PKI Create Store Distribute Revoke Security+ Guide to Network Security Fundamentals, Fourth Edition 30

31 Public-Key Cryptographic Standards (PKCS) Numbered set of PKI standards defined by the RSA Corporation Widely accepted in industry Based on the RSA public-key algorithm Security+ Guide to Network Security Fundamentals, Fourth Edition 31

32 Table 12-2 PKCS standards (continues) Security+ Guide to Network Security Fundamentals, Fourth Edition 32

33 Table 12-2 PKCS standards (cont d.) Security+ Guide to Network Security Fundamentals, Fourth Edition 33

34 Figure 12-7 Microsoft Windows PKCS support Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 34

35 Trust Models Trust Confidence in or reliance on another person or entity Trust model Refers to type of trusting relationship that can exist between individuals and entities Direct trust One person knows the other person Third-party trust Two individuals trust each other because each trusts a third party Security+ Guide to Network Security Fundamentals, Fourth Edition 35

36 Trust Models (cont d.) Hierarchical trust model Assigns single hierarchy with one master CA called the root Root signs all digital certificate authorities with a single key Can be used in an organization where one CA is responsible for only that organization s digital certificates Hierarchical trust model has several limitations Single CA private key may be compromised rendering all certificates worthless Security+ Guide to Network Security Fundamentals, Fourth Edition 36

37 Figure 12-8 Hierarchical trust model Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 37

38 Trust Models (cont d.) Distributed trust model Multiple CAs sign digital certificates Eliminates limitations of hierarchical trust model Bridge trust model One CA acts as facilitator to connect all other CAs Facilitator CA does not issue digital certificates Acts as hub between hierarchical and distributed trust model Allows the different models to be linked Security+ Guide to Network Security Fundamentals, Fourth Edition 38

39 Figure 12-9 Distributed trust model Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 39

40 Figure Bridge trust model Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 40

41 Trust Models (cont d.) Bridge trust application examples Federal and state governments Pharmaceutical industry Aerospace industry Security+ Guide to Network Security Fundamentals, Fourth Edition 41

42 Managing PKI Certificate Policy (CP) Published set of rules that govern operation of a PKI Provides recommended baseline security requirements for use and operation of CA, RA, and other PKI components Certificate Practice Statement (CPS) Describes in detail how the CA uses and manages certificates Security+ Guide to Network Security Fundamentals, Fourth Edition 42

43 Managing PKI (cont d.) Certificate life cycle Creation Occurs after user is positively identified Suspension May occur when employee on leave of absence Revocation Certificate no longer valid Expiration Key can no longer be used Security+ Guide to Network Security Fundamentals, Fourth Edition 43

44 Key Storage Means of public key storage Embedding within digital certificates Means of private key storage Stored on user s local system Software-based storage may expose keys to attackers Alternative: storing keys in hardware Tokens Smart-cards Security+ Guide to Network Security Fundamentals, Fourth Edition 44

45 Key Usage Multiple pairs of dual keys Created if more security needed than single set of public/private keys One pair used to encrypt information Public key backed up in another location Second pair used only for digital signatures Public key in that pair never backed up Security+ Guide to Network Security Fundamentals, Fourth Edition 45

46 Key-Handling Procedures Key escrow Keys managed by a third party Private key is split and each half is encrypted Two halves sent to third party, which stores each half in separate location User can retrieve and combine two halves and use this new copy of private key for decryption Expiration Keys expire after a set period of time Security+ Guide to Network Security Fundamentals, Fourth Edition 46

47 Key-Handling Procedures (cont d.) Renewal Existing key can be renewed Revocation Key may be revoked prior to its expiration date Revoked keys may not be reinstated Recovery Need to recover keys of an employee hospitalized for extended period Key recovery agent may be used Group of people may be used (M-of-N control) Security+ Guide to Network Security Fundamentals, Fourth Edition 47

48 Figure M-of-N control Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 48

49 Key-Handling Procedures (cont d.) Suspension Suspended for a set period of time and then reinstated Destruction Removes all public and private keys and user s identification from the CA Security+ Guide to Network Security Fundamentals, Fourth Edition 49

50 Transport Encryption Algorithms Secure Sockets Layer (SSL) Most common transport encryption algorithm Developed by Netscape Uses a public key to encrypt data transferred over the SSL connection Transport Layer Security (TLS) Protocol that guarantees privacy and data integrity between applications communicating over the Internet Both provide server and client authentication, and data encryption Security+ Guide to Network Security Fundamentals, Fourth Edition 50

51 Secure Shell (SSH) Encrypted alternative to Telnet protocol used to access remote computers Linux/UNIX-based command interface and protocol Suite of three utilities: slogin, ssh, and scp Client and server ends of connection are authenticated using a digital certificate Passwords are encrypted Can be used as a tool for secure network backups Security+ Guide to Network Security Fundamentals, Fourth Edition 51

52 Table 12-3 SSH commands Security+ Guide to Network Security Fundamentals, Fourth Edition 52

53 Hypertext Transport Protocol over Secure Sockets Layer (HTTPS) Common use of SSL Secure Web Hypertext Transport Protocol (HTTP) communications between browser and Web server Users must enter URLs with https:// Secure Hypertext Transport Protocol (SHTTP) Cryptographic transport protocol released as a public specification Supports a variety of encryption types, including 3DES Not as widely used as HTTPS Security+ Guide to Network Security Fundamentals, Fourth Edition 53

54 IP Security (IPsec) Open System Interconnection (OSI) model Security tools function at different layers Operating at higher levels such as Application layer Advantage: tools designed to protect specific applications Disadvantage: multiple security tools may be needed IPsec Set of protocols developed to support secure exchange of packets Operates at a low level in the OSI model Security+ Guide to Network Security Fundamentals, Fourth Edition 54

55 Figure Security tools and the OSI model Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 55

56 IP Security (cont d.) IPsec considered transparent to: Applications Users Software Located in the operating system or communication hardware Provides authentication, confidentiality, and key management Supports two encryption modes: transport and tunnel Security+ Guide to Network Security Fundamentals, Fourth Edition 56

57 Figure New IPsec packet using transport or tunnel mode Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 57

58 Summary Digital certificate provides third party verification of public key owner s identity A Certificate Authority issues digital certificates for others Personal digital certificates are issued by an RA to individuals Server digital certificates ensure authenticity of a Web server and its cryptographic connection Security+ Guide to Network Security Fundamentals, Fourth Edition 58

59 Summary (cont d.) PKI is a framework for all entities involved in digital certificates Three basic PKI trust models exist Cryptography can protect data as it is being transported across a network SSL/TLS is a widely used algorithm IPsec supports a secure exchange of packets Considered to be a transparent security protocol Security+ Guide to Network Security Fundamentals, Fourth Edition 59

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used

More information

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate

More information

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0 Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust

More information

Vins Fong Certizen Limited 17 April 2015

Vins Fong Certizen Limited 17 April 2015 Vins Fong Certizen Limited 17 April 2015 Topics to share Network Security Threats Protection by SSL/TLS HTTPS and Lock Icon SSL Certificate Certification Authority Good Practice More Protection 17 April

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information

Key Management. Gary Lee. CS996 Information Security Management

Key Management. Gary Lee. CS996 Information Security Management Key Management Gary Lee CS996 Information Security Management Overview KMI/PKI - Infrastructure Services Certificate Management Symmetric Key Management Processes Case Study Federal PKI 4/26/2004 KEY MANAGEMENT

More information

CERITIFICATE POLICY CONCERNING PERSONAL DIGITAL CERTIFICATES OF BANK OF FINLAND AND FINANCIAL SUPERVISORY AUTHORITY EMPLOYEES

CERITIFICATE POLICY CONCERNING PERSONAL DIGITAL CERTIFICATES OF BANK OF FINLAND AND FINANCIAL SUPERVISORY AUTHORITY EMPLOYEES Certificate Policy 1 (18) CERITIFICATE POLICY CONCERNING PERSONAL DIGITAL CERTIFICATES OF BANK OF FINLAND AND FINANCIAL SUPERVISORY AUTHORITY EMPLOYEES 1 INTRODUCTION... 4 1.1 Overview... 4 1.2 Document

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Secure Sockets Layer (SSL) is an application-layer protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through

More information

Introduction to Public Key Infrastructure (PKI)

Introduction to Public Key Infrastructure (PKI) Introduction to Public Key Infrastructure (PKI) PKI is a security architecture that has been introduced to provide an increased level of confidence for exchanging information over an increasingly insecure

More information

Neutralus Certification Practices Statement

Neutralus Certification Practices Statement Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3

More information

Network Security, spring Final Project Report X.509

Network Security, spring Final Project Report X.509 Network Security, spring 2008 Final Project Report X.509 This report is the final report for the Network Security course module of the LP 2 of the second semester in the Network Design course. The course

More information

Digital Signature A Digital Signature is a data item that vouches the origin and the integrity of a Message The originator of a message uses a signing

Digital Signature A Digital Signature is a data item that vouches the origin and the integrity of a Message The originator of a message uses a signing Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian Digital Signature A Digital Signature is a data item that vouches the origin and the integrity of a Message The originator of a message uses

More information

apple WWDR Certification Practice Statement Version 1.0 March 6, 2008 Apple Inc.

apple WWDR Certification Practice Statement Version 1.0 March 6, 2008 Apple Inc. Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.0 Effective Date: March 6, 2008 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2.

More information

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure 1.0 INTRODUCTION 1.1 Overview The Federal Reserve Banks operate a public key infrastructure (PKI) that manages

More information

PUBLIC KEY INFRASTRUCTURE

PUBLIC KEY INFRASTRUCTURE PUBLIC KEY INFRASTRUCTURE http://www.tutorialspoint.com/cryptography/public_key_infrastructure.htm Copyright tutorialspoint.com The most distinct feature of Public Key Infrastructure PKC is that it uses

More information

Understanding Digital Certificates and Secure Sockets Layer (SSL)

Understanding Digital Certificates and Secure Sockets Layer (SSL) Understanding Digital Certificates and Secure Sockets Layer (SSL) Author: Peter Robinson January 2001 Version 1.1 Copyright 2001-2003 Entrust. All rights reserved. Digital Certificates What are they?

More information

Public Key Infrastructure for a Higher Education Environment

Public Key Infrastructure for a Higher Education Environment Public Key Infrastructure for a Higher Education Environment Eric Madden and Michael Jeffers 12/13/2001 ECE 646 Agenda Architectural Design Hierarchy Certificate Authority Key Management Applications/Hardware

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

Security Digital Certificate Manager

Security Digital Certificate Manager System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure

More information

Digital Signatures, Public Key Certificates, X509

Digital Signatures, Public Key Certificates, X509 Digital Signatures, Public Key Certificates, X509 Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr 1 Digital Signatures: The Problem Real-life examples for signatures: A person pays by credit

More information

Volvo Group Certificate Value Statement

Volvo Group Certificate Value Statement Volvo Group PKI Documentation Volvo Group Certificate Value Statement Document name: Volvo Group Certificate Value State- Document Owner: AB Volvo Corporate Process & IT Issued by: Volvo IT Certificate

More information

INFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECT

INFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECT INFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECT ESCB-PKI REGISTRATION AUTHORITY APPLICATION SUBSCRIBER S MANUAL VERSION 1.3 ECB-Restricted 15-April-2014 ESCB-PKI - RA Application Subscriber's Manual

More information

SYMANTEC FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION

SYMANTEC FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION SYMANTEC FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION I. DEFINITIONS For the purpose of this Service Description, capitalized terms have the meaning defined herein. All other capitalized terms

More information

PKI COMPONENTS AND RELATED STANDARDS.

PKI COMPONENTS AND RELATED STANDARDS. PKI COMPONENTS AND RELATED STANDARDS. COMESA/POTRAZ Zimbabwe 4-6 May 2016. Dr. Izzeldin Kamil Amin Associate Professor. Faculty of Mathematical Sciences University of Khartoum. izzeldin@outlook.com PKI

More information

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT

More information

Using AR s MiniKey with Microsoft Outlook and Outlook Express

Using AR s MiniKey with Microsoft Outlook and Outlook Express Using AR s MiniKey with Microsoft Outlook and Outlook Express Version: 1.0 12 June 2002 C:\Documents and Settings \moshe.mail_domain\desktop \Using AR MiniKey with Outlook.doc Written by: Harel Moshe 2002

More information

Security Digital Certificate Manager

Security Digital Certificate Manager IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,

More information

apple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc.

apple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc. Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.8 Effective Date: June 11, 2012 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2.

More information

Public Key Certification Infrastructure

Public Key Certification Infrastructure Public Key Certification Infrastructure Petr Hanácek hanacek@dcse.fee.vutbr.cz Faculty of Electrical Engineering and Computer Science Brno University of Technology Abstract Jan Staudek staudek@fi.muni.cz

More information

Cryptosystems that Secure Web Browsers 1. Cryptosystems that Secure Web Browsers. E. Craig Luther

Cryptosystems that Secure Web Browsers 1. Cryptosystems that Secure Web Browsers. E. Craig Luther Cryptosystems that Secure Web Browsers 1 Cryptosystems that Secure Web Browsers E. Craig Luther Cryptosystems that Secure Web Browsers 2 Introduction The need to secure Web browsers from eavesdropping

More information

IBM i Version 7.3. Security Digital Certificate Manager IBM

IBM i Version 7.3. Security Digital Certificate Manager IBM IBM i Version 7.3 Security Digital Certificate Manager IBM IBM i Version 7.3 Security Digital Certificate Manager IBM Note Before using this information and the product it supports, read the information

More information

Symantec Managed PKI Certificate Service Description (< version 8.0)

Symantec Managed PKI Certificate Service Description (< version 8.0) Symantec Managed PKI Certificate Service Description (< version 8.0) Introduction Symantec Managed PKI Service provides an integrated PKI platform for you by combining enterprise controlled and operated

More information

Apple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

Apple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc. Apple Inc. Certificate Policy and Certification Practice Statement Version 2.0 Effective Date: April 10, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.

More information

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, 2002. Page 1

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, 2002. Page 1 PKI Tutorial Jim Kleinsteiber February 6, 2002 Page 1 Outline Public Key Cryptography Refresher Course Public / Private Key Pair Public-Key Is it really yours? Digital Certificate Certificate Authority

More information

The Role of Digital Certificates in Contemporary Government Systems: the Case of UAE Identity Authority

The Role of Digital Certificates in Contemporary Government Systems: the Case of UAE Identity Authority The Role of Digital Certificates in Contemporary Government Systems: the Case of UAE Identity Authority Dr. Ali M. Al-Khouri Emirates Identity Authority, Abu Dhabi, United Arab Emirates Abstract Digital

More information

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory. Chapter 11: Active Directory Certificate Services

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory. Chapter 11: Active Directory Certificate Services MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 11: Active Directory Certificate Services Objectives Describe the components of a PKI system Deploy the Active Directory

More information

Grid Computing - X.509

Grid Computing - X.509 Grid Computing - X.509 Sylva Girtelschmid October 20, 2009 Public Key Infrastructure - PKI PKI Digital Certificates IT infrastructure that provides means for private and secure data exchange By using cryptographic

More information

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Using etoken for SSL Web Authentication. SSL V3.0 Overview Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents

More information

Digital Signatures, Public Key Certificates, X509

Digital Signatures, Public Key Certificates, X509 Digital Signatures, Public Key Certificates, X509 Digital Signatures: The Problem Real-life examples for signatures: Ahmet Burak Can Hacettepe University A person pays by credit card and signs a bill;

More information

Key Management and Distribution

Key Management and Distribution Key Management and Distribution Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/

More information

Table of Contents 1 SSL Configuration 1-1

Table of Contents 1 SSL Configuration 1-1 Table of Contents 1 SSL Configuration 1-1 SSL Overview 1-1 SSL Security Mechanism 1-1 SSL Protocol Stack 1-2 SSL Configuration Task List 1-3 Configuring an SSL Server Policy 1-3 Configuration Prerequisites

More information

ING Public Key Infrastructure Customer Certificate Policy. Version November 2015

ING Public Key Infrastructure Customer Certificate Policy. Version November 2015 ING Public Key Infrastructure Customer Certificate Policy Version 5.4 - November 2015 Colophon Commissioned by Additional copies Document version General Abstract Audience References ING PKI Policy Approval

More information

Configuring Certificates

Configuring Certificates 34 CHAPTER This chapter describes how to configure digital certificates, and includes the following sections: Information About Digital Certificates, page 34-1 Licensing Requirements for Digital Certificates,

More information

TELSTRA RSS CA Subscriber Agreement (SA)

TELSTRA RSS CA Subscriber Agreement (SA) TELSTRA RSS CA Subscriber Agreement (SA) Last Revision Date: December 16, 2009 Version: Published By: Telstra Corporation Ltd Copyright 2009 by Telstra Corporation All rights reserved. No part of this

More information

Securing your Online Data Transfer with SSL

Securing your Online Data Transfer with SSL Securing your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4. What does

More information

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Table of Contents 1. Introduction... 5 1.1. Trademarks...

More information

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions May 3, 2004 TABLE OF CONTENTS GENERAL PKI QUESTIONS... 1 1. What is PKI?...1 2. What functionality is provided by a

More information

Table of Contents 1 SSL Configuration 1-1

Table of Contents 1 SSL Configuration 1-1 Table of Contents 1 SSL Configuration 1-1 SSL Overview 1-1 SSL Security Mechanism 1-1 SSL Protocol Stack 1-2 SSL Configuration Task List 1-2 Configuring an SSL Server Policy 1-2 Configuration Prerequisites

More information

L@Wtrust Class 3 Registration Authority Charter

L@Wtrust Class 3 Registration Authority Charter Class 3 Registration Authority Charter Version 1.0 applicable from 09 November 2010 Building A, Cambridge Park, 5 Bauhinia Street, Highveld Park, South Africa, 0046 Phone +27 (0)12 676 9240 Fax +27 (0)12

More information

Public Key Infrastructure

Public Key Infrastructure UT DALLAS Erik Jonsson School of Engineering & Computer Science Public Key Infrastructure Murat Kantarcioglu What is PKI How to ensure the authenticity of public keys How can Alice be sure that Bob s purported

More information

Securing your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application INDEX 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4.

More information

Comodo Certification Practice Statement

Comodo Certification Practice Statement Comodo Certification Practice Statement Comodo Group Version 2.1 16 April 2003 New Court, Regents Place, Regent Road, Manchester M5 4HB United Kingdom, Tel: +44 (0) 161 874 7070 Fax: +44 (0) 161 877 1767

More information

SSL Overview for Resellers

SSL Overview for Resellers Web Security Enterprise Security Identity Verification Services Signing Services SSL Overview for Resellers What We ll Cover Understanding SSL SSL Handshake 101 Market Opportunity for SSL Obtaining an

More information

Key Management Service

Key Management Service Key Management Service Administrator s Handbook CUSTOMER MANUAL Customer Support: 1-650-426-3535 enterprise-pkisupport@verisign.com VeriSign, Inc. DOC-ENT-PKI-KMG-0001 Key Management Service Administrator

More information

AD CS. http://technet.microsoft.com/en-us/library/cc731564.aspx

AD CS. http://technet.microsoft.com/en-us/library/cc731564.aspx AD CS AD CS http://technet.microsoft.com/en-us/library/cc731564.aspx Active Directory Certificate Services (AD CS) is an Identity and Access Control security technology that provides customizable services

More information

CHAPTER 6 CRYPTOGRAPHY

CHAPTER 6 CRYPTOGRAPHY CHAPTER 6 CRYPTOGRAPHY 6.1 GIVEN A SCENARIO, UTILIZE GENERAL CRYPTOGRAPHY CONCEPTS. Symmetric vs. asymmetric With symmetric key cryptography the sender and receiver of a message share a single common key.

More information

Apple Inc. Certification Authority Certificate Policy Version 1.5 Effective Date: April 16, 2014

Apple Inc. Certification Authority Certificate Policy Version 1.5 Effective Date: April 16, 2014 Apple Inc. Certification Authority Certificate Policy Version 1.5 Effective Date: April 16, 2014 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3. Definitions...

More information

Federal Reserve Banks Certification Authority (FR-CA) Certification Practice Statement

Federal Reserve Banks Certification Authority (FR-CA) Certification Practice Statement Certification Practice Statement 1.0 INTRODUCTION 1.1 OVERVIEW The Federal Reserve Banks ( FRBs ), utilizing Public Key Infrastructure ( PKI ) technology and operating as a Certification Authority ( FR-CA

More information

Certificates. Noah Zani, Tim Strasser, Andrés Baumeler

Certificates. Noah Zani, Tim Strasser, Andrés Baumeler Certificates Noah Zani, Tim Strasser, Andrés Baumeler Overview Motivation Introduction Public Key Infrastructure (PKI) Economic Aspects Motivation Need for secure, trusted communication Growing certificate

More information

Public Key Infrastructure

Public Key Infrastructure Motivation: Public Key Infrastructure 1. Numerous people buy/sell over the internet hard to manage security of all possible pairs of connections with secret keys 2. US government subject to the Government

More information

Trusted Public-Key Infrastructures

Trusted Public-Key Infrastructures Entrust Trusted Date: August 2000 Version: 1.2 Copyright 2000-2003 Entrust. All rights reserved. 1 Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. Entrust

More information

Cornerstones of Security

Cornerstones of Security Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to

More information

SSL Technology White Paper

SSL Technology White Paper SSL Technology White Paper Keywords: SSL, PKI, MAC Abstract: SSL provides secure connection services for TCP-based application layer protocols by using data encryption, identity authentication, and integrity

More information

Securing the data. Authentication: The message comes from whom it states HMAC(Hash-based Message Authentication Code)

Securing the data. Authentication: The message comes from whom it states HMAC(Hash-based Message Authentication Code) Securing the data A network infrastructure can be secured through device hardening, AAA access control, firewall features, and IPS implementations But how is network traffic protected when traversing the

More information

Annex B : Time-stamps using digital signatures

Annex B : Time-stamps using digital signatures Annex B : Time-stamps using digital signatures [unofficial version] revised 2009.07.31 I. DEFINITION 1. Definition of the service In this mechanism, the TSA assures the reliability of time-stamp tokens

More information

PositiveSSL Addendum to the Comodo Certification Practice Statement

PositiveSSL Addendum to the Comodo Certification Practice Statement PositiveSSL Addendum to the Comodo Certification Practice Statement Comodo CA Limited PositiveSSL Addendum to Comodo CPS, Version 2.4 Amendments 23 June 2006 New Court, Regents Place, Regent Road, Manchester

More information

Expert Reference Series of White Papers. Fundamentals of the PKI Infrastructure

Expert Reference Series of White Papers. Fundamentals of the PKI Infrastructure Expert Reference Series of White Papers Fundamentals of the PKI Infrastructure 1-800-COURSES www.globalknowledge.com Fundamentals of the PKI Infrastructure Boris Gigovic, Global Knowledge Instructor, CEI,

More information

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173 Security & Privacy on the WWW Briefing for CS4173 Topic Outline 1. Information Security Relationship to safety Definition of important terms Where breaches can occur Web techniques Components of security

More information

Comodo Certification Practice Statement

Comodo Certification Practice Statement Comodo Certification Practice Statement Notice: This CPS should be read in conjunction with the following documents:- * LiteSSL addendum to the Certificate Practice Statement * Proposed Amendments to the

More information

Cryptography and Network Security Chapter 14. Fifth Edition by William Stallings

Cryptography and Network Security Chapter 14. Fifth Edition by William Stallings Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Key Management: Generation, Transportation, and Distribution The Key Exchange Problem Although symmetric encryption is commonly

More information

Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999

Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999 Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer February 3, 1999 Frame Relay Frame Relay is an international standard for high-speed access to public wide area data networks

More information

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C Cunsheng Ding, HKUST Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1 Part I: Digital Certificates

More information

Secure Electronic Transaction (SET) Protocol

Secure Electronic Transaction (SET) Protocol Secure Electronic Transaction (SET) Protocol As more and more companies are opting Internet as a medium for electronic commerce, trust and security requirements are increasing. The important security requirements

More information

Google Inc. Certification Practices Statement

Google Inc. Certification Practices Statement Google Inc. Certification Practices Statement Google Inc. Certification Practices Statement 1. INTRODUCTION 1.1 Overview 1.2 Document name and identification 1.3 PKI participants 1.3.1 Certificate Authorities

More information

Certification Practice Statement

Certification Practice Statement FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification

More information

Using Entrust certificates with VPN

Using Entrust certificates with VPN Entrust Managed Services PKI Using Entrust certificates with VPN Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark or a registered trademark

More information

Fun/Informative Bit: Brain Study to Measure Security Behavior

Fun/Informative Bit: Brain Study to Measure Security Behavior Lecture 4.2: Key Distribution CS 436/636/736 Spring 2016 Nitesh Saxena Fun/Informative Bit: Brain Study to Measure Security Behavior Read More 2 1 Course Administration HW2 due Monday, 11am March 07 HW1

More information

GENERAL PROVISIONS...

GENERAL PROVISIONS... TABLE OF CONTENTS 1. TERMINOLOGY... 1 2. OVERVIEW... 4 2.1 IDENTIFICATION...4 2.2 APPLICABILITY...4 2.3 COMMUNITY...7 2.4 SECURITY OFFICERS...8 2.5 SUBSCRIBERS AND ENTITIES...8 2.6 CONTACT DETAILS...8

More information

Complying with PCI Data Security

Complying with PCI Data Security Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring

More information

CS 356 Lecture 28 Internet Authentication. Spring 2013

CS 356 Lecture 28 Internet Authentication. Spring 2013 CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Some Cryptographic Implementations

Some Cryptographic Implementations Some Cryptographic Implementations October 10 14, 2016 Guinee Conakry By Marcus K. G. Adomey Chief Operations Manager AfricaCERT Email: marcus.adomey@africacert.org OVERVIEW Fingerprint Digital Signature

More information

Free S/MIME Certificates

Free S/MIME Certificates Free S/MIME Certificates Certificate Policy Version 1.0 Last revised: June 5, 2015 Copyright Actalis S.p.A. All rights reserved. Via dell Aprica 18 20158 Milano Tel +39-02-68825.1 Fax +39-02-68825.223

More information

Using etoken for Securing E-mails Using Outlook and Outlook Express

Using etoken for Securing E-mails Using Outlook and Outlook Express Using etoken for Securing E-mails Using Outlook and Outlook Express Lesson 15 April 2004 etoken Certification Course Securing Email Using Certificates Unprotected emails can be easily read and/or altered

More information

Digital certificates and SSL

Digital certificates and SSL Digital certificates and SSL 20 out of 33 rated this helpful Applies to: Exchange Server 2013 Topic Last Modified: 2013-08-26 Secure Sockets Layer (SSL) is a method for securing communications between

More information

Key Update and the Complete Story on the Need for Two Key Pairs

Key Update and the Complete Story on the Need for Two Key Pairs Entrust Key Update and the Complete Story on the Need for Two Key Pairs Date: August 2000 Version: 1.2 Copyright 2000-2003 Entrust. All rights reserved. 1 Entrust is a registered trademark of Entrust,

More information

Network Security Protocols

Network Security Protocols Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination

More information

Sonera CA. Certificate Policy Sonera Class 2 Certificate. Valid as from December 2, 2007 Version 2.5

Sonera CA. Certificate Policy Sonera Class 2 Certificate. Valid as from December 2, 2007 Version 2.5 1 (41) 2.12.2008 Sonera CA Certificate Policy Sonera Class 2 Certificate Valid as from December 2, 2007 Version 2.5 Object Identifier (OID) of the Certificate Policy: 1.3.6.1.4.1.271.2.3.1.1.2 Software

More information

Cryptography. Concepts and Business Considerations. Rich Diedrich IBM Lab Services

Cryptography. Concepts and Business Considerations. Rich Diedrich IBM Lab Services Cryptography Concepts and Business Considerations Rich Diedrich IBM Lab Services richd@us.ibm.com Cryptography History and Concepts Cryptography is the study and practice of techniques to keep messages

More information

CA Certificate Policy. SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT

CA Certificate Policy. SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT CA Certificate Policy SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT This page is intentionally left blank. 2 ODETTE CA Certificate Policy Version Number Issue Date Changed By 1.0 1 st April 2009 Original

More information

StartCom Certification Authority

StartCom Certification Authority StartCom Certification Authority Intermediate Certification Authority Policy Appendix Version: 1.5 Status: Final Updated: 05/04/11 Copyright: Start Commercial (StartCom) Ltd. Author: Eddy Nigg Introduction

More information

HealthLink Messaging System Message Security Version 1.2

HealthLink Messaging System Message Security Version 1.2 HealthLink Messaging System Message Security Version 1.2 www.healthlink.net HealthLink 2014. All rights reserved. No reproduction, transmission, transcription, storage in a retrieval system, or translation

More information

Securing Service Access with Digital Certificates

Securing Service Access with Digital Certificates Securing Service Access with Digital Certificates Jovana Palibrk, AMRES NA3 T2, Tbilisi, December 2013. Agenda Theory Cryptographic Protocols and Techniques Public Key Infrastructure TERENA Certificate

More information

Chapter 17. Transport-Level Security

Chapter 17. Transport-Level Security Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics

More information

Savitribai Phule Pune University

Savitribai Phule Pune University Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter

More information

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions A Fundamental Requirement for Internet Transactions May 2007 Copyright 2007 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.

More information

ING Public Key Infrastructure Technical Certificate Policy

ING Public Key Infrastructure Technical Certificate Policy ING Public Key Infrastructure Technical Certificate Policy Version 5.1 - May 2010 Commissioned by ING PKI Policy Approval Authority (PAA) Additional copies Of this document can be obtained via the ING

More information

Vodafone Group CA Web Server Certificate Policy

Vodafone Group CA Web Server Certificate Policy Vodafone Group CA Web Server Certificate Policy Publication Date: 06/09/10 Copyright 2010 Vodafone Group Table of Contents Acknowledgments... 1 1. INTRODUCTION... 2 1.1 Overview... 3 1.2 Document Name

More information

Introduction to Network Security Key Management and Distribution

Introduction to Network Security Key Management and Distribution Introduction to Network Security Key Management and Distribution Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science and Technology cetinkayae@mst.edu http://web.mst.edu/~cetinkayae/teaching/cpe5420fall2015

More information