Understanding Digital Certificates and Wireless Transport Layer Security (WTLS)



Similar documents
Understanding Digital Certificates and Secure Sockets Layer (SSL)

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions

Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions

An Introduction to Cryptography and Digital Signatures

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, Page 1

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

SSL/TLS: The Ugly Truth

Common security requirements Basic security tools. Example. Secret-key cryptography Public-key cryptography. Online shopping with Amazon

Web Security: Encryption & Authentication

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Chapter 9 Key Management 9.1 Distribution of Public Keys Public Announcement of Public Keys Publicly Available Directory

Overview. SSL Cryptography Overview CHAPTER 1

Cornerstones of Security


Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Securing your Online Data Transfer with SSL

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Using etoken for SSL Web Authentication. SSL V3.0 Overview

You re FREE Guide SSL. (Secure Sockets Layer) webvisions

Network Security Protocols

Cryptography and Network Security Chapter 14

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn

Security Digital Certificate Manager

Savitribai Phule Pune University

GT 6.0 GSI C Security: Key Concepts

Security Digital Certificate Manager

Beginner s Guide to SSL Certificates

SSL Certificates 101

Module 7 Security CS655! 7-1!

BEGINNERS GUIDE BEGINNERS GUIDE TO SSL CERTIFICATES: MAKING THE BEST CHOICE WHEN CONSIDERING YOUR ONLINE SECURITY OPTIONS

Digital Certificates Demystified

Strong Security in Multiple Server Environments

Instructions on TLS/SSL Certificates on Yealink Phones

HP ProtectTools Embedded Security Guide

CRYPTOGRAPHY IN NETWORK SECURITY

7 Key Management and PKIs

BEGINNER S GUIDE TO SSL CERTIFICATES: Making the best choice when considering your online security options

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For

Cryptography and Network Security Chapter 14. Key Distribution. Key Management and Distribution. Key Distribution Task 4/19/2010

The Concept of Trust in Network Security

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution.

Authentication Types. Password-based Authentication. Off-Line Password Guessing

beginners guide Beginners Guide Certificates the best decision when considering your online security options.

Public Key Encryption and Digital Signature: How do they work?

National Certification Authority Framework in Sri Lanka

Content Teaching Academy at James Madison University

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

SSL Protect your users, start with yourself

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

SSL A discussion of the Secure Socket Layer

CSE/EE 461 Lecture 23

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Chap. 1: Introduction

Introduction to Computer Security

TELE 301 Network Management. Lecture 18: Network Security

Lukasz Pater CMMS Administrator and Developer

Chapter 17. Transport-Level Security

Digital certificates. Name Vivek kumar EM No Subject E-Business technologies Prof. Dr. Eduard heindl

Public Key Infrastructure (PKI)

What is an SSL Certificate?

Chapter 8. Network Security

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

As enterprises conduct more and more

What security and assurance standards does Trustis use for TMDCS certificate services?

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Chapter 7 Transport-Level Security

Certificates. Noah Zani, Tim Strasser, Andrés Baumeler

How To Understand And Understand The Security Of A Key Infrastructure

Securing End-to-End Internet communications using DANE protocol

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Protecting Your Name on the Internet The Business Benefits of Extended Validation SSL Certificates

PrivyLink Cryptographic Key Server *

"Certification Authority" means an entity which issues Certificates and performs all of the functions associated with issuing such Certificates.

VeriSign Code Signing Digital Certificates for Adobe AIR Technology

Securing your Microsoft Internet Information Services (MS IIS) Web Server with a thawte Digital Certificate thawte thawte thawte thawte thawte 10.

[SMO-SFO-ICO-PE-046-GU-

An Introduction to Cryptography as Applied to the Smart Grid

RapidSSL Subscriber Agreement

SECURITY IN NETWORKS

Software Engineering 4C03 Research Project. An Overview of Secure Transmission on the World Wide Web. Sean MacDonald

Lecture VII : Public Key Infrastructure (PKI)

TLS and SRTP for Skype Connect. Technical Datasheet

Chapter 7: Network security

Client Server Registration Protocol

How To Encrypt Data With Encryption

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

True Identity solution

TLS/SSL in distributed systems. Eugen Babinciuc

Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 15.1

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

Lecture 9: Application of Cryptography

Strong Encryption for Public Key Management through SSL

Transcription:

Understanding Digital Certificates and Wireless Transport Layer Security (WTLS) Author: Allan Macphee January 2001 Version 1.1 Copyright 2001-2003 Entrust. All rights reserved.

Digital Certificates What are they? Digital certificates are electronic files that are used to uniquely identify people and resources over networks such as the Internet. Digital certificates also enable secure, confidential communication between two parties. When you travel to another country, your passport provides a universal way to establish your identity and gain entry. Digital certificates provide similar identification in the electronic world. Certificates are issued by a trusted third party called a Certification Authority (CA). Much like the role of the passport office, the role of the CA is to validate the certificate holders identity and to sign the certificate so that it cannot be forged or tampered with. Once a CA has signed a certificate, the holder can present their certificate to people, Web sites, and network resources to prove their identity and establish encrypted, confidential communications. A certificate typically includes a variety of information pertaining to its owner and to the CA that issued it, such as: The name of the holder and other identification information required to uniquely identify the holder, such as the URL of the Web server using the certificate, or an individual s e-mail address; The holder s public key (more on this below). The public key can be used to encrypt sensitive information for the certificate holder; The name of the Certification Authority that issued the certificate; A serial number; For more information on trust, refer to the White Paper The Concept of Trust in Network Security, available at: http://www.entrust.com/ resourcecenter/whitepapers.htm The validity period (or lifetime) of the certificate (a start and an end date). In creating the certificate, this information is digitally signed by the issuing CA. The CA s signature on the certificate is like a tamper-detection seal on a bottle of pills any tampering with the contents is easily detected. Digital certificates are based on public-key cryptography, which uses a pair of keys for encryption and decryption. With public-key cryptography, keys work in pairs of matched public and private keys. In cryptographic systems, the term key refers to a numerical value used by an algorithm to alter information, making that information secure and visible only to individuals who have the corresponding key to recover the information. For more information on publickey cryptography, refer to the White Paper An Introduction to Cryptography, available at: http://www.entrust.com/ resourcecenter/whitepapers.htm 3

The public key can be freely distributed without compromising the private key, which must be kept secret by its owner. Since these keys only work as a pair, an operation (for example encryption) done with the public key can only be undone (decrypted) with the corresponding private key, and vice-versa. A digital certificate securely binds your identity, as verified by a trusted third party (a CA), with your public key. WAP Server WTLS certificates CA certificates A WAP server WTLS certificate is a certificate that authenticates the identity of a WAP site to visiting micro-browsers found in many mobile phones on the market. When a micro-browser user wants to send confidential information to a WAP server, the micro-browser will access the server's digital certificate. The certificate, which contains the WAP server's public key, will be used by the micro-browser to: Authenticate the identity of the WAP server and Encrypt information for the server using the Wireless Transport Layer Security (WTLS) protocol (more on WTLS below). Since the WAP server is the only one with access to its private key, only the server can decrypt the information. This is how the information remains confidential and tamper-proof while in transit across the Internet. A CA certificate is a certificate that identifies a Certification Authority. CA certificates are just like other digital certificates except that they are self-signed. CA certificates are used to determine whether to trust certificates issued by the CA. In the case of a passport, a passport control officer will verify the validity and authenticity of your passport and determine whether to permit you entry. Similarly, the CA certificate is used to authenticate and validate the WAP server certificate. When a WAP server certificate is presented to a micro-browser, the micro-browser uses the CA certificate to determine whether to trust the WAP server's certificate. If the server certificate is valid, the WTLS session proceeds. If the server certificate is not valid, the server certificate is rejected and the WTLS session is stopped. 4

Wireless Transport Layer Security (WTLS) What is WTLS? Wireless Transport Layer Security (WTLS) technology is a security protocol. It is designed for securing communications and transactions over wireless networks. WTLS is being implemented in all the major micro-browsers and WAP servers, and as such will play a major role in e-business activities. The WTLS protocol uses digital certificates to create a secure, confidential communications "pipe" between two entities, typically a mobile phone and a WAP Server. Data transmitted over a WTLS connection can not be tampered with or forged without the two parties becoming immediately aware of the tampering. How WAP Server certificates are used in a WTLS transaction? Suppose Alice wants to connect to a secure WAP site, with her mobile phone, to buy something online: When Alice visits a WAP site secured with WTLS her micro-browser sends a "Client Hello" message to the WAP server indicating that a secure session (WTLS) is requested. The WAP server responds by sending Alice it's server certificate (which includes it's public key). Alice's micro-browser will verify that the server's certificate is valid and has been signed by a CA whose certificate is in the micro-browser's database (and who Alice trusts). If the certificates are all valid, Alice's micro-browser will generate a one-time, unique "session" key and encrypt it with the server's public key. Her microbrowser will then send the encrypted session key to the server so that they will both have a copy. The server will decrypt the message using its private key and recover the session key. At this point Alice can be assured of two things: The WAP site she is communicating with is really the one it claims to be (its identity has been verified), and Only Alice's micro-browser and the WAP server have a copy of the session key. The WTLS "handshake" - the process of identifying the two parties that want to establish a WTLS connection - is complete and a secure communications "pipe" has been established. Alice's micro-browser and the WAP server can now use the session key to send encrypted information back and forth, knowing that their communications are confidential and tamper-proof. 5

What s Next? The introduction of mobile phones with the capacity to support user certificates will permit for "mutual authentication" and digital signature processing enabling a wide range of opportunities for the introduction of new e-business applications and services. Entrusts' full range of products and services permit the creation of end-toend trusted e-business transactions. Visit the Entrust Web site for the latest information http://www.entrust.com 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information