the web's security blanket
TRANSCRIPT
7/28/2019 The Web's Security Blanket
http://slidepdf.com/reader/full/the-webs-security-blanket 1/31
Verisign: The Web’s
Security Blanket
BIZBEE
7/28/2019 The Web's Security Blanket
http://slidepdf.com/reader/full/the-webs-security-blanket 2/31
Case Overview
University of Pittsburgh’s e-Store an example of Internettrust (security) services offered by VeriSign
VeriSign has grown early expertise in public keyencryption into related Internet security infrastructure
businesses Dominates the Web site encryption services market with
over 75% market share
Provides secure payment services
Provides businesses and government agencies withmanaged security services
Provides domain name registration, and manages the.com and .net domains
7/28/2019 The Web's Security Blanket
http://slidepdf.com/reader/full/the-webs-security-blanket 3/31
VeriSign:Enable everyone, everywhere to use the
Internet with confidence
• Through its acquisition of Network Solutions, VeriSignserves as the gateway to establishing an online identityand Web presence, with more than 24 million domainname registrations in .com, .net and .org .
• As the leader in the Web site security market, VeriSignprovides Internet authentication, validation and paymentservices.
• Through VeriSign Global Registry Services, VeriSign
maintains the definitive directory of over 24 million Webaddresses and is responsible for the infrastructure thatpropagates this information throughout the Internet.VeriSign Global Registry Services responds to over 1.5
billion DNS look-ups daily.
7/28/2019 The Web's Security Blanket
http://slidepdf.com/reader/full/the-webs-security-blanket 4/31
List documents used as part of transaction and how they can
be secured with digitalcertificate
credit card purchase loan promissary note
contract
no-accountability notices
7/28/2019 The Web's Security Blanket
http://slidepdf.com/reader/full/the-webs-security-blanket 5/31
What are Digital Certificates?
A digital certificate (DC) is a digital filethat certifies the identity of an individual or institution, or even a router seeking access
to computer- based information. It isissued by a Certification Authority (CA),and serves the same purpose as a driver’s
license or a passport.
7/28/2019 The Web's Security Blanket
http://slidepdf.com/reader/full/the-webs-security-blanket 6/31
What are Certification Authorities?
Certification Authorities are the digital world’s
equivalent to passport offices. They issue digitalcertificates and validate holders’ identity and
authority.They embed an individual or institution’s public
key along with other identifying information intoeach digital certificate and then
cryptographically sign it as a tamper-proof sealverifying the integrity of the data within it, andvalidating its use.
7/28/2019 The Web's Security Blanket
http://slidepdf.com/reader/full/the-webs-security-blanket 7/31
Bob’spublic
key
Bob’sidentifying
information
CAprivate
key
KB
+
certificate forBob’s public key,
signed by CA
Digitalsignature
(encrypt)KB+
KCA-
Bob’spublic
key
Bob’sidentifying
information
CAprivate
key
KB
+
certificate forBob’s public key,
signed by CA
Digitalsignature
(encrypt)KB+
KCA
What is the Process in obtaining acertificate?
7/28/2019 The Web's Security Blanket
http://slidepdf.com/reader/full/the-webs-security-blanket 9/31
Example of a Certificate:
Serial number (unique to issuer)
info about certificate owner, including algorithmand key value itself (not shown) info about
certificate
issuer valid dates
digitalsignatureby issuer
7/28/2019 The Web's Security Blanket
http://slidepdf.com/reader/full/the-webs-security-blanket 10/31
Public & Private Keys
Public and Private Key pairs comprise of twouniquely related cryptographic keys.
Public key is made accessible to everyone,whereas Private key remains confidential to itsrespective owner.
Since both keys are mathematically related onlythe corresponding private key can decrypt their corresponding public key.
7/28/2019 The Web's Security Blanket
http://slidepdf.com/reader/full/the-webs-security-blanket 11/31
How do You Obtain An Individual’s
Public Key? When Alice wants Bob’s public key:
• Alice gets Bob’s certificate (from Bob or elsewhere).
• apply CA’s public key to Bob’s certificate, get Bob’s public
key
K B+
digitalsignature(decrypt)
KB+
CApublic
keyKCA
Bob’spublic
key
7/28/2019 The Web's Security Blanket
http://slidepdf.com/reader/full/the-webs-security-blanket 12/31
Where are Digital CertificatesUsed?
In a number of Internet applications
that include:
1.Secure Socket Layer (SSL) developedby Netscape Communications Corporation
2. Secure Multipurpose Internet MailExtensions (S/MIME) Standard for securing email and electronic datainterchange (EDI).
7/28/2019 The Web's Security Blanket
http://slidepdf.com/reader/full/the-webs-security-blanket 13/31
3. Secure Electronic Transactions (SET) protocol for securing electronic payments
4. Internet Protocol Secure Standard(IPSec) for authenticating networkingdevices
Wher e are Digital CertificatesUsed?
7/28/2019 The Web's Security Blanket
http://slidepdf.com/reader/full/the-webs-security-blanket 14/31
How Digital Certificates are Usedfor Message Encryption
7/28/2019 The Web's Security Blanket
http://slidepdf.com/reader/full/the-webs-security-blanket 15/31
Do Digital Certificates HaveVulnerabilities?
One problem with a digital certificate iswhere it resides once it is obtained.
The owner's certificate sits on hiscomputer, and it is the sole responsibilityof the owner to protect it.
If the owner walks away from hiscomputer, others can gain access to it anduse his digital certificate to executeunauthorized business.
7/28/2019 The Web's Security Blanket
http://slidepdf.com/reader/full/the-webs-security-blanket 16/31
The best way to address the vulnerabilitiesof digital certificates is by combining themwith biometric technology, as that confirms
the actual identity of the sender, rather than the computer.
Do Digital Certificates HaveVulnerabilities?
7/28/2019 The Web's Security Blanket
http://slidepdf.com/reader/full/the-webs-security-blanket 17/31
7/28/2019 The Web's Security Blanket
http://slidepdf.com/reader/full/the-webs-security-blanket 18/31
Who oversees VeriSign?
There was no legal or political entity thatoversees online security. However, since9-11, there is a new national mandate for stronger security measures online.
7/28/2019 The Web's Security Blanket
http://slidepdf.com/reader/full/the-webs-security-blanket 19/31
Additional security technologyfor authentication
PKI / Encryption / SSL
Firewall
Digital Certificate Password and PIN
Token
Smart Card Biometrics
7/28/2019 The Web's Security Blanket
http://slidepdf.com/reader/full/the-webs-security-blanket 20/31
What is Biometrics ?
Definition: Measurement of body’s unique
characteristics or behavior
Types: Voice, Signature, Facial, Palm, EyFingerprint
System components:
HW -sensor SW -algorithm, API
Middleware and application
7/28/2019 The Web's Security Blanket
http://slidepdf.com/reader/full/the-webs-security-blanket 21/31
7/28/2019 The Web's Security Blanket
http://slidepdf.com/reader/full/the-webs-security-blanket 22/31
7/28/2019 The Web's Security Blanket
http://slidepdf.com/reader/full/the-webs-security-blanket 23/31
7/28/2019 The Web's Security Blanket
http://slidepdf.com/reader/full/the-webs-security-blanket 24/31
Privacy Concern: Minutiae
Extraction
Fingerprints cannot be reproduced from minutiae
template
7/28/2019 The Web's Security Blanket
http://slidepdf.com/reader/full/the-webs-security-blanket 25/31
Areas of Biometrics
Application Physical access control
Data access security
Time and attendance ID theft prevention
Privacy protection
Fraud reduction
Cost-effective and high security
7/28/2019 The Web's Security Blanket
http://slidepdf.com/reader/full/the-webs-security-blanket 26/31
Semiconductor Sensors
7/28/2019 The Web's Security Blanket
http://slidepdf.com/reader/full/the-webs-security-blanket 27/31
Traditional Optical Sensor
7/28/2019 The Web's Security Blanket
http://slidepdf.com/reader/full/the-webs-security-blanket 28/31
EyeD Mouse TM
Award-winning world’s first biometric mouse Most ergonomic & durable fingerprint sensor State-of-the-art fingerprint matching algorithm Matching software: SecuDesktop, SecuIBAS
(Features: logon, File En/Decryption, Screen Saver)
7/28/2019 The Web's Security Blanket
http://slidepdf.com/reader/full/the-webs-security-blanket 29/31
Biometrics Applications
B iometr ics Overview
Financial Sector
Point of Sale
ATM
Online Banking
Passport Control
Border Control
Medical Records Mgt
HIPAA Compliance
Door Lock
Time-Attendance
Computer Security
Access Control
Network Security
e-Commerce
Mobile Phone
Call Center
Internet Phone
Immigration
Telecommunication
Medical Facility and Attendance
National ID
Correctional Facility
AFIS
DMV
Social Security
Welfare Payment
Missing Child
Access Control
Ticket-less Travel
Anti-terrorist security
Public Sector Social Service Aviation & Travel
7/28/2019 The Web's Security Blanket
http://slidepdf.com/reader/full/the-webs-security-blanket 30/31