Professional Documents
Culture Documents
Digital Certificate is a data with digital signature from one trusted Certification Authority (CA). This data contains:
Who owns this certificate Who signed this certificate The expired date User name & email address
1
Digital Certificate
Reference
A trusted agent who certifies public keys for general use (Corporation or Bank).
User has to decide which CAs can be trusted.
The model for key certification based on friends and friends of friends is called Web of Trust.
The public key is passing from friend to friend. Works well in small or high connected worlds. What if you receive a public key from someone you dont know?
4
CA Certificate
CA Certificate
Browser Cert.
Server Cert.
Bob C
PKI is a system that uses public-key encryption and digital certificates to achieve secure Internet services. There are 4 major parts in PKI.
Certification Authority (CA) A directory Service Services, Banks, Web servers Business Users
7
PKI Structure
Certification Authority Directory services
4 key services
Confidentiality - Encryption
To make the transaction secure, no one else is able to read/retrieve the ongoing transaction unless the communicating parties.
Integrity - Encryption
To ensure the information has not been tampered during transmission.
10
Certificate Signers
11
12
Server authentication is necessary for a web client to identify the web site it is communicating with. To use SSL, a special type of digital certificate Server certificate is used. Get a server certificate from a CA.
E.g. www.hitrust.com.hk, www.cuhk.edu.hk/ca/
Install a server certificate at the Web server. Enable SSL on the Web site. Client authentication Client certificates
13
Strong encryption
Encryption methods that cannot be cracked by brute-force (in a reasonable period of time). The world fastest computer needs thousands of years to compute a key.
Weak encryption
A code that can be broken in a practical time frame. 56-bit encryption was cracked in 1999. 64-bit will be cracked in 2011. 128-bit will be cracked in 2107.
14
PGP decryption
Reference
15
Provide an encrypted secure channel between client and server. Replacement for telnet and ftp. Reference: SSH
16
17
This protocol is developed by Visa and MasterCard specifically for the secure credit card transactions on the Internet. SET encrypts credit card and purchase information before transmission over the Internet. SET allows the merchants identify be authenticated via digital certificates, also allows the merchant to authenticate users through their digital certificates (more difficult to someones stolen credit card). SET DEMO
18
SET FAQs
19
SET
20
Privacy-Enhanced E-mail
Encrypted Signed
21
Summary
Understand which Public/Private key should be used to encrypt/decrypt message to/from you? Discuss PGP, SET, SSH, encrypted email.
22
References
Digital Certificate (Applied Internet Security) By Feghhi, Feghhi, Williams Addison Wesley Basic Crytography Digital Signature PKI Resources SET Resources General Definitions Digital ID FAQ
The End. Thank you for your patience!
23