What Are The Drone Anti-jamming Systems Technology?
Implementing Public-Key-Infrastructures
1. Implementing Public Key Infrastructures Dr. Oliver Pfaff Siemens AG KEMA Seminar "Utility Communications “ June 2003 , Amsterdam, Netherlands
2.
3.
4. Setting-the-Scene What are Authentication-Enabled Services? Authentication Encryption Thwart active attacks Single-Sign-On Transfer authentication Access control Determine authorization Non-repudiation Validate and interpret evidence Privacy Enforce policies Digital rights management Control content distribution
5. Setting-the-Scene How to Advance Authentication? Non-cryptographic Cryptographic Keyed checksums allow to verify the authenticity of data objects Shared secrets Allow origin authentication; do not bind exchanged information Classical codes Provide protection against transmission errors; not against intentional attacks Biometrics Can authenticate human beings; not IT-systems or data objects In-band Supplementary information via secondary channel Supplementary information attached with payload Out-of-band Used in various scenarios; not generic due to availability, cost, handling issues Our focus
6.
7.
8.
9.
10.
11.
12.
13.
14. Exploring PKI How to Interface with Smart-Cards? Network Data object Generate checksum Validate checksum Data object Check- sum Data object Check- sum O K? Authentication Public key certificate Infrastructure Applications PKI RA Repository CA As above PKCS#11, MS-CAPI... Smart-Cards Keying association Keys Cert
15.
16.
17.
18.
19.
20.
21.
22.
Editor's Notes
Encryption conceals the original meaning of data to prevent it from being known to or used by unauthorized entities; authentication is a prerequisite to thwart active attacks on encryption schemes SSO user authentication employs 3-party authentication protocols; authentication is performed between client as well as authentication service and transferred to target services. Access control is the regulation of access to resources according to a security policy; authentication is a prerequisite to determine authorization. Non-repudiation is the capability to prevent the denial of (prior) actions, statements, commitments; authentication is required in evidence validation and thus a prerequisite for evidence interpretation Digital rights management is considered to be the digital management of rights, I.e. the digital management of physical, digital, abstract entities; protection of IPR requires sound access control and thus authentication. Privacy is considered to be the right of a person to determine the degree to which she/he will interact with its environment; authentication is a prerequisite to enforce privacy policies (esp. when communicating in distributed environments).
Note: resources that are required to deploy public key cryptography are authentic public keys
Note: there is another layer beneath PKI (cf. next slide)
Intro: assume audience belongs to the middle case of ‚ smaller, less diverse populations ‘ and is considering the introduction of PKI
No generic infrastructure technology for life-cycle management of initial ‘entity identifier and key’-bindings emerged in secret key authentication.