digital certificates and information security

Digital Certificates

Introduction

What is cryptography?The art of secret writing

• Cryptosystems• keys

Problem

Problem: How does Alice know that the public key she received is really Bob’s public key?

Digital Certificate

• Electronic counterparts to driver licenses, passports• Prove your identity or right to access information or

services online• Bind an identity to a pair of electronic keys• Provide a more complete security solution• Role of Certification Authority (CA)

Digital Certificates• Structure of Digital Certificate– Owner's public key– Owner's name– Expiration date of the public key– Name of the issuer (the CA that issued the Digital

Certificate)– Serial number of the Digital Certificate– Digital signature of the issuer

• Defined by CCITT X.509 international standard

Digital Certificates

• Provide support for public key cryptography (PKC)• Digital certificates contain the public key of the entity• It rely on PKC for their own authentication• Used on handheld devices, mobile phones, on

portable cards, smart cards

public key infrastructure (PKI)A public key infrastructure (PKI) consists of the

components necessary to securely distribute public keys

It consists of:

– Certificates – Certificate authorities (CAs)– A repository for retrieving certificates – A method for revoking certificates– A method of evaluating a chain of certificates

Public Key Infrastructures (PKIs)

• To use public key methods, an organization must establish a comprehensive Public Key Infrastructure (PKI)– A PKI automates most aspects of using public key

encryption and authentication– Uses a PKI Server

Public Key Infrastructures (PKIs)

• PKI Server Creates Public Key-Private Key Pairs– Distributes private keys to applicants securely– Often, private keys are embedded in delivered

software

PKIServer

Private Key

Public Key Infrastructures (PKIs)

• PKI Server Provides Certificate Revocation list (CRL) Checks– Distributes digital certificates to verifiers– Checks certificate revocation list before sending

digital certificates

PKIServer

Digital Certificate

Public Key Infrastructures (PKIs)

• CRL Checks– If applicant gives verifier a digital certificate,– The verifier must check the certificate revocation

list

PKIServer

OK?

OK or Revoked

CRL

Generating the digital certificate

Digital Certificate : Example

Use of Digital Certificates

• Electronic transactions– E-mail – Electronic commerce – Groupware – Electronic funds transfers

• Netscape's Enterprise Server

Message Encryption

Message Decryption

Use of Digital Certificates

Need of Digital Certificates

• Proper Privacy and Security• Trust• Special safeguards• Assuring the identity of all parties • To provide legitimate content

Digital Certificate Services

• Services– Issuing – Revocation– Status services

• Types of Digital Certificates – Server – Developer (For softwares)– personal

Digital Signature

• Function as hand written signature electronically

• Non repudiated • Enable "authentication" of digital messages

DC used for Digital signature and Encryption

DC used for Digital signature and Decryption

References

• www.ifour-consultancy.com