Скачать презентацию Public Key Infrastructure JONATHAN BAULCH Public Key Скачать презентацию Public Key Infrastructure JONATHAN BAULCH Public Key

9e7a8cfd3213de7da6d980eabc74cca0.ppt

  • Количество слайдов: 12

Public Key Infrastructure JONATHAN BAULCH Public Key Infrastructure JONATHAN BAULCH

Public Key Infrastructure Introduction Digital Certificates Web of Trust Public Key Infrastructure Introduction Digital Certificates Web of Trust

Introduction Security architecture to increase the level of confidence when passing information Multiple meanings Introduction Security architecture to increase the level of confidence when passing information Multiple meanings Methods, technologies, and techniques to provide a secure infrastructure Use of a public and private key pair for authentication and proof of content

Introduction Expected benefits of Public Key Infrastructure (PKI) Certainty of the quality of information Introduction Expected benefits of Public Key Infrastructure (PKI) Certainty of the quality of information sent and received electronically Certainty of the source and destination of that information Assurance of the time and timing of that information Certainty of the privacy of that information Assurance that the information may be introduced as evidence in a court of law

Components of PKI Certification Authority Revocation Registration Authority Certificate Publishing Methods Certificate Management System Components of PKI Certification Authority Revocation Registration Authority Certificate Publishing Methods Certificate Management System PKI ‘aware’ applications

Diffie-Hellman Protocol Developed by Diffie and Hellman in 1976 Published in ground-breaking paper “New Diffie-Hellman Protocol Developed by Diffie and Hellman in 1976 Published in ground-breaking paper “New Directions in Cryptography Allows two users to exchange a secret key over an unsecure channel without any prior secrets

Diffie-Hellman Protocol Uses a prime number p and parameter g (g < p) with Diffie-Hellman Protocol Uses a prime number p and parameter g (g < p) with the following property For every number n between 1 and p-1 inclusive, there is a power k of g such that n = gk mod p Alice and Bob agree on a p and g Each pick a secret number Each send the value A/B of gsecret number mod p Each then compute A/Bsecret number mod p Alice and Bob will then have the same value

Digital Certificates Four types of certificates Personal certificates Server certificates Software publisher certificates Certificate Digital Certificates Four types of certificates Personal certificates Server certificates Software publisher certificates Certificate authority certificates

X. 509 Standard Defines what information can go into a certificate and how to X. 509 Standard Defines what information can go into a certificate and how to write it down All X. 509 certificates contain Version Serial Number Signature Algorithm Identifier Issuer Name Validity Period Subject Name Subject Public Key Information

Web of Trust Concept used in PGP, Gnu. PGP, and other Open PGP compatible Web of Trust Concept used in PGP, Gnu. PGP, and other Open PGP compatible systems to establish authenticity of public key and its owner Decentralized model Any user can be a part of, and a link between, multiple webs Developed by Phillip Zimmermann in 1992

Pretty Good Privacy Uses a combination of public key and symmetric encryption Serial combination Pretty Good Privacy Uses a combination of public key and symmetric encryption Serial combination of hashing, data compression, symmetric key cryptography, and public key cryptography Each public key is bound to a user name or email Created to contrast the X. 509 system of a hierarchal approach based on certificate authority

Problems with PGP Users who lose the private key can no longer decrypt messages Problems with PGP Users who lose the private key can no longer decrypt messages Without central controller, web of trust depends on other users for trust Those with new certificates will not be readily trusted by other users’ systems Possible that a new user could not find anyone else to endorse a new certificate