the pkix standards and pki implementations
play

The PKIX Standards and PKI Implementations Simos Xenitellis - PDF document

Apr 15, 2023 •205 likes •513 views

The PKIX Standards and PKI implementations The PKIX Standards and PKI Implementations Simos Xenitellis University of London S.Xenitellis@rhbnc.ac.uk 1 16th May, 2000, University of London The PKIX Standards and PKI implementations Agenda

  1. The PKIX Standards and PKI implementations The PKIX Standards and PKI Implementations Simos Xenitellis University of London S.Xenitellis@rhbnc.ac.uk 1 16th May, 2000, University of London

  2. The PKIX Standards and PKI implementations Agenda We are going to discuss about • open-source software • public key cryptography • PKI functionality about • the PKIX Standards and finally about • PKI implementations 2 16th May, 2000, University of London

  3. The PKIX Standards and PKI implementations Open-source is • a new trend • a new software development model • is based on the almost zero distribution costs • quick initial distribution • not expensive life-cycle In short • availability of source code • covered by suitable unencumbered licence 3 16th May, 2000, University of London

  4. The PKIX Standards and PKI implementations Public Key Cryptography Algorithms • RSA • El Gamal • Elliptic curves can • encrypt/decrypt • sign/verify 4 16th May, 2000, University of London

  5. The PKIX Standards and PKI implementations Example of Public Key Cryptography: RSA Setup • Find strong primes p and q. • Set n = p * q • Pick e co-prime with (p-1)(q-1) • and find d so that (d * e) mod ((p-1)(q-1)) = 1 the keys are • Public: n and e • Private: d 5 16th May, 2000, University of London

  6. The PKIX Standards and PKI implementations Creation of a Certification Authority In the beginning, the CA • generates public/private key pair • generates certificate request • make a certificate out of the certificate request (sign) • gives that certificate, the root CA certificate to everyone • keeps private key very private 6 16th May, 2000, University of London

  7. The PKIX Standards and PKI implementations Client sign-up Procedure • user creates own certificate request • sends over to RA to authorise • if RA says ok, sends over to CA • CA signs the request, thus creating a Certificate • CA sends Certificate back to RA • RA publishes it somehow • user gets Certificate 7 16th May, 2000, University of London

  8. The PKIX Standards and PKI implementations Why PKIs? To improve Internet Security • S/MIME • TLS • IPSec To provide • confidentiality • data integrity • data-origin authentication • non-repudiation 8 16th May, 2000, University of London

  9. The PKIX Standards and PKI implementations Historical Events • Everything started from X.500, circa 1984 • X.500 was about directory services • became standard at end of 80s • defined the X.509 certificate format • X.509 too generic and untested in real applications • someone had to stand-up and define area of applicability 9 16th May, 2000, University of London

  10. The PKIX Standards and PKI implementations X.509 v2 ’93 X.500 revision in 1993 Two fields added in certificate • subjectUniqueIdentifier • issuerIniqueIdentifier Support directory access control PEM made use of v2 10 16th May, 2000, University of London

  11. The PKIX Standards and PKI implementations X.509 v3 ’96 PEM implementation showed deficiences ISO/IEC/ITU and ANSI X9 standard Standard extensions • additional subject identification information • key attribute information • policy information • certification path constraints 11 16th May, 2000, University of London

  12. The PKIX Standards and PKI implementations Enter IETF Still X.509 Certificates were lacking Formed PKIX Working Group (Oct95) Specified Internet PKI profile In detail • for X.509 v3 PKCs • for X.509 v2 CRLs Gone through 11 drafts Now it official, RFC2459 12 16th May, 2000, University of London

  13. The PKIX Standards and PKI implementations PKIX Definitions Certificate • Attribute Certificate • Public Key Certificate Authority • Certification Authority • Attribute Authority • and maybe Registration Authority End Entity 13 16th May, 2000, University of London

  14. The PKIX Standards and PKI implementations PKIX Definitions (cont’) Infrastructures • Public Key Infrastructure (PKI) • Privilege Management Infrastructure (PMI) Documents • Certificate Policy (CP) • Certification Practice Statement (CPS) 14 16th May, 2000, University of London

  15. The PKIX Standards and PKI implementations More PKIX • Profiles for Certs/CRLs • Management protocols • Operational protocols • Certificate Policy and Certification Practice Statement • Time-stamping and data-certification services 15 16th May, 2000, University of London

  16. The PKIX Standards and PKI implementations PKIX: Profiles • Basic Certificate Fields • Certificate extensions • CRL and CRL extensions • Certificate Path Validation • Algorithm support • plus ASN.1 structures and OIDs 16 16th May, 2000, University of London

  17. The PKIX Standards and PKI implementations PKIX: Management protocols For on-line interactions of client with management entities Certificate Management Protocol (CMP) • CMP-TCP • CMP-HTTP 17 16th May, 2000, University of London

  18. The PKIX Standards and PKI implementations PKIX: Operational protocols Delivery of Certs/CRLs/status to client systems Good to have variety here Currently • FTP • HTTP • OCSP • LDAPv2 • LDAPv3 18 16th May, 2000, University of London

  19. The PKIX Standards and PKI implementations PKIX: CP and CPS Addresses • physical and personal security • subject identification requirements • revocation policy • etc. Has examples 19 16th May, 2000, University of London

  20. The PKIX Standards and PKI implementations PKIX: Time stamps (1/2) • Still draft, on 6th revision • Talks about TSA, the Time Stamp Authority Simple (c) • Receives request • Appends current time • Signs • Sends back Offers non-repudiation 20 16th May, 2000, University of London

  21. The PKIX Standards and PKI implementations PKIX: PKIX and DVCS Data Validation and Certification Service What does it do? • certify existence • certifcy correctness of • message • signature Offers non-repudiation 21 16th May, 2000, University of London

  22. The PKIX Standards and PKI implementations PKIX: PKI Entities Operational transactions and management transactions End entity Management transactions PKI users Certificate/CRL Repository Publish Certificate PKI management entities RA CA Publish certificate Publish CRL Management transactions CA 22 16th May, 2000, University of London

  23. The PKIX Standards and PKI implementations PKIX: AC Exchange Server Acquisition AC Issuer Client Acquisition AC "push" Client Server (part of app. protocol) Client Server Lookup Lookup Repository 23 16th May, 2000, University of London

  24. The PKIX Standards and PKI implementations Implementations #1 pyCA and OpenCA • set of CGI scripts • OpenSSL for crypto needs • run ok on Unix/Unix-like • support Netscape • no strict compliance with PKIX • allow RAD testing/implementation 24 16th May, 2000, University of London

  25. The PKIX Standards and PKI implementations Implementations #2 OSCAR • Open Secure Certificate ARchitecture • comes from DTSC, Australia • good support for X.509v3, crypto, PKCS, PKIX • very good Netscape support • source code available, but can’t redistribute/sell freely • should open license 25 16th May, 2000, University of London

  26. The PKIX Standards and PKI implementations Implementaions #3 Mozilla Open Source PKI Projects Provides two libraries • NSS, Network Security Services • PSM, Personal Security Manager Comments • For integration with Netscape/iPlanet products • License is MPL or GPL, you choose • Crypto still in trouble • No strict PKIX compliance • Crypto must get fixed, then go fast 26 16th May, 2000, University of London

  27. The PKIX Standards and PKI implementations Implementations #4 MISPC or Minimum Interoperability Specifications for PKI Components • Brought to you by NIST • CD-only distribution (still waiting for it) • Only for Windows • Has some PKIX support • No crypto for US, yet • Gloomy future 27 16th May, 2000, University of London

  28. The PKIX Standards and PKI implementations Implementations #5 Reference Implementation from IBM PKIX compliance with • RFC 2459 Profiles • RFC 2510 Management • RFC 2511 CRMF • LDAPv2 draft Comments • no crypto for US • they verified the PKIX docs, found errata • uses CDSA • code needs clean-up, looks nice • is freeware, me says they changed their mind 28 16th May, 2000, University of London

  29. The PKIX Standards and PKI implementations Fin We talked about • open-source software • public key cryptography • PKI functionality about • the PKIX Standards and finally about • PKI implementations 29 16th May, 2000, University of London

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Traceable Anonymous Certificate dra raft-ie ietf-pkix-tac-01.txt IE IETF-72 at t PKIX IX WG

Traceable Anonymous Certificate dra raft-ie ietf-pkix-tac-01.txt IE IETF-72 at t PKIX IX WG

Traceable Anonymous Certificate dra raft-ie ietf-pkix-tac-01.txt IE IETF-72 at t PKIX IX WG Park, SangHwan shpark@kisa.or.kr Stephen Kent kent@bbn.com Overview I-D defines a practical architecture and protocols for offering privacy in

275 views • 8 slides
PKIX WG Meeting 3/20/03 Edited by Steve Kent Chairs: Stephen Kent <kent@bbn.com>, Tim Polk

PKIX WG Meeting 3/20/03 Edited by Steve Kent Chairs: Stephen Kent <kent@bbn.com>, Tim Polk

PKIX WG Meeting 3/20/03 Edited by Steve Kent Chairs: Stephen Kent <kent@bbn.com>, Tim Polk <tim.polk@nist.gov> The PKIX WG met once during the 56th IETF. A total of approximately 76 individuals participated in the meeting. Agenda

475 views • 3 slides
Verifying Web Services Security Protocols, Standards, and Implementations Karthik Bhargavan

Verifying Web Services Security Protocols, Standards, and Implementations Karthik Bhargavan

Verifying Web Services Security Protocols, Standards, and Implementations Karthik Bhargavan Microsoft Research, Cambridge Microsoft Research INRIA Joint Centre, Paris Joint work with C. Fournet and A.D. Gordon + R. Puccella, S. Tse, N.

1.4k views • 122 slides
Threshold Implementations Svetla Nikova Threshold Implementations A provably secure

Threshold Implementations Svetla Nikova Threshold Implementations A provably secure

Threshold Implementations Svetla Nikova Threshold Implementations A provably secure countermeasure Against (first) order power analysis based on multi party computation and secret sharing 2 Outline Threshold Implementations

990 views • 58 slides
DRM Proxy Architecture draft-zhipeng-pkix-drm-proxy-architecture Zhipeng Zhou (via Barry Leiba)

DRM Proxy Architecture draft-zhipeng-pkix-drm-proxy-architecture Zhipeng Zhou (via Barry Leiba)

DRM Proxy Architecture draft-zhipeng-pkix-drm-proxy-architecture Zhipeng Zhou (via Barry Leiba) Huawei Technologies Why? Digital Rights Management is something service providers have to deal with. Standard mechanisms for managing

273 views • 9 slides
Contracts vs. Implementations: Where? Common Eiffel Errors: Instructions for Implementations :

Contracts vs. Implementations: Where? Common Eiffel Errors: Instructions for Implementations :

Contracts vs. Implementations: Where? Common Eiffel Errors: Instructions for Implementations : inst 1 , inst 2 Contracts vs. Implementations Boolean expressions for Contracts: exp 1 , exp 2 , exp 3 , exp 4 , exp 5 feature -- Commands

231 views • 6 slides
Stack Implementations Tiziana Ligorio 1 Todays Plan Stack Implementations: Array

Stack Implementations Tiziana Ligorio 1 Todays Plan Stack Implementations: Array

Stack Implementations Tiziana Ligorio 1 Todays Plan Stack Implementations: Array Vector Linked Chain 2 Stack ADT #ifndef STACK_H_ #define STACK_H_ template<<typename ItemType> class

1.19k views • 71 slides
RFC 3161 bis Time-stamp Protocol draft-ietf-pkix-rfc3161-01.txt Denis Pinkas. Bull SAS. Lead

RFC 3161 bis Time-stamp Protocol draft-ietf-pkix-rfc3161-01.txt Denis Pinkas. Bull SAS. Lead

RFC 3161 bis Time-stamp Protocol draft-ietf-pkix-rfc3161-01.txt Denis Pinkas. Bull SAS. Lead editor of RFC 3161 San Francisco - March 23, 2009 Status A draft has been issued in February 2009. Major differences from RFC 3161 [RFC3161] are

735 views • 6 slides
Standards (code and otherwise) often talk about code standards, but many teams also use

Standards (code and otherwise) often talk about code standards, but many teams also use

Standards (code and otherwise) often talk about code standards, but many teams also use document standards, version control standards, bug reporting standards, process standards, etc goal is to reduce confusion, errors, omissions in

529 views • 5 slides
MPRI 2-30: Automated Verification of Cryptographic Protocol Implementations K Bhargavan

MPRI 2-30: Automated Verification of Cryptographic Protocol Implementations K Bhargavan

MPRI 2-30: Automated Verification of Cryptographic Protocol Implementations K Bhargavan (Slides from A.D. Gordon and C. Fournet) Spring, 2014 Outline of Lectures Lecture 1 (Jan 22, Today) Intro to Verified Protocol Implementations

1.32k views • 112 slides
Lightweight Implementations of SHA-3 Candidates on FPGAs Jens-Peter Kaps Panasayya Yalla

Lightweight Implementations of SHA-3 Candidates on FPGAs Jens-Peter Kaps Panasayya Yalla

Introduction Methodology Implementations Results Lightweight Implementations of SHA-3 Candidates on FPGAs Jens-Peter Kaps Panasayya Yalla Kishore Kumar Surapathi Bilal Habib Susheel Vadlamudi Smriti Gurung John Pham Cryptographic

461 views • 29 slides
Standards in HEAnet Standards in HEAnet The great thing about standards is that there are so

Standards in HEAnet Standards in HEAnet The great thing about standards is that there are so

Standards in HEAnet Standards in HEAnet The great thing about standards is that there are so many to choose from Rachael Holt & Gareth Eason, HEAnet for TF-NOC, Zrich, 2011-06-28 Agenda Advantages of standards? What

362 views • 23 slides
Something with implementations Peter Schwabe June 23, 2016 PQCRYPTO Summer School on

Something with implementations Peter Schwabe June 23, 2016 PQCRYPTO Summer School on

Something with implementations Peter Schwabe June 23, 2016 PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Part I: How to make software secure Something with implementations 2 Timing Attacks General idea of those attacks Secret

1.47k views • 65 slides
Verifying Security Protocols and their Implementations Information Security and Cryptography

Verifying Security Protocols and their Implementations Information Security and Cryptography

Verifying Security Protocols and their Implementations Information Security and Cryptography Reading Group Presenter: C t lin Hri cu References Verified Interoperable Implementations of Security Protocols. Karthikeyan Bhargavan,

922 views • 70 slides
Re-indexing the DFT (n and k) We can investigate the various implementations of the DFT by

Re-indexing the DFT (n and k) We can investigate the various implementations of the DFT by

Re-indexing the DFT (n and k) We can investigate the various implementations of the DFT by looking at ways to re-index values of n and k. Idea: Using properties of addition and multiplication we can rewrite the equation. 1

541 views • 22 slides
Advancing the SIP Standards -Tracking- Robert Sparks Estacado Systems SIPit Twice a year -

Advancing the SIP Standards -Tracking- Robert Sparks Estacado Systems SIPit Twice a year -

Advancing the SIP Standards -Tracking- Robert Sparks Estacado Systems SIPit Twice a year - moves between continents 100s of implementations SIPit SIPit 16 statistics 2 major specification bugs A dozen specification

583 views • 10 slides
We Weaver: A Hig High h Performance, Tr Transa sacti tional Gr Graph Dat Datab abas ase

We Weaver: A Hig High h Performance, Tr Transa sacti tional Gr Graph Dat Datab abas ase

We Weaver: A Hig High h Performance, Tr Transa sacti tional Gr Graph Dat Datab abas ase e Bas ased ed on on Refi Refinab able e Times estam amps By Dubey et al. Presented by: Ishank Jain Department of Computer Science

401 views • 24 slides
On Optimal Hash Tree Traversal for Interval Time-Stamping Helger Lipmaa Helsinki University of

On Optimal Hash Tree Traversal for Interval Time-Stamping Helger Lipmaa Helsinki University of

On Optimal Hash Tree Traversal for Interval Time-Stamping Helger Lipmaa Helsinki University of Technology { helger } @tcs.hut.fi http://www.tcs.hut.fi/helger ISC02, 02.10.2002 On Optimal Hash Tree Traversal for Interval Time-Stamping

945 views • 45 slides
Timestamps in Security Protocols One method of handling this kind of problem is timestamps

Timestamps in Security Protocols One method of handling this kind of problem is timestamps

Timestamps in Security Protocols One method of handling this kind of problem is timestamps Proper use of timestamps can limit the time during which an exposed key is dangerous But timestamps have their own problems Lecture 6 Page 1

359 views • 9 slides
Graph Traversal Graph Traversal with DFS/BFS One of the most fundamental graph problems is to

Graph Traversal Graph Traversal with DFS/BFS One of the most fundamental graph problems is to

Graph Traversal Graph Traversal with DFS/BFS One of the most fundamental graph problems is to traverse every Tyler Moore edge and vertex in a graph. CSE 3353, SMU, Dallas, TX For correctness, we must do the traversal in a systematic way so

736 views • 5 slides
W3C Workshop on Next Steps for XML Signature and XML Encryption The importance of incorporating

W3C Workshop on Next Steps for XML Signature and XML Encryption The importance of incorporating

W3C Workshop on Next Steps for XML Signature and XML Encryption The importance of incorporating XAdES extensions into ongoing XML-Sig work Authors: Juan Carlos Cruellas Universitad Politcnica de Catalua cruellas@ac.upc.edu Giles

404 views • 29 slides
Enforcing honesty of certification authorities: Tagged one-time signature schemes Bertram

Enforcing honesty of certification authorities: Tagged one-time signature schemes Bertram

Enforcing honesty of certification authorities: Tagged one-time signature schemes Bertram Poettering and Douglas Stebila Information Security Group Royal Holloway, University of London bertram.poettering@rhul.ac.uk Stanford, January 11, 2013

454 views • 41 slides
Secure Vehicular Communication System: Design & Implementation of VPKI (Providing Credential

Secure Vehicular Communication System: Design & Implementation of VPKI (Providing Credential

Secure Vehicular Communication System: Design & Implementation of VPKI (Providing Credential Management in a Secure VANET) Supervisor: MSc Thesis: Prof. Panos Papadimitratos Mohammad Khodaei LCN KTH October, 2012 1 / 38 Outline

519 views • 48 slides
Accountable Certificate Management using Undeniable Attestations Ahto Buldas K uberneetika AS

Accountable Certificate Management using Undeniable Attestations Ahto Buldas K uberneetika AS

Accountable Certificate Management using Undeniable Attestations Ahto Buldas K uberneetika AS (Estonia) & U. of Tartu (Estonia) ahto.buldas@cyber.ee Peeter Laud Universit at des Saarlandes (Germany) laud@cs.uni-sb.de Helger Lipmaa

366 views • 17 slides

More recommend