Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 12 Advanced Cryptography

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 12 Advanced Cryptography"

Transcription

1 Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 12 Advanced Cryptography

2 Objectives Define digital certificates List the various types of digital certificates and how they are used Describe the components of Public Key Infrastructure (PKI) List the tasks associated with key management Describe the different transport encryption algorithms Security+ Guide to Network Security Fundamentals, Fourth Edition 2

3 Digital Certificates Common application of cryptography Aspects of using digital certificates Understanding their purpose Knowing how they are managed Determining which type of digital certificate is appropriate for different situations Security+ Guide to Network Security Fundamentals, Fourth Edition 3

4 Defining Digital Certificates Digital signature Used to prove a document originated from a valid sender Weakness of using digital signatures Imposter could post a public key under a sender s name Security+ Guide to Network Security Fundamentals, Fourth Edition 4

5 Figure 12-1 Imposter public key Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 5

6 Defining Digital Certificates (cont d.) Trusted third party Used to help solve the problem of verifying identity Verifies the owner and that the public key belongs to that owner Helps prevent man-in-the-middle attack that impersonates owner of public key Information contained in a digital certificate Owner s name or alias Owner s public key Issuer s name Security+ Guide to Network Security Fundamentals, Fourth Edition 6

7 Defining Digital Certificates (cont d.) Information contained in a digital certificate (cont d.) Issuer s digital signature Digital certificate s serial number Expiration date of the public key Security+ Guide to Network Security Fundamentals, Fourth Edition 7

8 Managing Digital Certificates Technologies used for managing digital certificates Certificate Authority (CA) Registration Authority (RA) Certificate Revocation List (CRL) Certificate Repository (CR) Web browser Certificate Authority Trusted third party Responsible for issuing digital certificates Can be internal or external to an organization Security+ Guide to Network Security Fundamentals, Fourth Edition 8

9 Managing Digital Certificates (cont d.) Duties of a CA Generate, issue, an distribute public key certificates Distribute CA certificates Generate and publish certificate status information Provide a means for subscribers to request revocation Revoke public-key certificates Maintain security, availability, and continuity of certificate issuance signing functions Security+ Guide to Network Security Fundamentals, Fourth Edition 9

10 Managing Digital Certificates (cont d.) Subscriber requesting a digital certificate Generates public and private keys Sends public key to CA CA may in some instances create the keys CA inserts public key into certificate Certificates are digitally signed with private key of issuing CA Security+ Guide to Network Security Fundamentals, Fourth Edition 10

11 Managing Digital Certificates (cont d.) Registration Authority Subordinate entity designed to handle specific CA tasks Offloading registration functions creates improved workflow for CA General duties of an RA Receive, authenticate, and process certificate revocation requests Identify and authenticate subscribers Security+ Guide to Network Security Fundamentals, Fourth Edition 11

12 Managing Digital Certificates (cont d.) General duties of an RA (cont d.) Obtain a public key from the subscriber Verify that the subscriber possesses the asymmetric private key corresponding to the public key submitted for certification Primary function of an RA Verify identity of an individual Security+ Guide to Network Security Fundamentals, Fourth Edition 12

13 Managing Digital Certificates (cont d.) Means for a digital certificate requestor to identify themselves to an RA Insufficient for activities that must be very secure Documents Birth certificate, employee badge In person Providing government-issued passport or driver s license Security+ Guide to Network Security Fundamentals, Fourth Edition 13

14 Managing Digital Certificates (cont d.) Certificate Revocation List Lists digital certificates that have been revoked Reasons a certificate would be revoked Certificate is no longer used Details of the certificate have changed, such as user s address Private key has been lost or exposed (or suspected lost or exposed) Security+ Guide to Network Security Fundamentals, Fourth Edition 14

15 Figure 12-2 Certificate Revocation List (CRL) Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 15

16 Managing Digital Certificates (cont d.) Certificate Repository Publicly accessible centralized directory of digital certificates Used to view certificate status Can be managed locally as a storage area connected to the CA server Can be made available through a Web browser interface Security+ Guide to Network Security Fundamentals, Fourth Edition 16

17 Figure 12-3 Certificate Repository (CR) Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 17

18 Managing Digital Certificates (cont d.) Web browser management Modern Web browsers preconfigured with default list of CAs Advantages Users can take advantage of digital certificates without need to manually load information Users do not need to install a CRL manually Automatic updates feature will install them automatically if feature is enabled Security+ Guide to Network Security Fundamentals, Fourth Edition 18

19 Figure 12-4 Web browser default CAs Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 19

20 Types of Digital Certificates Different categories of digital certificates Class 1 through Class 5 Dual-key sided Dual sided Other uses for digital certificates Provide secure communication between clients and servers by encrypting channels Encrypt messages for secure Internet communication Security+ Guide to Network Security Fundamentals, Fourth Edition 20

21 Types of Digital Certificates (cont d.) Other uses for digital certificates (cont d.) Verify the identity of clients and servers on the Web Verify the source and integrity of signed executable code Common categories of digital certificates Personal digital certificates Server digital certificates Software publisher digital certificates Security+ Guide to Network Security Fundamentals, Fourth Edition 21

22 Types of Digital Certificates (cont d.) Class 1: personal digital certificates Issued by an RA directly to individuals Frequently used to secure transmissions Typically only require user s name and address to receive Class 2: server digital certificates Issued from a Web server to a client Ensure authenticity of the Web server Ensure authenticity of the cryptographic connection to the Web server Security+ Guide to Network Security Fundamentals, Fourth Edition 22

23 Figure 12-5 Server digital certificate Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 23

24 Types of Digital Certificates (cont d.) Class 2: server digital certificates (cont d.) Server authentication and secure communication can be combined into one certificate Displays padlock icon in the Web browser Click padlock icon to display information about the digital certificate Extended Validation SSL Certificate (EV SSL) Requires more extensive verification of legitimacy of the business Security+ Guide to Network Security Fundamentals, Fourth Edition 24

25 Figure 12-6 Padlock icon and certificate information Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 25

26 Types of Digital Certificates (cont d.) Class 3: software publisher digital certificates Provided by software publishers Purpose: verify programs are secure and have not been tampered with Dual-key digital certificates Reduce need for storing multiple copies of the signing certificate Facilitate certificate handling in organizations Copies kept in central storage repository Security+ Guide to Network Security Fundamentals, Fourth Edition 26

27 Types of Digital Certificates (cont d.) Dual-sided certificates Provides ability for client to authenticate back to the server Both sides of the session validate themselves X.509 digital certificates Standard for most widely accepted format for digital certificates Security+ Guide to Network Security Fundamentals, Fourth Edition 27

28 Table 12-1 X.509 structure Security+ Guide to Network Security Fundamentals, Fourth Edition 28

29 Public Key Infrastructure (PKI) Important management tool for the use of: Digital certificates: Asymmetric cryptography Aspects of PKI Public-key cryptography standards Trust models Key management Security+ Guide to Network Security Fundamentals, Fourth Edition 29

30 What is Public Key Infrastructure? Need for consistent means to manage digital certificates PKI: framework for all entities involved in digital certificates Certificate management actions facilitated by PKI Create Store Distribute Revoke Security+ Guide to Network Security Fundamentals, Fourth Edition 30

31 Public-Key Cryptographic Standards (PKCS) Numbered set of PKI standards defined by the RSA Corporation Widely accepted in industry Based on the RSA public-key algorithm Security+ Guide to Network Security Fundamentals, Fourth Edition 31

32 Table 12-2 PKCS standards (continues) Security+ Guide to Network Security Fundamentals, Fourth Edition 32

33 Table 12-2 PKCS standards (cont d.) Security+ Guide to Network Security Fundamentals, Fourth Edition 33

34 Figure 12-7 Microsoft Windows PKCS support Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 34

35 Trust Models Trust Confidence in or reliance on another person or entity Trust model Refers to type of trusting relationship that can exist between individuals and entities Direct trust One person knows the other person Third-party trust Two individuals trust each other because each trusts a third party Security+ Guide to Network Security Fundamentals, Fourth Edition 35

36 Trust Models (cont d.) Hierarchical trust model Assigns single hierarchy with one master CA called the root Root signs all digital certificate authorities with a single key Can be used in an organization where one CA is responsible for only that organization s digital certificates Hierarchical trust model has several limitations Single CA private key may be compromised rendering all certificates worthless Security+ Guide to Network Security Fundamentals, Fourth Edition 36

37 Figure 12-8 Hierarchical trust model Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 37

38 Trust Models (cont d.) Distributed trust model Multiple CAs sign digital certificates Eliminates limitations of hierarchical trust model Bridge trust model One CA acts as facilitator to connect all other CAs Facilitator CA does not issue digital certificates Acts as hub between hierarchical and distributed trust model Allows the different models to be linked Security+ Guide to Network Security Fundamentals, Fourth Edition 38

39 Figure 12-9 Distributed trust model Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 39

40 Figure Bridge trust model Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 40

41 Trust Models (cont d.) Bridge trust application examples Federal and state governments Pharmaceutical industry Aerospace industry Security+ Guide to Network Security Fundamentals, Fourth Edition 41

42 Managing PKI Certificate Policy (CP) Published set of rules that govern operation of a PKI Provides recommended baseline security requirements for use and operation of CA, RA, and other PKI components Certificate Practice Statement (CPS) Describes in detail how the CA uses and manages certificates Security+ Guide to Network Security Fundamentals, Fourth Edition 42

43 Managing PKI (cont d.) Certificate life cycle Creation Occurs after user is positively identified Suspension May occur when employee on leave of absence Revocation Certificate no longer valid Expiration Key can no longer be used Security+ Guide to Network Security Fundamentals, Fourth Edition 43

44 Key Storage Means of public key storage Embedding within digital certificates Means of private key storage Stored on user s local system Software-based storage may expose keys to attackers Alternative: storing keys in hardware Tokens Smart-cards Security+ Guide to Network Security Fundamentals, Fourth Edition 44

45 Key Usage Multiple pairs of dual keys Created if more security needed than single set of public/private keys One pair used to encrypt information Public key backed up in another location Second pair used only for digital signatures Public key in that pair never backed up Security+ Guide to Network Security Fundamentals, Fourth Edition 45

46 Key-Handling Procedures Key escrow Keys managed by a third party Private key is split and each half is encrypted Two halves sent to third party, which stores each half in separate location User can retrieve and combine two halves and use this new copy of private key for decryption Expiration Keys expire after a set period of time Security+ Guide to Network Security Fundamentals, Fourth Edition 46

47 Key-Handling Procedures (cont d.) Renewal Existing key can be renewed Revocation Key may be revoked prior to its expiration date Revoked keys may not be reinstated Recovery Need to recover keys of an employee hospitalized for extended period Key recovery agent may be used Group of people may be used (M-of-N control) Security+ Guide to Network Security Fundamentals, Fourth Edition 47

48 Figure M-of-N control Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 48

49 Key-Handling Procedures (cont d.) Suspension Suspended for a set period of time and then reinstated Destruction Removes all public and private keys and user s identification from the CA Security+ Guide to Network Security Fundamentals, Fourth Edition 49

50 Transport Encryption Algorithms Secure Sockets Layer (SSL) Most common transport encryption algorithm Developed by Netscape Uses a public key to encrypt data transferred over the SSL connection Transport Layer Security (TLS) Protocol that guarantees privacy and data integrity between applications communicating over the Internet Both provide server and client authentication, and data encryption Security+ Guide to Network Security Fundamentals, Fourth Edition 50

51 Secure Shell (SSH) Encrypted alternative to Telnet protocol used to access remote computers Linux/UNIX-based command interface and protocol Suite of three utilities: slogin, ssh, and scp Client and server ends of connection are authenticated using a digital certificate Passwords are encrypted Can be used as a tool for secure network backups Security+ Guide to Network Security Fundamentals, Fourth Edition 51

52 Table 12-3 SSH commands Security+ Guide to Network Security Fundamentals, Fourth Edition 52

53 Hypertext Transport Protocol over Secure Sockets Layer (HTTPS) Common use of SSL Secure Web Hypertext Transport Protocol (HTTP) communications between browser and Web server Users must enter URLs with Secure Hypertext Transport Protocol (SHTTP) Cryptographic transport protocol released as a public specification Supports a variety of encryption types, including 3DES Not as widely used as HTTPS Security+ Guide to Network Security Fundamentals, Fourth Edition 53

54 IP Security (IPsec) Open System Interconnection (OSI) model Security tools function at different layers Operating at higher levels such as Application layer Advantage: tools designed to protect specific applications Disadvantage: multiple security tools may be needed IPsec Set of protocols developed to support secure exchange of packets Operates at a low level in the OSI model Security+ Guide to Network Security Fundamentals, Fourth Edition 54

55 Figure Security tools and the OSI model Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 55

56 IP Security (cont d.) IPsec considered transparent to: Applications Users Software Located in the operating system or communication hardware Provides authentication, confidentiality, and key management Supports two encryption modes: transport and tunnel Security+ Guide to Network Security Fundamentals, Fourth Edition 56

57 Figure New IPsec packet using transport or tunnel mode Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 57

58 Summary Digital certificate provides third party verification of public key owner s identity A Certificate Authority issues digital certificates for others Personal digital certificates are issued by an RA to individuals Server digital certificates ensure authenticity of a Web server and its cryptographic connection Security+ Guide to Network Security Fundamentals, Fourth Edition 58

59 Summary (cont d.) PKI is a framework for all entities involved in digital certificates Three basic PKI trust models exist Cryptography can protect data as it is being transported across a network SSL/TLS is a widely used algorithm IPsec supports a secure exchange of packets Considered to be a transparent security protocol Security+ Guide to Network Security Fundamentals, Fourth Edition 59

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used

More information

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information

Understanding Digital Certificates and Secure Sockets Layer (SSL)

Understanding Digital Certificates and Secure Sockets Layer (SSL) Understanding Digital Certificates and Secure Sockets Layer (SSL) Author: Peter Robinson January 2001 Version 1.1 Copyright 2001-2003 Entrust. All rights reserved. Digital Certificates What are they?

More information

Security Digital Certificate Manager

Security Digital Certificate Manager System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure

More information

apple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc.

apple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc. Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.8 Effective Date: June 11, 2012 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2.

More information

Security Digital Certificate Manager

Security Digital Certificate Manager IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,

More information

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Table of Contents 1. Introduction... 5 1.1. Trademarks...

More information

Apple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

Apple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc. Apple Inc. Certificate Policy and Certification Practice Statement Version 2.0 Effective Date: April 10, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.

More information

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT

More information

INFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECT

INFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECT INFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECT ESCB-PKI REGISTRATION AUTHORITY APPLICATION SUBSCRIBER S MANUAL VERSION 1.3 ECB-Restricted 15-April-2014 ESCB-PKI - RA Application Subscriber's Manual

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

SSL Overview for Resellers

SSL Overview for Resellers Web Security Enterprise Security Identity Verification Services Signing Services SSL Overview for Resellers What We ll Cover Understanding SSL SSL Handshake 101 Market Opportunity for SSL Obtaining an

More information

Comodo Certification Practice Statement

Comodo Certification Practice Statement Comodo Certification Practice Statement Notice: This CPS should be read in conjunction with the following documents:- * LiteSSL addendum to the Certificate Practice Statement * Proposed Amendments to the

More information

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Using etoken for SSL Web Authentication. SSL V3.0 Overview Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents

More information

The Role of Digital Certificates in Contemporary Government Systems: the Case of UAE Identity Authority

The Role of Digital Certificates in Contemporary Government Systems: the Case of UAE Identity Authority The Role of Digital Certificates in Contemporary Government Systems: the Case of UAE Identity Authority Dr. Ali M. Al-Khouri Emirates Identity Authority, Abu Dhabi, United Arab Emirates Abstract Digital

More information

Cornerstones of Security

Cornerstones of Security Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to

More information

Securing your Online Data Transfer with SSL

Securing your Online Data Transfer with SSL Securing your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4. What does

More information

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173 Security & Privacy on the WWW Briefing for CS4173 Topic Outline 1. Information Security Relationship to safety Definition of important terms Where breaches can occur Web techniques Components of security

More information

Securing your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application INDEX 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4.

More information

Certification Practice Statement

Certification Practice Statement FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification

More information

Danske Bank Group Certificate Policy

Danske Bank Group Certificate Policy Document history Version Date Remarks 1.0 19-05-2011 finalized 1.01 15-11-2012 URL updated after web page restructuring. 2 Table of Contents 1. Introduction... 4 2. Policy administration... 4 2.1 Overview...

More information

encryption keys, signing keys are not archived, reducing exposure to unauthorized access to the private key.

encryption keys, signing keys are not archived, reducing exposure to unauthorized access to the private key. The way the world does business is changing, and corporate security must change accordingly. For instance, e-mail now carries not only memos and notes, but also contracts and sensitive financial information.

More information

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C Cunsheng Ding, HKUST Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1 Part I: Digital Certificates

More information

Certificate Authority Product Overview Technology White Paper

Certificate Authority Product Overview Technology White Paper RSA Keon Certificate Authority Product Overview Technology White Paper e-business is an integral component of everyday life-from online banking and brokerage transactions, to chip-based smart cards and

More information

StartCom Certification Authority

StartCom Certification Authority StartCom Certification Authority Intermediate Certification Authority Policy Appendix Version: 1.5 Status: Final Updated: 05/04/11 Copyright: Start Commercial (StartCom) Ltd. Author: Eddy Nigg Introduction

More information

SwissSign Certificate Policy and Certification Practice Statement for Gold Certificates

SwissSign Certificate Policy and Certification Practice Statement for Gold Certificates SwissSign Certificate Policy and Certification Practice Statement for Gold Certificates Version March 2004 Version 2004-03 SwissSign Gold CP/CPS Page 1 of 66 Table of Contents 1. INTRODUCTION...9 1.1 Overview...

More information

Savitribai Phule Pune University

Savitribai Phule Pune University Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter

More information

Ford Motor Company CA Certification Practice Statement

Ford Motor Company CA Certification Practice Statement Certification Practice Statement Date: February 21, 2008 Version: 1.0.1 Table of Contents Document History... 1 Acknowledgments... 1 1. Introduction... 2 1.1 Overview... 3 1.2 Ford Motor Company Certificate

More information

ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0

ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0 ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0 June 30, 2004 Table of Contents Table of Contents...2 1 Introduction...3 1.1 Overview...3 1.1.1 General Definitions...4

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

Using Entrust certificates with VPN

Using Entrust certificates with VPN Entrust Managed Services PKI Using Entrust certificates with VPN Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark or a registered trademark

More information

Certificates. Noah Zani, Tim Strasser, Andrés Baumeler

Certificates. Noah Zani, Tim Strasser, Andrés Baumeler Certificates Noah Zani, Tim Strasser, Andrés Baumeler Overview Motivation Introduction Public Key Infrastructure (PKI) Economic Aspects Motivation Need for secure, trusted communication Growing certificate

More information

Network Security Protocols

Network Security Protocols Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination

More information

Land Registry. Version 4.0 10/09/2009. Certificate Policy

Land Registry. Version 4.0 10/09/2009. Certificate Policy Land Registry Version 4.0 10/09/2009 Certificate Policy Contents 1 Background 5 2 Scope 6 3 References 6 4 Definitions 7 5 General approach policy and contract responsibilities 9 5.1 Background 9 5.2

More information

Case Study for Layer 3 Authentication and Encryption

Case Study for Layer 3 Authentication and Encryption CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client

More information

Visa Public Key Infrastructure Certificate Policy (CP)

Visa Public Key Infrastructure Certificate Policy (CP) Visa Public Key Infrastructure Certificate Policy (CP) Version 1.7 Effective: 24 January 2013 2010-2013 Visa. All Rights Reserved. Visa Public Important Note on Confidentiality and Copyright The Visa Confidential

More information

10 Secure Electronic Transactions: Overview, Capabilities, and Current Status

10 Secure Electronic Transactions: Overview, Capabilities, and Current Status 10 Secure Electronic Transactions: Overview, Capabilities, and Current Status Gordon Agnew A&F Consulting, and University of Waterloo, Ontario, Canada 10.1 Introduction Until recently, there were two primary

More information

SBClient SSL. Ehab AbuShmais

SBClient SSL. Ehab AbuShmais SBClient SSL Ehab AbuShmais Agenda SSL Background U2 SSL Support SBClient SSL 2 What Is SSL SSL (Secure Sockets Layer) Provides a secured channel between two communication endpoints Addresses all three

More information

Grid Computing - X.509

Grid Computing - X.509 Grid Computing - X.509 Sylva Girtelschmid October 20, 2009 Public Key Infrastructure - PKI PKI Digital Certificates IT infrastructure that provides means for private and secure data exchange By using cryptographic

More information

CS 356 Lecture 28 Internet Authentication. Spring 2013

CS 356 Lecture 28 Internet Authentication. Spring 2013 CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

User Guide Supplement. S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series

User Guide Supplement. S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series User Guide Supplement S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series SWD-292878-0324093908-001 Contents Certificates...3 Certificate basics...3 Certificate status...5 Certificate

More information

Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.

Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2. Entrust Managed Services PKI Getting an end-user Entrust certificate using Entrust Authority Administration Services Document issue: 2.0 Date of issue: June 2009 Revision information Table 1: Revisions

More information

Securing Service Access with Digital Certificates

Securing Service Access with Digital Certificates Securing Service Access with Digital Certificates Jovana Palibrk, AMRES NA3 T2, Tbilisi, December 2013. Agenda Theory Cryptographic Protocols and Techniques Public Key Infrastructure TERENA Certificate

More information

Part III-a. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT

Part III-a. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT Part III-a Contents Part III-a Public-Key Infrastructure (PKI) Definition of a PKI and PKI components PKI Trust Models Digital Certificate, X.509 Certificate Management and Life Cycle Public Key Infrastructure

More information

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions A Fundamental Requirement for Internet Transactions May 2007 Copyright 2007 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.

More information

Implementing Secure Sockets Layer on iseries

Implementing Secure Sockets Layer on iseries Implementing Secure Sockets Layer on iseries Presented by Barbara Brown Alliance Systems & Programming, Inc. Agenda SSL Concepts Digital Certificate Manager Local Certificate Authority Server Certificates

More information

Certificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr

Certificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr Certificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr Version 0.3 August 2002 Online : http://www.urec.cnrs.fr/igc/doc/datagrid-fr.policy.pdf Old versions Version 0.2 :

More information

DigiCert Certification Practice Statement

DigiCert Certification Practice Statement DigiCert Certification Practice Statement DigiCert, Inc. Version 2.22 June 01, 2005 333 South 520 West Orem, UT 84042 USA Tel: 1-801-805-1620 Fax: 1-801-705-0481 www.digicert.com 1 General...7 1.1 DigiCert,

More information

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2 Contents Introduction--1 Content and Purpose of This Guide...........................1 User Management.........................................2 Types of user accounts2 Security--3 Security Features.........................................3

More information

Security + Certification (ITSY 1076) Syllabus

Security + Certification (ITSY 1076) Syllabus Security + Certification (ITSY 1076) Syllabus Course: ITSY 1076 Security+ 40 hours Course Description: This course is targeted toward an Information Technology (IT) professional who has networking and

More information

THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Published By: RSA Security Inc.

THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Published By: RSA Security Inc. THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Last Revision Date: June 28, 2007 Version: 3.0 Published By: RSA Security Inc. Copyright 2002-2007 by

More information

Symantec Managed PKI Service for Windows Service Description

Symantec Managed PKI Service for Windows Service Description Introduction Symantec Managed PKI Service for Windows Service Description Symantec Managed PKI Service for Windows provides a flexible PKI platform to manage complete lifecycle of certificates, which includes:

More information

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Executive Summary...3 Background...4 Internet Growth in the Pharmaceutical Industries...4 The Need for Security...4

More information

Certificate Policy for. SSL Client & S/MIME Certificates

Certificate Policy for. SSL Client & S/MIME Certificates Certificate Policy for SSL Client & S/MIME Certificates OID: 1.3.159.1.11.1 Copyright Actalis S.p.A. All rights reserved. Via dell Aprica 18 20158 Milano Tel +39-02-68825.1 Fax +39-02-68825.223 www.actalis.it

More information

National Certification Authority Framework in Sri Lanka

National Certification Authority Framework in Sri Lanka National Certification Authority Framework in Sri Lanka By Rohana Palliyaguru Manager Operations & Principal Information Security Engineer What is digital Signature? According to UNCITRAL Text 25. Digital

More information

Trust Service Principles and Criteria for Certification Authorities

Trust Service Principles and Criteria for Certification Authorities Trust Service Principles and Criteria for Certification Authorities Version 2.0 March 2011 (Effective July 1, 2011) (Supersedes WebTrust for Certification Authorities Principles Version 1.0 August 2000)

More information

Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions

Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions February 2005 All rights reserved. Page i Entrust is a registered trademark of Entrust,

More information

Concept of Electronic Approvals

Concept of Electronic Approvals E-Lock Technologies Contact info@elock.com Table of Contents 1 INTRODUCTION 3 2 WHAT ARE ELECTRONIC APPROVALS? 3 3 HOW DO INDIVIDUALS IDENTIFY THEMSELVES IN THE ELECTRONIC WORLD? 3 4 WHAT IS THE TECHNOLOGY

More information

PKI Made Easy: Managing Certificates with Dogtag. Ade Lee Sr. Software Engineer Red Hat, Inc. 08.11.2013

PKI Made Easy: Managing Certificates with Dogtag. Ade Lee Sr. Software Engineer Red Hat, Inc. 08.11.2013 2013 PKI Made Easy: Managing Certificates with Dogtag Ade Lee Sr. Software Engineer Red Hat, Inc. 08.11.2013 Agenda What is PKI? What is Dogtag? Installing Dogtag Interacting with Dogtag using REST Future

More information

CERTIFICATION PRACTICE STATEMENT UPDATE

CERTIFICATION PRACTICE STATEMENT UPDATE CERTIFICATION PRACTICE STATEMENT UPDATE Reference: IZENPE-CPS UPDATE Version no: v 5.03 Date: 10th March 2015 IZENPE 2015 This document is the property of Izenpe. It may only be reproduced in its entirety.

More information

Understanding digital certificates

Understanding digital certificates Understanding digital certificates Mick O Brien and George R S Weir Department of Computer and Information Sciences, University of Strathclyde Glasgow G1 1XH mickobrien137@hotmail.co.uk, george.weir@cis.strath.ac.uk

More information

THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. July 2011 Version 2.0. Copyright 2006-2011, The Walt Disney Company

THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. July 2011 Version 2.0. Copyright 2006-2011, The Walt Disney Company THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY July 2011 Version 2.0 Copyright 2006-2011, The Walt Disney Company Version Control Version Revision Date Revision Description Revised

More information

70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network

70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network 70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network Course Number: 70 299 Length: 1 Day(s) Course Overview This course is part of the MCSA training.. Prerequisites

More information

Digital Certificates Demystified

Digital Certificates Demystified Digital Certificates Demystified Alyson Comer IBM Corporation System SSL Development Endicott, NY Email: comera@us.ibm.com February 7 th, 2013 Session 12534 (C) 2012, 2013 IBM Corporation Trademarks The

More information

Introduction to Network Security Key Management and Distribution

Introduction to Network Security Key Management and Distribution Introduction to Network Security Key Management and Distribution Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science and Technology cetinkayae@mst.edu http://web.mst.edu/~cetinkayae/teaching/cpe5420fall2015

More information

SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION

SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION I. DEFINITIONS For the purpose of this Service Description, capitalized terms have the meaning defined herein. All other capitalized

More information

Subject: Public Key Infrastructure: Examples of Risks and Internal Control Objectives Associated with Certification Authorities

Subject: Public Key Infrastructure: Examples of Risks and Internal Control Objectives Associated with Certification Authorities United States Government Accountability Office Washington, DC 20548 August 10, 2004 The Honorable Tom Davis Chairman, Committee on Government Reform House of Representatives Dear Mr. Chairman: Subject:

More information

Extended SSL Certificates

Extended SSL Certificates Introduction Widespread usage of internet has led to the growth of awareness amongst users, who now associate green address bar with security. Though people are able to recognize the green bar, there is

More information

Configuring Digital Certificates

Configuring Digital Certificates CHAPTER 36 This chapter describes how to configure digital certificates and includes the following sections: Information About Digital Certificates, page 36-1 Licensing Requirements for Digital Certificates,

More information

understanding SSL certificates THAWTE IS A LEADING GLOBAL PROVIDER OF SSL CERTIFICATES

understanding SSL certificates THAWTE IS A LEADING GLOBAL PROVIDER OF SSL CERTIFICATES understanding SSL certificates THAWTE IS A LEADING GLOBAL PROVIDER OF SSL CERTIFICATES contents UNDERSTANDING SSL CERTIFICATES...1 What Is SSL and What Are SSL Certificates?...1 Features of SSL...1 Encryption...1

More information

Chapter 9 Key Management 9.1 Distribution of Public Keys 9.1.1 Public Announcement of Public Keys 9.1.2 Publicly Available Directory

Chapter 9 Key Management 9.1 Distribution of Public Keys 9.1.1 Public Announcement of Public Keys 9.1.2 Publicly Available Directory There are actually two distinct aspects to the use of public-key encryption in this regard: The distribution of public keys. The use of public-key encryption to distribute secret keys. 9.1 Distribution

More information

Chapter 7 Transport-Level Security

Chapter 7 Transport-Level Security Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell

More information

Websense Content Gateway HTTPS Configuration

Websense Content Gateway HTTPS Configuration Websense Content Gateway HTTPS Configuration web security data security email security Support Webinars 2010 Websense, Inc. All rights reserved. Webinar Presenter Title: Sr. Tech Support Specialist Cisco

More information

An Introduction to Entrust PKI. Last updated: September 14, 2004

An Introduction to Entrust PKI. Last updated: September 14, 2004 An Introduction to Entrust PKI Last updated: September 14, 2004 2004 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. In

More information

Using BroadSAFE TM Technology 07/18/05

Using BroadSAFE TM Technology 07/18/05 Using BroadSAFE TM Technology 07/18/05 Layers of a Security System Security System Data Encryption Key Negotiation Authentication Identity Root Key Once root is compromised, all subsequent layers of security

More information

ING Public Key Infrastructure Certificate Practice Statement. Version 5.3 - June 2015

ING Public Key Infrastructure Certificate Practice Statement. Version 5.3 - June 2015 ING Public Key Infrastructure Certificate Practice Statement Version 5.3 - June 2015 Colophon Commissioned by Additional copies ING Corporate PKI Policy Approval Authority Additional copies of this document

More information

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software WHITE PAPER: COMPARING TCO: SYMANTEC MANAGED PKI SERVICE........ VS..... ON-PREMISE........... SOFTWARE................. Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software

More information

Ericsson Group Certificate Value Statement - 2013

Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...

More information

Security Policy Revision Date: 23 April 2009

Security Policy Revision Date: 23 April 2009 Security Policy Revision Date: 23 April 2009 Remote Desktop Support Version 3.2.1 or later for Windows Version 3.1.2 or later for Linux and Mac 4 ISL Light Security Policy This section describes the procedure

More information

What is an SSL Certificate?

What is an SSL Certificate? Security is of the utmost importance when doing business on the Web. Your customers want to know that their information is protected when crossing data lines. A Thawte SSL Web Server Certificate or SuperCert

More information

Authentication Application

Authentication Application Authentication Application KERBEROS In an open distributed environment servers to be able to restrict access to authorized users to be able to authenticate requests for service a workstation cannot be

More information

Virtual Private Networks

Virtual Private Networks Virtual Private Networks ECE 4886 Internetwork Security Dr. Henry Owen Definition Virtual Private Network VPN! Virtual separation in protocol provides a virtual network using no new hardware! Private communication

More information

Fundamentals of Network Security - Theory and Practice-

Fundamentals of Network Security - Theory and Practice- Fundamentals of Network Security - Theory and Practice- Program: Day 1... 1 1. General Security Concepts... 1 2. Identifying Potential Risks... 1 Day 2... 2 3. Infrastructure and Connectivity... 2 4. Monitoring

More information

Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI) Public Key Infrastructure (PKI) In this video you will learn the quite a bit about Public Key Infrastructure and how it is used to authenticate clients and servers. The purpose of Public Key Infrastructure

More information

Network Security Fundamentals

Network Security Fundamentals APNIC elearning: Network Security Fundamentals 27 November 2013 04:30 pm Brisbane Time (GMT+10) Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security IPv6

More information

SSL/TLS: The Ugly Truth

SSL/TLS: The Ugly Truth SSL/TLS: The Ugly Truth Examining the flaws in SSL/TLS protocols, and the use of certificate authorities. Adrian Hayter CNS Hut 3 Team adrian.hayter@cnsuk.co.uk Contents Introduction to SSL/TLS Cryptography

More information

Key Management and Distribution

Key Management and Distribution Key Management and Distribution Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu udio/video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/

More information

Understanding SSL Certificates THAWTE IS A LEADING GLOBAL PROVIDER OF SSL CERTIFICATES

Understanding SSL Certificates THAWTE IS A LEADING GLOBAL PROVIDER OF SSL CERTIFICATES Understanding SSL Certificates THAWTE IS A LEADING GLOBAL PROVIDER OF SSL CERTIFICATES Understanding SSL Certificates 2 Secure Socket Layer (SSL) certificates are widely used to help secure and authenticate

More information

APNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10)

APNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10) APNIC elearning: Network Security Fundamentals 20 March 2013 10:30 pm Brisbane Time (GMT+10) Introduction Presenter/s Nurul Islam Roman Senior Training Specialist nurul@apnic.net Specialties: Routing &

More information

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002 INTERNET SECURITY: FIREWALLS AND BEYOND Mehernosh H. Amroli 4-25-2002 Preview History of Internet Firewall Technology Internet Layer Security Transport Layer Security Application Layer Security Before

More information

CRYPTOGRAPHY IN NETWORK SECURITY

CRYPTOGRAPHY IN NETWORK SECURITY ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can

More information

APPLICATION FOR DIGITAL CERTIFICATE

APPLICATION FOR DIGITAL CERTIFICATE Application ID Number (For Official Use only) APPLICATION FOR DIGITAL CERTIFICATE Instructions: 1. Please fill the form in BLOCK LETTERS ONLY. 2. All fields are mandatory. 3. Present one (1) copy and the

More information

SECOM Trust.net Root1 CA

SECOM Trust.net Root1 CA CERTIFICATE POLICY/ CERTIFICATION PRACTICE STATEMENT May 22, 2006 Version 2.00 SECOM Trust Systems Co.,Ltd. Revision History Version Date Description V1.00 2003.08.01 Initial Draft (Translated from Japanese

More information

Gandi CA Certification Practice Statement

Gandi CA Certification Practice Statement Gandi CA Certification Practice Statement Gandi SAS 15 Place de la Nation Paris 75011 France Version 1.0 TABLE OF CONTENTS 1.INTRODUCTION...10 1.1.Overview...10 1.2.Document Name and Identification...10

More information

HP ProtectTools Embedded Security Guide

HP ProtectTools Embedded Security Guide HP ProtectTools Embedded Security Guide Document Part Number: 364876-001 May 2004 This guide provides instructions for using the software that allows you to configure settings for the HP ProtectTools Embedded

More information

White Paper. The risks of authenticating with digital certificates exposed

White Paper. The risks of authenticating with digital certificates exposed White Paper The risks of authenticating with digital certificates exposed Table of contents Introduction... 2 What is remote access?... 2 Authentication with client side digital certificates... 2 Asymmetric

More information

TeliaSonera Server Certificate Policy and Certification Practice Statement

TeliaSonera Server Certificate Policy and Certification Practice Statement TeliaSonera Server Certificate Policy and Certification Practice Statement v.1.4 TeliaSonera Server Certificate Policy and Certification Practice Statement CA name Validation OID TeliaSonera Server CA

More information

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution.

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution. Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution. 1 Opening quote. 2 The topics of cryptographic key management

More information