Beruflich Dokumente
Kultur Dokumente
CryptographySystems
Symmetric Cryptosystem
Asymmetric Cryptosystem
Public Key System
Winston Mendis
1
Asymmetric Cryptosystem
A send a signed message (M) to B
A signs M
S = DA (M)
M = EA (S)
KEY Encryption
PKI.. !
PKI is "the set of hardware, software,
people, policies and procedures
needed to create, manage, store,
distribute, and revoke PKCs based on
public-key cryptography... A failure in
any one of [many security] areas can
cause the entire system security to
fail" (Arsenault & Turner 1999-2001).
PKI(PublicKey
Infrastructure)
TheAnatomyofPKI
PKI is based on a mechanism called a digital certificate.
Digital certificates are sometimes also referred to as X.509
certificates or simply as certificates.
HowPKIworks
PKI(PublicKeyInfrastructure)
11
12
DigitalCertificate
13
14
TwomainPKImodels
CertificationAuthority(CA)
Central and
Hierarchical
Central
Used for small to medium sized companies or flat
network design. A single authority assigns all their
certificates.
15
16
TwomainPKImodels
Hierarchical
Hierarchical is used in medium to large organisations.
You have a root CA, such as Microsoft in house
solution, or it can be a public trusted company such as
Verisign.
Then you have separate sub ordinate CA's assigning
separate
security
domains
digital
certificates.
Hierarchical is a multi tiered approach suited for
enterprise networks.
Subordinate CA's hand out certificates to employees
and other people (systems and individual users).
17
Certificaterequest
A company requests for a digital certificate.
The CA would require some information back from
this company. Usually some proof they are who they
claim to be, and require their registration
information.
After the CA is happy with the companys request, it
would generate a public key for the company with
the identity information attached to the certificate.
18
Howtwopartiescommunicateasecure
channelbetweeneachotherviapublickey.
Certificaterequest
This public key along with its related private key can be
generated by the CA or by the system the company will
be installing this certificate on. If it is produced by the
company then on the device a public and private key
pair would be generated and sent to the CA.
Howasecurekeyisagreedupon
bytwopeers
20
22