introduction to pki certificates public key cryptography l.
Download
Skip this Video
Download Presentation
Introduction to PKI, Certificates & Public Key Cryptography

Loading in 2 Seconds...

play fullscreen
1 / 12

Introduction to PKI, Certificates & Public Key Cryptography - PowerPoint PPT Presentation


  • 161 Views
  • Uploaded on

Introduction to PKI, Certificates & Public Key Cryptography. Erwan Lemonnier. Introduction to PKI, Certificates & Public Key Cryptography – erwan@defcom.com. Role of Computer Security. CIA Confidentiality : protection against data disclosure

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Introduction to PKI, Certificates & Public Key Cryptography' - maxine


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide2

Introduction to PKI, Certificates & Public Key Cryptography – erwan@defcom.com

Role of Computer Security

  • CIA
  • Confidentiality: protection against data disclosure
  • Integrity: protection against data modification
  • Availability: protection against data disponibility
  • Identification & Authentication (I&A)
  • Provide a way of identifying entities, and controlling this identity
  • Non-repudiability
  • Bind an entity to its actions
slide3

Introduction to PKI, Certificates & Public Key Cryptography – erwan@defcom.com

How to implement CIA, I&A, N-R ? With Cryptography !

  • Main cryptographic tools:
    • Hash Functions
    • Secret Key Cryptography
    • Public Key Cryptography
  • And their combinations:
    • Certificates
    • PKI
slide4

Introduction to PKI, Certificates & Public Key Cryptography – erwan@defcom.com

Main cryptographic tools

  • Hash Functions:
  • Bind one entity with a unique ID => Signature
  • Hash + Encryption => trusted signature
  • Symmetric Key Cryptography
  • 2 users share a secret key S and
  • an algorithm.
  • S(S(M)) = M
  • Problem:
  • how to exchange secret keys ?
  • =>Secret Key Server(ex: kerberos)
slide5

Introduction to PKI, Certificates & Public Key Cryptography – erwan@defcom.com

Main cryptographic tools

  • Public Key Cryptography:
  • Each user has a public key P and a private key S, and an algorithm A.
  • P(S(M)) = S(P(M)) = M
  • No shared secret !

Encryption with Public Key Crypto

Authentication with Public Key Crypto

slide6

Introduction to PKI, Certificates & Public Key Cryptography – erwan@defcom.com

Main cryptographic tools, PKI

  • How to distribute public keys ?
  • Public Key Server (PKS), key exchange protocols

Public Key Infrastructure (PKI):

PKI = N x (Entities with private keys) + public key exchange system

REM: Public Key algorithms are slow

  • Need to use both Public & Secret Key Cryptography
  • Public Key Protocols work in 3 phases
      • Authentication via Public Key Cryptography (challenge)
      • Exchange of a session Secret Key, encrypted with Public Key Crypto
      • Session encrypted with Symmetric Cryptography
slide7

an entity’s description (name, etc.)

+

entity’s public key

+

expiration date, serial number, etc.

+

CA’s name

+

a signature issued by a CA

Certificate =

Introduction to PKI, Certificates & Public Key Cryptography – erwan@defcom.com

Certificate

  • A certificate binds an entity with its public key.
  • It’s just a digitally signed piece of data.
  • digital ID card

The certificate is issued

and signed by a trusted

Certificate Authority (CA)

  • Digital signature:
  • CA signature = certificate hash,
  • encrypted with CA’s private key
slide8

Introduction to PKI, Certificates & Public Key Cryptography – erwan@defcom.com

Certificate

  • The certificate’s CA is the only entity able to create/modify the certificate
  • the CA has to be trusted
  • Certificates enable:
  • Clients to authenticate servers
  • Servers to authenticate clients
  • Public key exchange without Public Key Server
  • No disclosure of private/secret keys.

Certificates are usually stored encrypted.

  • Special features:
  • chains of CAs, to distribute the task of issuing Certificates
  • Certificate Revocation List, to disable certificates
slide9

Introduction to PKI, Certificates & Public Key Cryptography – erwan@defcom.com

Usual cryptographic algorithms & infrastructures

Hash: MD4, MD5, SHA-1

Symmetric Key: DES, 3DES, AES (Rijnael), IDEA, RC4

Public/Private Key: RSA, Diffie-Hellman

Certificat: X509

PKI: IPSec, SSL, (kerberos)

slide10

Introduction to PKI, Certificates & Public Key Cryptography – erwan@defcom.com

example: IPSec

  • IPSec works at IP level.
  • Provide authentication and encryption. Used to build VPNs.
  • Configuration:
  • 2 transfert modes: tunnel or transport
  • 2 transfert protocols:
    • AH (Authentication Header) => authenticated traffic
    • ESP (Encapsulating Security Payload) => encrypted traffic
  • Key exchange protocols:
  • Internet Key Exchange (IKE),
  • Internet Security Association and Key Management Protocol (ISAKMP),
  • etc.
slide11

Introduction to PKI, Certificates & Public Key Cryptography – erwan@defcom.com

Weaknesses of PKI and Certificates

  • PKI:
  • unsecured server: hackable Public Key/Certificate servers
  • unsecured client: private keys/passwords can be stolen/spied
  • weak algorithm: short keys, implementation or design breach
  • Certificate:
  • unsecured computer: certificates can be stolen, password spied
  • certificate password: certificates are stored encrypted, with weak password
  • untrustable CA: easy to be issued a certificate from a CA
  • users: they seldom check if CA can be trusted before accepting certificates (netscape GUI)
  • Attack example:
  • hack client’s computer, steal certificate & password
  • man in the middle
slide12

Introduction to PKI, Certificates & Public Key Cryptography – erwan@defcom.com

Links

Book:

Applied cryptography, Bruce Schneier

URLs:

theory.lcs.mit.edu/~rivest/crypto-security.html

www.counterpane.com/pki-risks.html

www.csc.gatech.edu/~copeland/8813/slides/

www.iplanet.com/developer/docs/articles/security/pki.html

web.mit.edu/6.857/OldStuff/Fall96/www/main.html