PKI - PowerPoint PPT Presentation

1 / 13
About This Presentation
Title:

PKI

Description:

The organization itself acts as the CA for this part. Electronic Banking ... Company can build PKI for each sensor with the company itself acting as the CA. 11 ... – PowerPoint PPT presentation

Number of Views:89
Avg rating:3.0/5.0
Slides: 14
Provided by: lakshmisr
Category:
Tags: pki | theca

less

Transcript and Presenter's Notes

Title: PKI


1
PKI
2
PKI
  • Overview of PKI
  • Use of PKI
  • PKI Certificates

3
Overview of PKI
  • Public Key Infrastructure was developed by the
    U.S. Department of Defense in 1999
  • PKI consists of
  • Software
  • Encryption technologies
  • Security services
  • PKI standard is related to X.509 international
    standard

4
Overview of PKI
  • PKI uses public key cryptographic techniques. In
    fact, it derives its name from public key
    cryptography
  • PKI identifies a Certificate Authority (CA) who
    provides the public/private key pair
  • CA manages the keys
  • CA is responsible for managing the Certificate
    Revocation List (CRL)

5
Overview of PKI
  • Any one could be a CA, but CAs are usually
    trusted third parties
  • Verisign, GeoTrust, BeTrusted are some of the CAs
  • Certificates are usually multi-level meaning that
    a national CA certifies regional CAs who in turn
    certify end users
  • Key management is a major problem in cryptography
  • PKI provides a solution to this problem

6
Overview of PKI
  • Revocation of certificate is very hard
  • Reason certificate identity is a set of bits and
    it is stored in several computers of people with
    the person deals with
  • Revoking a certificate in the CAs database is
    easy but to remove it from use by others is not
    easy
  • A genuine user might have his computer hacked and
    may want the certificate revoked

7
Overview of PKI
  • A genuine user might move to a new organization
    and may not have the right to take the
    certificate with him/her
  • Certificate Revocation List (CRL) may be a
    central or distributed database
  • CRL system is expensive
  • An alternative to CRL is rapid expiration of
    certificate such as a few minutes to 24 hours
  • CRL must be online

8
Overview of PKI
  • A person may have multiple identities on the
    Internet (e.g., multiple email addresses)
  • CA assigns keys to names (or persons)
  • Organizations assign permissions to access
    various data and ties it to userIDs (or names)
  • PKI helps connect keys, names, and access
    permissions
  • PKI adds another feature called credentialing,
    which means that one user sets permissions for
    access, validity period for the permission and
    transferable rights for the permission

9
Uses of PKI
  • VPN access
  • The Virtual Private Network should allow the
    employees remote access to the network with
    proper authentication using PKI. Access limits
    will be enforced by PKI
  • The organization itself acts as the CA for this
    part
  • Electronic Banking
  • Customers can have access to their accounts from
    remote locations using PKI authentication
  • Bank itself can act as the CA for this part

10
Uses of PKI
  • Refinery sensors
  • Refineries have a complex network of pipes spread
    over several hundred miles
  • SCADA (Supervisory Control And Data Acquisition)
    is a system that controls oil flow in pipelines
  • Spoofing sensor data could lead to disasters
  • Company can build PKI for each sensor with the
    company itself acting as the CA

11
Uses of PKI
  • Credit Cards
  • Credit card issuance is by banks
  • Several thousand banks are in the credit card
    network
  • Banks must exchange payments
  • PKI allows banks to identify each other
  • Credit card company such as Visa and MasterCard
    could act as CA in this case

12
PKI Certificates
  • X.509 is an international standard for PKI
    certificates
  • Certificate management functions
  • Key Generation/Storage/Recovery
  • Certificate and Certificate Revocation List (CRL)
    Generation and Distribution
  • Certificate Update, Renewal, and Re-key
  • Certificate token initialization
  • Access rights management
  • System Management Functions (e.g., audit, archive)

13
PKI Certificates
  • Certificates are classified as Class 1 to 5
  • Class 1 is low risk and Class 5 is high risk
  • SSL uses PKI certificates with a liability limit
    of 100
Write a Comment
User Comments (0)
About PowerShow.com