Scribd
Upload
142 views12 pages

Introduction To PKI, Certificates & Public Key Cryptography: Erwan Lemonnier

This document provides an introduction to public key infrastructure (PKI), certificates, and public key cryptography. It discusses how these tools can provide confidentiality, integrity, availability, identification and authentication, and non-repudiation. PKI allows entities to securely exchange public keys and authenticate each other through the use of digital certificates signed by a certificate authority. However, PKI relies on secure servers, algorithms, and practices to prevent attacks like stolen private keys or man-in-the-middle attacks. Examples of using these cryptographic tools include protocols like IPSec and SSL.

Uploaded by

Sorin Moldo
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
142 views12 pages

Introduction To PKI, Certificates & Public Key Cryptography: Erwan Lemonnier

This document provides an introduction to public key infrastructure (PKI), certificates, and public key cryptography. It discusses how these tools can provide confidentiality, integrity, availability, identification and authentication, and non-repudiation. PKI allows entities to securely exchange public keys and authenticate each other through the use of digital certificates signed by a certificate authority. However, PKI relies on secure servers, algorithms, and practices to prevent attacks like stolen private keys or man-in-the-middle attacks. Examples of using these cryptographic tools include protocols like IPSec and SSL.

Uploaded by

Sorin Moldo
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 12

Introduction to PKI, Certificates & Public Key Cryptography

Erwan Lemonnier

Introduction to PKI, Certificates & Public Key Cryptography erwan@defcom.com

Role of Computer Security


CIA
Confidentiality: protection against data disclosure
Integrity: Availability: protection against data modification protection against data disponibility

Identification & Authentication (I&A)


Provide a way of identifying entities, and controlling this identity

Non-repudiability
Bind an entity to its actions

Introduction to PKI, Certificates & Public Key Cryptography erwan@defcom.com

How to implement CIA, I&A, N-R ? With Cryptography !


Main cryptographic tools:

Hash Functions Secret Key Cryptography Public Key Cryptography

And their combinations:

Certificates
PKI

Introduction to PKI, Certificates & Public Key Cryptography erwan@defcom.com

Main cryptographic tools


Hash Functions:
Bind one entity with a unique ID => Signature Hash + Encryption => trusted signature

Symmetric Key Cryptography


2 users share a secret key S and an algorithm.
S(S(M)) = M

Problem: how to exchange secret keys ? =>Secret Key Server (ex: kerberos)

Introduction to PKI, Certificates & Public Key Cryptography erwan@defcom.com

Main cryptographic tools


Public Key Cryptography:
Each user has a public key P and a private key S, and an algorithm A. P(S(M)) = S(P(M)) = M No shared secret !
Encryption with Public Key Crypto Authentication with Public Key Crypto

Introduction to PKI, Certificates & Public Key Cryptography erwan@defcom.com

Main cryptographic tools, PKI


How to distribute public keys ? Public Key Server (PKS), key exchange protocols

Public Key Infrastructure (PKI):


PKI = N x (Entities with private keys) + public key exchange system

REM: Public Key algorithms are slow Need to use both Public & Secret Key Cryptography Public Key Protocols work in 3 phases 1. Authentication via Public Key Cryptography (challenge) 2. Exchange of a session Secret Key, encrypted with Public Key Crypto 3. Session encrypted with Symmetric Cryptography

Introduction to PKI, Certificates & Public Key Cryptography erwan@defcom.com

Certificate
A certificate binds an entity with its public key. Its just a digitally signed piece of data. digital ID card Certificate = an entitys description (name, etc.) + entitys public key + expiration date, serial number, etc. + CAs name + a signature issued by a CA The certificate is issued and signed by a trusted Certificate Authority (CA)

Digital signature: CA signature = certificate hash, encrypted with CAs private key

Introduction to PKI, Certificates & Public Key Cryptography erwan@defcom.com

Certificate
The certificates CA is the only entity able to create/modify the certificate the CA has to be trusted

Certificates enable:
Clients to authenticate servers Servers to authenticate clients Public key exchange without Public Key Server No disclosure of private/secret keys. Certificates are usually stored encrypted.

Special features: chains of CAs, to distribute the task of issuing Certificates Certificate Revocation List, to disable certificates

Introduction to PKI, Certificates & Public Key Cryptography erwan@defcom.com

Usual cryptographic algorithms & infrastructures


Hash: Symmetric Key: MD4, MD5, SHA-1 DES, 3DES, AES (Rijnael), IDEA, RC4 RSA, Diffie-Hellman X509 IPSec, SSL, (kerberos)

Public/Private Key: Certificat: PKI:

Introduction to PKI, Certificates & Public Key Cryptography erwan@defcom.com

example: IPSec
IPSec works at IP level. Provide authentication and encryption. Used to build VPNs.
Configuration: 2 transfert modes: tunnel or transport 2 transfert protocols: AH (Authentication Header) ESP (Encapsulating Security Payload)

=> authenticated traffic => encrypted traffic

Key exchange protocols: Internet Key Exchange (IKE), Internet Security Association and Key Management Protocol (ISAKMP), etc.

Introduction to PKI, Certificates & Public Key Cryptography erwan@defcom.com

Weaknesses of PKI and Certificates


PKI: unsecured server: unsecured client: weak algorithm: Certificate: unsecured computer: certificate password: untrustable CA: users:

hackable Public Key/Certificate servers private keys/passwords can be stolen/spied short keys, implementation or design breach

certificates can be stolen, password spied certificates are stored encrypted, with weak password easy to be issued a certificate from a CA they seldom check if CA can be trusted before accepting certificates (netscape GUI)

Attack example: hack clients computer, steal certificate & password man in the middle

Introduction to PKI, Certificates & Public Key Cryptography erwan@defcom.com

Links
Book: Applied cryptography, Bruce Schneier
URLs: theory.lcs.mit.edu/~rivest/crypto-security.html www.counterpane.com/pki-risks.html www.csc.gatech.edu/~copeland/8813/slides/ www.iplanet.com/developer/docs/articles/security/pki.html web.mit.edu/6.857/OldStuff/Fall96/www/main.html

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy