1 / 18

Security and Certification; Authentication and Authorisation

Security and Certification; Authentication and Authorisation. John Kewley. EGEE is funded by the European Union under contract IST-2003-508833. Security and Certification; Authentication and Authorisation. EGEE Training Team. EGEE is funded by the European Union under contract IST-2003-508833.

posy
Download Presentation

Security and Certification; Authentication and Authorisation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Security and Certification; Authentication and Authorisation John Kewley EGEE is funded by the European Union under contract IST-2003-508833 Induction: Security and Certification –April 26-28, 2004 - 1

  2. Security and Certification; Authentication and Authorisation EGEE Training Team EGEE is funded by the European Union under contract IST-2003-508833 Induction: Security and Certification –April 26-28, 2004 - 2

  3. Acknowledgements • Some of these slides have been taken from a longer presentation by Mike Jones of the University of Manchester. • Prepared by John Kewley, CCLRC Daresbury Laboratory Induction: Security and Certification –April 26-28, 2004 - 3

  4. Goals of this module Describe … • Security basics • Use of Certificates • Importance of Certificate Authorities Induction: Security and Certification –April 26-28, 2004 - 4

  5. Overview • Introduction to Security • Public/private keys in action • Certificates • Certificate Authorities Induction: Security and Certification –April 26-28, 2004 - 5

  6. Introduction to Security What aspects of security should we be concerned about? • Authentication (Identification) • Confidentiality (Privacy) • Integrity (non-Tampering) • Authorisation Also • Accounting • Delegation • Non-Repudiation Induction: Security and Certification –April 26-28, 2004 - 6

  7. Tools of the trade • Encryption • Secret “symmetric” key – both parties need to share the key • DES, RC4 • Comparatively efficient • Public/private key – “asymmetric” - 2 keys mathematically related • RSA, DSA • Slower • Oneway hash / message digest • MD5, SHA-1 • fast Induction: Security and Certification –April 26-28, 2004 - 7

  8. Gbbyf bs gur genqr • Rapelcgvba • Frpergt “flzzrgevp” xrl – obgu cnegvrf arrq gb funer gur xrl • QRF, EP4 • Pbzcnengviryl rssvpvrag • Choyvp/cevingr xrl – “nflzzrgevp” - 2 xrlf zngurzngvpnyyl eryngrq • EFN, QFN • Fybjre • Barjnl unfu / zrffntr qvtrfg • ZQ5, FUN-1 • Snfg Induction: Security and Certification –April 26-28, 2004 - 8

  9. Tools of the trade • Encryption • Secret “symmetric” key – both parties need to share the key • DES, RC4 • Comparatively efficient • Public/private key – “asymmetric” - 2 keys mathematically related • RSA, DSA • Slower • Oneway hash / message digest • MD5, SHA-1 • fast Induction: Security and Certification –April 26-28, 2004 - 9

  10. Encrypting for Confidentiality (1) Sending a message using symmetric keys • Encrypt message using shared key • Send encrypted message • Receiver decrypts message using shared key Only someone with shared key can decrypt message But how do the keys get shared? Sender space Public space Receiver space key key hR3a rearj hR3a rearj hR3a rearj openssl openssl 2 3 1 Hello World Hello World Induction: Security and Certification –April 26-28, 2004 - 10

  11. Encrypting for Confidentiality Sending a message using asymmetric keys • Encrypt message using Receiver’s public key • Send encrypted message • Receiver decrypts message using own private key Only someone with Receiver’s private key can decrypt message Public space Receiver space Sender space Private Key Receiver’s Public Key Public Key Receiver’s Public Key 3 hR3a rearj hR3a rearj openssl openssl 2 hR3a rearj 1 Hello World Hello World Induction: Security and Certification –April 26-28, 2004 - 11

  12. Encrypting for Confidentiality (2) Sending a message using asymmetric keys • Encrypt message using Receiver’s public key • Send encrypted message • Receiver decrypts message using own private key Only someone with Receiver’s private key can decrypt message Public space Receiver space Sender space Private Key Receiver’s Public Key Public Key Receiver’s Public Key 3 hR3a rearj hR3a rearj openssl openssl 2 hR3a rearj 1 Hello World Hello World Induction: Security and Certification –April 26-28, 2004 - 12

  13. Signing for Authentication • Encrypt message with Sender’s private key • Send encrypted message • Message is readable by ANYONE with Sender’s public key • Receiver decrypts message with Sender’s public key Receiver can be confident that only someone with Sender’s private key could have sent the message Public space Receiver space Sender space Sender’s Public Key Sender’s Public Key Private Key Public Key 3 openssl 1 n52krj rer openssl openssl n52krj rer Hello World 4 2 Hello World n52krj rer Hello World Induction: Security and Certification –April 26-28, 2004 - 13

  14. Certificates • A statement from someone else (the Certificate Authority), that your public key (and hence your private key) is associated with your identity • A certificate can be checked if you have the public key of the party who signed it Induction: Security and Certification –April 26-28, 2004 - 14

  15. Certificate Authority • A Certificate Authority (CA) issues you your certificates. • By signing them it is able to vouch for you to third parties • In return for this service, you must provide appropriate documentary evidence of identity when you apply for a certificate through a Registration Authority (RA) Induction: Security and Certification –April 26-28, 2004 - 15

  16. Certificate contents • The certificate that you present to others contains: • Your distinguished name (DN) • Your public key • The identity of the CA who issued the certificate • Its expiry date • Digital signature of the CA which issued it Induction: Security and Certification –April 26-28, 2004 - 16

  17. The Full Monty • Server authenticates Client • Client authenticates Server • (Symmetric) Session key exchanged confidentially using public key mechanism • Secure session can now commence using more efficient, agreed “session key” • Secure messages will also contain a message digest to ensure integrity Induction: Security and Certification –April 26-28, 2004 - 17

  18. Summary We have looked at • Security basics • Use of Certificates • Importance of Certification Authorities Induction: Security and Certification –April 26-28, 2004 - 18

More Related