8/3/2019 Digital Certificates (Certification Authority)

http://slidepdf.com/reader/full/digital-certificates-certification-authority 1/23

1

Digital Certificates

Digital Certificate is a data with digitalsignature from one trusted

Certification Authority (CA). This data contains:

 – Who owns this certificate

 –Who signed this certificate

 – The expired date

 – User name & email address

8/3/2019 Digital Certificates (Certification Authority)

http://slidepdf.com/reader/full/digital-certificates-certification-authority 2/23

2

Digital Certificate

Reference 

8/3/2019 Digital Certificates (Certification Authority)

http://slidepdf.com/reader/full/digital-certificates-certification-authority 3/23

3

Elements of Digital Cert.

 A Digital ID typically contains the following information:

 –  Your public key, Your name and email address

 – Expiration date of the public key, Name of the CA who issued your Digital ID

8/3/2019 Digital Certificates (Certification Authority)

http://slidepdf.com/reader/full/digital-certificates-certification-authority 4/23

4

Certification Authority

(CA)  A trusted agent who certifies public keys for

general use (Corporation or Bank). – User has to decide which CAs can be trusted.

The model for key certification based onfriends and friends of friends is called “Webof Trust”. –

The public key is passing from friend to friend. – Works well in small or high connected worlds.

 – What if you receive a public key from someoneyou don’t know?

8/3/2019 Digital Certificates (Certification Authority)

http://slidepdf.com/reader/full/digital-certificates-certification-authority 5/23

5

CA model (Trust model)

Root Certificate

CA Certificate

Browser Cert.

CA Certificate

Server Cert.

8/3/2019 Digital Certificates (Certification Authority)

http://slidepdf.com/reader/full/digital-certificates-certification-authority 6/23

6

Web of Trust model

Bob

 A 

B

 Alice

D

C

8/3/2019 Digital Certificates (Certification Authority)

http://slidepdf.com/reader/full/digital-certificates-certification-authority 7/237

Public Key Infrastructure

(PKI) PKI is a system that uses public-key

encryption and digital certificates to

achieve secure Internet services. There are 4 major parts in PKI.

 – Certification Authority (CA)

 – A directory Service

 – Services, Banks, Web servers

 – Business Users 

8/3/2019 Digital Certificates (Certification Authority)

http://slidepdf.com/reader/full/digital-certificates-certification-authority 8/23

8

Digital 21 . gov .hk 

Reference: An official homepagewhich provides lot of PKI, e-commerce

information

8/3/2019 Digital Certificates (Certification Authority)

http://slidepdf.com/reader/full/digital-certificates-certification-authority 9/23

9

PKI Structure

Certification Authority Directory services

User

Services,Banks,Webservers

Public/Private Keys

8/3/2019 Digital Certificates (Certification Authority)

http://slidepdf.com/reader/full/digital-certificates-certification-authority 10/23

10

4 key services

 Authentication  – Digital Certificate – To identify a user who claim who he/she is, in order to access

the resource.

Non-repudiation  – Digital Signature

 – To make the user becomes unable to deny that he/she has sentthe message, signed the document or participated in atransaction.

Confidentiality - Encryption – To make the transaction secure, no one else is able to

read/retrieve the ongoing transaction unless the communicatingparties.

Integrity - Encryption – To ensure the information has not been tampered during

transmission.

8/3/2019 Digital Certificates (Certification Authority)

http://slidepdf.com/reader/full/digital-certificates-certification-authority 11/23

11

Certificate Signers

8/3/2019 Digital Certificates (Certification Authority)

http://slidepdf.com/reader/full/digital-certificates-certification-authority 12/23

12

Certificate Enrollment

and Distribution

8/3/2019 Digital Certificates (Certification Authority)

http://slidepdf.com/reader/full/digital-certificates-certification-authority 13/23

13

Secure Web

Communication Server authentication is necessary for a web

client to identify the web site it iscommunicating with.

To use SSL, a special type of digitalcertificate  – “Server certificate” is used.

Get a server certificate from a CA.

 –E.g. www.hitrust.com.hk , www.cuhk.edu.hk/ca/ 

Install a server certificate at the Web server.

Enable SSL on the Web site.

Client authentication  – Client certificates 

8/3/2019 Digital Certificates (Certification Authority)

http://slidepdf.com/reader/full/digital-certificates-certification-authority 14/23

14

Strong and Weak 

Encryption Strong encryption

 – Encryption methods that cannot be cracked bybrute-force (in a reasonable period of time).

 –The world fastest computer needs thousands of years to compute a key.

Weak encryption – A code that can be broken in a practical time

frame. – 56-bit encryption was cracked in 1999.

 – 64-bit will be cracked in 2011.

 – 128-bit will be cracked in 2107.

8/3/2019 Digital Certificates (Certification Authority)

http://slidepdf.com/reader/full/digital-certificates-certification-authority 15/23

15

PGP decryption

Reference 

8/3/2019 Digital Certificates (Certification Authority)

http://slidepdf.com/reader/full/digital-certificates-certification-authority 16/23

16

Secure SHell (SSH)

Provide anencrypted

secure channelbetween clientand server.

Replacement for

telnet and ftp. Reference: SSH 

8/3/2019 Digital Certificates (Certification Authority)

http://slidepdf.com/reader/full/digital-certificates-certification-authority 17/23

17

Secure Shell & Secure FTP

Secure Shell Secure FTP

The Host’s Public Key

8/3/2019 Digital Certificates (Certification Authority)

http://slidepdf.com/reader/full/digital-certificates-certification-authority 18/23

18

Secure Electronic

Transaction (SET) This protocol is developed by Visa and MasterCard

specifically for the secure credit card transactionson the Internet.

SET encrypts credit card and purchase informationbefore transmission over the Internet.

SET allows the merchant’s identify be authenticated

via digital certificates, also allows the merchant to

authenticate users through their digital certificates(more difficult to someone’s stolen credit card).

SET DEMO 

8/3/2019 Digital Certificates (Certification Authority)

http://slidepdf.com/reader/full/digital-certificates-certification-authority 19/23

19

Secure Electronic

Transaction (SET) There are four parts in the SET system.

 – A software “wallet” on the user’s computer“

Cardholder”

. – A commerce server that runs on the merchant’s

web site “Merchant”.

 – The payment server that runs at the merchant’s

bank “

 Acquiring bank ”

. – The Certification Authority “Issuing bank ”.

SET FAQs 

8/3/2019 Digital Certificates (Certification Authority)

http://slidepdf.com/reader/full/digital-certificates-certification-authority 20/23

20

SET

8/3/2019 Digital Certificates (Certification Authority)

http://slidepdf.com/reader/full/digital-certificates-certification-authority 21/23

21

Privacy-Enhanced E-mail

Encrypted

Signed

8/3/2019 Digital Certificates (Certification Authority)

http://slidepdf.com/reader/full/digital-certificates-certification-authority 22/23

22

Summary

Make sure you understand the relationshipbetween – Encryption

 – Digital Signature

 – Digital Certificate

 – Certificate Authority

Understand which Public/Private key shouldbe used to encrypt/decrypt messageto/from you?

Discuss PGP, SET, SSH, encrypted email.

8/3/2019 Digital Certificates (Certification Authority)

http://slidepdf.com/reader/full/digital-certificates-certification-authority 23/23

23

References

Digital Certificate (Applied Internet Security) ByFeghhi, Feghhi, Williams  – Addison Wesley

Basic Crytography 

Digital Signature  PKI Resources 

SET Resources 

General Definitions 

Digital ID FAQ 

The End.

Thank you for your patience!