Upload File

public key infrastructure (pki) - the university of edinburgh · public key infrastructure (pki)...

  • Home
  • Documents
  • Public Key Infrastructure (PKI) - The University of Edinburgh · Public Key Infrastructure (PKI) Myrto Arapinis School of Informatics University of Edinburgh October 18, 2016 1/13
13
Public Key Infrastructure (PKI) Myrto Arapinis School of Informatics University of Edinburgh October 18, 2016 1 / 13

Upload: others

Post on 22-Jun-2020

8 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Public Key Infrastructure (PKI) - The University of Edinburgh · Public Key Infrastructure (PKI) Myrto Arapinis School of Informatics University of Edinburgh October 18, 2016 1/13

Public Key Infrastructure (PKI)

Myrto ArapinisSchool of Informatics

University of Edinburgh

October 18, 2016

1 / 13

Page 2: Public Key Infrastructure (PKI) - The University of Edinburgh · Public Key Infrastructure (PKI) Myrto Arapinis School of Informatics University of Edinburgh October 18, 2016 1/13

Public keys

Figure: How does Alice trust that pkAmazon is Amazon’s public key?

Public-key encryption schemes are secure only if the authenticity ofthe public key is assured

2 / 13

Page 3: Public Key Infrastructure (PKI) - The University of Edinburgh · Public Key Infrastructure (PKI) Myrto Arapinis School of Informatics University of Edinburgh October 18, 2016 1/13

Distribution of public keys

1. Public announcements - participants broadcast their public key/ does not defend against forgeries

2. Publicly available directories - participants publish their publickey on public directories/ does not defend against forgeries

3. Public-key authority - participants contact the authority foreach public key it needs/ bottleneck in the system

4. public-key certificates - CAs issue certificates to participantson their public key, as reliable as public-key authority but avoiding thebottleneck

3 / 13

Page 4: Public Key Infrastructure (PKI) - The University of Edinburgh · Public Key Infrastructure (PKI) Myrto Arapinis School of Informatics University of Edinburgh October 18, 2016 1/13

Public key certificates

Figure: image from Cryptography and Network Security - Principles and Practice -William Stallings

A certificate consists mainly of

I a public key

I a subject identifying the owner of the key

I a signature by the CA on the key and the subject bindingthem togetherthe CA is trusted

4 / 13

Page 5: Public Key Infrastructure (PKI) - The University of Edinburgh · Public Key Infrastructure (PKI) Myrto Arapinis School of Informatics University of Edinburgh October 18, 2016 1/13

X.509 certificates

Figure: image from Cryptography and Network Security - Principles and Practice -William Stallings

I X.509 defines a framework for the provision of authenticationservices

I Used by many applications such as TLS

5 / 13

Page 6: Public Key Infrastructure (PKI) - The University of Edinburgh · Public Key Infrastructure (PKI) Myrto Arapinis School of Informatics University of Edinburgh October 18, 2016 1/13

Public key certificates

Figure: Alice can now verify Amazon’s certificate

6 / 13

Page 7: Public Key Infrastructure (PKI) - The University of Edinburgh · Public Key Infrastructure (PKI) Myrto Arapinis School of Informatics University of Edinburgh October 18, 2016 1/13

Using public key certificates to secure the Internet

A very important implicit assumption

The browser is trusted to be “secure”

7 / 13

Page 8: Public Key Infrastructure (PKI) - The University of Edinburgh · Public Key Infrastructure (PKI) Myrto Arapinis School of Informatics University of Edinburgh October 18, 2016 1/13

Amazon’s certificate

8 / 13

Page 9: Public Key Infrastructure (PKI) - The University of Edinburgh · Public Key Infrastructure (PKI) Myrto Arapinis School of Informatics University of Edinburgh October 18, 2016 1/13

Browser root certificates

9 / 13

Page 10: Public Key Infrastructure (PKI) - The University of Edinburgh · Public Key Infrastructure (PKI) Myrto Arapinis School of Informatics University of Edinburgh October 18, 2016 1/13

Chain of trust

Figure: X.509 Hierarchy - image from Cryptography and Network Security -Principles and Practice - William Stallings

I Having a single CA sign all certificates is not practical

I Instead a root CA signs certificates for level 1 CAs, level 1CAs sign certificates for level 2 CAs, etc

10 / 13

Page 11: Public Key Infrastructure (PKI) - The University of Edinburgh · Public Key Infrastructure (PKI) Myrto Arapinis School of Informatics University of Edinburgh October 18, 2016 1/13

Self-signed certificates

11 / 13

Page 12: Public Key Infrastructure (PKI) - The University of Edinburgh · Public Key Infrastructure (PKI) Myrto Arapinis School of Informatics University of Edinburgh October 18, 2016 1/13

The Lenovo Superfish scandal (February 2015)

12 / 13

Page 13: Public Key Infrastructure (PKI) - The University of Edinburgh · Public Key Infrastructure (PKI) Myrto Arapinis School of Informatics University of Edinburgh October 18, 2016 1/13

And more recently (September 2016)

13 / 13


PKI Design

Buffer Overflow - The University of Edinburgh · Buffer Overflow KAMI VANIEA JANUARY 28TH 2016 Some slides copied from Myrto Arapinis’ talk last year KAMI VANIEA 1

PKI Setting

IoT: Taking PKI Where No PKI Has Gone Before

DoD Public Key Infrastructure (PKI) Partner PKI ...jitc.fhu.disa.mil/projects/pki/documents/DoD_PKI_Interoperability... · UNCLASSIFIED DoD Public Key Infrastructure (PKI) Partner

Instruction manual and Spare parts list · 2018. 5. 9. · Instruction manual and Spare parts list Welding torch PKI 250S / 250D PKI 500S / 500D PKI 630S / 630D PKI 300S / 300D 504

AllSeen Summit 2015: IoT: Taking PKI Where No PKI … · AllSeen Summit 2015: IoT: Taking PKI Where No PKI Has Gone Before Presented by: Scott Rea – DigiCert Sr. PKI Architect

Alexandra Arapinis : From ontological structures to semantic lexical structures: the case of institutional entities

Web basics: HTTP cookies - inf.ed.ac.uk · PDF fileWeb basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh November 10, 2016

Federal PKI Architecture Update Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority

Pki for dummies

Unisys Internal PKI Certificate Policyuispki.unisys.com/rep/Unisys_Internal_PKI_Certificate...Unisys Internal PKI. Name: Unisys Internal PKI Certificate Policy Version / Last Revision:

Public Key Infrastructure (PKI) Trust Serviceshecker.org/mozilla/slalom-pki-fact-sheet.pdfyour PKI will be ready for global acceptance Public Key Infrastructure (PKI) Trust Services

Course overview and - The University of Edinburgh · Course overview and Administrative matters1 Myrto Arapinis and Colin Stirling School of Informatics University of Edinburgh September

FIDO Alliance and Asia PKI Consortium White Paper: FIDO UAF and PKI …fidoalliance.org/wp-content/uploads/FIDO-UAF-and-PKI-in... · 2019-11-16 · In Asia, PKI (Public Key Infrastructure)

INFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECTa-pki.escb.eu/epkweb/pdf/ESCB-PKI-Import_Export_Standard_Certific… · INFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECT USER GUIDE:

Wireless PKI

Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before

Storing PKI Credentials - Cisco...Storing PKI Credentials Publickeyinfrastructure(PKI)credentials,suchasRivest,Shamir,andAdelman(RSA)keysandcertificates canbestoredinaspecificlocationontherouter

Web basics: HTTP cookies - The University of · PDF fileWeb basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh November 20, 2017

PKI Interoperability

PKI history 4 PKI – Public Key Infrastructure

PKI Uncovered

PKI Robin Burke ECT 582. Outline Discussion Review The need for PKI PKI hierarchical PKI networked PKI bridging Certificate policies rationale examples

Cryptography Basics Pki

Course overview and...Course overview and Administrative matters1 Myrto Arapinis and Colin Stirling School of Informatics University of Edinburgh September 15, 2014 1Slides mainly

ECB PKI Certificate Policy (CP) Certification Practice ...cps.pki.ecb.europa.eu/cps/ecb pki cp cps.pdf · ECB CLASS 1 PKI Certificate Policy (CP) v2.0……………………………………

Cisco IOS PKI Overview Understanding and Planning a PKI · Cisco IOS PKI Overview Understanding and Planning a PKI CiscoIOSpublickeyinfrastructure(PKI)providescertificatemanagementtosupportsecurityprotocols

Reflection PKI Services Manager User Guide - …docs.attachmate.com/reflection/pki/1.3sp1/pki-manager-user-guide.pdfTest Certificate Dialog Box ... 8 Reflection PKI Services Manager

Myrto Arapinis School of Informatics University of Edinburgh · Web security: web basics Myrto Arapinis School of Informatics University of Edinburgh November 13, 2017 1/14

Pki Training V1.5

Oma Drm2 Pki

Buffer Overflow - The University of Edinburgh · PDF fileBuffer Overflow KAMI VANIEA JANUARY 28TH 2016 Some slides copied from Myrto Arapinis’ talk last year KAMI VANIEA 1

Curso gestion pki

Web basics: HTTP cookies - School of · PDF fileWeb basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh March 30, 2015 1/27.