Public-Key Infrastructure (PKI) - PowerPoint PPT Presentation

About This Presentation
Title:

Public-Key Infrastructure (PKI)

Description:

Pervasive security infrastructure whose services are implemented and delivered ... Eventual objective is to determine whether the key in a ... Idiosyncrasy: ... – PowerPoint PPT presentation

Number of Views:57
Avg rating:3.0/5.0
Slides: 16
Provided by: Suku
Category:

less

Transcript and Presenter's Notes

Title: Public-Key Infrastructure (PKI)


1
Public-Key Infrastructure (PKI)
2
What is PKI?
  • Pervasive security infrastructure whose services
    are implemented and delivered using public-key
    concepts and techniques
  • -(C. Adams, S. Lloyd)
  • Secure sign-on
  • End-user transparency
  • Comprehensive security

3
Business Drivers
  • Cost savings
  • Inter-operability
  • Uniformity
  • Potential for validation/testing
  • Choice of provider
  • Consider the analogy with BUS architecture vs.
    point-to-point links

4
Components and Services
  • Certification authority
  • Certificate repository
  • Certificate revocation
  • Key backup and recovery
  • Automatic key update
  • Key history
  • Cross-certification
  • Support for non-repudiation
  • Time stamping

5
Certificates
  • Certificate vs. signature
  • Types of certificates
  • X.509 (v1, v2, v3)
  • Simple Public Key Infrastructure (SPKI)
    certificates
  • PGP certificates
  • Attribute certificates

6
Certificate Format
  • Version number
  • Serial number
  • Signature algorithm identifier
  • Issuer name
  • Period of validity
  • Subject name
  • Subjects public-key info.
  • Issuer unique ID
  • Subject unique ID
  • Extensions
  • Signature

7
Key/Certificate Life Cycle
  • Initialization
  • Registration
  • Key-pair generation (where?)
  • Certificate creation and dissemination
  • Key backup
  • Issued
  • Certificate retrieval
  • Certificate validation
  • Cancellation
  • Expiration
  • Revocation
  • History and archive

8
Certificate Path Processing
  • Eventual objective is to determine whether the
    key in a given certificate can be trusted
  • Path construction aggregation of certificates
    to form a complete path
  • Path validation validating each certificate in
    the path
  • Target certificate is trusted only if every
    certificate in the path are trustworthy

9
X.509 Hierarchy
  • Forward certificates
  • Certificate of X generated by other CAs
  • Reverse certificates
  • Certificates of other CAs generated by X
  • Example from the book (showed in last class)

10
Authentication Procedures
  • One-way
  • Two-way
  • Three-way

11
Problems with PKI
  • Hierarchical model of trust
  • Chain of partial trust ending in one fully
    trusted entity
  • Identifier associated with the key pair
  • Unique distinguished name within the namespace
  • Private-key insecurity
  • Has to protect the private key
  • Technical and Implementation difficulties
  • Assumption of global namespace
  • Difficulty in detecting key compromise
  • Inefficient revocation

12
PKI Problems (contd)
  • Limited assurance provided in reality
  • CAs generally protected in case of failure
  • What certificate assure (usually)
  • A particular message was generated by an entity
    that had available to it a particular private
    key and
  • CA that provided the certificate has, at some
    time in the past, had grounds for believing that
    that private key was associated with a particular
    entity.
  • CA that provided the certificate has, at some
    time in the past, had grounds for believing that
    the entity had some kind of right to use that
    identifier, or had used that identifier in the
    past and
  • CA that provided the certificate has, at some
    time in the past, had grounds for believing that
    the entity had access to the appropriate private
    key.

13
Problems (contd)
  • What it does not ensure
  • Private key was originally available to other
    entities as well as the entity to which it
    purports to be 'bound'
  • Private key is now available to other entities as
    well as the entity to which it purports to be
    'bound'
  • Private key invocation that gave rise to a
    particular message was performed by the entity
    and
  • Private key invocation that gave rise to a
    particular message was performed with the
    entity's free and informed consent.
  • Privacy invasiveness
  • Just to talk to your buddy securely, you may need
    to tell your life story to a third party!
  • Idiosyncrasy
  • In order to have trust in the party you are
    transacting with, you are expected to have trust
    in organizations you have no relationship with at
    all

14
What is Really Needed!
  • Minimal Use of Identifiers
  • Minimal Registration Requirements
  • Mechanisms for Persistent Anonymity
  • Value Authentication without Identity
  • Attribute Authentication without Identity
  • Recourse in case of violation

15
Alternatives to PKI
  • Web of trust like in PGP
  • Simple Distributed PKI (SDPKI)
  • Login ID, password
  • Biometrics
  • Other form of cetificates
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Public-Key Infrastructure (PKI)" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!