Question • Diffie Hellman Key Exchange protocol that we studied in the last class is used to exchange: symmetric key or asymmetric key
Question • What is the mean/method that we studied to exchange asymmetric keys? Hint: If you don’t know key of Bob; ask Sam – the TTP
Digital Certificate
Digital Certificates • Digital Certificates are meant to communicate public keys • Issuer of a digital certificate vouches for the principal (subject of the certificate) to whom the certificate is issued • Anyone who trusts the certificate issuer, trusts the subject of the certificate
Certification Authority (CA) • An organization that creates, publishes, and revokes certificates. • Verifies the information in the certificate, binds identities to cryptographic keys. – May outsource identity verification to registration authorities (RA) • Protects general security & policies of the system and its records. • Allows end user to check certificates so they can decide whether to use them in transactions. • Has one/more trusted Roots, called a trust anchor
PKI – Public Key Infrastructure • A setup, meant for public key distribution, involving an interconnected , hierarchical , network of: – CA: certification authority – RA: registration authority
Certificate Pinning
Certificate Pinning Certificate Pinning: Process of hard-coding/inserting a certificate into the trust zone of a computer / application / browsers, etc.
Hierarchy of CA
Top-Down flow of Implicit Trust
Islands of Trust
Cross-Certification as Trust Delegation
Exercise • I have a certificate issued from IIT Bombay • You have a certificate issued from IIT Jodhpur What are the conditions under which my trust is implied on your certificate?
Recommend
More recommend
