Digital Certificates

1
Digital Certificates

• Eman Smadi
• 20030171032
• Fadia Bani-Youns
• 20030171014

2
Presentation outline

• Introduction.
• Introduction to Digital Certificates.
• What is a digital certificate?
• Generating the digital certificate.
• Trust models.
• How do I use Digital Certificates?
• What is a Digital Certificate contains ?
• Certificate Revocation.

3
Introduction

• What is cryptography?
• Cryptography the art of secret writing.
• Cryptosystems are designed such that the
  secrecy is embodied in an additional input,
  called the key which must be supplied to the
  algorithm

4
Introduction (Cont..)

• Problem How does Alice know that the public key
• she received is really Bobs public
  key?

private key
Bob
Alice
public key
5
Introduction to Digital Certificates

• Digital Certificates provide a means of proving
  your identity in electronic transactions, much
  like a driver license or a passport does in
  face-to-face interactions. With a Digital
  Certificate, you can assure friends, business
  associates, and online services that the
  electronic information they receive from you are
  authentic .

6
Distribution of Public Keys

• Public announcement or public directory
• Common knowledge (e.g., append your public key to
  every email message)
• Public-key certificate (Obtained through PKI)

7
public key infrastructure (PKI)

• A public key infrastructure (PKI) consists of the
  components necessary to securely distribute
  public keys
• It consists of
• Certificates
• Certificate authorities (CAs)
• A repository for retrieving certificates
• A method for revoking certificates
• A method of evaluating a chain of certificates

8
What is a Digital Certificate?

• A certificate is a signed message vouching that
  a particular name goes with a particular public
  key.
• It is the electronic counterparts to driver
  licenses, passports and membership cards. You can
  present a Digital Certificate electronically to
  prove your identity or your right to access
  information or services online

9
Definition (Cont.)

• Certification Authority (CA)
• A trusted node that generate certificates.
• - A Digital Certificate is issued by a
  Certification Authority (CA) and signed with the
  CA's private key.
• If everyone has a certificate, a private key,
  and the CAs public key, they can authenticate

10
What are Digital Certificates used for ?

• Digital Certificates can be used for a variety of
  electronic transactions including e-mail,
  electronic commerce, groupware and electronic
  funds transfers. Netscape's popular Enterprise
  Server requires a Digital Certificate for each
  secure server .

11
Generating the digital certificate
Signed certificate
12
Trust models

• Define how a verifier chooses trust anchors, and
  what certification paths create a legal chain
  from trust anchor to target.
• ? Type of models
• Monopoly Model.
• Monopoly plus registration authorities.
• Delegated CAs Model.
• Oligarchy Model.
• Anarchy model

13
Monopoly Model

• Choose one universally trusted organization
• Embed their public key in everything
• Give them universal monopoly to issue
  certificates
• Make everyone get certificates from them
• Simple to understand and implement

14
Main problems of the monopoly model

• There is no one universally trusted organization
• Getting certificate from remote organization
  will be insecure or expensive (or both)
• That key can never be changed
• Security of the world depends on honesty and
  competence of the one organization, forever

15
Monopoly plus registration authorities

• The CA can appoint RAs
• RA (Registration Authority) verifying users
  identity and making sure that he is eligible for
  getting key pair
• CA (Certificate Authority) the technical side
  of PKI
• Create, issue, revoke keys.

CA
RA
user
16
Main problems of the MonopolyRAs

• Still monopoly pricing
• Still cant ever change CA key
• Still worlds security depends on that one CA
  key never being compromised (or dishonest
  employee at that organization granting bogus
  certificates)

17
Delegated CAs Model

• Allow configured CAs to issue certificates for
  other public keys to be trusted CAs
• Similar to CAs plus RAs, but
• - Less efficient than RAs for verifier (multiple
  certificates to verify).
• Less delay than RA for getting usable
  certificate. -

18
How do I use Digital Certificates?

• When you receive digitally signed messages,
  you can verify the signer's Digital Certificate
  to determine that no forgery or false
  representation has occurred .
• When you send messages, you can sign the
  messages and enclose your Digital Certificate to
  assure the recipient of the message that the
  message was actually sent by you .

19
What is a Digital Certificate contains ?

• ? A Digital Certificate typically contains the
  
• Owner's public key.
• Owner's name.
• Expiration date of the public key.
• Name of the issuer (the CA that issued the
  Digital Certificate.
• Serial number of the Digital Certificate.
• Digital signature of the issuer.

20
Example .
21
Certificate Revocation

• Revocation is very important for the
  certificate that should not be honored .
• Many valid reasons to revoke a certificate
• - Private key corresponding to the certified
  public key has been compromised
• - User stopped paying his certification fee to
  the CA and the CA no longer wishes to certify him

22
Certificate Revocation Mechanisms

• Online revocation service
• - When a certificate is presented, recipient
  goes to a special online service to verify
  whether it is still valid
• Certificate revocation list (CRL)
• - CA periodically issues a signed list of
  revoked certificates
• - Can issue a delta CRL containing only
  updates

23
Certificate Revocation (Cont)

• A certificate is considered to be valid if
• - It has a valid CA signature .
• - Has not expired .
• - Not listed in the CAs most recent CRL.

24
Websites that offers digital certificates

• Three websites that offers digital certificates
• www.verisign.com
• www.webopedia.com
• www.thawte.com

25
Q/A