Public Key Infrastructure (PKI) uses public and private key cryptography to establish digital identities and secure communication. It relies on digital certificates issued by a certificate authority to bind public keys to identities and allows for authentication. PKI is commonly used to enable HTTPS websites and secure email through standards like TLS and SSL.
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0 ratings0% found this document useful (0 votes)
24 views14 pages
52-Authentication Protocols - PKI-16-04-2024
Public Key Infrastructure (PKI) uses public and private key cryptography to establish digital identities and secure communication. It relies on digital certificates issued by a certificate authority to bind public keys to identities and allows for authentication. PKI is commonly used to enable HTTPS websites and secure email through standards like TLS and SSL.
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14
Authentication protocols: PKI
Public Key Infrastructure (PKI)
• Public key infrastructure is an important aspect of internet security. • It is the set of technology and processes that make up a framework of encryption to protect and authenticate digital communications. • Standard followed for managing, storing, and revoking the digital certificate. • PKI uses cryptographic public keys that are connected to a digital certificate, which authenticates the device or user sending the digital communication. • Digital certificates are issued by a trusted source, a certificate authority (CA), and act as a type of digital passport to ensure that the sender is who they say they are. Main components of public key infrastructure • Certificate authority (CA): The CA is a trusted entity that issues, stores, and signs the digital certificate. The CA signs the digital certificate with their own private key and then publishes the public key that can be accessed upon request. • Registration authority (RA): The RA verifies the identity of the user or device requesting the digital certificate. This can be a third party, or the CA can also act as the RA. • Certificate database: This database stores the digital certificate and its metadata, which includes how long the certificate is valid. • Central directory: This is the secure location where the cryptographic keys are indexed and stored. • Certificate management system: This is the system for managing the delivery of certificates as well as access to them. • Certificate policy: This policy outlines the procedures of the PKI. It can be used by outsiders to determine the PKI’s trustworthiness. Why is PKI used? • One of the most common uses of PKI is the TLS/SSL (transport layer security/secure socket layer), which secures encrypted HTTP (hypertext transfer protocol) communications. • Website owners will obtain a digital certificate from a trusted CA. • To be issued a CA, the owner of the website will have to prove that they are indeed the actual owner. • Once verified, the website owner can purchase an SSL certificate to install on the web server. • This tells the browser that it is the legitimate website the browser is trying to access. Uses for PKI
• Email encryption and authentication of the sender
• Signing documents and software • Using database servers to secure internal communications • Securing web communications, such as e-commerce • Authentication and encryption of documents • Securing local networks and smart card authentication • Encrypting and decrypting files • Secure communication between mutually trusted devices such as IoT (internet of things) devices • Digital certificates are also called PKI certificates or X.509 certificates. A PKI certificate offers proof of identity to a requesting entity, which is verified by a third party and works like a digital passport or driver’s license.
• The PKI certificate will contain the following:
• Distinguished name (DN) of the owner
• Owner’s public key • Date of issue • Expiration date • DN of the issuing CA • Issuing CA’s digital signature X.509 certificate • Authentication Application • Authentication means verifying the user identity. • If two users wants to communicate with each other, they should be mutually authenticated. • Once the authentication process is completed, the communication takes place between them. • This mutual authentication can be done in different ways : Applying the Kerberos concept or by using X.509 certificate. X.509 certificate • An X.509 certificate is a digital certificate that uses the widely accepted international X.509 public key infrastructure (PKI) standard to verify that a public key belongs to the user, computer or service identity contained within the certificate. • An X.509 certificate contains information about the identity to which a certificate is issued and the identity that issued it. Standard information in an X.509 certificate includes: • Version – which X.509 version applies to the certificate (which indicates what data the certificate must include) • Serial number – the identity creating the certificate must assign it a serial number that distinguishes it from other certificates • Algorithm information – the algorithm used by the issuer to sign the certificate • Issuer distinguished name – the name of the entity issuing the certificate (usually a certificate authority) • Validity period of the certificate – start/end date and time • Subject distinguished name – the name of the identity the certificate is issued to • Subject public key information – the public key associated with the identity • Extensions (optional) • Many of the certificates that people refer to as Secure Sockets Layer (SSL) certificates are in fact X.509 certificates. • The first X.509 certificates were issued in 1988 as part of the International Telecommunications Union's Telecommunication Standardization Sector (ITU-T) and the X.500 Directory Services Standard. In 1993, version 2 added two fields to support directory access control. Version 3 was released in 1996 and defines the formatting used for certificate extensions.