Overall cryptography and pki introduction
-
Upload
avirot-liangsiri -
Category
Documents
-
view
530 -
download
2
Transcript of Overall cryptography and pki introduction
![Page 1: Overall cryptography and pki introduction](https://reader036.fdocuments.in/reader036/viewer/2022062319/55759aacd8b42aff598b4881/html5/thumbnails/1.jpg)
Public Key Infrastructure in Brief
January 31, 2002
![Page 2: Overall cryptography and pki introduction](https://reader036.fdocuments.in/reader036/viewer/2022062319/55759aacd8b42aff598b4881/html5/thumbnails/2.jpg)
What is a PKI?
• A common misperception is that a PKI is a thing. In fact, it’s a capability—the capability to easily publish, manage, and use public keys.
• a PKI consists of a group of discrete components that work together to allow you to use public keys, and public-key cryptography, seamlessly and transparently
• A system that establishes and maintains trustworthy e-business environments through the generation and distribution of keys and certificates.
![Page 3: Overall cryptography and pki introduction](https://reader036.fdocuments.in/reader036/viewer/2022062319/55759aacd8b42aff598b4881/html5/thumbnails/3.jpg)
Value-Add of PKI
Feature Benefit
Authentication Allows your e-business to engage
trusted customers, partners and
employees
Authorization/ Allows business rules to dictate
Access Control who uses what resources, under
what conditions
Confidentiality Data is obscured and protected from
view or access by unauthorized
individuals
![Page 4: Overall cryptography and pki introduction](https://reader036.fdocuments.in/reader036/viewer/2022062319/55759aacd8b42aff598b4881/html5/thumbnails/4.jpg)
Value-Add of PKI
Feature Benefit
Integrity Prevents any transaction
from being tampered with
Non-repudiation Prevents any party from
denying an e-business
transaction after the fact
Audit controls Provides audit trails and
recourse for e-business
transactions
![Page 5: Overall cryptography and pki introduction](https://reader036.fdocuments.in/reader036/viewer/2022062319/55759aacd8b42aff598b4881/html5/thumbnails/5.jpg)
PKI: e-Business Enabler
• Makes trusted e-business possible• Enables new e-business processes• Provides integrated,comprehensive:
- Authorization- Confidentiality- Authentication- Integrity- Non-repudiation- Audit controls
...Transparently to users across applications and platforms
Digital Signature
Encryption
![Page 6: Overall cryptography and pki introduction](https://reader036.fdocuments.in/reader036/viewer/2022062319/55759aacd8b42aff598b4881/html5/thumbnails/6.jpg)
ALL OF THESE REQUIRE A PKI
AUTHENTICATION &NON-REPUDIATION
CONFIDENTIALITY &ACCESS CONTROL
INTEGRITY
Encryption Digital Signature Digital Signature
Public Private Keys
Certificates
PUBLIC KEY INFRASTRUCTUREPUBLIC KEY INFRASTRUCTURE
![Page 7: Overall cryptography and pki introduction](https://reader036.fdocuments.in/reader036/viewer/2022062319/55759aacd8b42aff598b4881/html5/thumbnails/7.jpg)
Created Market for PKIProducts and Services
*Source: NationsBank Montgomery/Gartner Group
0
200
400
600
800
1000
1200
1400
1998 1999 2000 2001 2002
Revenue
$100M$200M
$400M
$1,200M
$800M
![Page 8: Overall cryptography and pki introduction](https://reader036.fdocuments.in/reader036/viewer/2022062319/55759aacd8b42aff598b4881/html5/thumbnails/8.jpg)
PKI MarketSecure Transactions & Communications
InternalEnterprise
B2B
B2CG2C
Other98
99
00
01
Total Mkt
$800M
$400M
$200M
$110M
$1,200M02
Source: NationsBank Montgomery/Soundview/Entrust
$128 $6$50 $16
$16$154$200 $30
$40$350$350 $60
$60$540$500 $100
$79 $3$22 $6
![Page 9: Overall cryptography and pki introduction](https://reader036.fdocuments.in/reader036/viewer/2022062319/55759aacd8b42aff598b4881/html5/thumbnails/9.jpg)
Certification Authority
Certificate
Repository
Certificate
Revocation
Key Backup
& Recovery
Support for
non-repudiation
Automatic
Key Update
Key Histories
Timestamping
Cross-certification
Applicationsoftware
General PKI Requirements
![Page 10: Overall cryptography and pki introduction](https://reader036.fdocuments.in/reader036/viewer/2022062319/55759aacd8b42aff598b4881/html5/thumbnails/10.jpg)
PKIX-1: Chaired and edited by Entrust staff
PKIX-2: LDAP portion authored by Sharon Boeyen
PKIX-3: CMP portion authored by Carlisle Adams
PKIX-4: participation by Sharon Boeyen & others
PKIX-5: authored by Carlisle Adams, Robert Zuccherato
PKIX-6: authored by Carlisle Adams, Robert Zuccherato
PKIX Overview for IEEE: authored by Carlisle Adams and Steve Lloyd
PKIX Standards Participation
![Page 11: Overall cryptography and pki introduction](https://reader036.fdocuments.in/reader036/viewer/2022062319/55759aacd8b42aff598b4881/html5/thumbnails/11.jpg)
Internet Security ModelsStrongSecurity
MinimalSecurity
Level 1Unsecured session with user name and password
Level 2Secure Session with server Digital ID authentication only
Level 3Secure Session with user name and password
Level 6
Secure Session with Managed User and Server Digital ID
Support for non-repudiation of transactions
Level 5Secure Session with Managed User Digital ID authentication
Managed Digital IDs
Unmanaged Digital IDsLevel 4Secure Session with user Digital ID authentication
Managed Trust
Unmanaged Trust
![Page 12: Overall cryptography and pki introduction](https://reader036.fdocuments.in/reader036/viewer/2022062319/55759aacd8b42aff598b4881/html5/thumbnails/12.jpg)
Internet Security ModelsStrongSecurity
MinimalSecurity
Level 1Unsecured session with user name and password
Level 2
Level 3
Level 6
Level 5
Managed Digital IDs
Unmanaged Digital IDsLevel 4
Managed Trust
Unmanaged Trust
Entrust/Direct™
Entrust/Unity™, Entrust/TruePass™
Entrust/Web Connector
Entrust.net™
![Page 13: Overall cryptography and pki introduction](https://reader036.fdocuments.in/reader036/viewer/2022062319/55759aacd8b42aff598b4881/html5/thumbnails/13.jpg)
Acrobat Document
![Page 14: Overall cryptography and pki introduction](https://reader036.fdocuments.in/reader036/viewer/2022062319/55759aacd8b42aff598b4881/html5/thumbnails/14.jpg)
Cryptography in Brief
September 12, 2000
![Page 15: Overall cryptography and pki introduction](https://reader036.fdocuments.in/reader036/viewer/2022062319/55759aacd8b42aff598b4881/html5/thumbnails/15.jpg)
Cryptographic Algorithms
• Two types of cryptographic algorithms:
• Symmetric algorithms
• Public-key algorithms
• Two types of algorithms are highly complementary
![Page 16: Overall cryptography and pki introduction](https://reader036.fdocuments.in/reader036/viewer/2022062319/55759aacd8b42aff598b4881/html5/thumbnails/16.jpg)
Alice Bob
Symmetric Cryptography
• Also called secret-key cryptography• Single key used to encrypt and decrypt• Examples: CAST, DES, T-DES
![Page 17: Overall cryptography and pki introduction](https://reader036.fdocuments.in/reader036/viewer/2022062319/55759aacd8b42aff598b4881/html5/thumbnails/17.jpg)
Public-key Cryptography
• Keys come in pairs (public + private)
• Public key is available to anyone– like a phone number in the telephone book
• Private key is kept secret by the owner– like ATM PIN
• Examples: RSA, DSA, Diffie-Hellman
![Page 18: Overall cryptography and pki introduction](https://reader036.fdocuments.in/reader036/viewer/2022062319/55759aacd8b42aff598b4881/html5/thumbnails/18.jpg)
AliceBob
Directory of Public Keys
Bob’s Public Key Bob’s Private Key
CiphertextDECRYPTENCRYPT
Public-key Encryption
• Alice encrypting a file for Bob• Encryption provides:
– confidentiality– access control
![Page 19: Overall cryptography and pki introduction](https://reader036.fdocuments.in/reader036/viewer/2022062319/55759aacd8b42aff598b4881/html5/thumbnails/19.jpg)
How Public-key Encryption Works
Encryption Process Decryption Process
encrypt file usingsymmetric key
encrypt symmetric keyfor recipients using
their public keys
+
combine header withprotected data in one file
extract symmetrickey using
private key
decrypt file usingsymmetric key
recoveroriginal file
![Page 20: Overall cryptography and pki introduction](https://reader036.fdocuments.in/reader036/viewer/2022062319/55759aacd8b42aff598b4881/html5/thumbnails/20.jpg)
Alice Bob
Alice’s Private Key
Signed Plaintext
Alice’s Public Key
SIGN VERIFY
Public-key Digital Signature
• Alice signing a file– Bob verifying Alice’s signature
• Digital signature provides:– integrity– authenticity– non-repudiation
![Page 21: Overall cryptography and pki introduction](https://reader036.fdocuments.in/reader036/viewer/2022062319/55759aacd8b42aff598b4881/html5/thumbnails/21.jpg)
Signing Process Verification Process
calculate hash
sign hashwith private key
signed plaintext
calculate freshhash
verify original hashwith public key
=compare verified hash
with fresh hash
How Digital Signature Works
![Page 22: Overall cryptography and pki introduction](https://reader036.fdocuments.in/reader036/viewer/2022062319/55759aacd8b42aff598b4881/html5/thumbnails/22.jpg)
D ata
Digital Signature
(A ctua l)
P ub lic K ey o fA lice
f(d)
f(h)
D igestD igest
(E xpected)
Bob
D ata
C O M P A R EA ctua l = E xpected
If Y es , in teg rity o f the m essage is res to red and non-repud ia tion is es tab lished
E ncrypted D igest o rH ash o f M essage
P riva te K ey o fA lice
D igest
f(e)
f(h)
Hashing
Algorithm
D ata
Alice
![Page 23: Overall cryptography and pki introduction](https://reader036.fdocuments.in/reader036/viewer/2022062319/55759aacd8b42aff598b4881/html5/thumbnails/23.jpg)
ALICE’SPRIVATE KEY
BOB’SPUBLIC KEY
ENCRYPT
SIGN
ALICE’SPUBLIC KEY
BOB’SPRIVATE KEY
DECRYPT
VERIFY
e-mail floppyfile transfer
Putting it all Together ...
![Page 24: Overall cryptography and pki introduction](https://reader036.fdocuments.in/reader036/viewer/2022062319/55759aacd8b42aff598b4881/html5/thumbnails/24.jpg)
Signing & Sending
![Page 25: Overall cryptography and pki introduction](https://reader036.fdocuments.in/reader036/viewer/2022062319/55759aacd8b42aff598b4881/html5/thumbnails/25.jpg)
Receiving & Verification