1 / 18

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004

Understand the fundamentals of PKI, including asymmetric cryptography, digital signatures, and X.509 certificates. Explore the applications of PKI in authentication, secure e-mail, data encryption, and network protection. Learn about certificate authorities and the benefits of implementing PKI technology.

marygardner
Download Presentation

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to PKI SeminarWhat is PKI?Robert BrentrupJuly 13, 2004

  2. Cryptography • A secret key is used to transform data to encrypted form and back • Distributing the key must occur in a secure channel • The strength of the system depends on the algorithm and the complexity of the keys

  3. Asymmetric Cryptography • A pair of keys is used. • The only way to decrypt data encrypted by one key is to use the other key of the pair. • The private key is kept secret by it’s owner. • The public key is published.

  4. Asymmetric Key Cryptography • No need to exchange a secret "key" by some other channel • Invented in 1976 by Whit Diffie and Martin Hellman • Commercialized by RSA Security • (Rivest, Shamir, Adelman)

  5. Anyone encrypts with public key of recipient. Only the recipient can decrypt with their private key. No secrets need to be exchanged in advance. If the private key is secret, the data is secure. Encryption

  6. Signer computes content digest, encrypts with their private key. Reader decrypts with signer’s public key. Reader re-computes the content digest and verifies match with original – guarantees no one has modified signed data. If only signer has private key, no one else can produce their digital signature. Digital Signatures

  7. Why PKI? • Comprehensive way to address securing many applications • No passwords on the wire • No need for shared secrets • Strong underlying security technology • Widely included in Technology Products

  8. PKI and Passwords • Passwords NOT even sent to server • Still using password to unlock key • Only user knows password • Can recover only if escrow a copy • Harder to share, need key in file and password

  9. Policy - Process • Registration: How individual is identified • Generating and storing key pair • Individual education of best practices • Stronger Authentication • Strengthens Authorization • Balance Policy/Process with Application’s security requirements

  10. Basic applications of PKI Authentication and Authorization of Web users and servers Basis for the SSL protocol used to secure web connections Secure e-mail (signed and encrypted) Electronic signatures Data encryption Business documents, databases, executable code Network data protection (VPN, wireless)

  11. The server challenges the client to encrypt data with their private key. The server decrypts the response with the client’s public key. If the response matches the original data, then the client must have the matching private key. Therefore the client is the entity named in the public key certificate. Basis for SSL/TSL protocols Authentication with PKI

  12. What is X.509? A standard for the format of a public key certificate and related standards for how certificates are used. Current PKI product offerings inter-operate through this standard There are many other possible formulations, eg SDSI/SPKI

  13. What is a certificate? Signed data structure that binds some information to a public key Trusted entity asserts validity of information in certificate The information is usually a personal identity or a server name Think of it as an electronic ID card

  14. What is a certificate authority? An organization that creates and publishes certificates Verifies the information in the certificate Protects general security and policies of the system and its records Allows you to check certificates and decide to use them in business transactions

  15. What is a CA certificate? A certificate authority generates a key pair used to sign the certificates it issues Multiple institutions can collaborate via: Hierachical structure among their CAs Bridge Certification Authorities "peer to peer" approach

  16. Key Validity • Duration requirements: • Limited time as defense against compromise • Retain for future decryption • History of Public keys for signature verification • Kerberos • PK technology with short lifetime • Authentication only • Can issue X.509 certificates with timeframes chosen based on use • Typically longer lived

  17. Add client side SSL to web server configuration Modify application to Test for presence of https connection Get user information from environment Fall through to previous authentication Rewrite rules to bypass https for unaware web browsers Application Changes

  18. Application Benefits • Authentication - Web Services • Eliminates transmitting passwords on network • Improve on Kerberos infrastructure • Digital Signatures • Enables verifiable electronic business processes • NIH Pilot - Grant Applications • Encryption • Secure sensitive data sent via e-mail or electronic documents

More Related