300 likes | 434 Views
PKI Technology - Role of CCA. Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications & Information Technology. Role of CCA for secure e-Commerce and e-Governance. Authentication of entities in cyberspace
E N D
PKI Technology -Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications & Information Technology
Role of CCA for secure e-Commerce and e-Governance • Authentication of entities in cyberspace • Prevention of deliberate or accidental Disclosure and/or Amendment/Deletion of data • Punishment for cyber crimes • Licencing of CAs and establishment of PKI Controller of Certifying Authorities
Security Issues :- • Confidentiality • Integrity • Authenticity • Non-Repudiability Controller of Certifying Authorities
Threats to Authenticity • Masquerading Counter Measures • Strong • Digital Signature - Cryptographically generated credentials. Controller of Certifying Authorities
Encryption: • Transformation of data to Prevent information being read by unauthorised parties. • Sender and Receiver have to know the rules which have been used to encrypt the data. • Based on Algorithms which are mathematical functions for combining the data with a string of digits called the Key. The result is the encrypted text. Eg: Adding a fixed number of characters, say 5, to each character in the message that is being encrypted. The word SECURITY then becomes the encrypted text XJHZWNYD Controller of Certifying Authorities
Encryption Technologies Symmetric Key Cryptography Document to be sent Encoded Document Encoded Document Received Document Symmetric key Symmetric Key • Identical keys are used for encryption and decryption. • Requires both parties to a digital conversation to know the key Controller of Certifying Authorities
Encryption TechnologiesSymmetric Key Cryptography (contd.) • ‘n’ Partners means handling n secret keys • Authenticity cannot be proved. Controller of Certifying Authorities
Public key cryptography • Each party is assigned a pair of keys – private – known only by the owner public - known by everyone • Information encrypted with the private key can only be decrypted by the corresponding public key & vice versa • Fulfils requirements of confidentiality, integrity, authenticity and non-repudiability • No need to communicate private keys Controller of Certifying Authorities
Digital Signatures • Pair of keys for every entity One Publickey – known to everyone One Private key – known only to the possessor Controller of Certifying Authorities
Digital Signatures • To digitally sign an electronic document the signer uses his/her Private key. • To verify a digital signature the verifier uses the signer’s Publickey. Controller of Certifying Authorities
Public Document Document Document PKA Document CONFIRMED Digital Signature Digital Signature Digital Signature • Digital Signature • The message is encrypted with the sender’s private key • Recipient decrypts using the sender’s public key Private SKA Controller of Certifying Authorities
Message Integrity • one-way hash functions use no key • original data cannot be generated from hash output • No two messages will generate the same hash. SIGN theHASHNOT the entire Message Controller of Certifying Authorities
Maintaining Message Integrity No Reject Message message message Hash message Hash Check Hash Yes Accept Message Hash generation function Hash generation function Hash Hash SENDER RECEIVER Controller of Certifying Authorities
Public Key Cryptography Encryption Technologies Confidentiality SKB Document Document Encrypted Document Encrypted Document PKB Receiver B (PKB,SKB) Sender A (PKA,SKA) Controller of Certifying Authorities
Confidential Encrypted Message ENCRYPT Message + signature with Receiver’s Public Key DECRYPT Message + signature with Receiver’s Private Key Signed Message Hash Signed Messages Message Hash Using Hash function on the message Sent thru’ Internet Message + signature Message + Signature Using Hash Function COMPARE Hash SIGN hash With Sender’s Private key VERIFY Signature With Sender’s Public Key Sender Receiver Controller of Certifying Authorities
Authenticity and Confidentiality A B • A signs message with his own private key • A then encodes the resulting message with B’s Public key • B decodes the message with his own Private key • B applies A’s Public key on the digital signature Controller of Certifying Authorities
Authenticity and Confidentiality A B • When A uses his own private key, it demonstrates that • he wants to sign the document • he wants to reveal his identity • he shows his will to conclude that agreement • The encoded message travels on the Net, but nobody can read it : confidentiality Controller of Certifying Authorities
Authenticity and Integrity A B • B needs to know that A and only A sent the message • B uses A’s public key on the signature • Only A’s public key can decode the message • A cannot repudiate his signature • Digital signature cannot be reproduced from the message • No one can alter a ciphered message without changing the result of the decoding operation Controller of Certifying Authorities
Issues in Public key Cryptosystems • How will recipient get senders public key? • How will recipient authenticate sender's public key ? • How will the sender be prevented from repudiating his/her public key? Controller of Certifying Authorities
Certifying Authority • An organization which issues public key certificates. • Must be widely known and trusted • Must have well defined methods of assuring the identity of the parties to whom it issues certificates. • Must confirm the attribution of a public key to an identified physical person by means of a public key certificate. • Always maintains online access to the public key certificates issued. Controller of Certifying Authorities
Public-Key Certification User Certificate Certificate Database User Name & other credentials User Name User’s Public Key CA’s Name Validation period Signature of CA Signed by using CA’s private key Certificate Request Publish User 1 certificate User 2 certificate . User’s Public key Controller of Certifying Authorities
Contents of a Public Key Certificate • Issued by a CA as a data message and always available online • S.No of the Certificate • Applicant’s name, Place and Date of Birth, Company Name • Applicant’s legal domicile and virtual domicile • Validity period of the certificate and the signature • CA’s name, legal domicile and virtual domicile • User’s public key • Information indicating how the recipient of a digitally signed document can verify the sender’s public key • CA’s digital signature Controller of Certifying Authorities
Certificate Revocation List • A list of all known Certificates that have been revoked and declared invalid Controller of Certifying Authorities
Technical Infrastructure Controller of Certifying Authorities as the “Root” Authority certifies the technologies and practices of all the Certifying Authorities licensed to issue Digital Signature Certificates Controller of Certifying Authorities
Technical Infrastructure..contd The CCA operates the following :- • Root Certifying Authority (RCAI) under section 18(b) of the IT Act, and • National Repository of Digital Signature Certificates (NRDC) • Web site cca.gov.in Controller of Certifying Authorities
End entities, subscribers and relying parties • The End entities of RCAI are the Licensed CAs in India. • Subscribers and relying parties using the certificates issued by a CA need to be assured that the CA is licensed by the CCA. • They should be able to verify the licence under which a PKC has been issued by a CA. Controller of Certifying Authorities
Strong Room for RCAI • Reinforced walls for room housing RCAI • 24-hour surveillance through CCTV • Access controls through proximity cards and biometric readers • Physical security including locks • Security personnel Controller of Certifying Authorities
National Repository : NRDC • National Repository of • Digital Certificates • Certificate Revocation List Controller of Certifying Authorities
CCA : National Repository of Certificates of Public Keys of CAs and Certificates issued by CAs CA • CA Public Keys Certified by RCAI • CA’s Revoked Keys Directory Client CCA Cert/CRL CA Internet Cert/CRL LAN CA Cert/CRL RCAI NRDC Subscriber Subscriber Subscriber Relying Party Controller of Certifying Authorities