1 / 28

Pengenalan kepada Prasarana Kekunci Awam (PKI) dan Konsep Mobile PKI

Introduction to Public Key Infrastructure (PKI) and Mobile PKI concept. Pengenalan kepada Prasarana Kekunci Awam (PKI) dan Konsep Mobile PKI. By: Ami Azrul bin Abdullah. Notes. Dengan izin , the content of this presentation will be in English for the ease of understanding. AGENDA.

quin-ortega
Download Presentation

Pengenalan kepada Prasarana Kekunci Awam (PKI) dan Konsep Mobile PKI

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to Public Key Infrastructure (PKI) and Mobile PKI concept PengenalankepadaPrasaranaKekunciAwam (PKI) danKonsep Mobile PKI By: Ami Azrul bin Abdullah

  2. Notes • Dengan izin, the content of this presentation will be in English for the ease of understanding.

  3. AGENDA

  4. PREAMBLE 1:

  5. PREAMBLE 2 • Preservation of Confidentiality, Integrity, Availability (CIA) Confidentiality Information is observed by or disclosed to only those who have a right to know. Availability Integrity Information is available and usable when required, and the systems that provide it can resist attacks and recover from failure. Information is accurate and protected from unauthorized modification.

  6. HISTORY OF ENCRYPTION

  7. In the beginning • The needs to encrypt/decrypt message • E.g. Ami Azrul - gqi18qhoi • Creation of Keys • Keys are drived from an algorithm/set of formulas • At first symmetric key is used

  8. Next • The flaws of symmetric key • The Creation of Assymetric Key • Two keys are not the same yet interrelated • One cannot exist without the other • Always term as key pairs – private and public • The process done by private (secret) can only be reversed by public (and vice versa)

  9. Intermezzo • Symmetric – Key Pairs are the same; encrypt and decrypt • Common Algorithm :AES·Blowfish·DES·Triple DES·Serpent·Twofish • Assymmetric – Public and Private Key Pairs • Common examples: Diffie-Helman, ECC, RSA Further reading: http://en.wikipedia.org/wiki/RSA or http://en.wikipedia.org/wiki/Assymetric_key_cryptography

  10. And so.. • "private key" means the key of a key pair used to create a digital signature; "public key" means the key of a key pair used to verify a digital signature; Definitions from DSA 1997

  11. But • Keys are only algorithms ->numbers • The numbers -> keys are unique • Associate identity with keys • The birth of the Certification Authority, Registration Authority, and of course our regulator.

  12. PKI IN A NUTSHELL

  13. Kept securely and safely by • the owner • Use to generate digital signature • Kept by the relying party, CA • or anybody who want to transact • with the owner • Use to verify the digital signature Digital Certificates • Electronic counterparts to driver licenses, passports, membership cards or any legal identification documents: Proof of identity when communicating online • Contain information about the owner i.e Name, Public Key, Issuer Name, Validity Date etc • Contain a pair of key: Private Key and Public Key

  14. Digital Certificate: Sample • a)Identity of the public key owner • b) Public Key • c) Version Number • d) Certificate serial number • e) Identity of the issuer • f) Validity period • g) Extension fields • The digital certificate’s format is defined by CCITT X.509 International standard

  15. The story continues.. • digital signature" means a transformation of a message using an asymmetric cryptosystem such that a person having the initial message and the signer's public key can accurately determine- (a) whether the transformation was created using the private key that corresponds to the signer's public key; and (b) whether the message has been altered since the transformation was made; "

  16. SOME TECHNICAL CONCEPT SmartCard Document Document Document Document Document Document Document Document Document private (recipient) secret public Decryption Encryption public (recipient) InternetIntranet Digital Signature Digital Signature The Concept of Digital Certificates - Private & Public Key CA via RA

  17. Asymmetric encryption The quick brown fox jumps over the lazy dog H88g&ikp080+h6 54gcv.&Tgf7676f HF76yt476hTPcs Encryption Encrypteddata Clear data Receivers Public key H88g&ikp080+h6 54gcv.&Tgf7676f HF76yt476hTPcs The quick brown fox jumps over the lazy dog Decryption Clear data Encrypted data cret Receivers Private key se Different keys • Suggested for the first time in 1976 by two Americans, Diffie & Hellman • Only receiver can decrypt with his private key • Everyone can encrypt with receiver’s public key

  18. Digital Signature and authentication The quick brown fox jumps over the lazy dog H88g&ikp080+h6 54gcv.&Tgf7676f HF76yt476hTPcs Me mod n Encrypteddata (but not secret) Clear data Senders Private key H88g&ikp080+h6 54gcv.&Tgf7676f HF76yt476hTPcs The quick brown fox jumps over the lazy dog Re mod n Encrypted data Clear data Senders Public key • Private key can be used for “encryption” • Only sender can have generated this message! • Used for authentication and digital signatures

  19. WHAT DOES PKI FULFILL? • Confidentiality • Authenticity • Integrity • Non Repudiation

  20. PKI IN MACRO LEVEL

  21. HOW TRUST WORKS IN PKI Issue CA Certificate 2 Register Subscriber Information Register Subscriber Information Accredit CA/ Trust Partner Registration Authority Root CA Certificate Request (Identification) 1 6 Validate CA Certificate 5 Validate Subscriber Certificate 3 Issue Subscriber Certificate 7 4 Electronic Document Certificate Verify Electronic Signature Agency (USER) Agency

  22. MEDIA FOR CERTIFICATES Key & Certificates Storage: Smart Card incl. MyKad Crypto USB Token Hard / Floppy Disk MOBILE PHONES

  23. AND …. Reader Driver for communication between OS/Devices PKI Agent/Software needed to give card / token function. Similar to mobile.

  24. MOBILE PKI CONCEPT

  25. Background • There are more users of smart phones than PC • On the go transaction • Concept wise: User download Agent on mobile phone: • Android, iOS, Windows and Blackberry

  26. Socket Based Connection • User opens the third party’s website • User provides needed info • Third party calls the required function from our server. • Our server calls the client side app. • Client side app sent back the result • Our Server sends the result back to the server. • The client side (phone/pc) is having two way connection with our server. • Third parties can issue a request for operation; • Our server will ask the client to do that operation • Server will send the result back to the third party.

  27. Socket Based Connection • Functions: • Encrypt • Verify • Authentication Mobile GPKI Agent • Functions: • Sign • Decrypt Bidirectional Socket Web Service Calling Third Party Application GPKI Agent Gateway Server PC GPKI Agent

  28. Question and Answers • TERIMA KASIH

More Related