Upload
robina12
View
219
Download
0
Embed Size (px)
Citation preview
8/3/2019 Digital Certificates (Certification Authority)
http://slidepdf.com/reader/full/digital-certificates-certification-authority 1/23
1
Digital Certificates
Digital Certificate is a data with digitalsignature from one trusted
Certification Authority (CA). This data contains:
– Who owns this certificate
–Who signed this certificate
– The expired date
– User name & email address
8/3/2019 Digital Certificates (Certification Authority)
http://slidepdf.com/reader/full/digital-certificates-certification-authority 2/23
2
Digital Certificate
Reference
8/3/2019 Digital Certificates (Certification Authority)
http://slidepdf.com/reader/full/digital-certificates-certification-authority 3/23
3
Elements of Digital Cert.
A Digital ID typically contains the following information:
– Your public key, Your name and email address
– Expiration date of the public key, Name of the CA who issued your Digital ID
8/3/2019 Digital Certificates (Certification Authority)
http://slidepdf.com/reader/full/digital-certificates-certification-authority 4/23
4
Certification Authority
(CA) A trusted agent who certifies public keys for
general use (Corporation or Bank). – User has to decide which CAs can be trusted.
The model for key certification based onfriends and friends of friends is called “Webof Trust”. –
The public key is passing from friend to friend. – Works well in small or high connected worlds.
– What if you receive a public key from someoneyou don’t know?
8/3/2019 Digital Certificates (Certification Authority)
http://slidepdf.com/reader/full/digital-certificates-certification-authority 5/23
5
CA model (Trust model)
Root Certificate
CA Certificate
Browser Cert.
CA Certificate
Server Cert.
8/3/2019 Digital Certificates (Certification Authority)
http://slidepdf.com/reader/full/digital-certificates-certification-authority 6/23
6
Web of Trust model
Bob
A
B
Alice
D
C
8/3/2019 Digital Certificates (Certification Authority)
http://slidepdf.com/reader/full/digital-certificates-certification-authority 7/237
Public Key Infrastructure
(PKI) PKI is a system that uses public-key
encryption and digital certificates to
achieve secure Internet services. There are 4 major parts in PKI.
– Certification Authority (CA)
– A directory Service
– Services, Banks, Web servers
– Business Users
8/3/2019 Digital Certificates (Certification Authority)
http://slidepdf.com/reader/full/digital-certificates-certification-authority 8/23
8
Digital 21 . gov .hk
Reference: An official homepagewhich provides lot of PKI, e-commerce
information
8/3/2019 Digital Certificates (Certification Authority)
http://slidepdf.com/reader/full/digital-certificates-certification-authority 9/23
9
PKI Structure
Certification Authority Directory services
User
Services,Banks,Webservers
Public/Private Keys
8/3/2019 Digital Certificates (Certification Authority)
http://slidepdf.com/reader/full/digital-certificates-certification-authority 10/23
10
4 key services
Authentication – Digital Certificate – To identify a user who claim who he/she is, in order to access
the resource.
Non-repudiation – Digital Signature
– To make the user becomes unable to deny that he/she has sentthe message, signed the document or participated in atransaction.
Confidentiality - Encryption – To make the transaction secure, no one else is able to
read/retrieve the ongoing transaction unless the communicatingparties.
Integrity - Encryption – To ensure the information has not been tampered during
transmission.
8/3/2019 Digital Certificates (Certification Authority)
http://slidepdf.com/reader/full/digital-certificates-certification-authority 11/23
11
Certificate Signers
8/3/2019 Digital Certificates (Certification Authority)
http://slidepdf.com/reader/full/digital-certificates-certification-authority 12/23
12
Certificate Enrollment
and Distribution
8/3/2019 Digital Certificates (Certification Authority)
http://slidepdf.com/reader/full/digital-certificates-certification-authority 13/23
13
Secure Web
Communication Server authentication is necessary for a web
client to identify the web site it iscommunicating with.
To use SSL, a special type of digitalcertificate – “Server certificate” is used.
Get a server certificate from a CA.
–E.g. www.hitrust.com.hk , www.cuhk.edu.hk/ca/
Install a server certificate at the Web server.
Enable SSL on the Web site.
Client authentication – Client certificates
8/3/2019 Digital Certificates (Certification Authority)
http://slidepdf.com/reader/full/digital-certificates-certification-authority 14/23
14
Strong and Weak
Encryption Strong encryption
– Encryption methods that cannot be cracked bybrute-force (in a reasonable period of time).
–The world fastest computer needs thousands of years to compute a key.
Weak encryption – A code that can be broken in a practical time
frame. – 56-bit encryption was cracked in 1999.
– 64-bit will be cracked in 2011.
– 128-bit will be cracked in 2107.
8/3/2019 Digital Certificates (Certification Authority)
http://slidepdf.com/reader/full/digital-certificates-certification-authority 15/23
15
PGP decryption
Reference
8/3/2019 Digital Certificates (Certification Authority)
http://slidepdf.com/reader/full/digital-certificates-certification-authority 16/23
16
Secure SHell (SSH)
Provide anencrypted
secure channelbetween clientand server.
Replacement for
telnet and ftp. Reference: SSH
8/3/2019 Digital Certificates (Certification Authority)
http://slidepdf.com/reader/full/digital-certificates-certification-authority 17/23
17
Secure Shell & Secure FTP
Secure Shell Secure FTP
The Host’s Public Key
8/3/2019 Digital Certificates (Certification Authority)
http://slidepdf.com/reader/full/digital-certificates-certification-authority 18/23
18
Secure Electronic
Transaction (SET) This protocol is developed by Visa and MasterCard
specifically for the secure credit card transactionson the Internet.
SET encrypts credit card and purchase informationbefore transmission over the Internet.
SET allows the merchant’s identify be authenticated
via digital certificates, also allows the merchant to
authenticate users through their digital certificates(more difficult to someone’s stolen credit card).
SET DEMO
8/3/2019 Digital Certificates (Certification Authority)
http://slidepdf.com/reader/full/digital-certificates-certification-authority 19/23
19
Secure Electronic
Transaction (SET) There are four parts in the SET system.
– A software “wallet” on the user’s computer“
Cardholder”
. – A commerce server that runs on the merchant’s
web site “Merchant”.
– The payment server that runs at the merchant’s
bank “
Acquiring bank ”
. – The Certification Authority “Issuing bank ”.
SET FAQs
8/3/2019 Digital Certificates (Certification Authority)
http://slidepdf.com/reader/full/digital-certificates-certification-authority 20/23
20
SET
8/3/2019 Digital Certificates (Certification Authority)
http://slidepdf.com/reader/full/digital-certificates-certification-authority 21/23
21
Privacy-Enhanced E-mail
Encrypted
Signed
8/3/2019 Digital Certificates (Certification Authority)
http://slidepdf.com/reader/full/digital-certificates-certification-authority 22/23
22
Summary
Make sure you understand the relationshipbetween – Encryption
– Digital Signature
– Digital Certificate
– Certificate Authority
Understand which Public/Private key shouldbe used to encrypt/decrypt messageto/from you?
Discuss PGP, SET, SSH, encrypted email.
8/3/2019 Digital Certificates (Certification Authority)
http://slidepdf.com/reader/full/digital-certificates-certification-authority 23/23
23
References
Digital Certificate (Applied Internet Security) ByFeghhi, Feghhi, Williams – Addison Wesley
Basic Crytography
Digital Signature PKI Resources
SET Resources
General Definitions
Digital ID FAQ
The End.
Thank you for your patience!