Scribd
Upload
20 views6 pages

08b - Digital Certificates

This document discusses digital certificates and public key infrastructure (PKI). It explains how digital certificates are used to authenticate users and bind public keys to identities through the use of certification authorities (CAs). Certificates follow the X.509 standard and contain the public key and identity of an entity that is signed by a CA. CAs issue certificates and create a hierarchy of trust to authenticate users and devices on networks. PKI and digital certificates can be applied to applications like email encryption, document signing, server authentication, and secure communication protocols.

Uploaded by

Syarifah Ayuwandira
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
20 views6 pages

08b - Digital Certificates

This document discusses digital certificates and public key infrastructure (PKI). It explains how digital certificates are used to authenticate users and bind public keys to identities through the use of certification authorities (CAs). Certificates follow the X.509 standard and contain the public key and identity of an entity that is signed by a CA. CAs issue certificates and create a hierarchy of trust to authenticate users and devices on networks. PKI and digital certificates can be applied to applications like email encryption, document signing, server authentication, and secure communication protocols.

Uploaded by

Syarifah Ayuwandira
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

CSC662

COMPUTER SECURITY

DIGITAL CERTIFICATES

These slides are prepared from Prof Pavel Laskov‘s lecture slide Version 2.0

AUTHENTICATION & NON-


REPUDIATION
The reciever must verify the claimed
identity of a sender.
The sender cannot deny having sent a
message.
The reciever cannot have created the
message himself.

1
SYMMETRIC KEY SIGNATURES

Identity of A is proved to B by KA
The fact of A’s sending a message is proved by
KT(A,P)
B cannot forge having received a message from
A because he does not know KT

PUBLIC KEY SIGNATURES

Identity of A is proved by B’s being able to encrypt a


message with KuA
The fact of A’s sending a message is proved by the
existence of a message decrypted by KrA
B cannot forge having received a message from A because
he cannot produce DKrA(M)

2
DIGEST SIGNATURES: DSS

For efficiency reasons, public-key decryption is


applied to a short digest of the plaintext message.
ElGamal public-key encryption/decryption
algorithm is used.

PUBLIC KEY CERTIFICATES


A certificate is a binding between an entity name
and its public key.
Certificates are issued by a “certification
authority” (CA), a trusted third party.
A certificate is generated locally on a computer.
To grant a certificate its validity, a CA signes it
with its private key.
Since the CA’s public key is well known
everybody can verify the validity of a certificate.

3
X.509 CERTIFICATE’S
STRUCTURE

CERTIFICATES CHAIN &


CA HIERARCHY
Due to scalability and trust issues, certification cannot be
carried out by a single, or even a small number of CA’s.
However, a large number of independent CA’s cannot
provide sufficiend trust.
Solution: a verifiable hierarchy of CA.

4
PKI APPLICATIONS
Encryption and sender authenticaion in email
(S/MIME)
Encryption and authentication of documents (e.g.
XML Signatures/Encryption)
Authentication of users to application (e.g. smart
cards or SSL client authentication)
Web server authentication
Bootstrapping of communication protocols, secure
key establishment

KEY POINTS

Authentication and non-repudiation objectives are


attained by digital signatures that combine public
key cryptography with secure hashing.
Binding of digital signatures to entities is achieved
by putting the relevant information in X.509
certificate issued by a trusted certification authority
(CA).

5
Thank You

You might also like