1 / 16

Introduction to PKI

Introduction to PKI. Mark Franklin September 10, 2003 Dartmouth College PKI Lab. Introduction to PKI Technology. Dartmouth College PKI Lab. P ublic K ey I nfrastructure Comprehensive security technology and policies using cryptography and standards to enable users to:

hayley-hill
Download Presentation

Introduction to PKI

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab

  2. Introduction to PKI Technology Dartmouth College PKI Lab

  3. Public Key Infrastructure Comprehensive security technology and policies using cryptography and standards to enable users to: Identify (authenticate) themselves to network services. Digitally sign email and other electronic docs and services. Encrypt email and other documents to prevent unauthorized access. What is PKI?

  4. Why PKI? • Uniform way to address securing many applications • Enables digital signing and encryption • No passwords on the wire • No need for shared secrets • Strong underlying security technology • Widely included in technology products

  5. Dartmouth PKI Lab R&D to make PKI a practical component of a campus network Multi-campus collaboration sponsored by the Mellon Foundation Dual objectives: Deploy existing PKI technology to improve network applications (both at Dartmouth and elsewhere). Improve the current state of the art. Identify security issues in current products. Develop solutions to the problems.

  6. A pair of asymmetric keys is used, one to encrypt, the other to decrypt. Each key can only decrypt data encrypted with the other. Invented in 1976 by Whit Diffie and Martin Hellman Commercialized by RSA Security Underlying Key Technology

  7. The "public" key is published far and wide. The "private" key is kept a secret by its owner. No need to exchange a secret "key" by some other channel. Public and Private Keys

  8. Applications of PKI Authentication and Authorization of Web users and servers This is the basis for the SSL protocol used to secure web connections using https. Server authentication is common, user authentication getting started. Secure e-mail (signed and encrypted) Electronic signatures Data encryption Business documents, databases, executable code Network data protection (VPN, wireless) Secure instant messaging

  9. What is a certificate? Signed data structure (x.509 standard) binds some information to a public key. Trusted entity asserts validity of information in certificate, enforces policies for issuing certificates. Certificate information is usually a personal identity or a server name. Think of a certificate with its keys as an electronic: ID card, encoder/decoder ring, and official signet ring for sealing wax or notary-style stamp.

  10. Asymmetric encryption prevents need for shared secrets. Anyone encrypts with public key of recipient. Only the recipient can decrypt with their private key. Private key is secret, so “bad guys” can’t read encrypted data. Encryption

  11. Compute message digest, encrypt with your private key. Reader decrypts with your public key. Re-compute the digest and verify match with original – guarantees no one has modified signed data. Only signer has private key, so no one else can spoof their digital signature. Digital Signatures

  12. What is a certificate authority? An organization that creates, publishes, and revokes certificates. Verifies the information in the certificate. Protects general security and policies of the system and its records. Allows you to check certificates so you can decide whether to use them in business transactions. collegeca.dartmouth.edu

  13. The PKI Lab at Dartmouth

  14. Production PKI Applications at Dartmouth • Dartmouth certificate authority • Authentication for: • Library Electronic Journals (including OVID) • Banner SIS • Dartflex totals • S/MIME email

  15. Development PKI Applications at Dartmouth • Authentication for: • Blackboard • TuckStreams • VPN concentrator • Hardware tokens • Digital signatures on documents and forms

  16. For more information • Dartmouth PKI Lab User information, getting a certificate: http://www.dartmouth.edu/~pki PKI Lab information: http://www.dartmouth.edu/~pkilab Mark.J.Franklin@dartmouth.edu

More Related