EEC 688788 Secure and Dependable Computing - PowerPoint PPT Presentation

1 / 9
About This Presentation
Title:

EEC 688788 Secure and Dependable Computing

Description:

It certifies the public keys belonging to people, companies, or even attributes ... Revocation: sometimes certificates can be revoked, due to a number of reasons ... – PowerPoint PPT presentation

Number of Views:40
Avg rating:3.0/5.0
Slides: 10
Provided by: wenbin
Category:

less

Transcript and Presenter's Notes

Title: EEC 688788 Secure and Dependable Computing


1
EEC 688/788Secure and Dependable Computing
  • Lecture 6
  • Wenbing Zhao
  • Department of Electrical and Computer Engineering
  • Cleveland State University
  • wenbing_at_ieee.org

2
Outline
  • Reminder
  • Midterm1 9/21 Monday
  • Public key management
  • Mock quiz Q/A

3
Management of Public Keys
  • Problem statement
  • Certificates
  • X.509
  • Public key infrastructure

4
Problems with Public-Key Management
  • If Alice and Bob do not know each other, how do
    they get each others public keys to start the
    communication process ?
  • It is essential Alice gets Bobs public key, not
    someone elses
  • A way for Trudy to subvert public-key encryption

5
Certificates
  • Certification Authority (CA) an organization
    that certifies public keys
  • It certifies the public keys belonging to people,
    companies, or even attributes
  • CA does not need to be on-line all the time (in
    ideal scenarios)
  • A possible certificate and its signed hash

6
X.509
  • Devised and approved by ITU
  • The basic fields of an X.509 certificate

7
Public-Key Infrastructures
  • A Public-Key Infrastructure (PKI) is needed for
    reasons of
  • Availability, Scalability, Ease of management
  • A PKI has multiple components
  • Users, CAs, Certificates, Directories
  • A PKI provides a way of structuring these
    components and define standards for the various
    documents and protocols
  • A simple form of PKI is hierarchical CAs

8
Public-Key Infrastructures
  • Hierarchical PKI
  • A chain of trust/certification path A chain of
    certificates going back to the root

9
Public-Key Infrastructures
  • Revocation sometimes certificates can be
    revoked, due to a number of reasons
  • Reinstatement a revoked certificate could
    conceivably be reinstated
  • Each CA periodically issues a CRL (Certificate
    Revocation List) giving the serial numbers of all
    certificates that it has revoked
  • A user who is about to use a certificate must now
    acquire the CRL to see if the certificate has
    been revoked
  • Having to deal with revocation (and possibly
    reinstatement) eliminates one of the best
    properties of certificates, namely, that they can
    be used without having to contact a CA
Write a Comment
User Comments (0)
About PowerShow.com