PhD Thesis Presentation - PowerPoint PPT Presentation

1 / 27
About This Presentation
Title:

PhD Thesis Presentation

Description:

E-mail security program it is free and is based on public key cryptography (RSA algorithm) ... Efficient certificate verification procedure ... – PowerPoint PPT presentation

Number of Views:839
Avg rating:3.0/5.0
Slides: 28
Provided by: people
Category:

less

Transcript and Presenter's Notes

Title: PhD Thesis Presentation


1
PhD Thesis Presentation
  • DSV

Department of Computer and Systems Sciences
Stockholm University/Royal Institute of
Technology
2
Introduction
  • Researcher
  • Nada Kapidzic Cicovic
  • Research Topic
  • Extended Certificate Management System Design
    and Protocols.
  • Fulfillment
  • Submitted to KTH in partial fulfillment of the
    requirement for the degree of Doctor of
    Technology
  • Report Series No. 97-010
  • ISSN 1101-8526
  • ISRN SU-KTH/DSV/R97/10SE 1997

3
Topics of Discussion
  • Research Overview
  • Research Methodology
  • Conclusion

4
Research Overview
  • PhD Expectation
  • Research topic Overview
  • Research topic Relevance

5
Research Overview
  • PhD Expectation

Researcher Contribution
Knowledge After Research
Knowledge Before Research
6
Research Overview
  • The Core of research
  • Authentication
  • Integrity
  • Confidentiality
  • Access Control
  • Non-Repudiation

7
Research Overview
  • Negative Heuristic
  • Any researcher who subscribe to IT security
    research domain must agree on the security
    services discussed above
  • Positive Heuristic
  • She worked to improve the PKI. This is part of
    the Protective belt which protects the core(as
    referred by Lakatos )

8
Research Overview
  • Research topic Overview

9
Research Overview

10
Research Overview
  • Thesis Relevance
  • The Thesis presents possible solution for a
    global certification infrastructure that spans
    over
  • Individual users
  • Small organizations to
  • Arbitrary complex organizations
  • (I.e different security domains)

11
Research Methodology
  • Historical background
  • Analysis of Current knowledge
  • Contribution
  • Publications Overview

12
Research Methodology
  • History Consideration
  • Chapter One highlights the historical background
    of the PKI
  • 1976 Public key cryptography appeared providing
    solution to the key management problem.
  • Existing status of knowledge is discussed in
    Chapter Two
  • Nine public key infrastructures are described
  • Future Work is discussed in Chapter six
  • She suggests 10 improvements to ECMS

13
Research Methodology
  • Chapter One
  • Provides summary of Public Key Cryptography
  • Contribution, Outline of the Thesis, Publications
    Overview
  • Chapter Two
  • Overview of existing Standard
  • Chapter Three
  • CMS Certification Management system Strict
    Hierarchy Solution
  • Chapter Four
  • ECMS Extended Certificate Management System
  • Chapter Five
  • ECMS Client Structure
  • Chapter Six
  • Summary, Conclusion and Future research

14
Research Methodology
  • Chapter One
  • Provides summary of Public Key Cryptography
  • Historical background In 1976 Public key
    cryptography appeared providing solution for the
    key management problem
  • Contribution
  • Overview of the work done in the period from 1993
    to 1997 She developed CMS then ECMS
  • Outline of the Thesis
  • Summary of every chapter and the appendix
  • Publications Overview
  • Six papers were published during 1993 to 1997.
    The work done by the author on CMS and ECMS is
    not yet presented.

15
Existing Standards
  • Chapter Two
  • Overview of existing Standard
  • The X.509 Standard
  • Describes the general mode of the CA
    infrastructure
  • Makes use of X.500 distributed directory
    recommendation to store the certificates
  • The CA must make sure the distinguished names are
    unique
  • The CA vouches the binding between the user
    identity and the public key.
  • Each user trusts the CA by trusting its public
    key.

16
Existing Standards
  • PEM-Privacy Enhanced Mail
  • Is a secure e-mail system consisting of a global
    certification infrastructure and security
    extensions of any SMTP mailer.
  • Includes a specification of supporting public key
    certification infrastructure based on X.509
    certificates
  • SET Secure Electronic Transaction
  • Is a technical specification for securing payment
    card transaction over open network such as the
    Internet.
  • PKIX Internet Public Key Infrastructure
  • Is developed by IETF to facilitate the use of
    X.509 certificates in application which make use
    of Internet
  • PGP Pretty Good Privacy
  • E-mail security program it is free and is based
    on public key cryptography (RSA algorithm)
  • Does not require pre-set PKI
  • It is based on users ultimate trust on
    themselves

17
Research Methodology
  • ICE-TEL General Trust Model
  • The aim was to establish a Large scale PKI in a
    number of European countries to support secure
  • e-mail and secure WWW .
  • Policy Maker
  • Supports implementation of decentralized trust
    management
  • The signing is based on the actions that are
    trusted to sign for.
  • The holder of the private can sign only when
    filters accept the action description

18
Research Methodology
  • SDSI A Simple Distributed Security
    Infrastructure
  • Is a simple PKI with group definitions
  • The identity of members that hold the keys are
    not important as opposed to X.509
  • Provides easy auditable access control list
  • SPKI Simple Public Key Infrastructure
  • Is base on the Authorization certificate rather
    than identity like X.509 and PGP
  • It can support identity certificate as well

19
Research Methodology
  • Chapter Three
  • CMS Certification Management system

User A
User B
20
Research Methodology
  • Chapter Three
  • CMS Certification Management system
  • Strict Hierarchy Solution Each co-operating CA
    is certified by only one parent CA
  • Represents authors initial work in the area PKI
  • Is based on X.509 Certificates and PEM
  • Can operate as autonomous hierarchy or as an
  • Integral part of the global certification system
  • It defines storage and distribution of
    Certificates
  • The functions involves CMS establishment,
    Certificate retrieval, Certificate update and
    Certificate revocation
  • CMS described here assumes non global hierarchies

21
Research Methodology
  • CMS Draw backs
  • Does not provide easy retrieval of expired and
    outdated certificates
  • Is base on X.509 Version 1 Certificates does not
    provide any authorization information
  • All entities are required to uphold specific
    naming Pattern
  • A huge infrastructure need to be in place before
    users start using the service
  • Certificates are stored locally by every CA

22
Research Methodology
  • Chapter Four
  • ECMS Extended Certificate Management System
  • Supported and CRL Extension
  • Use of X.509 Certificate V3 Extension
  • Key and Policy Information Extension
  • Subject and Issuer Attribute Extensions
  • Certification Path Constraints Extensions
  • CRL distribution Point Extension
  • Certification and Cross Certification Policies
  • System Entities and their roles
  • Function of the ECMS User registration, CAs
    registration, Registration of Plateau of trust,
    key generation and certification, Certificate
    revocation, Key update, Certificate validity
    update,CRL Publication, Certificate verification

23
Research Methodology
  • Chapter Five
  • ECMS Client Structure
  • The main functional module
  • Communication module
  • Database management module
  • Graphical user interface
  • ECMS application programming interface

24
Research Methodology
  • ECMS Client Functions
  • User authentication
  • Key generation and certification
  • Certificate and CRL retrieval
  • Certificate verification and
  • Certificate revocation
  • ECMS Client Application Programming Interface
  • GetECMSStatus
  • RetrieveAndVerifyCertificate
  • GetPublicKey and
  • VerifyCertificate

25
Research Methodology
  • Chapter Six
  • Summary
  • The thesis presents one possible solution for
    global certification Infrastructure called the
    ECMS.
  • Conclusion
  • ECMS is scalable to large number of users
  • It is based on X.509 Version 3 Providing identity
    certificate.
  • Efficient certificate verification procedure
  • It implements its own mechanism for certificate
    and CRL distribution mechanism.

26
Research Methodology
  • Future Research
  • Embedded security domains
  • ECMS can be extended to provide real TTPs I.e.
    Trusted third parties
  • Separate key for encryption and separate for
    digital signature

27
Research Methodology
  • THANS FOR LISTENING
Write a Comment
User Comments (0)
About PowerShow.com