1 / 10

An In-Depth Examination of PKI

An In-Depth Examination of PKI. Strengths, Weaknesses and Recommendations. Encryption. Hiding the intent or meaning of a message Complex mathematical algorithms Should be unbreakable Claude Shannon, the Father of Information Theory. Shared and Public Key. Shared Key Encryption

fionan
Download Presentation

An In-Depth Examination of PKI

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations

  2. Encryption • Hiding the intent or meaning of a message • Complex mathematical algorithms • Should be unbreakable • Claude Shannon, the Father of Information Theory

  3. Shared and Public Key • Shared Key Encryption • Same Key for Encryption/Decryption • Key dispatched in secure manner • DES, 3DES, AES • Public Key • Key Generation • Encrypt with Public Key • Decrypt with Private Key • RSA

  4. Digital Signatures and Certificates • Digital Signature • Create Message Digest (MD5, SHA1) • Sign Hash • Append Signed Hash to Message • Verify by hashing message, public key decrypt of message • Digital Certificate • Public Key, Authority Signature, Key Information • Mutually trusted authority signature

  5. What is PKI? • Infrastructure • End Entity • Certificate Authority • Registration Authority • Directory (X.500, LDAP) • CRL Repository • PKI not itself a solution – SSL/TLS

  6. Issues with PKI • Key Management • CRL Distribution • Trust

  7. Key Management • Where? • On laptops, desktops? • Centrally located (protected)? • Multiple certificates? • Backing up Keys – why? • Smartcards • Tamper-resistant • Work with magnetic-stripe cards • Portable, holds multiple keys

  8. Certificate Revocation Lists • Performance • DoS • Frequent Information • Solutions • Segmenting • Over distribution • Online Certificate Status Protocol (OCSP) • Validity real-time • Expensive

  9. Trust • How/Why do we Trust CAs? (CSPs) • Do we read/view certificates? • Authentication not authorization • Usability and Trust • “Web of Trust”

  10. Conclusion • All-encompassing solution • Many aspects are implementation-specific • Key to evaluate needs of the applications

More Related