Considerations about the Architecture Solutions for PKI in Ad-hoc-Networks
|
|
- Willa Holt
- 6 years ago
- Views:
Transcription
1 Considerations about the Architecture Solutions for PKI in Ad-hoc-Networks MIHAI-LICĂ PURA, VICTOR-VALERIU PATRICIU Military Electronic and Informatics Systems Faculty Military Technical Academy George Coşbuc Bulevard, District 5, Bucharest Romania s: Abstract: Ad hoc networks are a relative new technology build with the need for ubiquitous connectivity in mind. All the things around us are coming to life. They are being equipped with computing and communication devices. But for this equipment to achieve its goals, interconnectivity is needed. Here is where ad hoc networks come into place, offering communications with out any preinstalled infrastructure. Here is where security comes into place too, because the data exchanged has to be made safe. In common networks, security is assured using PKI. Are classic solutions suitable for this new type of network? Key-words: ad hoc network, PKI, CA, certificate, public key, private key 1 Introduction When we talk about ad hoc networks we talk about connectivity. Being an implementation of the Distributed Transient Network paradigm, ad hoc networks focus on assuring the communications between the entities that want to form a network. The main characteristic of such a network is that each of its nodes acts like a router by retransmitting all the packets that it receives. This means that even if two nodes are outside of each others cover area, they can still communicate through the nodes that are between them. From the point of view of communications, the connectivity can be achieved only if the data are retransmitted by each node it reaches in order to get to all the devices in the network. From the point of view of security the fact that data gets to all the nodes is a risk factor. But in network security a new trend emerged: we no longer propose to keep the intruders out of the network (this thing had proved to be very difficult to achieve), but to protect the data from being accessed by unauthorized users. The simplest way for doing this is through public key cryptography. Public key cryptography is based on a public key infrastructure that consists out of three elements: private keys, public keys and the Certification Authority. As presented in [2], every node of the network has a private key that only it knows and a corresponding public key that can be obtain by every node that wants it. The Certification Authority is a trusted third party that is used for key management. The CA has also a public/private key pair. The private key is used by the CA to sign certificates that bind every node to its public key. The CA public key is known by all the nodes and can be used to verify the certificate of a node. The CA has to be always online and accessible by all the nodes because it is responsible for reflecting all the changes that can appear: some certificates have to be revoked (if the corresponding nodes are no longer trusted, if they were compromised or they had left the
2 network), other certificates have to be renew and the new nodes that join the ad hoc network need to obtain certificates. 2 Solutions with a CA The implementation of the above model in ad hoc networks has to take into consideration several aspects. The most obvious one is how the CA can be implemented. If the CA functions are taken by a single node of the network, this node becomes a single point of failure for the network. In military applications, for example, if this node is destroyed by the enemy, the whole network will seize to function. A solution for this problem would be the cloning of the CA on more than one node. This way the nodes that need the CA functions are more likely to be able to get them. But if the enemy will compromise one of this mirror node by getting the public key all the others are also compromised. Anyway, this approach has other weak points. The CA node will have to have special resources, different from an average node of the network: more storage resources, higher computational power (requested by all the calculation needed to be perform in key generation and in answering to all the different requests of the network nodes) and of course more battery power (unlike the other nodes, the CA will have to always be online, will have to route the packets that it receives like every other node of an ad hoc network, and of course it will have to serve all the requests concerning certificates of all the other nodes). So this node will have to be very different from the others and will act as a server. Thus a characteristic of ad hoc network is broken: the nodes have to be equal. A solution to some of these problems is the distribution of the CA s functions to an n number of nodes in the network ([1]). This means that for every request concerning certificates, a node must obtain an answer from at least k out of the n CA nodes. These k nodes have to be present at the initialization of the ad hoc network in order to receive a share of the CA private key. Then, if a node requests a certificate for another node it wants to communicate with and needs its public key, it will broadcast the request. At least k of the CA nodes will have to receive it in order to obtain a correct answer. After receiving the request, each of the k nodes must sign the requested public key with its share of the systems private key. The resulted partial signatures are than send to a combiner node C that computes the whole signature and sends it to the requesting node. The problems of this implementation are exactly the ones that can be seen as advantages. So there is not a single failure point in the network, but the fact that k+1 nodes have to be able to communicate in order to achieve a result (getting a certificate as in the example above) is a very restrictive need. Because the topology of the ad hoc network is very dynamic and the routes change very often, the communication channel can be occupied with the packets for route building between the requesting node and the k CA nodes and never with the actually exchanged data. Of course, this is an extreme situation, but if the implementation wants to be dependable it has to cover all the aspects. Beside this, the problem with nodes resources is not solved because all n CA nodes have to have lot of memory resources (they have to store the certificates for all the nodes in the network). So instead of one server node, we get n server nodes. 3 Solutions without a CA As we have seen above the implementation of key management
3 through CA is very easy to develop, but the results are far from satisfactory. Ad hoc network were build for situations where there is no infrastructure. Therefore, the presence of the CA reduces the ad hoc character of the network. So, a simplistic solution would be to consider that all the nodes are equal. There is no CA (distributed or not) in the network, but all the operations with certificates demand a group answer of the network nodes ([1]). For instance, if a node wants to obtain another node s certificate it has to identify itself to any t of the network nodes. The authors of this implementation suggest that the identification should be made through physical contact or through a secure side-channel. But this request is very restrictive and might that suite in some real implementations. Plus, the combination of the partial signatures from the t nodes requires some heavy calculations and so the performance of the network depends on the resources of the nodes. Another proposed model is based on the ID of the nodes, as in [3]. This way when two nodes want to communicate they do not need to exchange certificates in order to get one another s public key, but the ID of the nodes is used as a certificate and as the public key too. The authors suggest using human readable and unique identities as the public key, such as addresses, names, etc. This model requires the presence of a CA only at the initialization phase of the network s existence and its role is to assign to each node a secret key based on the identity used by it and to assign an expiration date to the pair thus resulted. After this step is completed the CA becomes redundant. The main advantages of this model are that no certificates are needed to bind a node to its public key and no exchange of the public key is need prior to the actual communication. The disadvantages of the model are given by the fact that after the initialization the CA knows the secret key for all the nodes in the network. This means that if it is compromised the communications in the network are not secure. Also, the necessity of a secure channel between the CA and every of the nodes in order to transmit the secret keys is also consider to be a drawback. When implementing this model some aspects are to be very carefully examined. For example, how does a new node that joins the network receives a secret key? Haw are renewed the identity-secret key pairs after the expiration date? Haw can be identified and banned a compromised node? A somehow similar model is the selfcertified public key model. Its defining characteristic is that the certificate (thus the identity of the node) is included in the node s public key. So the identity of the node is not used itself as the public key, like in the previous discussed model. Therefore, for two nodes to be able to communicate they have to first change public keys. The authenticity of the keys is provided by the keys themselves. For the generation of the self-certified public keys a CA is needed, but just in the initialization phase, exactly like in the previous model. Based on the device s public key and identity and on the CA s secret key, the CA generates the selfcertified public key. So the authentication of a node in a network is based on this self-certified public key. It can be observed that the CA does not know the secret keys of the nodes. A problem is this way solved, but another emerges: signing and encryption using these selfcertified public keys are different from regular asymmetric schemes because there is no direct correspondence between the self-certified public key and the secret key. A more suitable model for the ad hoc character of the ad hoc networks is the
4 self-organization model. As presented in [3], this model is based on PGP. Therefore the entities that form the ad hoc network issue certificates for each other based on their personal trust. This means that the model presumes that some nodes trust each other from the initialization phase of the ad hoc network. The difference from the PGP model is given by how these certificates are stored and distributed. In PGP there are special on-line servers called certificate directories that perform the storage and distribution tasks. In the self organization model, on the other hand, each of the nodes maintains a local certificate repository. A node s repository can be divided into two lists: a list of certificates that where issue by this node for the nodes that this node trust, and a list of certificates that were issue for this node by the nodes that trust it. The model presumes that each node has a public/private key pair. In the initialization phase, the nodes that trust each other issue certificates for one another for the public keys they each have. For example if node A and node B trust each other, A issues a certificate for B with is signed with A s private key, and B issues a certificate for A, witch is signed by B s private key. Node A stores the certificate it issued for B in its repository in the list of certificates of the nodes it trusts, and the certificate it receives from B, in the list of certificates from the nodes that trust it. The same thing does B to. Let s presume that after a while node A finds another node that it trust, called C. A and C do the same thing as A did with B. So when B and C will want to communicate, they merge theirs two types of certificate lists and try to find a trusted path between them. So C sends to B the certificates it receives from the nodes that trust it and the certificates that it issued for the nodes it trust. So B will receive also the certificate that A issued for C. B trusts A, and A trusts B. So B checks A s signature on the certificate issued by A for C and if it is correct B will trust C also and will issue a certificate for it. Figure 1 In [1] the authors observe that in order to verify a certificate of a node N (in the manner that B did with C) in the best case a node M has to verify only the certificates from the M s list of certificates that where issued for M. In the worst case, N will have to verify all the certificates from the trusted path, except the one that it issued. It is now obvious that the performances of this model depend on the length of the trusted path. For this, the authors propose the utilization of a PGP like graph and special algorithm for finding the shortest trust path. The authors from [1] consider that the disadvantages of the algorithm are the fact that for authentication a node has to verify more than one certificate and that the lists of certificates are changed over an insecure channel, witch makes the model vulnerable to man-in-themiddle attacks. But on the other hand this model solves many of the problems of the precedent models: there are no special nodes in the network, the nodes
5 do not need special resources (no have computations are need), and there is no need for a CA, not even in the initialization phase. The self-organization model that was last presented suits an ad hoc network in the best way. The reason is that ad hoc networks try to copy the way humans naturally relate and speak to each other. 4 Testing architecture The theoretical approaches of ad hoc networks implementation are many. But the actual implementations are rare. When it is about ad hoc routing protocols there are quite a few implemented and tested. But when it comes about security, the tests are relatively rare. If we focus only on security matters it is not very important what ad hoc routing protocol it is used. But after the security models are tested, the actual implementation of such a model will have to take into consideration the particularities of the routing protocol that it will be based on. The tests that we performed were made using Jadhoc 0.2 and WinAODV implementations of AODV ad hoc routing protocol. Jadhoc is a Java implementation of AODV protocol developed ad the University of Bremen and WinAODV is a C implementation of the same protocol from David West from Trinity College, Dublin. Booth implementations are open source and available for free on the internet. We implemented an ad hoc network of laptops used for exchanging text messages using a SIP based Java program. In the future we will extend it to multimedia messages. Over this network we tested the security models based on a CA, using an open source CA implementation available on the internet. These models were the simplest to test because the CA didn t need to be implemented and the modifications required by the PKI architecture to the message exchange program where easy to make. But in the future we propose to implement the PGP based security model that was last discussed. Some implementation details will be given in the next paragraph. 5 Conclusions The self-organization model that was last presented suits an ad hoc network in the best way. The reason is that ad hoc networks try to copy the way humans naturally relate and speak to each other. The relationships between humans are based on trust. This trust can be based on previous experience. For example, two persons that worked together and saw each other in real situations know if each can trust the other. But the trust can also be based on an already establish relation of trust. For example Mihai can trust Vlad because Andrei (witch is trusted by Mihai) trust Vlad. For these relations of trust to work, people have to be able to identify one another. If the trust relation is direct, the people recognize one another by the looks. If the trust relation was derived, the persons can identify one another through recommendations. If we take the example with Mihai and Vlad, Mihai can identify and trust Vlad if Vlad presents to Mihai a recommendation from Andrei that Mihai can verify to be authentic. After the verification of the recommendation the trust relationship between Mihai and Vlad becomes a direct one. Let s presume that two people meet. They do not know each other and they do not have common trustees either. Can a trust relation be established between the two? Why not? They observe one another for a period of time. And after seeing haw each acts in given situations they can get to trust each other. But even close friends can disappoint you some times, right? In this
6 case people decide simply not to trust the friend in cause anymore and tell everybody that that person cannot be trusted anymore. The self-organization model tries to implement these human behaviors for ad hoc networks. And the resulted implementation is not forced at all because, of course, behind every node of the network (PDA, laptop, etc.) is a human operator. Each of these nodes has to have a public/private key pair and the necessary software to be able to sign, encrypt, verify and decrypt data and generate certificates for their own public keys. At the initialization phase of the network is a high chance that lots of these nodes already knows each other and thus trust or not each other. The one that do trust each other can issue certificates for one another. The mutual identification of the nodes can be done by physical contact and the exchange of certificates must be done on a peer-topeer channel. Than the network starts to exist fulfilling the purpose it was created for. The nodes of the network that want to communicate but do not have a prior trust relationship must get into physical contact and see if they can establish a common trust path as was discussed before. If the mutual trust path does not exist they can choose to trust each other based on the observations of each other s behavior. The revocation of a trust relationship based on present observation can be made known to other nodes by sending a revocation list to all the nodes of the certificates from the certificate repository. Of course, there are many theoretical studies of the ad hoc network security. What lacks are actual implementations. [2] Arun Kumar Bayya, Siddhartha Gupte, Yogesh Kumar Shukla, Anil Garikapati, Security in Ad-Hoc Networks [3] Refik Molva, Pietro Michiardi, Security in Ad Hoc Networks [4] Srdjan Capkun, Jean-Pierre Hubaux, Levente Buttyan, Mobility Helps Security in Ad Hoc Networks [5] Vesa Karpijoki, Security in Ad Hoc Networks References: [1] Katrin Hoeper, Guang Gong, Model of Authentications in Ad Hoc Networks and Their Related Network Properties
X.509. CPSC 457/557 10/17/13 Jeffrey Zhu
X.509 CPSC 457/557 10/17/13 Jeffrey Zhu 2 3 X.509 Outline X.509 Overview Certificate Lifecycle Alternative Certification Models 4 What is X.509? The most commonly used Public Key Infrastructure (PKI) on
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 1: Overview What is Cryptography? Cryptography is the study of
More informationModels of Authentications in Ad Hoc Networks and Their Related Network Properties
Models of Authentications in Ad Hoc Networks and Their Related Network Properties Katrin Hoeper and Guang Gong {khoeper, ggong}@calliope.uwaterloo.ca Department of Electrical and Computer Engineering University
More informationSecure Sockets Layer (SSL) / Transport Layer Security (TLS)
Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Brad Karp UCL Computer Science CS GZ03 / M030 20 th November 2017 What Problems Do SSL/TLS Solve? Two parties, client and server, not previously
More informationSECURED KEY MANAGEMENT ALGORITHM FOR DATA TRANSMISSION IN MOBILE ADHOC NETWORKS
International Journal of Electronics and Communication Engineering and Technology (IJECET) Volume 7, Issue 6, November-December 2016, pp. 96 100, Article ID: IJECET_07_06_014 Available online at http://www.iaeme.com/ijecet/issues.asp?jtype=ijecet&vtype=7&itype=6
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 8: Protocols for public-key management Ion Petre Department of IT, Åbo Akademi University 1 Key management two problems
More informationPublic Key Management Scheme with Certificate Management Node for Wireless Ad Hoc Networks
Proceedings of the International Multiconference on Computer Science and Information Technology pp. 445 451 ISSN 1896-7094 c 2006 PIPS Public Key Management Scheme with Certificate Management Node for
More informationTen Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier
Presented by Joshua Schiffman & Archana Viswanath Ten Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier Trust Models Rooted Trust Model! In a
More informationA Security Infrastructure for Trusted Devices
Infrastructure () A Security Infrastructure for Trusted Devices Mahalingam Ramkumar Mississippi State University, MS Nasir Memon Polytechnic University, Brooklyn, NY January 31, 2005 Infrastructure ()
More informationCredential Management in the Grid Security Infrastructure. GlobusWorld Security Workshop January 16, 2003
Credential Management in the Grid Security Infrastructure GlobusWorld Security Workshop January 16, 2003 Jim Basney jbasney@ncsa.uiuc.edu http://www.ncsa.uiuc.edu/~jbasney/ Credential Management Enrollment:
More informationPublic Key Infrastructure
Public Key Infrastructure Ed Crowley Summer 11 1 Topics Public Key Infrastructure Defined PKI Overview PKI Architecture Trust Models Components X.509 Certificates X.500 LDAP 2 Public Key Infrastructure
More informationKerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos
Kerberos and Public-Key Infrastructure Key Points Kerberos is an authentication service designed for use in a distributed environment. Kerberos makes use of a thrusted third-part authentication service
More informationAuthentication and Key Distribution
1 Alice and Bob share a key How do they determine that they do? Challenge-response protocols 2 How do they establish the shared secret in the first place? Key distribution PKI, Kerberos, Other key distribution
More informationECA Trusted Agent Handbook
Revision 8.0 September 4, 2015 Introduction This Trusted Agent Handbook provides instructions for individuals authorized to perform personal presence identity verification of subscribers enrolling for
More informationCryptography and Network Security Chapter 14
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture
More informationCertificates, Certification Authorities and Public-Key Infrastructures
(Digital) Certificates Certificates, Certification Authorities and Public-Key Infrastructures We need to be sure that the public key used to encrypt a message indeed belongs to the destination of the message
More informationCertificateless Public Key Cryptography
Certificateless Public Key Cryptography Mohsen Toorani Department of Informatics University of Bergen Norsk Kryptoseminar November 9, 2011 1 Public Key Cryptography (PKC) Also known as asymmetric cryptography.
More informationCSC 5930/9010 Modern Cryptography: Public-Key Infrastructure
CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure Professor Henry Carter Fall 2018 Recap Digital signatures provide message authenticity and integrity in the public-key setting As well as public
More informationSIP-Based Multimedia Services Provision in Ad Hoc Networks
SIP-Based Multimedia Services Provision in Ad Hoc Networks Y. Rebahi, D. Sisalem, U. Depirianto Fraunhofer Institut Fokus Kaiserin-Augusta-Allee 31 10589 Berlin, Germany {rebahi, sisalem, depirianto}@fokus.fraunhofer.de
More informationCT30A8800 Secured communications
CT30A8800 Secured communications Pekka Jäppinen October 31, 2007 Pekka Jäppinen, Lappeenranta University of Technology: October 31, 2007 Secured Communications: Key exchange Schneier, Applied Cryptography:
More informationProtocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh
Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols
More informationAAA and PKI in Ad Hoc Networks
AAA and PKI in Ad Hoc Networks Pradip Lamsal Helsinki University of Technology Telecommunications Software and Multimedia Laboratory pradip.lamsal@helsinki.fi Abstract Both AAA and PKI are frameworks that
More informationAdd or remove a digital signature in Office files
Add or remove a digital signature in Office files This article explains digital signatures (also known as digital ID), what they can be used for, and how you can use digital signatures in the following
More informationISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :
ISACA CISA ISACA CISA ( Certified Information Systems Auditor ) Download Full Version : http://killexams.com/pass4sure/exam-detail/cisa QUESTION: 390 Applying a digital signature to data traveling in a
More informationAuthentication Methods
CERT-EU Security Whitepaper 16-003 Authentication Methods D.Antoniou, K.Socha ver. 1.0 20/12/2016 TLP: WHITE 1 Authentication Lately, protecting data has become increasingly difficult task. Cyber-attacks
More informationThe most common type of certificates are public key certificates. Such server has a certificate is a common shorthand for: there exists a certificate
1 2 The most common type of certificates are public key certificates. Such server has a certificate is a common shorthand for: there exists a certificate signed by some certification authority, which certifies
More informationIssues. Separation of. Distributed system security. Security services. Security policies. Security mechanism
Module 9 - Security Issues Separation of Security policies Precise definition of which entities in the system can take what actions Security mechanism Means of enforcing that policy Distributed system
More informationAuthentication Technology for a Smart eid Infrastructure.
Authentication Technology for a Smart eid Infrastructure. www.aducid.com One app to access all public and private sector online services. One registration allows users to access all their online accounts
More informationOutline Key Management CS 239 Computer Security February 9, 2004
Outline Key Management CS 239 Computer Security February 9, 2004 Properties of keys Key management Key servers Certificates Page 1 Page 2 Introduction Properties of Keys It doesn t matter how strong your
More informationKey Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature
Key Management Digital signatures: classical and public key Classic and Public Key exchange 1 Handwritten Signature Used everyday in a letter, on a check, sign a contract A signature on a signed paper
More informationKey Management and Distribution
2 and Distribution : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015 css441y15s2l10, Steve/Courses/2015/s2/css441/lectures/key-management-and-distribution.tex,
More informationEncryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls Overview Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message
More informationLecture Note 6 KEY MANAGEMENT. Sourav Mukhopadhyay
Lecture Note 6 KEY MANAGEMENT Sourav Mukhopadhyay Cryptography and Network Security - MA61027 Key Management There are actually two distinct aspects to the use of public-key encryption in this regard:
More informationCertification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure
Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure 1.0 INTRODUCTION 1.1 Overview The Federal Reserve Banks operate a public key infrastructure (PKI) that manages
More informationCryptographic Protocols 1
Cryptographic Protocols 1 Luke Anderson luke@lukeanderson.com.au 5 th May 2017 University Of Sydney Overview 1. Crypto-Bulletin 2. Problem with Diffie-Hellman 2.1 Session Hijacking 2.2 Encrypted Key Exchange
More informationThe SafeNet Security System Version 3 Overview
The SafeNet Security System Version 3 Overview Version 3 Overview Abstract This document provides a description of Information Resource Engineering s SafeNet version 3 products. SafeNet version 3 products
More informationKey management. Pretty Good Privacy
ECE 646 - Lecture 4 Key management Pretty Good Privacy Using the same key for multiple messages M 1 M 2 M 3 M 4 M 5 time E K time C 1 C 2 C 3 C 4 C 5 1 Using Session Keys & Key Encryption Keys K 1 K 2
More informationPKI Services. Text PKI Definition. PKI Definition #1. Public Key Infrastructure. What Does A PKI Do? Public Key Infrastructures
Public Key Infrastructures Public Key Infrastructure Definition and Description Functions Components Certificates 1 2 PKI Services Security Between Strangers Encryption Integrity Non-repudiation Key establishment
More informationA Framework of Decentralized PKI Key Management Based on Dynamic Trust
A Framework of Decentralized PKI Key Management Based on Dynamic Trust Zhiqian Xu 1 and Hai Jiang 2 1 FedEx Corporation, Collierville, TN, U.S.A. 2 Dept. of Computer Science, Arkansas State University,
More informationNetwork Security Essentials
Network Security Essentials Fifth Edition by William Stallings Chapter 4 Key Distribution and User Authentication No Singhalese, whether man or woman, would venture out of the house without a bunch of
More informationKey Management and Distribution
Key Management and Distribution Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationSurvivable Trust for Critical Infrastructure David M. Nicol, Sean W. Smith, Chris Hawblitzel, Ed Feustel, John Marchesini, Bennet Yee*
Survivable Trust for Critical Infrastructure David M. Nicol, Sean W. Smith, Chris Hawblitzel, Ed Feustel, John Marchesini, Bennet Yee* Cybersecurity Research Group Institute for Security Technology Studies,
More informationSECURE ROUTING PROTOCOLS IN AD HOC NETWORKS
SECURE ROUTING PROTOCOLS IN AD HOC NETWORKS INTRODUCTION 1. With the advancement in radio technologies like Bluetooth, IEEE 802.11or Hiperlan, a new concept of networking has emerged, known as ad hoc networks,
More informationKey management. Required Reading. Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E
ECE 646 Lecture 3 Key management Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E Chapter 14 Key Management and Distribution 1 Using the same key for multiple
More informationA Modified Approach for Kerberos Authentication Protocol with Secret Image by using Visual Cryptography
A Modified Approach for Kerberos Authentication Protocol with Secret Image by using Visual Cryptography Ashok Kumar J 1, and Gopinath Ganapathy 2 1,2 School of Computer Science, Engineering and Applications
More informationPublic-key Infrastructure Options and choices
Public-key Infrastructure Options and choices Tim Moses Director, Advanced Security Technology April 98 1997 Entrust Technologies Overview General-purpose and Dedicated PKIs Trust models Two-key architecture
More informationECE 646 Lecture 3. Key management
ECE 646 Lecture 3 Key management Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E Chapter 14 Key Management and Distribution Using the same key for multiple
More informationSome Lessons Learned from Designing the Resource PKI
Some Lessons Learned from Designing the Resource PKI Geoff Huston Chief Scientist, APNIC May 2007 Address and Routing Security The basic security questions that need to be answered are: Is this a valid
More informationModule: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Authentication Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Kerberos History: from UNIX to Networks (late
More informationBut where'd that extra "s" come from, and what does it mean?
SSL/TLS While browsing Internet, some URLs start with "http://" while others start with "https://"? Perhaps the extra "s" when browsing websites that require giving over sensitive information, like paying
More informationModule: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Authentication Professor Trent Jaeger 1 Kerberos History: from UNIX to Networks (late 80s) Solves: password eavesdropping Also mutual authentication
More information1) Revision history Revision 0 (Oct 29, 2008) First revision (r0)
To: INCITS Technical Committee T10 From: David L. Black, EMC Email: black_david@emc.com Date: October 29, 2008 Subject: SPC-4: Digital Signature Authentication (08-423r0) 1) Revision history Revision 0
More informationSecurity in NFC Readers
Security in Readers Public Content and security, a different kind of wireless Under the hood of based systems Enhancing the security of an architecture Secure data exchange Information security goals Cryptographic
More informationFPKIPA CPWG Antecedent, In-Person Task Group
FBCA Supplementary Antecedent, In-Person Definition This supplement provides clarification on the trust relationship between the Trusted Agent and the applicant, which is based on an in-person antecedent
More informationSecurity in Ad Hoc Networks Attacks
Security in Ad Hoc Networks Attacks Nie Pin niepin(at)cc.hut.fi T-79.5401 Special Course in Mobility Management: Ad hoc networks 2007-3-28 NiePin/HUT/CS/TML 1 Agenda Objectives of attacks Target selection
More informationLecture Notes 14 : Public-Key Infrastructure
6.857 Computer and Network Security October 24, 2002 Lecture Notes 14 : Public-Key Infrastructure Lecturer: Ron Rivest Scribe: Armour/Johann-Berkel/Owsley/Quealy [These notes come from Fall 2001. These
More informationDigital Certificates Demystified
Digital Certificates Demystified Ross Cooper, CISSP IBM Corporation RACF/PKI Development Poughkeepsie, NY Email: rdc@us.ibm.com August 9 th, 2012 Session 11622 Agenda Cryptography What are Digital Certificates
More informationCSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More informationServer-based Certificate Validation Protocol
Server-based Certificate Validation Protocol Digital Certificate and PKI a public-key certificate is a digital certificate that binds a system entity's identity to a public key value, and possibly to additional
More informationWHITE PAPER. Secure communication. - Security functions of i-pro system s
WHITE PAPER Secure communication - Security functions of i-pro system s Panasonic Video surveillance systems Table of Contents 1. Introduction... 1 2. Outline... 1 3. Common security functions of the i-pro
More informationUsing Cryptography CMSC 414. October 16, 2017
Using Cryptography CMSC 414 October 16, 2017 Digital Certificates Recall: K pub = (n, e) This is an RSA public key How do we know who this is for? Need to bind identity to a public key We can do this using
More informationMost Common Security Threats (cont.)
Most Common Security Threats (cont.) Denial of service (DoS) attack Distributed denial of service (DDoS) attack Insider attacks. Any examples? Poorly designed software What is a zero-day vulnerability?
More informationNetwork Security and Cryptography. December Sample Exam Marking Scheme
Network Security and Cryptography December 2015 Sample Exam Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution
Introduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University
More informationFall 2010/Lecture 32 1
CS 426 (Fall 2010) Key Distribution & Agreement Fall 2010/Lecture 32 1 Outline Key agreement without t using public keys Distribution of public keys, with public key certificates Diffie-Hellman Protocol
More informationECE 646 Lecture 3. Key management. Required Reading. Using the same key for multiple messages
ECE 646 Lecture 3 Key management Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E Chapter 14 Key Management and Distribution Using the same key for multiple
More informationSecure Communications on VoIP Networks
Mediatrix Multi-service Gateways v. 2.0.41.762 2017-12-21 Table of Contents Table of Contents Internet Telephony Network Security 4 Authentication 4 X-509 Certificates 4 Transport Layer Security (TLS)
More informationUnderstanding HTTPS CRL and OCSP
Understanding HTTPS CRL and OCSP Santhosh J PKI Body of Knowledge: Development & Dissemination Centre for Development of Advanced Computing (C-DAC) Bangalore Under the Aegis of Controller of Certifying
More informationNetwork Security and Cryptography. 2 September Marking Scheme
Network Security and Cryptography 2 September 2015 Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to the questions,
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationCS Computer and Network Security: PKI
CS 5410 - Computer and Network Security: PKI Professor Kevin Butler Fall 2015 Reminders No in-person class on Friday, October 2nd. We have pre-recorded the second half of the PKI lecture which will be
More informationAbout & Beyond PKI. Blockchain and PKI. André Clerc Dipl. Inf.-Ing. FH, CISSP, CAS PM TEMET AG, Zürich. February 9, 2017
About & Beyond PKI Blockchain and PKI André Clerc Dipl. Inf.-Ing. FH, CISSP, CAS PM TEMET AG, Zürich February 9, 2017 1 Agenda Does blockchain secure PKIs in the longterm? Disadvantages of classic PKIs
More informationChapter 9: Key Management
Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #9-1 Overview Key exchange Session vs. interchange
More informationConfiguring Certificate Authorities and Digital Certificates
CHAPTER 43 Configuring Certificate Authorities and Digital Certificates Public Key Infrastructure (PKI) support provides the means for the Cisco MDS 9000 Family switches to obtain and use digital certificates
More informationDiffie-Hellman. Part 1 Cryptography 136
Diffie-Hellman Part 1 Cryptography 136 Diffie-Hellman Invented by Williamson (GCHQ) and, independently, by D and H (Stanford) A key exchange algorithm o Used to establish a shared symmetric key Not for
More informationSend documentation comments to
CHAPTER 6 Configuring Certificate Authorities and Digital Certificates This chapter includes the following topics: Information About Certificate Authorities and Digital Certificates, page 6-1 Default Settings,
More informationLecture 15 Public Key Distribution (certification)
0 < i < 2 n = N X i,y i random secret keys index i = random (secret) value Merkle s Puzzles (1974) Puzzle P i = {index i,x i,s} Y i S fixed string, e.g., " Alice to Bob" { P 0 < i < 2 i n } Pick random
More informationPublic Key Algorithms
CSE597B: Special Topics in Network and Systems Security Public Key Cryptography Instructor: Sencun Zhu The Pennsylvania State University Public Key Algorithms Public key algorithms RSA: encryption and
More informationElements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy
Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy Homework 3 Due: Monday, 11/28/2016 at 11:55pm PT Solution: Will be posted
More informationManaging Certificates
CHAPTER 12 The Cisco Identity Services Engine (Cisco ISE) relies on public key infrastructure (PKI) to provide secure communication for the following: Client and server authentication for Transport Layer
More informationCS3235 Seventh set of lecture slides
CS3235 Seventh set of lecture slides Hugh Anderson National University of Singapore School of Computing October, 2007 Hugh Anderson CS3235 Seventh set of lecture slides 1 Warp 9... Outline 1 Public Key
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationCERN Certification Authority
CERN Certification Authority Emmanuel Ormancey (IT/IS) What are Certificates? What are Certificates? Digital certificates are electronic credentials that are used to certify the identities of individuals,
More informationGrandstream Networks, Inc. GWN7000 OpenVPN Site-to-Site VPN Guide
Grandstream Networks, Inc. GWN7000 OpenVPN Site-to-Site VPN Guide Table of Contents INTRODUCTION... 4 SCENARIO OVERVIEW... 5 CONFIGURATION STEPS... 6 Core Site Configuration... 6 Generate Self-Issued Certificate
More informationCrypto meets Web Security: Certificates and SSL/TLS
CSE 484 / CSE M 584: Computer Security and Privacy Crypto meets Web Security: Certificates and SSL/TLS Spring 2016 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann,
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More informationApple Inc. Certification Authority Certification Practice Statement
Apple Inc. Certification Authority Certification Practice Statement Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA Apple Application Integration - G3 Sub-CA Version 6.2 Effective
More informationPretty Good Privacy (PGP)
Pretty Good Privacy (PGP) -- PGP services -- PGP key management (c) Levente Buttyán (buttyan@crysys.hu) What is PGP? general purpose application to protect (encrypt and/or sign) files can be used to protect
More informationVerteilte Systeme (Distributed Systems)
Verteilte Systeme (Distributed Systems) Lorenz Froihofer l.froihofer@infosys.tuwien.ac.at http://www.infosys.tuwien.ac.at/teaching/courses/ VerteilteSysteme/ Security Threats, mechanisms, design issues
More informationCertificate implementation The good, the bad, and the ugly
Certificate implementation The good, the bad, and the ugly DOE Security Training Workshop James A. Rome Oak Ridge National Laboratory April 29, 1998 A wealth of riches? I decided to use certificates for
More informationSecurity in Ad Hoc Networks *
Security in Ad Hoc Networks * Refik Molva and Pietro Michiardi Institut Eurecom 2229 Route des Crêtes 06904 Sophia-Antipolis, France Abstract. In wirelesss ad hoc networks basic network operations are
More informationBackground. Network Security - Certificates, Keys and Signatures - Digital Signatures. Digital Signatures. Dr. John Keeney 3BA33
Background Network Security - Certificates, Keys and Signatures - Dr. John Keeney 3BA33 Slides Sources: Karl Quinn, Donal O Mahoney, Henric Johnson, Charlie Kaufman, Wikipedia, Google, Brian Raiter. Recommended
More informationCompTIA E2C Security+ (2008 Edition) Exam Exam.
CompTIA JK0-015 CompTIA E2C Security+ (2008 Edition) Exam Exam TYPE: DEMO http://www.examskey.com/jk0-015.html Examskey CompTIA JK0-015 exam demo product is here for you to test the quality of the product.
More informationComputers and Security
The contents of this Supporting Material document have been prepared from the Eight units of study texts for the course M150: Date, Computing and Information, produced by The Open University, UK. Copyright
More informationApple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.
Apple Inc. Certificate Policy and Certification Practice Statement Version 1.0 Effective Date: March 12, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 24 April 16, 2012 CPSC 467b, Lecture 24 1/33 Kerberos Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management
More informationManaging AON Security
CHAPTER 4 This chapter describes AON functions relating to security, authentication, and authorization. It includes the following topics. Managing Keystores, page 4-1 Configuring Security Properties, page
More informationHong Kong Access Federation (HKAF) Identity Management Practice Statement (IMPS)
Hong Kong Access Federation (HKAF) Identity Management Practice Statement (IMPS) This document (IMPS) facilitates an organization to provide relevant information to describe how it fulfils the normative
More information