Chapter 6: Digital Certificates Introduction Authentication Methods PKI Digital Certificate Passing

Similar documents
Bob. Eve. Alice. Trent. Author: Bill Buchanan. Author: Prof Bill Buchanan

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Digital Certificates Demystified

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

Overview. SSL Cryptography Overview CHAPTER 1

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1

UNIT - IV Cryptographic Hash Function 31.1

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

CS November 2018

Advanced Crypto. 2. Public key, private key and key exchange. Author: Prof Bill Buchanan

Authentication. Chapter 2

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

Configuring 802.1X Settings on the WAP351

Cryptography (Overview)

MCSA Guide to Networking with Windows Server 2016, Exam

CS Computer Networks 1: Authentication

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Configuring SSL. SSL Overview CHAPTER

Lecture 9. Authentication & Key Distribution

Public Key Infrastructure. What can it do for you?

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

Configuring SSL CHAPTER

Kurose & Ross, Chapters (5 th ed.)

The Match On Card Technology

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

Advanced Crypto. Author: Prof Bill Buchanan

Authentication and Key Distribution

User Authentication Principles and Methods

Implementing Secure Socket Layer

Lecture 4: Cryptography III; Security. Course Administration

Network Security 1. Module 7 Configure Trust and Identity at Layer 2

whitepaper How to Use 802.1X on HP Jetdirect Print Servers May 2008 Table of Contents:

Course Administration

Chapter 9: Key Management

Unit-VI. User Authentication Mechanisms.

Authentication Technology Alternatives. Mark G. McGovern Chief Technologist Smart Cards, Crypto, Stego, PKI Lockheed Martin

PROVING WHO YOU ARE TLS & THE PKI

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

Information Security CS 526

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure

Coding & Information Theory Lab.

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Cryptography and Network Security

Background. Network Security - Certificates, Keys and Signatures - Digital Signatures. Digital Signatures. Dr. John Keeney 3BA33

CPSC 467b: Cryptography and Computer Security

SMart esolutions Information Security

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 10 Authenticating Users

Network Security and Cryptography. 2 September Marking Scheme

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Authentication. Overview of Authentication systems. IT352 Network Security Najwa AlGhamdi

Configuring Funk Odyssey Software, Avaya AP-3 Access Point, and Avaya

Network Security and Cryptography. December Sample Exam Marking Scheme

Configuring SSL. SSL Overview CHAPTER

Proving who you are. Passwords and TLS

Key Management and Distribution

Digital Signatures. Public-Key Signatures. Arbitrated Signatures. Digital Signatures With Encryption. Terminology. Message Authentication Code (MAC)

SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security

Authentication & Authorization

Security Fundamentals

CERN Certification Authority

Crypto meets Web Security: Certificates and SSL/TLS

CS 425 / ECE 428 Distributed Systems Fall 2017

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Lecture 13. Public Key Distribution (certification) PK-based Needham-Schroeder TTP. 3. [N a, A] PKb 6. [N a, N b ] PKa. 7.

Datasäkerhetsmetoder föreläsning 7

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

CS155b: E-Commerce. Lecture 6: Jan. 25, Security and Privacy, Continued

Securing Internet Communication: TLS

isafeguard Quick Start Guide

E-commerce security: SSL/TLS, SET and others. 4.2

Public-Key Infrastructure NETS E2008

Lecture 3 - Passwords and Authentication

Zebra Mobile Printer, Microsoft IAS, Cisco Controller TLS and WPA-TLS, Zebra Setup Utility

CSE543 Computer and Network Security Module: Network Security

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

CSC 8560 Computer Networks: Network Security

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification

Diffie-Hellman. Part 1 Cryptography 136

Configuring SSL Security

What is a Digital Certificate? Basic Problem. Digital Certificates, Certification Authorities, and Public Key Infrastructure. Sections

Digital Certificates, Certification Authorities, and Public Key Infrastructure. Sections

Security Digital Certificate Manager

Massachusetts Institute of Technology Handout : Network and Computer Security October 23, 2003 Professor Ronald L. Rivest.

Today s Lecture. Secure Communication. A Simple Protocol. Remote Authentication. A Simple Protocol. Rules. I m Alice. I m Alice

Overview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation

Chapter 19 Security. Chapter 19 Security

IBM. Security Digital Certificate Manager. IBM i 7.1

Lecture 15 PKI & Authenticated Key Exchange. COSC-260 Codes and Ciphers Adam O Neill Adapted from

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Using Cryptography CMSC 414. October 16, 2017

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

WAP Security. Helsinki University of Technology S Security of Communication Protocols

0/41. Alice Who? Authentication Protocols. Andreas Zeller/Stephan Neuhaus. Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken

1.264 Lecture 28. Cryptography: Asymmetric keys

Verteilte Systeme (Distributed Systems)

Lecture 3 - Passwords and Authentication

Authenticating on a Ham Internet

Pretty Good Privacy (PGP

Transcription:

Chapter 6: Digital Certificates Introduction Methods PKI Digital Certificate Passing Prof Bill Buchanan OBE http://asecuritysite.com/crypto06 http://asecuritysite.com/encryption

Identity on the Internet Identifies it is trusted (Digital Certificate) Keeps communications secure (encryption) Trent Trap-door Eve

Fundamental principles. Confidence/Assurance. Privacy/Confidentiality. (Device, User, Servers, Connections, etc) Confidentiality (Encryption) Assurance (Integrity) Introduction Bert Fred

Eve is a fundamental issue in security. Alice Public-key Introduction How do we know that it was really who sent the data, as anyone can get Alice s public key, and thus pretend to be?

Eve is a fundamental issue in security. Alice Public-key Introduction How can we tell that the message has not been tampered with?

Eve is a fundamental issue in security. Alice Public-key Introduction How does distribute his public key to Alice, without having to post it onto a Web site or for to be on-line when Alice reads the message?

is a fundamental issue in security. Trent Alice Introduction Who can we really trust to properly authenticate? Obviously we can t trust to authenticate that he really is. Eve

Chapter 6: Digital Certificates Introduction Methods Prof Bill Buchanan OBE http://asecuritysite.com/crypto06 http://asecuritysite.com/encryption

What to authenticate? Systems. Users. Data. Servers. Devices Methods Users Hello. How are you? Is this okay? Data Systems

Where authenticated? User Device Server End-to-end. User to service. Intermediate. Part of the authentication process. Service Intermediate device Intermediate device End-to-end authentication Methods User Device Server Service Intermediate device Intermediate device Intermediate authentication

Device Server type One-way server. One-way client. Two-way. User One-way server authentication. Server provides authentication to the client, such as SSL (HTTPS, FTPS, etc). ID Device Methods User ID One-way client authentication. Client provides authentication to the server such as EAP-TLS in Wireless. User ID Mutual authentication. Client and server provide ID to authenticate each other. Examples include PEAP in wireless. ID

type User Device Server One-way server. One-way client. Two-way. Service Intermediate device Intermediate device Methods Username/password Digital Certificate Token Card Soft Tokens Session key Pass phrase Biometrics Device name Digital Certificate Pass phrase MAC address Encryption key

methods Iris scans Something you have Something you know Something you are Retina scan Digital certificate Methods Finger prints Palm prints Something you are Smart card Network/physical address Something you have Username/ password Mother s maiden name Something you know

Chapter 6: Digital Certificates Introduction Methods PKI Digital Certificate Passing Prof Bill Buchanan OBE http://asecuritysite.com/crypto06 http://asecuritysite.com/encryption

How to store the private key and pass the public key? Eve Digital Certificates Digital certificates are a soft token of authentication, and require a trust mechanism. Alice Public-key One method is the digital certificate which can carry the public key (and also the private key, if nesc.) Digital Cert. Now that we need the public key to either encrypt data for a receipiant, or to authenticate a sender... How does distribute his public key to Alice, without having to post it onto a Web site or for to be on-line when Alice reads the message?

Digital certificate contains a thumbprint to verify it Details Public-key Digital Cert. Thumbprint Issuer

Digital certificates should only be distributed with the public key This certificate has only the public key This certificate has both public and private key Digital Cert.

Digital certificates should only be distributed with the public key P7b format -----BEGIN CERTIFICATE----- MIID2zCCA4WgAwIBAgIKWHROcQAAAABEujANBgkqhkiG9w0BAQUFADBgMQswCQYD VQQGEwJHQjERMA8GA1UEChMIQXNjZXJ0aWExJjAkBgNVBAsTHUNsYXNzIDEgQ2Vy dglmawnhdgugqxv0ag9yaxr5mrywfaydvqqdew1bc2nlcnrpysbdqsaxmb4xdta2 MTIxNzIxMDQ0OVoXDTA3MTIxNzIxMTQ0OVowgZ8xJjAkBgkqhkiG9w0BCQEWF3cu YnVjaGFuYW5AbmFwaWVyLmFjLnVrMQswCQYDVQQGEwJVSzEQMA4GA1UECBMHTG90 aglhbjesmbaga1uebxmjrwrpbmj1cmdomrowgaydvqqkexfoyxbpzxigvw5pdmvy c2l0etelmakga1uecxmcsvqxgtaxbgnvbamtefdpbgxpyw0gqnvjagfuyw4wggei MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvCFETyJL8VXAhbEMRzQI0gM81 ci75nmmsoamjzcb6fhgemgowmycoscmqkrvjaknos+4mxznhcy3mdob+szbwovax M5FOxhSrV+Q86hsK8cDc+1sqyJ8TQtufuDNs0NfNY6tR6q7CgGqQ8/VjSxNqzK39 iluf1ahhycet/ab6o/qwzl4ivsz2nml4dyauyilhlplvbpphgde6sdqxwyd0cpfv ZN7pauD5fqBESfO6bUkCieI47AzRMQj3kHuDt7MexVW7aoX+nXLP4wn7IamaxasF QvhdOKyCZhYs82JQDGatXRCqkklztmZW5i6GkPsE7XVuX265WJQ5afhp2hYlAgMB AAGjggEXMIIBEzAdBgNVHQ4EFgQUzyZ/YcCJwT5opPHLPlcQKkOlkJwwYwYDVR0j BFwwWoAUlP5Zh0V700k6CorvRMWB9ifVkBmhP6Q9MDsxCzAJBgNVBAYTAkdCMREw DwYDVQQKEwhBc2NlcnRpYTEZMBcGA1UEAxMQQXNjZXJ0aWEgUm9vdCBDQYIBDTBN BgNVHR8ERjBEMEKgQKA+hjxodHRwOi8vd3d3LmFzY2VydGlhLmNvbS9PbmxpbmVD QS9jcmxzL0FzY2VydGlhQ0ExL2NsYXNzMS5jcmwwPgYIKwYBBQUHAQEEMjAwMC4G CCsGAQUFBzAChiJodHRwOi8vb2NzcC5nbG9iYWx0cnVzdGZpbmRlci5jb20vMA0G CSqGSIb3DQEBBQUAA0EATOCwGJ1tS0kTlupmpjkMl8IdxMmD5WuhszjBlGsMhPxI H+vXhL9yaOw+Prpzy7ajS4/3xXU8vRANhyU9yU4qDA== -----END CERTIFICATE----- Digital Cert. The main certificate formats include: P7b. Text format PFX/P12. Binary. SST. Binary.

Encrypting messages to Alice Eve A. creates the message. B. encrypts with Alice s public key and sends Alice the encrypted message C. Alice decrypts with her private key D. Alice receives the message A Alice Encryption Communications Channel Decryption Digital Cert. Hello H&$d. C B D Hello Alice sends her digital certificate with her public key on it Alice s private key

Authenticating A Alice Encryption/ Decryption Communications Channel Encryption/ Decryption Hello B Digital Cert. s private key Hash H&$d. C D Alice s private key Hello sends his Digital certificate to authenticate himself Alice checks the hash using s public key from his certificate Hash

Chapter 6: Digital Certificates Introduction Methods PKI Digital Certificate Passing Prof Bill Buchanan OBE http://asecuritysite.com/crypto06 http://asecuritysite.com/encryption

Who can we trust to get the digital certificate from? Eve Digital Certificates Digital certificates are a soft token of authentication, and require a trust mechanism. Alice Trent Digital Cert. Who do we trust to get s certificate we can t trust, as he may be Eve meet Trent.

Public Key Infrastructure (PKI) The Trusted Root CE (Trent) checks s identity and creates a certificate which he signs Trusted Root CA Certificate Authority (CA) - Able to grant certificates Examples; Verisign, Entrust, Microsoft Trust. Trent Trusted root certificates are installed as a default on the machine (or installed with the user s permission) Trusted root certificate PKI Alice checks the signature of the certificate to validate. Both Alice and trust the CA (Trent) as a third party. Alice

Drawbacks of PKI Eve tricks the CA to get a certificate with s name Trusted Root CA Certificate Authority (CA) - Able to grant certificates Examples; Verisign, Entrust, Microsoft Trust. Trent Eve Trusted root certificates are installed as a default on the machine (or installed with the user s permission) Trusted root certificate PKI Alice checks the signature of the certificate to validate. Both Alice and trust the CA (Trent) as a third party. Alice

Levels of trust Trusted Root CA - always trusted Trusted Root CA Trent Certificate purposes: Secure email. Server authentication. Code signing. Driver authentication. Time stamping. Client authentication. IP tunnelling. EFS (Encrypted File System). PKI Self signed - Can never be trusted Trust2 Intermediate CA - Can be trusted for some things

Real or fake? The two main problems with digital certificates are: Lack of understanding of how they work. They can be spoofed. PKI So let s look at a few are they real or fake? Eve

Real or fake? PKI Eve Real or fake?

Real or fake? PKI Real!

Real or fake? PKI Eve Real or fake?

Real or fake? PKI Eve Fake!

Real or fake? PKI Eve Real or fake?

Real or fake? PKI Real

Chapter 6: Digital Certificates Introduction Methods PKI Digital Certificate Passing Prof Bill Buchanan OBE http://asecuritysite.com/crypto06 http://asecuritysite.com/encryption

Public key encryption secret identity... trust Eve Trent MegaCorp s Private Key Alice s Public Key s Public Key Alice s Private Key

Public key encryption secret identity... trust Eve Trent MegaCorp s Private Key Alice s Public Key s Public Key Alice s Public Key Alice s Private Key

Public key encryption secret identity... trust Eve Trent MegaCorp s Private Key Alice s Public Key s Public Key Alice s Public Key Alice s Private Key

Public key encryption secret identity... trust Eve Trent MegaCorp Alice s Public Key s Private Key Hello Alice, Wish you were here! - Alice s Public Key s Public Key Alice s Private Key

Public key encryption secret identity... trust Eve Trent MegaCorp Alice s Public Key s Private Key Hello Alice, Wish you were here! - Alice s Public Key s Public Key s Private Key Alice s Private Key

Public key encryption secret identity... trust Eve Trent MegaCorp Alice s Public Key s Private Key Alice s Public Key Hello Alice, Wish you were here! - Alice s Public Key s Public Key Alice s Private Key

Public key encryption secret identity... trust Eve Trent MegaCorp s Private Key Hello Alice, Wish you were here! - Alice s Public Key s Public Key Which key to open the message? Alice s Private Key

Public key encryption secret identity... trust MegaCorp Eve Trent s Private Key Alice s Private Key Hello Alice, Wish you were here! - Alice s Public Key s Public Key Which key to open the message? Alice s Private Key

Public key encryption secret identity... trust Eve Trent MegaCorp s Private Key Hello Alice, Wish you were here! - Alice s Public Key s Public Key Which key to we open the signature with? Alice s Private Key

Public key encryption secret identity... trust Eve Trent MegaCorp s Private Key Hello Alice, Wish you were here! - Alice s Public Key s Public Key s Public Key Alice s Private Key

Public key encryption secret identity... trust Eve Trent MegaCorp s Private Key Hello Alice, Wish you were here! - Alice s Public Key s Public Key Alice s Private Key

Using s private key to authenticate himself Message Message MD5 Encrypted MD5 The magic private key s private key s public key

encrypts the message/hash with Alice s public key Message Message MD5 Encrypted MD5 The magic private key s public key s private key Encrypted Content Alice s public key Alice Alice s private key

encrypts the message/hash with Alice s public key Message MD5 Message Encrypted MD5 Encrypted Content s private key The magic private key s public key Encrypted Content Alice s public key Alice s private key Alice

Alice decrypts the message Message MD5 Message Encrypted MD5 Encrypted Content s private key The magic private key s public key Alice Encrypted Content Message Encrypted MD5 Alice s public key Alice s private key

Alice decrypts the message Message MD5 Message Encrypted MD5 Encrypted Content s private key The magic private key s public key Alice Encrypted Content Message Encrypted MD5 MD5 (message) MD5 (result) Alice compares the MD5 values. If they are the same sent the message

Chapter 6: Digital Certificates Introduction Methods PKI Digital Certificate Passing Prof Bill Buchanan OBE http://asecuritysite.com/crypto06 http://asecuritysite.com/encryption

Info MD5 Info ZIP IDEA Mail RSA Sig Key Private-key Email encryption key RSA Alice Public-key Cardspace Sender Hello. 1. Secret-key Is used to encrypt message. &54FGds Secret-key 2. RSA is used to encrypt secret key with the recipients public key. Recipients &54FGds Secret-key Private-key 2. RSA is used to encrypt secret key with the recipients public key. Public-key Alice Cardspace

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback