SlideShare a Scribd company logo

Implementing Public-Key-Infrastructures

Oliver Pfaff
Oliver Pfaff
TechnologyEducation
1 of 22
Implementing Public Key Infrastructures Dr. Oliver Pfaff Siemens AG KEMA Seminar "Utility Communications “ June 2003 , Amsterdam, Netherlands
Contents of this Presentation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Setting-the-Scene How to Trust? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Setting-the-Scene What are Authentication-Enabled Services? Authentication Encryption Thwart active attacks Single-Sign-On Transfer authentication Access control Determine authorization Non-repudiation Validate and interpret evidence Privacy Enforce policies Digital rights management Control content distribution
Setting-the-Scene How to Advance Authentication? Non-cryptographic Cryptographic Keyed checksums allow to verify the authenticity of data objects Shared secrets Allow origin authentication; do not bind exchanged information Classical codes Provide protection against transmission errors; not against intentional attacks Biometrics Can authenticate human beings; not IT-systems or data objects In-band Supplementary information via secondary channel Supplementary information attached with payload Out-of-band Used in various scenarios; not generic due to availability, cost, handling issues Our focus
Setting-the-Scene Is Cryptography the Final Answer? ,[object Object],[object Object],Alice‘s signature key 10100101001010100111... Verification key for Alice 01010101001 010010... Alice Bob I love You! I love You! Check- sum I love You! Check- sum O K? Network Verification key for attacker 0000000000000000 ... Attacker‘s signature key 111111111111111 ... I hate You! I hate You! Check- sum Attacker Intercept, exchange message I hate You! Check- sum 000000000000000 ... Replace key value
Introducing PKI What is Public Key Cryptography? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Encryption pattern: Authentication pattern: Generate checksum Validate checksum Encrypt data Decrypt data Plain text Cipher text Plain text Private key Public key Check sum O K? Private key Public key Data object Data object
Introducing PKI What is Public Key Infrastructure? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Introducing PKI What Are Public Key Certificates? ,[object Object],Public key ,[object Object],Key holder, authorization s ... ,[object Object],Signature ,[object Object]
Introducing PKI Which PKI Technologies Exist? Attribute/ authorization ,[object Object],[object Object],[object Object],[object Object],Attribute certificate ,[object Object],[object Object],[object Object],[object Object],[object Object],Authorization certificate Public key Entity ID ,[object Object],[object Object],[object Object],[object Object],[object Object],Identity certificate
Exploring PKI Which Duties Does PKI Have? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Certificate generation Certificate use Certificate termination Certificate revocation Certification request
Exploring PKI Which Entities Comprise a PKI? Infrastructure Applications End entity ( subscribing ) PKI stub End entity (relying) PKI stub ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],RA Repository CA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Exploring PKI How to Interface with Applications? ,[object Object],[object Object],[object Object],[object Object],Trusted certificates, policies RA Repository CA XKMS / SCVP service Path construction Path validation Status checking End entity (relying) XKMS / SCVP integration XKMS / SCVP configuration ,[object Object],[object Object],[object Object],[object Object],End entity (relying) RA Repository CA Path construction Path validation Status checking Trusted certificates, policies
Exploring PKI How to Interface with Smart-Cards? Network Data object Generate checksum Validate checksum Data object Check- sum Data object Check- sum O K? Authentication Public key certificate Infrastructure Applications PKI RA Repository CA As above PKCS#11, MS-CAPI... Smart-Cards Keying association Keys Cert
Exploring PKI How to Interface with Identity Management? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Identity management HR IT ... PKI RA Repository CA
Exploring PKI How to Cross Organization Boundaries? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Lessons-Learnt How to Deploy PKIs? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Lessons-Learnt What Happened Until Now? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Lessons-Learnt What Should Be On Your Checklist? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Lessons-Learnt What Can PKI Do For You? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Conclusions ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Author Information ,[object Object],[object Object],[object Object],[object Object],[object Object]

Recommended

Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
 
Pki and OpenSSL
Pki and OpenSSLPki and OpenSSL
Pki and OpenSSLTony Fabeen
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and ApplicationsSvetlin Nakov
 
Final ppt ecommerce
Final ppt ecommerceFinal ppt ecommerce
Final ppt ecommercepriyanka Garg
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructurevimal kumar
 
Pki for dummies
Pki for dummiesPki for dummies
Pki for dummiesAlex de Jong
 
PKI by Tim Polk
PKI by Tim PolkPKI by Tim Polk
PKI by Tim PolkInformation Security Awareness Group
 
PKI by Gene Itkis
PKI by Gene ItkisPKI by Gene Itkis
PKI by Gene ItkisInformation Security Awareness Group
 

Recommended

Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
 
Pki and OpenSSL
Pki and OpenSSLPki and OpenSSL
Pki and OpenSSLTony Fabeen
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and ApplicationsSvetlin Nakov
 
Final ppt ecommerce
Final ppt ecommerceFinal ppt ecommerce
Final ppt ecommercepriyanka Garg
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructurevimal kumar
 
Pki for dummies
Pki for dummiesPki for dummies
Pki for dummiesAlex de Jong
 
PKI by Tim Polk
PKI by Tim PolkPKI by Tim Polk
PKI by Tim PolkInformation Security Awareness Group
 
PKI by Gene Itkis
PKI by Gene ItkisPKI by Gene Itkis
PKI by Gene ItkisInformation Security Awareness Group
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key InfrastructureTheo Gravity
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureInformation Technology
 
Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Venkatesh Jambulingam
 
Public key infrastructure
Public key infrastructurePublic key infrastructure
Public key infrastructureAditya Nama
 
Infrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate ServicesInfrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate Serviceskieranjacobsen
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI TechnologySylvain Maret
 
PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in BangladeshBangladesh Network Operators Group
 
Marco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewMarco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewInformation Security Awareness Group
 
Certification authority
Certification authorityCertification authority
Certification authorityproser tech
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerCheapSSLUSA
 
Digital signature & PKI Infrastructure
Digital signature & PKI InfrastructureDigital signature & PKI Infrastructure
Digital signature & PKI InfrastructureShubham Sharma
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information securityDevam Shah
 
Digital Certificates and Secure Web Access
Digital Certificates and Secure Web AccessDigital Certificates and Secure Web Access
Digital Certificates and Secure Web Accessbluntm64
 
Digital certificate & signature
Digital certificate & signatureDigital certificate & signature
Digital certificate & signatureNetri Chowdhary
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network securityrhassan84
 
Digital certificates & its importance
Digital certificates & its importanceDigital certificates & its importance
Digital certificates & its importancesvm
 
Digital certificates
Digital certificates Digital certificates
Digital certificates Sheetal Verma
 
Kumkum digital certificate
Kumkum digital certificateKumkum digital certificate
Kumkum digital certificateKumkum Sharma
 
Presentation on digital signatures & digital certificates
Presentation on digital signatures & digital certificatesPresentation on digital signatures & digital certificates
Presentation on digital signatures & digital certificatesVivaka Nand
 
I would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdfI would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdfJUSTSTYLISH3B2MOHALI
 
Define PKI (Public Key Infrastructure) and list and discuss the type.pdf
Define PKI (Public Key Infrastructure) and list and discuss the type.pdfDefine PKI (Public Key Infrastructure) and list and discuss the type.pdf
Define PKI (Public Key Infrastructure) and list and discuss the type.pdfxlynettalampleyxc
 

More Related Content

What's hot

Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key InfrastructureTheo Gravity
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureInformation Technology
 
Public key infrastructure
Public key infrastructurePublic key infrastructure
Public key infrastructureAditya Nama
 
Infrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate ServicesInfrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate Serviceskieranjacobsen
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI TechnologySylvain Maret
 
Certification authority
Certification authorityCertification authority
Certification authorityproser tech
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerCheapSSLUSA
 
Digital signature & PKI Infrastructure
Digital signature & PKI InfrastructureDigital signature & PKI Infrastructure
Digital signature & PKI InfrastructureShubham Sharma
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information securityDevam Shah
 
Digital Certificates and Secure Web Access
Digital Certificates and Secure Web AccessDigital Certificates and Secure Web Access
Digital Certificates and Secure Web Accessbluntm64
 
Digital certificate & signature
Digital certificate & signatureDigital certificate & signature
Digital certificate & signatureNetri Chowdhary
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network securityrhassan84
 
Digital certificates & its importance
Digital certificates & its importanceDigital certificates & its importance
Digital certificates & its importancesvm
 
Digital certificates
Digital certificates Digital certificates
Digital certificates Sheetal Verma
 
Kumkum digital certificate
Kumkum digital certificateKumkum digital certificate
Kumkum digital certificateKumkum Sharma
 
Presentation on digital signatures & digital certificates
Presentation on digital signatures & digital certificatesPresentation on digital signatures & digital certificates
Presentation on digital signatures & digital certificatesVivaka Nand
 

What's hot (20)

Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key Infrastructure
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key Infrastructure
 
Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)
 
Public key infrastructure
Public key infrastructurePublic key infrastructure
Public key infrastructure
 
Infrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate ServicesInfrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate Services
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI Technology
 
PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in Bangladesh
 
Marco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewMarco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overview
 
Certification authority
Certification authorityCertification authority
Certification authority
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets Layer
 
Digital signature & PKI Infrastructure
Digital signature & PKI InfrastructureDigital signature & PKI Infrastructure
Digital signature & PKI Infrastructure
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information security
 
Digital Certificates and Secure Web Access
Digital Certificates and Secure Web AccessDigital Certificates and Secure Web Access
Digital Certificates and Secure Web Access
 
Digital certificate & signature
Digital certificate & signatureDigital certificate & signature
Digital certificate & signature
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
 
Digital certificates & its importance
Digital certificates & its importanceDigital certificates & its importance
Digital certificates & its importance
 
Digital certificates
Digital certificates Digital certificates
Digital certificates
 
Kumkum digital certificate
Kumkum digital certificateKumkum digital certificate
Kumkum digital certificate
 
Presentation on digital signatures & digital certificates
Presentation on digital signatures & digital certificatesPresentation on digital signatures & digital certificates
Presentation on digital signatures & digital certificates
 

Similar to Implementing Public-Key-Infrastructures

I would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdfI would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdfJUSTSTYLISH3B2MOHALI
 
Define PKI (Public Key Infrastructure) and list and discuss the type.pdf
Define PKI (Public Key Infrastructure) and list and discuss the type.pdfDefine PKI (Public Key Infrastructure) and list and discuss the type.pdf
Define PKI (Public Key Infrastructure) and list and discuss the type.pdfxlynettalampleyxc
 
Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Avirot Mitamura
 
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2dP2PSystem
 
Ijarcet vol-2-issue-7-2307-2310
Ijarcet vol-2-issue-7-2307-2310Ijarcet vol-2-issue-7-2307-2310
Ijarcet vol-2-issue-7-2307-2310Editor IJARCET
 
Ijarcet vol-2-issue-7-2307-2310
Ijarcet vol-2-issue-7-2307-2310Ijarcet vol-2-issue-7-2307-2310
Ijarcet vol-2-issue-7-2307-2310Editor IJARCET
 
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ..."Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...PROIDEA
 
Kerberos-PKI-Federated identity
Kerberos-PKI-Federated identityKerberos-PKI-Federated identity
Kerberos-PKI-Federated identityWAFAA AL SALMAN
 
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docxdurantheseldine
 
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A... Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...Information Security Awareness Group
 
Authentication and Authorization Models
Authentication and Authorization ModelsAuthentication and Authorization Models
Authentication and Authorization ModelsCSCJournals
 
Nt2580 Final Project Essay Examples
Nt2580 Final Project Essay ExamplesNt2580 Final Project Essay Examples
Nt2580 Final Project Essay ExamplesSherry Bailey
 
Iaetsd secure emails an integrity assured email
Iaetsd secure emails an integrity assured emailIaetsd secure emails an integrity assured email
Iaetsd secure emails an integrity assured emailIaetsd Iaetsd
 
Multifactor authenticationMultifactor authentication or MFA .docx
Multifactor authenticationMultifactor authentication or MFA .docxMultifactor authenticationMultifactor authentication or MFA .docx
Multifactor authenticationMultifactor authentication or MFA .docxgilpinleeanna
 
The Hong Kong Public Key Infrastruture 2010
The Hong Kong Public Key Infrastruture 2010The Hong Kong Public Key Infrastruture 2010
The Hong Kong Public Key Infrastruture 2010SC Leung
 
Securing Tomorrow Unveiling the Future of Digital Trust with PKI - DrySign
Securing Tomorrow Unveiling the Future of Digital Trust with PKI - DrySignSecuring Tomorrow Unveiling the Future of Digital Trust with PKI - DrySign
Securing Tomorrow Unveiling the Future of Digital Trust with PKI - DrySignDrysign By Exela
 
Development of Digital Identity Systems
Development of Digital Identity Systems Development of Digital Identity Systems
Development of Digital Identity Systems Maganathin Veeraragaloo
 
Trust in E- and M-Business - Advances Through IT-Security
Trust in E- and M-Business - Advances Through IT-SecurityTrust in E- and M-Business - Advances Through IT-Security
Trust in E- and M-Business - Advances Through IT-SecurityOliver Pfaff
 

Similar to Implementing Public-Key-Infrastructures (20)

I would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdfI would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdf
 
Define PKI (Public Key Infrastructure) and list and discuss the type.pdf
Define PKI (Public Key Infrastructure) and list and discuss the type.pdfDefine PKI (Public Key Infrastructure) and list and discuss the type.pdf
Define PKI (Public Key Infrastructure) and list and discuss the type.pdf
 
Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)
 
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
 
Ijarcet vol-2-issue-7-2307-2310
Ijarcet vol-2-issue-7-2307-2310Ijarcet vol-2-issue-7-2307-2310
Ijarcet vol-2-issue-7-2307-2310
 
Ijarcet vol-2-issue-7-2307-2310
Ijarcet vol-2-issue-7-2307-2310Ijarcet vol-2-issue-7-2307-2310
Ijarcet vol-2-issue-7-2307-2310
 
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ..."Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
 
Everything you need to Know about PKI .pdf
Everything you need to Know about PKI .pdfEverything you need to Know about PKI .pdf
Everything you need to Know about PKI .pdf
 
Kerberos-PKI-Federated identity
Kerberos-PKI-Federated identityKerberos-PKI-Federated identity
Kerberos-PKI-Federated identity
 
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx
 
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A... Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
 
Authentication and Authorization Models
Authentication and Authorization ModelsAuthentication and Authorization Models
Authentication and Authorization Models
 
www.ijerd.com
www.ijerd.comwww.ijerd.com
www.ijerd.com
 
Nt2580 Final Project Essay Examples
Nt2580 Final Project Essay ExamplesNt2580 Final Project Essay Examples
Nt2580 Final Project Essay Examples
 
Iaetsd secure emails an integrity assured email
Iaetsd secure emails an integrity assured emailIaetsd secure emails an integrity assured email
Iaetsd secure emails an integrity assured email
 
Multifactor authenticationMultifactor authentication or MFA .docx
Multifactor authenticationMultifactor authentication or MFA .docxMultifactor authenticationMultifactor authentication or MFA .docx
Multifactor authenticationMultifactor authentication or MFA .docx
 
The Hong Kong Public Key Infrastruture 2010
The Hong Kong Public Key Infrastruture 2010The Hong Kong Public Key Infrastruture 2010
The Hong Kong Public Key Infrastruture 2010
 
Securing Tomorrow Unveiling the Future of Digital Trust with PKI - DrySign
Securing Tomorrow Unveiling the Future of Digital Trust with PKI - DrySignSecuring Tomorrow Unveiling the Future of Digital Trust with PKI - DrySign
Securing Tomorrow Unveiling the Future of Digital Trust with PKI - DrySign
 
Development of Digital Identity Systems
Development of Digital Identity Systems Development of Digital Identity Systems
Development of Digital Identity Systems
 
Trust in E- and M-Business - Advances Through IT-Security
Trust in E- and M-Business - Advances Through IT-SecurityTrust in E- and M-Business - Advances Through IT-Security
Trust in E- and M-Business - Advances Through IT-Security
 

More from Oliver Pfaff

Trends in IIoT and OT Security
Trends in IIoT and OT SecurityTrends in IIoT and OT Security
Trends in IIoT and OT SecurityOliver Pfaff
 
Web-of-Things and Services Security
Web-of-Things and Services SecurityWeb-of-Things and Services Security
Web-of-Things and Services SecurityOliver Pfaff
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Oliver Pfaff
 
IT-Security@Contemporary Life
IT-Security@Contemporary LifeIT-Security@Contemporary Life
IT-Security@Contemporary LifeOliver Pfaff
 
New Trends in Web Security
New Trends in Web SecurityNew Trends in Web Security
New Trends in Web SecurityOliver Pfaff
 
OpenID Connect - An Emperor or Just New Cloths?
OpenID Connect - An Emperor or Just New Cloths?OpenID Connect - An Emperor or Just New Cloths?
OpenID Connect - An Emperor or Just New Cloths?Oliver Pfaff
 
Does REST Change the Game for IAM?
Does REST Change the Game for IAM?Does REST Change the Game for IAM?
Does REST Change the Game for IAM?Oliver Pfaff
 
Identifying How WAP Can Be Used For Secure mBusiness
Identifying How WAP Can Be Used For Secure mBusinessIdentifying How WAP Can Be Used For Secure mBusiness
Identifying How WAP Can Be Used For Secure mBusinessOliver Pfaff
 
Early Adopting Java WSIT-Experiences with Windows CardSpace
Early Adopting Java WSIT-Experiences with Windows CardSpaceEarly Adopting Java WSIT-Experiences with Windows CardSpace
Early Adopting Java WSIT-Experiences with Windows CardSpaceOliver Pfaff
 
Identity 2.0 and User-Centric Identity
Identity 2.0 and User-Centric IdentityIdentity 2.0 and User-Centric Identity
Identity 2.0 and User-Centric IdentityOliver Pfaff
 
State-of-the-Art in Web Services Federation
State-of-the-Art in Web Services FederationState-of-the-Art in Web Services Federation
State-of-the-Art in Web Services FederationOliver Pfaff
 
Unified Security Architectures for Web and WAP
Unified Security Architectures for Web and WAPUnified Security Architectures for Web and WAP
Unified Security Architectures for Web and WAPOliver Pfaff
 
Real-Time-Communications Security-How to Deploy Presence and Instant Messagin...
Real-Time-Communications Security-How to Deploy Presence and Instant Messagin...Real-Time-Communications Security-How to Deploy Presence and Instant Messagin...
Real-Time-Communications Security-How to Deploy Presence and Instant Messagin...Oliver Pfaff
 
Identity 2.0, Web services and SOA in Health Care
Identity 2.0, Web services and SOA in Health CareIdentity 2.0, Web services and SOA in Health Care
Identity 2.0, Web services and SOA in Health CareOliver Pfaff
 
SOA Security - So What?
SOA Security - So What?SOA Security - So What?
SOA Security - So What?Oliver Pfaff
 

More from Oliver Pfaff (17)

Trends in IIoT and OT Security
Trends in IIoT and OT SecurityTrends in IIoT and OT Security
Trends in IIoT and OT Security
 
Web-of-Things and Services Security
Web-of-Things and Services SecurityWeb-of-Things and Services Security
Web-of-Things and Services Security
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'
 
IT-Security@Contemporary Life
IT-Security@Contemporary LifeIT-Security@Contemporary Life
IT-Security@Contemporary Life
 
OAuth Base Camp
OAuth Base CampOAuth Base Camp
OAuth Base Camp
 
New Trends in Web Security
New Trends in Web SecurityNew Trends in Web Security
New Trends in Web Security
 
OpenID Connect - An Emperor or Just New Cloths?
OpenID Connect - An Emperor or Just New Cloths?OpenID Connect - An Emperor or Just New Cloths?
OpenID Connect - An Emperor or Just New Cloths?
 
Does REST Change the Game for IAM?
Does REST Change the Game for IAM?Does REST Change the Game for IAM?
Does REST Change the Game for IAM?
 
Analyzing OAuth
Analyzing OAuthAnalyzing OAuth
Analyzing OAuth
 
Identifying How WAP Can Be Used For Secure mBusiness
Identifying How WAP Can Be Used For Secure mBusinessIdentifying How WAP Can Be Used For Secure mBusiness
Identifying How WAP Can Be Used For Secure mBusiness
 
Early Adopting Java WSIT-Experiences with Windows CardSpace
Early Adopting Java WSIT-Experiences with Windows CardSpaceEarly Adopting Java WSIT-Experiences with Windows CardSpace
Early Adopting Java WSIT-Experiences with Windows CardSpace
 
Identity 2.0 and User-Centric Identity
Identity 2.0 and User-Centric IdentityIdentity 2.0 and User-Centric Identity
Identity 2.0 and User-Centric Identity
 
State-of-the-Art in Web Services Federation
State-of-the-Art in Web Services FederationState-of-the-Art in Web Services Federation
State-of-the-Art in Web Services Federation
 
Unified Security Architectures for Web and WAP
Unified Security Architectures for Web and WAPUnified Security Architectures for Web and WAP
Unified Security Architectures for Web and WAP
 
Real-Time-Communications Security-How to Deploy Presence and Instant Messagin...
Real-Time-Communications Security-How to Deploy Presence and Instant Messagin...Real-Time-Communications Security-How to Deploy Presence and Instant Messagin...
Real-Time-Communications Security-How to Deploy Presence and Instant Messagin...
 
Identity 2.0, Web services and SOA in Health Care
Identity 2.0, Web services and SOA in Health CareIdentity 2.0, Web services and SOA in Health Care
Identity 2.0, Web services and SOA in Health Care
 
SOA Security - So What?
SOA Security - So What?SOA Security - So What?
SOA Security - So What?
 

Recently uploaded

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 

Recently uploaded (20)

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 

Implementing Public-Key-Infrastructures

  • 1. Implementing Public Key Infrastructures Dr. Oliver Pfaff Siemens AG KEMA Seminar "Utility Communications “ June 2003 , Amsterdam, Netherlands
  • 2.
  • 3.
  • 4. Setting-the-Scene What are Authentication-Enabled Services? Authentication Encryption Thwart active attacks Single-Sign-On Transfer authentication Access control Determine authorization Non-repudiation Validate and interpret evidence Privacy Enforce policies Digital rights management Control content distribution
  • 5. Setting-the-Scene How to Advance Authentication? Non-cryptographic Cryptographic Keyed checksums allow to verify the authenticity of data objects Shared secrets Allow origin authentication; do not bind exchanged information Classical codes Provide protection against transmission errors; not against intentional attacks Biometrics Can authenticate human beings; not IT-systems or data objects In-band Supplementary information via secondary channel Supplementary information attached with payload Out-of-band Used in various scenarios; not generic due to availability, cost, handling issues Our focus
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14. Exploring PKI How to Interface with Smart-Cards? Network Data object Generate checksum Validate checksum Data object Check- sum Data object Check- sum O K? Authentication Public key certificate Infrastructure Applications PKI RA Repository CA As above PKCS#11, MS-CAPI... Smart-Cards Keying association Keys Cert
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.

Editor's Notes

  1. Encryption conceals the original meaning of data to prevent it from being known to or used by unauthorized entities; authentication is a prerequisite to thwart active attacks on encryption schemes SSO user authentication employs 3-party authentication protocols; authentication is performed between client as well as authentication service and transferred to target services. Access control is the regulation of access to resources according to a security policy; authentication is a prerequisite to determine authorization. Non-repudiation is the capability to prevent the denial of (prior) actions, statements, commitments; authentication is required in evidence validation and thus a prerequisite for evidence interpretation Digital rights management is considered to be the digital management of rights, I.e. the digital management of physical, digital, abstract entities; protection of IPR requires sound access control and thus authentication. Privacy is considered to be the right of a person to determine the degree to which she/he will interact with its environment; authentication is a prerequisite to enforce privacy policies (esp. when communicating in distributed environments).
  2. Note: resources that are required to deploy public key cryptography are authentic public keys
  3. Note: there is another layer beneath PKI (cf. next slide)
  4. Intro: assume audience belongs to the middle case of ‚ smaller, less diverse populations ‘ and is considering the introduction of PKI
  5. No generic infrastructure technology for life-cycle management of initial ‘entity identifier and key’-bindings emerged in secret key authentication.