Introduction to PKI, Certificates - PowerPoint PPT Presentation

About This Presentation
Title:

Introduction to PKI, Certificates

Description:

unsecured client: private keys/passwords can be stolen/spied ... hack client's computer, steal certificate & password. man in the middle ... – PowerPoint PPT presentation

Number of Views:50
Avg rating:3.0/5.0
Slides: 13
Provided by: erwanle
Category:

less

Transcript and Presenter's Notes

Title: Introduction to PKI, Certificates


1
Introduction to PKI,Certificates Public Key
Cryptography
  • Erwan Lemonnier

2
Introduction to PKI, Certificates Public Key
Cryptography erwan_at_defcom.com
Role of Computer Security
  • CIA
  • Confidentiality protection against data
    disclosure
  • Integrity protection against data modification
  • Availability protection against data
    disponibility
  • Identification Authentication (IA)
  • Provide a way of identifying entities, and
    controlling this identity
  • Non-repudiability
  • Bind an entity to its actions


3
Introduction to PKI, Certificates Public Key
Cryptography erwan_at_defcom.com
How to implement CIA, IA, N-R ? With
Cryptography !
  • Main cryptographic tools
  • Hash Functions
  • Secret Key Cryptography
  • Public Key Cryptography
  • And their combinations
  • Certificates
  • PKI

4
Introduction to PKI, Certificates Public Key
Cryptography erwan_at_defcom.com
Main cryptographic tools
  • Hash Functions
  • Bind one entity with a unique ID gt Signature
  • Hash Encryption gt trusted signature
  • Symmetric Key Cryptography
  • 2 users share a secret key S and
  • an algorithm.
  • S(S(M)) M
  • Problem
  • how to exchange secret keys ?
  • gtSecret Key Server (ex kerberos)


5
Introduction to PKI, Certificates Public Key
Cryptography erwan_at_defcom.com
Main cryptographic tools
  • Public Key Cryptography
  • Each user has a public key P and a private key S,
    and an algorithm A.
  • P(S(M)) S(P(M)) M
  • No shared secret !


Encryption with Public Key Crypto
Authentication with Public Key Crypto
6
Introduction to PKI, Certificates Public Key
Cryptography erwan_at_defcom.com
Main cryptographic tools, PKI
  • How to distribute public keys ?
  • Public Key Server (PKS), key exchange protocols
  • Public Key Infrastructure (PKI)
  • PKI N x (Entities with private keys) public
    key exchange system
  • REM Public Key algorithms are slow
  • Need to use both Public Secret Key Cryptography
  • Public Key Protocols work in 3 phases
  • Authentication via Public Key Cryptography
    (challenge)
  • Exchange of a session Secret Key, encrypted with
    Public Key Crypto
  • Session encrypted with Symmetric Cryptography


7
Introduction to PKI, Certificates Public Key
Cryptography erwan_at_defcom.com
Certificate
  • A certificate binds an entity with its public
    key.
  • Its just a digitally signed piece of data.
  • digital ID card


The certificate is issued and signed by a
trusted Certificate Authority (CA)
  • Digital signature
  • CA signature certificate hash,
  • encrypted with CAs private key

8
Introduction to PKI, Certificates Public Key
Cryptography erwan_at_defcom.com
Certificate
  • The certificates CA is the only entity able to
    create/modify the certificate
  • the CA has to be trusted
  • Certificates enable
  • Clients to authenticate servers
  • Servers to authenticate clients
  • Public key exchange without Public Key Server
  • No disclosure of private/secret keys.
  • Certificates are usually stored encrypted.
  • Special features
  • chains of CAs, to distribute the task of issuing
    Certificates
  • Certificate Revocation List, to disable
    certificates


9
Introduction to PKI, Certificates Public Key
Cryptography erwan_at_defcom.com
Usual cryptographic algorithms infrastructures
Hash MD4, MD5, SHA-1 Symmetric Key DES,
3DES, AES (Rijnael), IDEA, RC4 Public/Private
Key RSA, Diffie-Hellman Certificat
X509 PKI IPSec, SSL, (kerberos)

10
Introduction to PKI, Certificates Public Key
Cryptography erwan_at_defcom.com
example IPSec
  • IPSec works at IP level.
  • Provide authentication and encryption. Used to
    build VPNs.
  • Configuration
  • 2 transfert modes tunnel or transport
  • 2 transfert protocols
  • AH (Authentication Header) gt authenticated
    traffic
  • ESP (Encapsulating Security Payload) gt
    encrypted traffic
  • Key exchange protocols
  • Internet Key Exchange (IKE),
  • Internet Security Association and Key Management
    Protocol (ISAKMP),
  • etc.


11
Introduction to PKI, Certificates Public Key
Cryptography erwan_at_defcom.com
Weaknesses of PKI and Certificates
  • PKI
  • unsecured server hackable Public
    Key/Certificate servers
  • unsecured client private keys/passwords can be
    stolen/spied
  • weak algorithm short keys, implementation or
    design breach
  • Certificate
  • unsecured computer certificates can be stolen,
    password spied
  • certificate password certificates are stored
    encrypted, with weak password
  • untrustable CA easy to be issued a
    certificate from a CA
  • users they seldom check if CA can be trusted
    before accepting certificates (netscape GUI)
  • Attack example
  • hack clients computer, steal certificate
    password
  • man in the middle


12
Introduction to PKI, Certificates Public Key
Cryptography erwan_at_defcom.com
Links
Book Applied cryptography, Bruce
Schneier URLs theory.lcs.mit.edu/rivest/crypto-
security.html www.counterpane.com/pki-risks.html w
ww.csc.gatech.edu/copeland/8813/slides/ www.iplan
et.com/developer/docs/articles/security/pki.html w
eb.mit.edu/6.857/OldStuff/Fall96/www/main.html
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Introduction to PKI, Certificates" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!