Security and Certification; Authentication and Authorization - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

Security and Certification; Authentication and Authorization

Description:

Security and Certification; Authentication and Authorization. Assaf Gottlieb. EGEE Training Team ... Each university has one authorized RA. ... – PowerPoint PPT presentation

Number of Views:59
Avg rating:3.0/5.0
Slides: 18
Provided by: assafgo
Category:

less

Transcript and Presenter's Notes

Title: Security and Certification; Authentication and Authorization


1
Security and Certification Authentication and
Authorization
  • Assaf Gottlieb
  • EGEE Training Team

EGEE is funded by the European Union under
contract IST-2003-508833
2
Acknowledgements
  • Some of these slides have been taken from a
    longer presentation by Mike Jones of the
    University of Manchester.
  • Prepared by John Kewley, CCLRC Daresbury
    Laboratory

3
Goals of this module
  • Describe
  • Security basics
  • Use of Certificates
  • Importance of Certificate Authorities

4
Overview
  • Introduction to Security
  • Public/private keys in action
  • Certificates
  • Certificate Authorities

5
Introduction to Security
  • What aspects of security should we be concerned
    about?
  • Authentication (Identification)
  • Confidentiality (Privacy)
  • Integrity (non-Tampering)
  • Authorization
  • Also
  • Accounting
  • Delegation
  • Non-Repudiation

6
Tools of the trade
  • Encryption
  • Secret symmetric key both parties need to
    share the key
  • DES, RC4
  • Comparatively efficient
  • Public/private key asymmetric - 2 keys
    mathematically related
  • RSA, DSA
  • Slower
  • Oneway hash / message digest
  • MD5, SHA-1
  • fast

7
Gbbyf bs gur genqr
  • Rapelcgvba
  • Frpergt flzzrgevp xrl obgu cnegvrf arrq gb
    funer gur xrl
  • QRF, EP4
  • Pbzcnengviryl rssvpvrag
  • Choyvp/cevingr xrl nflzzrgevp - 2 xrlf
    zngurzngvpnyyl eryngrq
  • EFN, QFN
  • Fybjre
  • Barjnl unfu / zrffntr qvtrfg
  • ZQ5, FUN-1
  • Snfg

8
Tools of the trade
  • Encryption
  • Secret symmetric key both parties need to
    share the key
  • DES, RC4
  • Comparatively efficient
  • Public/private key asymmetric - 2 keys
    mathematically related
  • RSA, DSA
  • Slower
  • Oneway hash / message digest
  • MD5, SHA-1
  • fast

9
Encrypting for Confidentiality (1)
  • Sending a message using symmetric keys
  • Encrypt message using shared key
  • Send encrypted message
  • Receiver decrypts message using shared key
  • Only someone with shared key can decrypt message
  • But how do the keys get shared?

Sender space
Receiver space
Public space
key
key
hR3a rearj
hR3a rearj
hR3a rearj
openssl
openssl
2
3
1
Hello World
Hello World
10
Encrypting for Confidentiality(2)
  • Sending a message using asymmetric keys
  • Encrypt message using Receivers public key
  • Send encrypted message
  • Receiver decrypts message using own private key
  • Only someone with Receivers private key can
    decrypt message

Receiver space
Public space
Sender space
Private Key
Public Key
Receivers Public Key
Receivers Public Key
3
hR3a rearj
hR3a rearj
openssl
openssl
2
hR3a rearj
1
Hello World
Hello World
11
Signing for Authentication
  • Encrypt message with Senders private key
  • Send encrypted message
  • Message is readable by ANYONE with Senders
    public key
  • Receiver decrypts message with Senders public
    key
  • Receiver can be confident that only someone with
    Senders private key
  • could have sent the message

Public space
Sender space
Receiver space
Senders Public Key
Senders Public Key
Public Key
Private Key
3
openssl
1
openssl
n52krj rer
n52krj rer
openssl
Hello World
4
2
n52krj rer
Hello World
Hello World
12
Certificates
  • A statement from someone else (the Certificate
    Authority), that your public key (and hence your
    private key) is associated with your identity
  • A certificate can be checked if you have the
    public key of the party who signed it

13
Certificate Authority
  • A Certificate Authority (CA) issues you your
    certificates.
  • By signing them it is able to vouch for you to
    third parties
  • In return for this service, you must provide
    appropriate documentary evidence of identity when
    you apply for a certificate through a
    Registration Authority (RA)

14
Certificate contents
  • The certificate that you present to others
    contains
  • Your distinguished name (DN)
  • Your public key
  • The identity of the CA who issued the certificate
  • Its expiry date
  • Digital signature of the CA which issued it

15
The Full Monty
  • Server authenticates Client
  • Client authenticates Server
  • (Symmetric) Session key exchanged confidentially
    using public key mechanism
  • Secure session can now commence using more
    efficient, agreed session key
  • Secure messages will also contain a message
    digest to ensure integrity

16
The Israeli Certificate Authority
  • Each university has one authorized RA.
  • The CA is located at the Computer Science
    department at Tel Aviv University
  • Supply appropriate documentary evidence of your
    identity to the RA
  • Once documentary and RA assurance is supplied to
    the CA, a certificate is supplied to you
  • A public/private key is generated for you as part
    of the certificate. Your private key will be put
    on a floppy disk

17
Summary
  • We have looked at
  • Security basics
  • Use of Certificates
  • Importance of Certification Authorities
Write a Comment
User Comments (0)
About PowerShow.com