pki fundamentals state of the art vulnerabilities
play

PKI FUNDAMENTALS, STATE OF THE ART, VULNERABILITIES by by Bl Fyem - PowerPoint PPT Presentation

Sep 25, 2022 •167 likes •704 views

DELIVERED AT THE 11TH INTERNATIONAL CONFERENCE OF THE NIGERIA COMPUTER SOCIETY (NCS) DELIVERED AT THE 11TH INTERNATIONAL CONFERENCE OF THE NIGERIA COMPUTER SOCIETY (NCS) HELD AT THE ROYAL PARK HOTEL, ILOKO-IJESA, THE STATE OF OSUN, NIGERIA (24-26

  1. DELIVERED AT THE 11TH INTERNATIONAL CONFERENCE OF THE NIGERIA COMPUTER SOCIETY (NCS) DELIVERED AT THE 11TH INTERNATIONAL CONFERENCE OF THE NIGERIA COMPUTER SOCIETY (NCS) HELD AT THE ROYAL PARK HOTEL, ILOKO-IJESA, THE STATE OF OSUN, NIGERIA (24-26 JULY, 2013) HELD AT THE ROYAL PARK HOTEL, ILOKO-IJESA, THE STATE OF OSUN, NIGERIA (24-26 JULY, 2013) PKI FUNDAMENTALS, STATE OF THE ART, VULNERABILITIES by by Bíólá Fáyemí CISSP, CCNP,CCDP Bíólá Fáyemí CISSP, CCNP,CCDP Founder/CEO Founder/CEO CircuitContext Technologies Inc. CircuitContext Technologies Inc. Oakville,ON, Canada Oakville,ON, Canada

  2. PKI A Public Key Infrastructure is a framework A Public Key Infrastructure is a framework for issuing and managing digital for issuing and managing digital certificates. certificates. A Digital Certificate binds an identity to A Digital Certificate binds an identity to and electronic public key and electronic public key A public key is paired with a corresponding A public key is paired with a corresponding private key to produce a unique key pair private key to produce a unique key pair

  3. A LITTLE ABOUT ME Abíólá Fáyemí CISSP, CCNP, CCDP Abíólá Fáyemí CISSP, CCNP, CCDP Internetworking and Security Consultant Internetworking and Security Consultant 28 years industry experience working on Large Scale 28 years industry experience working on Large Scale Network Design, Vulnerability Research and Internet Network Design, Vulnerability Research and Internet Security at Industry bellwethers : Security at Industry bellwethers : SITA SITA America Online America Online Cisco Systems Cisco Systems Nortel Networks Nortel Networks SOMA Networks SOMA Networks nCircle Network Security nCircle Network Security

  4. INFORMATION SECURITY MANTRA  Protecting information and information systems from:  Protecting information and information systems from:  (unauthorized) access, use, disclosure, perusal, inspection,  (unauthorized) access, use, disclosure, perusal, inspection, recording recording  disruption, modification, software/database failure  disruption, modification, software/database failure  Denial of Service, deterioration, failures or destruction.  Denial of Service, deterioration, failures or destruction.  The words above all fall under one or more of the core  The words above all fall under one or more of the core principles of Information Security , namely: principles of Information Security , namely:  Confidentiality  Confidentiality  Integrity  Integrity  Availability  Availability

  5. AND MORE …  Authenticity (or Authentication)  Authenticity (or Authentication) In information Security, authentication requires that all parties involved In information Security, authentication requires that all parties involved in transactions, communications and information exchanges validate in transactions, communications and information exchanges validate who they claim to be. who they claim to be.  Non-repudiation  Non-repudiation This is the principle that implies that any party to a transaction or This is the principle that implies that any party to a transaction or information exchange cannot deny engagement with that transaction. information exchange cannot deny engagement with that transaction. In Electronic commerce and other secured transaction channels, In Electronic commerce and other secured transaction channels, technologies such as digital signatures and public key encryption are technologies such as digital signatures and public key encryption are deployed to establish authenticity and non-repudiation. deployed to establish authenticity and non-repudiation.

  6. DELIVERED AT THE 11TH INTERNATIONAL CONFERENCE OF THE NIGERIA COMPUTER SOCIETY (NCS) HELD AT THE ROYAL PARK HOTEL, ILOKO-IJESA, THE STATE OF OSUN, NIGERIA (24-26 JULY, 2013) CONFIDENTIALITY  Confidentiality – To keep your information from  Confidentiality – To keep your information from prying eyes prying eyes  Cryptography (Encryption) is used to convert  Cryptography (Encryption) is used to convert intelligible plaintext to unintelligible ciphertext. intelligible plaintext to unintelligible ciphertext.

  7. INTEGRITY – BACK IN THE DAY

  8. INTEGRITY A LA PKI

  9. WHAT DOES PKI PROVIDE ? The foundation for delivering essential elements of secure e- The foundation for delivering essential elements of secure e- Government and e-Commerce Government and e-Commerce – Authentication – Authentication – Access Control – Access Control – Privacy – Privacy – Integrity – Integrity – Non-Repudiation – Non-Repudiation

  10. THE ESSENCE OF PKI  Cryptography provides the foundation of a PKI  Cryptography provides the foundation of a PKI  Cryptographic keys are the foundation  Cryptographic keys are the foundation of cryptographic functions of cryptographic functions  PKI is built around the concept of each entity having a PAIR  PKI is built around the concept of each entity having a PAIR of mathematically related keys of mathematically related keys  Public Key – Known by Many  Public Key – Known by Many  Private Key – Known by ONE  Private Key – Known by ONE  Digital signatures and public key encryption are the bedrock  Digital signatures and public key encryption are the bedrock of Public Key Infrastructure of Public Key Infrastructure

  11. PKI : BRIEF TIMELINE  Public key crypto invented in 1976  Public key crypto invented in 1976  First mention of a public key certificate in 1978  First mention of a public key certificate in 1978  First certificate standards (X.509) issued in 1988  First certificate standards (X.509) issued in 1988  First IETF certificate standard issued in 1993  First IETF certificate standard issued in 1993  Later half of 1990’s were full of hope, and hype  Later half of 1990’s were full of hope, and hype  emergence of the World Wide Web  emergence of the World Wide Web  .com boom  .com boom  VeriSign founded (1995)  VeriSign founded (1995)  SSL invented & deployed in browsers  SSL invented & deployed in browsers  Expiration of Diffie-Hellman & RSA patents  Expiration of Diffie-Hellman & RSA patents

  12. BUILDING BLOCKS  The basic building block of a PKI is a (digital)  The basic building block of a PKI is a (digital) Certificate. Certificate.  The entity creating a certificate is called a  The entity creating a certificate is called a Certification Authority (CA) Certification Authority (CA) The core components of a Certificate are: The core components of a Certificate are: 1. Name(s) of entity that the certificate refers to. 1. Name(s) of entity that the certificate refers to. 2. The public key of the entity. 2. The public key of the entity. 3. A digital signature created by the CA. 3. A digital signature created by the CA.  Certificates and CAs enable a chain of trust to be  Certificates and CAs enable a chain of trust to be built. built.

  13. KEYS ARE THE KEY !!!

  14. SYMMETRIC KEYS

  15. ASYMMETRIC KEYS !!!

  16. OVERVIEW - COMPONENTS OF PKI TECHNOLOGY PKI technology consists of three basic parts: PKI technology consists of three basic parts:  A Registration Authority (RA) - The RA is the authentication  A Registration Authority (RA) - The RA is the authentication process in the network that verifies user requests for a process in the network that verifies user requests for a digital certificate. The RA tells the certificate authority (CA) to digital certificate. The RA tells the certificate authority (CA) to issue the digital certificate. issue the digital certificate.  A Certificate Authority (CA) - The CA issues (and revokes) the  A Certificate Authority (CA) - The CA issues (and revokes) the digital certificate, which contains a public key and the digital certificate, which contains a public key and the identity of the owner. This certificate validates that this identity of the owner. This certificate validates that this public key actually belongs to the certificate. public key actually belongs to the certificate.  A Database - The repository, or database, stores the digital  A Database - The repository, or database, stores the digital certificates. certificates.

  17. WHAT A CERTIFICATE LOOKS LIKE

  18. SECURITY NOTICE

  19. DIGITAL SIGNATURE DETAILS - GENERAL

  20. DIGITAL SIGNATURE DETAILS - ADVANCED

  21. VIEW CERTIFICATE GENERAL

  22. VIEW CERTIFICATE DETAILS

  23. VIEW CERTIFICATE PATH

  24. IMPLEMENTATION – DESIGN (ARCHITECTURE)  A PKI framework may be designed as a  A PKI framework may be designed as a hierarchical Certificate Authority (CA) trust hierarchical Certificate Authority (CA) trust model, which will map with, or closely model, which will map with, or closely approximate the administrative structure of approximate the administrative structure of governance. governance.  This architecture calls for a Root CA and several  This architecture calls for a Root CA and several (accredited) subordinate CAs (accredited) subordinate CAs

  25. MODELS - HIERARCHICAL

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Defending against Memory Corruption Vulnerabilities and Advanced Attacks Gang Tan Penn State

Defending against Memory Corruption Vulnerabilities and Advanced Attacks Gang Tan Penn State

Defending against Memory Corruption Vulnerabilities and Advanced Attacks Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security * some slides adapted from those by Trent Jaeger Overflow Vulnerabilities Despite

901 views • 46 slides
SpeechMiner: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities

SpeechMiner: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities

SpeechMiner: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities Yuan Xiao, Yinqian Zhang, Radu Teodorescu The Ohio State University SPEculative Execution side Channel Hardware (SPEECH) Vulnerabilities Leverage

512 views • 24 slides
Memory Corruption Vulnerabilities, Part II Gang Tan Penn State University Spring 2019 CMPSC

Memory Corruption Vulnerabilities, Part II Gang Tan Penn State University Spring 2019 CMPSC

Memory Corruption Vulnerabilities, Part II Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security Integer Overflow Vulnerabilities * slides adapted from those by Seacord 3 Integer Overflows An integer overflow occurs

639 views • 52 slides
Buffer Software Security overflows and other memory safety vulnerabilities History

Buffer Software Security overflows and other memory safety vulnerabilities History

This time We will begin By investigating our 1st section: Buffer Software Security overflows and other memory safety vulnerabilities History Memory layouts Buffer overflow fundamentals Analyzing security Security

1.41k views • 107 slides
NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2

NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2

1 NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2 Memory safety attacks Buffer overruns Format string vulnerabilities Web application vulnerabilities SQL injections Cross-site

901 views • 39 slides
vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration

vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration

Security & Knowledge Management a.a. 2019/20 There are a set of sources that provide updated information about security vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration CAPEC,

197 views • 8 slides
Buffer Software Security overflows and other memory safety vulnerabilities History

Buffer Software Security overflows and other memory safety vulnerabilities History

This time We will begin By investigating our 1st section: Buffer Software Security overflows and other memory safety vulnerabilities History Memory layouts Buffer overflow fundamentals Software security Security is a form

2.11k views • 190 slides
Operating System Hardening Vulnerabilities Unique vulnerabilities for: Different

Operating System Hardening Vulnerabilities Unique vulnerabilities for: Different

Operating System Hardening Vulnerabilities Unique vulnerabilities for: Different operating systems Different vendors Client and server systems Vendors try to correct Attackers try to exploit Security professionals must

620 views • 11 slides
Systems Fundamentals Overview Definition Examples Properties Memory

Systems Fundamentals Overview Definition Examples Properties Memory

Systems Fundamentals Overview Definition Examples Properties Memory Invertibility Causality Stability Time Invariance Linearity J. McNames Portland State University ECE 222 System Fundamentals Ver. 1.06 1

273 views • 25 slides
Jonathan Pollet conference Part 1: Control System Vulnerabilities control system vulnerabilities

Jonathan Pollet conference Part 1: Control System Vulnerabilities control system vulnerabilities

Rome, May 31, 2011 Jonathan Pollet conference Part 1: Control System Vulnerabilities control system vulnerabilities > analysis of 5 years of field data Jonathan Pollet, CISSP , CAP , PCIP Red Tiger Security [on behalf of the DHS CSSP

413 views • 20 slides
ISE 331 Fundamentals of Computer Security Authentication and Attacks Agenda User

ISE 331 Fundamentals of Computer Security Authentication and Attacks Agenda User

ISE 331 Fundamentals of Computer Security Authentication and Attacks Agenda User Authentication Authentication process Means of authentication Passwords Vulnerabilities of passwords Password Cracking Dictionary Attacks

471 views • 21 slides
Buffer Software Security overflows and other memory safety vulnerabilities Buffer overflow

Buffer Software Security overflows and other memory safety vulnerabilities Buffer overflow

Last time We continued By launching our 1st section: Buffer Software Security overflows and other memory safety vulnerabilities Buffer overflow fundamentals This time We will finish up By looking at Buffer Overflow overflows

1.33k views • 103 slides
HOWTO Reminders Basic Vulnerabilities and their Vulnerabilities Exploitation Security Samuel

HOWTO Reminders Basic Vulnerabilities and their Vulnerabilities Exploitation Security Samuel

HOWTO Basic Vulnerabilities and their Exploitation Samuel Angebault HOWTO Reminders Basic Vulnerabilities and their Vulnerabilities Exploitation Security Samuel Angebault staphylo@lse.epita.fr http://lse.epita.fr/ July 18, 2013 Table

969 views • 57 slides
Memory Corruption Vulnerabilities, Part I Gang Tan Penn State University Spring 2019 CMPSC

Memory Corruption Vulnerabilities, Part I Gang Tan Penn State University Spring 2019 CMPSC

Memory Corruption Vulnerabilities, Part I Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security Some Terminology Software error A programming mistake that make the software not meet its expectation Software

726 views • 59 slides
Compliance Fundamentals Mastering Tax Base, Nexus, Sourcing and Other Essential Multi-State

Compliance Fundamentals Mastering Tax Base, Nexus, Sourcing and Other Essential Multi-State

Presenting a live 110-minute teleconference with interactive Q&A Sales and Use Tax Key Compliance Fundamentals Mastering Tax Base, Nexus, Sourcing and Other Essential Multi-State Concepts TUESDAY, OCTOBER 15, 2013 1pm Eastern | 12pm

1.09k views • 93 slides
TRENDS IN WEB VULNERABILITIES MICHEL CHAMBERLAND Introduction Agenda Introduction

TRENDS IN WEB VULNERABILITIES MICHEL CHAMBERLAND Introduction Agenda Introduction

TRENDS IN WEB VULNERABILITIES MICHEL CHAMBERLAND Introduction Agenda Introduction Session Goals Presenter and Trustwave SpiderLabs background Analysis Overview Data Source Most frequently found SEVERE vulnerabilities

907 views • 62 slides
Cyber Security in Europe Priorities, Standards and Cooperation Opportunities Alessandro Guarino

Cyber Security in Europe Priorities, Standards and Cooperation Opportunities Alessandro Guarino

Cyber Security in Europe Priorities, Standards and Cooperation Opportunities Alessandro Guarino ETSI TC CYBER StudioAG EU-SEA Workshop - Hanoi 2/12/2015 Hanoi National University 1 / 38 Introduction Who am I ? Day job: Information

394 views • 38 slides
your PCI I DSS program GoSec August 2019 Yves B. Desharnais, MBA, CISSP, PCIP www.p .pcir

your PCI I DSS program GoSec August 2019 Yves B. Desharnais, MBA, CISSP, PCIP www.p .pcir

Future proofing your PCI I DSS program GoSec August 2019 Yves B. Desharnais, MBA, CISSP, PCIP www.p .pcir ireso esour urces.com es.com Future-proofing your PCI DSS program GoSec August 2019 1 Agenda About Yves 1. PCI DSS &

481 views • 32 slides
Agenda 18:00 Pre-mingle 18:30 Introduction to the Blockchain and Ethereum Thomas

Agenda 18:00 Pre-mingle 18:30 Introduction to the Blockchain and Ethereum Thomas

Agenda 18:00 Pre-mingle 18:30 Introduction to the Blockchain and Ethereum Thomas Backlund - Founder Blockie 19:10 Short break 19:15 Creating Lendroid - an Ethereum-based app Vignesh M. Sundaram - Founder Lendroid

523 views • 15 slides
Chapter 17 : Computer Science Class XI ( As per Cyber CBSE Board) Safety Visit :

Chapter 17 : Computer Science Class XI ( As per Cyber CBSE Board) Safety Visit :

Chapter 17 : Computer Science Class XI ( As per Cyber CBSE Board) Safety Visit : python.mykvs.in for regular updates Introduction-Cyber Safety Cyber safety is the safe and responsible use of Internet & ICT(Information &

312 views • 18 slides
Passive Routing Attacks in MANET ! Location privacy attack Correlate a mobile node with its

Passive Routing Attacks in MANET ! Location privacy attack Correlate a mobile node with its

ANODR : AN onymous O n- D emand R outing with Untraceable Routes for Mobile Ad Hoc Networks MobiHOC 2003 June 3, 2003 Jiejun Kong, Xiaoyan Hong Wireless-Adaptive-Mobility Laboratory Department of Computer Science University of California,

345 views • 10 slides
Communication in Distributed Systems Issues in communication (today) Message-oriented

Communication in Distributed Systems Issues in communication (today) Message-oriented

Communication in Distributed Systems Issues in communication (today) Message-oriented Communication Remote Procedure Calls Transparency but poor for passing references Remote Method Invocation RMIs are essentially RPCs

246 views • 9 slides
A Guide for Families How to use this is document: You can navigate to an area of f in

A Guide for Families How to use this is document: You can navigate to an area of f in

Distance Learning Phase 2 A Guide for Families How to use this is document: You can navigate to an area of f in interest, or jump forw rward or backward usin ing the tabs: Special Ed. Instruction Technology Q & A Expectations

359 views • 21 slides
SystemVerilogCSP: Modeling Digital Asynchronous Circuits Using SystemVerilog Interfaces Arash

SystemVerilogCSP: Modeling Digital Asynchronous Circuits Using SystemVerilog Interfaces Arash

SystemVerilogCSP: Modeling Digital Asynchronous Circuits Using SystemVerilog Interfaces Arash Saifhashemi 1 Peter A. Beerel 1,2 1 Ming Hsieh Dept. of Electrical Engineering, University of Southern California 2 Fulcrum Microsystems, Calabasas CA,

410 views • 24 slides

More recommend