100 likes | 232 Views
Public Key Cryptography. Michael Watson Security Incident Management Director Virginia Real Estate Appraiser Board Electronic Portal Committee Meeting November 17, 2008. www.vita.virginia.gov. 1. What is Public Key Cryptography?. Methodology not technology Technology adopts this process
E N D
Public Key Cryptography Michael Watson Security Incident Management Director Virginia Real Estate Appraiser Board Electronic Portal Committee Meeting November 17, 2008 www.vita.virginia.gov 1
What is Public Key Cryptography? • Methodology not technology • Technology adopts this process • Based on three principles • Confidentiality • Integrity • Availability • Ties to a digital identity • Provides assurance the data retains its privacy, is not altered, and the original data remains available
Confidentiality • Definition • Assurance of data privacy – only the intended entity or entities may read the data • Digital Encryption • Certificates can provide complete confidentiality using encryption • Private Key • Accessible only by the digital identity who would send related messages
Integrity • Definition • Assurance of non-alteration – the data has not been undetectably modified • Public Key/Private Key • Data encrypted or signed with one can be decrypted with the other • Digital Signature • The encryption of the unique identifier (often referred to as a hash) for the message sent • Typically an encrypted hash • Hash can’t be calculated without the original message • Public key used to decode message verification sent by the public key owner
Availability • Definition • Assurance the original data remains accessible – all algorithms protecting the data should be able to provide access to the data. • PKI algorithms provide availability to the original data
Establishing a Digital Identity • You need to be who you say you are… • Establish your digital identity with a digital representation. • Private Key • Public Key • You need a way for others to confirm they have the right digital identity for you. • Confirmation that the digital representation hasn’t been tampered with and is the one that belongs to you. • Fingerprint/Hash • Digital Signature • Positive Identification Required • Self Certify vs Third Party
The Downside – Key Management • Revoking Certificates • Compromise, Loss, Exposure, etc. • Certificate Revocation Lists • Expiring Trust • Keys, like passwords, can, and should, expire after a period of time.
Questions? Thank you!