Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

public key infrastructure

17.861 Aufrufe

Veröffentlicht am

the basic details and description of public key infrastructure in network cryptography

Veröffentlicht in: Bildung
  • Loggen Sie sich ein, um Kommentare anzuzeigen.

public key infrastructure

  1. 1. A Seminar on Public Key Infrastructure Under the guidance of : K. Jeevan Pradeep, M.Tech Assistant professor 1 Presented by: M. Vimal Kumar (11121A0557) SREE VIDYANIKETHAN ENGINEERING COLLEGE (AUTONOMOUS) Sree Sainath Nagar, A.Rangampet-517102 Chittoor Dist, Andhra Pradesh. Department of Computer Science and Engineering
  2. 2. Contents  Introduction to Access Control Policy  Password Authentication  Symmetric and Asymmetric Encryption  Hashing  Digital Signature  Public Key Infrastructure  Certification  Validation  Revocation  Authentication  Keys  Related Technologies  Conclusion  References 2
  3. 3. Introduction to Access Control Policy  To be able to access data and applications from within a company, a user first needs to be authenticated, and then needs to be authorized to perform the operation.  Authentication Procedures perform the former task, and Access Control Decision functions perform the later task.
  4. 4. Password Authentication  When a company has several applications hosted by different systems and servers, there are several ways of identity authentication. Multiple passwords, one for each system/application Same password, replicated in each system  Single sign-on software Directory Server
  5. 5. Symmetric and Asymmetric Encryption  The objective of encryption is to transform a message to a cipher text, ensuring confidentiality  In the symmetric encryption schemes the same key (called the secret key) is used to both encrypt and decrypt the text. Ex :- DES algorithm.  Asymmetric cryptosystems use one key (the public key) to encrypt a message and a different key (the private key) to decrypt it. Ex:- RSA and ECDSA algorithms.
  6. 6. Contd… • Comparison between symmetric and asymmetric encryption
  7. 7. Hashing  Hashing is the method used to obtain a "digital fingerprint" (hash) for a given message.  The hash code has a fixed-length (normally 128 or 160 bits) and it's designed to be unique  Some examples are MD2, MD4, MD5 (128 bits) and SHA1 (Secure Hash Algorithm,160 bits )
  8. 8. Digital Signature  To obtain a secure digital signature,  At first the message is hashed  Creating a digital fingerprint which is encrypted using the receiver's public key  Creating a digital signature. The clear message is combined with the digital signature  The result (an authenticated message) is sent  After the reception, the message is separated from the digital signature  which is decrypted using the receiver's private key  The message is hashed into a "temporary" digital fingerprint  which is used to validate the received fingerprint  If the message has not been modified during the transfer process, it's authenticated.
  9. 9. Mechanism of Digital Signature
  10. 10. Public Key Infrastructure  Three different formats of messages can be used in public- key cryptosystems: Encrypted message, Signed message, Signed and encrypted message.  An infrastructure must be set-up to allow them to be undoubtedly trusted , as they are accessible via unsecured networks (Internet)  PKI entities: -CA ( certification authority ) -RA ( registration authority ) -Subscriber -Relying Party -Repository
  11. 11. PKI basic entities and operations
  12. 12. Certification  Certification is the fundamental function of all PKIs. The certificates provide a secure way of publishing public keys, so that their validity can be trusted.  A certificate contains (at least) the basic information needed to provide a third party entity with the subject's public key: • Subject Identification information • Subject public Key • CA Identification Information • Validity (e.g. time)
  13. 13. Certification contd...  Cross certification :- Not all the entities will trust the same CA to hold their certificates. Cross certification is used to create the certificate between two CAs. If both CAs trust each other, a cross certificate pair is established. In other cases, only one certificate would be created, and not a pair.
  14. 14. Certification contd...  Certification path :- In a universe composed of several different CAs an arbitrary number of CAs must validate each other, until a certificate is obtained. This process is called certification path validation.
  15. 15. Validation  This is the process that ensures that the certificate information is still valid, as it can change over time.  Either the user can ask the CA directly about the validity - every time it's used - or the CA may include a validity period in the certificate. This second alternative is also known as offline validation.
  16. 16. Revocation  This is the process of informing the users when the information in a certificate is not valid.  This is especially interesting in the absence of online validation approaches, and the most common revocation methods consist in publishing Certification Revocation Lists (CRL).  A CRL is a "black" list of revoked certificates that is signed and periodically issued by a CA.
  17. 17. Authentication  In order for the subject to gain access to its private key, it has to possess a smart card or an encrypted key file and know something (PIN or password) or be something (e.g. a particular fingerprint).
  18. 18. Keys  Key pair models :- To increase the security level, different key pairs might exist for different functions, which may be divided into the following categories: • Non-repudiatable message signing (e.g. e-mail). • Encryption/Decryption functions. • Authentication only (e.g. LOG ON functions).
  19. 19. Key Management  These are the main steps performed in a PKI structure to handle the key pairs: •Key Generation •Storage of Private Keys •Revocation of Public Keys •Publication of certificates and CRL •Key Update •Backup / Recovery •Escrow / Recovery
  20. 20. Related Technologies  CMS - Cryptographic Message Syntax  SSL  Secure e-mail / S/MIME  VPN (Virtual Private Network)  PGP (Pretty Good Privacy)
  21. 21. Conclusion  RFC 2822(Internet Security Glossary) defines public-key infrastructure(PKI) as the set of hardware , software , people , policies and procedures needed to revoke digital certificates based on asymmetric cryptography.  The principal objective for developing a PKI is to enable secure , convenient and efficient acquisition of public keys.
  22. 22. References  Wikipedia  www.studymafia.com  Network Security Essentials -by William Stallings 23
  23. 23. QUERIES…???
  24. 24. THANK YOU   