Public Key Infrastructure. Contents. Preparing for Cryptographic Attacks Cryptography Standards and Protocols Key management and Key life cycle Introduction of PKI Trust models PKI management. Cryptographic Attacks.
Public Key Infrastructure
An Image/Link below is provided (as is) to download presentation
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Provides authentication and encryption across the Internet
Becoming a standard for encrypting virtual private network (VPN) channels
One of the primary uses of IPSec is to create VPNs. IPSec, in conjunction with Layer 2 Tunneling Protocol (L2TP) or Layer 2 Forwarding (L2F), creates packets that are difficult to read if intercepted by a third party.
Confidentiality is the term used to prevent the disclosure of information to unauthorized individuals or systems.
Confidentiality is necessary (but not sufficient) for maintaining the privacy of the people whose personal information a system holds.
In information security, integrity means that data cannot be modified without authorization.
This is not the same thing as referential integrity in databases.
In computing, e-Business and information security it is necessary to ensure that the data, transactions, communications or documents (electronic or physical) are genuine. It is also important for authenticity to validate that both parties involved are who they claim they are.
In a PKI you are given a digital certificate, which contains your identity, and a key (public key) people can use to encrypt data securely to you OR verify items that you have digitally signed!
However we must have some way of ensuring that the digital certificate has not been “faked” so we have a entity called a Certificate Authority (CA) that digitally signs your digital certificate, proving that the digital certificate is really yours!
It is important that users trust the CA, otherwise there is no purpose!!! The entire PKI structure relies upon the fact that the CA can be trusted! If the CA is comprimised the whole PKI is useless.
CAs are computer technology entities that issue/sign your digital certificates, however they rely on an entity to actually do a “background” check on you to prove you really are you you say you are before the CA will “vouch” for you. This “background” check entity is called an Registration Authority (RA)
RA would take identifying information that proves I am who I say I am such as
Once my identity is verified the RA will tell the CA to issue and sign a digital certificate for me
Once a digital certificate has been created and signed, they are stored in a “Certificate repository” which can be queried by users and applications in a PKI when someone wants to communicate with a user.
These repositories are usually LDAP compliant databases.
Given to CAs, can be signed by another CA or “self signed”
What does it mean to be self signed, what does it imply?
When two companies want to trust each other, their root CAs may issue a certificate to the root CAs for each other, allowing a “peer to peer” trust model for CAs and allowing users in one organization to trust users in another.