Question Diffie Hellman Key Exchange protocol that we studied in - - PowerPoint PPT Presentation

Question

• Diffie Hellman Key Exchange protocol that we

studied in the last class is used to exchange:

 symmetric key

• r

 asymmetric key

Question

• What is the mean/method that we studied to

exchange asymmetric keys?

 Hint: If you don’t know key of Bob; ask Sam – the TTP

Digital Certificate

Digital Certificates

• Digital Certificates are meant to communicate

public keys

• Issuer of a digital certificate vouches for the

principal (subject of the certificate) to whom the certificate is issued

• Anyone who trusts the certificate issuer, trusts

the subject of the certificate

Certification Authority (CA)

• An organization that creates, publishes, and revokes

certificates.

• Verifies the information in the certificate, binds

identities to cryptographic keys.

– May outsource identity verification to registration authorities (RA)

• Protects general security & policies of the system and

its records.

• Allows end user to check certificates so they can decide

whether to use them in transactions.

• Has one/more trusted Roots, called a trust anchor

PKI – Public Key Infrastructure

• A setup, meant for public key distribution,

involving an interconnected, hierarchical, network of:

– CA: certification authority – RA: registration authority

Certificate Pinning

Certificate Pinning Certificate Pinning: Process of hard-coding/inserting a certificate into the trust zone of a computer / application / browsers, etc.

Hierarchy of CA

Top-Down flow of Implicit Trust

Islands of Trust

Cross-Certification as Trust Delegation

Exercise

• I have a certificate issued from IIT Bombay
• You have a certificate issued from IIT Jodhpur

What are the conditions under which my trust is implied on your certificate?