Strong Encryption for Public Key Management through SSL



Similar documents
Common security requirements Basic security tools. Example. Secret-key cryptography Public-key cryptography. Online shopping with Amazon

Securing your Online Data Transfer with SSL

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Security Digital Certificate Manager


Network Security Protocols

IBM i Version 7.3. Security Digital Certificate Manager IBM

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Understanding Digital Certificates and Secure Sockets Layer (SSL)

CRYPTOGRAPHY IN NETWORK SECURITY

Security Digital Certificate Manager

Savitribai Phule Pune University

Strong Security in Multiple Server Environments

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Gateway Apps - Security Summary SECURITY SUMMARY

Public-Key Infrastructure

Is your data safe out there? -A white Paper on Online Security

Properties of Secure Network Communication

Key Management and Distribution

Cornerstones of Security

Linux Web Based VPN Connectivity Details and Instructions

Using etoken for Securing s Using Outlook and Outlook Express

What is an SSL Certificate?

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

GT 6.0 GSI C Security: Key Concepts

Lukasz Pater CMMS Administrator and Developer

Module 7 Security CS655! 7-1!

The Case For Secure

SECURE SOCKET LAYER PROTOCOL SIMULATION IN JAVA. A Research Project NAGENDRA KARRI

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Why you need secure

How To Understand And Understand The Security Of A Key Infrastructure

Securing your Microsoft Internet Information Services (MS IIS) Web Server with a thawte Digital Certificate thawte thawte thawte thawte thawte 10.

6. Is it mandatory to have the digital certificate issued from NICCA? Is it mandatory for the sender and receiver to have a NIC id?...

Introduction to Network Security. 1. Introduction. And People Eager to Take Advantage of the Vulnerabilities

An Introduction to Secure . Presented by: Addam Schroll IT Security & Privacy Analyst

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Lecture 9: Application of Cryptography

CSCE 465 Computer & Network Security

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

Chap. 1: Introduction

Introduction...3 Terms in this Document...3 Conditions for Secure Operation...3 Requirements...3 Key Generation Requirements...

INTRODUCTION TO CRYPTOGRAPHY

MANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS

Capture Resilient ElGamal Signature Protocols

Understanding Digital Certificates and Wireless Transport Layer Security (WTLS)

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

An Introduction to Cryptography as Applied to the Smart Grid

Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999

Public Key Encryption and Digital Signature: How do they work?

Two SSO Architectures with a Single Set of Credentials

Sync Security and Privacy Brief

Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For

VPN. Date: 4/15/2004 By: Heena Patel

Den Gode Webservice - Security Analysis

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

Chapter 10. Cloud Security Mechanisms

DRAFT Standard Statement Encryption

DEVELOPING CERTIFICATE-BASED PROJECTS FOR WEB SECURITY CLASSES *

What is network security?

Balamaruthu Mani. Supervisor: Professor Barak A. Pearlmutter

Chapter 17. Transport-Level Security

Introduction to Security and PIX Firewall

Security: Focus of Control. Authentication

Network Security #10. Overview. Encryption Authentication Message integrity Key distribution & Certificates Secure Socket Layer (SSL) IPsec

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt

SECURITY IN NETWORKS

Windows Web Based VPN Connectivity Details & Instructions

Three attacks in SSL protocol and their solutions

PrivyLink Internet Application Security Environment *

Computer Security: Principles and Practice

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

A Noval Approach for S/MIME

Network Security. HIT Shimrit Tzur-David

Security Goals Services

New Single Sign-on Options for IBM Lotus Notes & Domino IBM Corporation

Guide for Securing With WISeKey CertifyID Personal Digital Certificate (Personal eid)

Information Security

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

SFWR ENG 4C03 - Computer Networks & Computer Security

4.1: Securing Applications Remote Login: Secure Shell (SSH) PEM/PGP. Chapter 5: Security Concepts for Networks

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

Chapter 8. Network Security

Personal Secure Certificate

Chapter 10. Network Security

mod_ssl Cryptographic Techniques

SECURE USER GUIDE OUTLOOK 2000

SSL Certificates 101

Software Tool for Implementing RSA Algorithm

Secure Frequently Asked Questions

SHORT MESSAGE SERVICE SECURITY

Chapter 9 Key Management 9.1 Distribution of Public Keys Public Announcement of Public Keys Publicly Available Directory

Blaze Vault Online Backup. Whitepaper Data Security

User Guide Using Certificate in Microsoft Outlook Express

Transcription:

Strong Encryption for Public Key Management through SSL CH.SUSHMA, D.NAVANEETHA 1,2 Assistant Professor, Information Technology, Bhoj Reddy Engineering College For Women, Hyderabad, India Abstract: Public-key cryptography and related standards and techniques underlie the security features of many products such as signed and encrypted email, single sign-on, and Secure Sockets Layer (SSL) communications. This document introduces the basic concepts of public-key cryptography. SSL (Secure Sockets Layers) is a process that manages the security of transactions made on the Internet. It is based on a public-key encryption process to guarantee that data sent over the Internet remain secure. Its principle involves establishing a secure (encrypted) communication channel between two machines (a client and a server) after an authentication phase. Keywords: public key, SSL, Secure Communication. I. INTRODUCTION Public-key cryptography is used for protecting communications from eavesdropping, tampering, and impersonation attacks. Encryption and decryption allow two communicating parties to disguise information they send to each other. The sender encrypts, or scrambles, information before sending it. The receiver decrypts, or unscrambles, the information after receiving it. While in transit, the encrypted information is unintelligible to an intruder. Tamper detection allows the recipient of information to verify that it has not been modified in transit. Any attempt to modify data or substitute a false message for a legitimate one will be detected. Authentication allows the recipient of information to determine its originthat is, to confirm the sender's identity. Non-repudiation prevents the sender of information from claiming at a later date that the information was never sent. A certificate is an electronic document used to identify an individual, a server, a company, or some other entity and to associate that identity with a public key. Public-key cryptography uses certificates to address the problem of impersonation. 1. SSL Protocol diagram Page 239

Public-key refers to a cryptographic mechanism. It has been named public-key to differentiate it from the traditional and More intuitive cryptographic mechanism known as: symmetric-key, shared secret, secret-key and also called private-key. Symmetric-key cryptography is a mechanism by which the same key is used for both encrypting and decrypting; it is more intuitive because of its similarity with what you expect to use for locking and unlocking a door: the same key. 1. The characteristic requires: Sophisticated mechanisms to securely distribute the secret-key to both parties Public-key on the other hand, introduce another concept involving key pairs: one for encrypting, the other for decrypting. This concept, as you will see below, is very clever and attractive, and provides a great deal of advantages over symmetric-key: Simplified key distribution Digital Signature Long-term encryption However, it is important to note that symmetric-key still plays a major role in the implementation of a Public-key Infrastructure. 2. PKI (Public-key Infrastructure): Public-key encryption uses that key pair for encryption and decryption. The public-key is made public and is distributed widely and freely. The private-key is never distributed and must be kept secret. Given a key pair, data encrypted with the public-key can only be decrypted with its private- key. Conversely, data encrypted with the private-key can only be decrypted with its public- key. This characteristic is used to implement encryption and digital signature Encryption is a mechanism by which a message is transformed so that only the sender and recipient can see. For instance, suppose that Alice wants to send a private message to Bob. To do so, she first needs Bob s public-key; since everybody can see his public-key, Bob can send it over the network in the clear without any concerns. Once Alice has Bob s public-key, she encrypts the message using Bob s public-key and sends it to Bob. Bob receives Alice message and using his private key, decrypts it. 2. Figure encryption and decryption Page 240

A. SSL PROTOCOL: II. HISTORY OF SSL The Secure Sockets Layer (SSL) protocol is a set of rules governing server authentication, client authentication, and encrypted communication between servers and clients. SSL is widely used on the Internet, especially for interactions that involve exchanging confidential information such as credit card numbers. SSL requires a server SSL certificate, at a minimum. As part of the initial "handshake" process, the server presents its certificate to the client to authenticate the server's identity. The authentication process uses public-key encryption and digital signatures to confirm that the server is in fact the server it claims to be. Once the server has been authenticated, the client and server use techniques of symmetric-key encryption, which is very fast, to encrypt all the information they exchange for the remainder of the session and to detect any tampering that may have occurred. Servers may optionally be configured to require client authentication as well as server authentication. In this case, after server authentication is successfully completed, the client must also present its certificate to the server to authenticate the client's identity before the encrypted SSL session can be established. SSL allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely. Normally, data sent between browsers and web servers is sent in plain text leaving you vulnerable to eavesdropping. If an attacker is able to intercept all data being sent between a browser and a web server they can see and use that information. B. TYPES OF CERTIFICATE: 1. Signed and Encrypted Email: Some email programs support digitally signed and encrypted email using a widely accepted protocol known as Secure Multipurpose Internet Mail Extension (S/MIME). Using S/MIME to sign or encrypt email messages requires the sender of the message to have an S/MIME certificate. An email message that includes a digital signature provides some assurance that it was in fact sent by the person whose name appears in the message header, thus providing authentication of the sender. If the digital signature cannot be validated by the email software on the receiving end, the user will be alerted. The digital signature is unique to the message it accompanies. If the message received differs in any way from the message that was sent-even by the addition or deletion of a comma-the digital signature cannot be validated. Therefore, signed email also provides some assurance that the email has not been tampered with. As discussed at the beginning of this document, this kind of assurance is known as non-repudiation. In other words, signed email makes it very difficult for the sender to deny having sent the message. This is important for many forms of business communication. (For information about the way digital signatures work, see "Digital Signatures".)S/MIME also makes it possible to encrypt email messages. This is also important for some business users. However, using encryption for email requires careful planning. If the recipient of encrypted email messages loses his or her private key and does not have access to a backup copy of the key, for example, the encrypted messages can never be decrypted. 2. Single Sign-On: Network users are frequently required to remember multiple passwords for the various services they use. For example, a user might have to type a different password to log into the network, collect email, use directory services, use the corporate calendar program, and access various servers. Multiple passwords are an ongoing headache for both users and system administrators. Users have difficulty keeping track of different passwords, tend to choose poor ones, and tend to write them down in obvious places. Administrators must keep track of a separate password database on each server and deal with potential security problems related to the fact that passwords are sent over the network routinely and frequently. Solving this problem requires some way for a user to log in once, using a single password, and get authenticated access to all network resources that user is authorized to use-without sending any passwords over the network. This capability is known as single sign-on. Both client SSL certificates and S/MIME certificates can play a significant role in a comprehensive single sign-on solution. For example, one form of single sign-on relies on SSL client authentication (see "Certificate-Based Authentication"). A user can log in once, using a single password to the local client's private-key database, and get authenticated access to all SSL-enabled servers that user is authorized to use without sending any passwords over the network. This approach simplifies access for users, because they don't need to enter passwords for each new server. It also simplifies network management, since administrators can control access by controlling lists of certificate authorities (CAs) rather than much longer lists of users and passwords. Page 241

In addition to using certificates, a complete single-sign on solution must address the need to interoperate with enterprise systems, such as the underlying operating system, that rely on passwords or other forms of authentication. 3. Object Signing: Communicator supports a set of tools and technologies called object signing. Object signing uses standard techniques of public-key cryptography to let users get reliable information about code they download in much the same way they can get reliable information about shrink-wrapped software. Most importantly, object signing helps users and network administrators implement decisions about software distributed over intranets or the Internet-for example, whether to allow Java applets signed by a given entity to use specific computer capabilities on specific users' machines. The "objects" signed with object signing technology can be applets or other Java code, JavaScript scripts, plug-ins, or any kind of file. The "signature" is a digital signature. Signed objects and their signatures are typically stored in a special file called a JAR file. Software developers and others who wish to sign files using object-signing technology must first obtain an objectsigning certificate. 1. Client SSL certificates: III. FUTURE WORK Used to identify clients to servers via SSL (client authentication). Typically, the identity of the client is assumed to be the same as the identity of a human being, such as an employee in an enterprise. See "Certificate-Based Authentication" for a description of the way client SSL certificates are used for client authentication. Client SSL certificates can also be used as part of a single sign-on solution. 2. Server SSL certificates: Used to identify servers to clients via SSL (server authentication). Server authentication may be used with or without client authentication. Server authentication is a requirement for an encrypted SSL session. 3. S/MIME certificates: Used for signed and encrypted email. As with client SSL certificates, the identity of the client is typically assumed to be the same as the identity of a human being, such as an employee in an enterprise. A single certificate may be used as both an S/MIME certificate and an SSL certificate (see "Signed and Encrypted Email"). S/MIME certificates can also be used as part of a single sign-on solution. 4. Object-signing certificates: Used to identify signers of Java code, JavaScript scripts, or other signed files. 3. SSL Certificate diagram Page 242

IV. CONCLUSION The contents of certificates are organized according to the X.509 v3 certificate specification, which has been recommended by the International Telecommunications Union (ITU).Certificate requests and certificates can be created, stored, and installed in multiple formats: binary and text. All of these formats conform to X.509 standards. REFERENCES [1] Adams, C., and Farrell, S. (1999). Internet X.509 Public Key Infrastructure Certificate Management Protocols. IETF RFC 2510. http://www.ietf.org/ [2] IEEE 1363-2000. Standards specification for public key cryptography. IEEE Press. [3] L. Rivest, A. Shamir, and L. Adleman. Method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM 21 (1978), 120-126. [4] T.Elgamal, A public key cryptosystem and a signature protocol based on discrete logarithms, IEEE Trans. Page 243

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information