Cryptography & Network Security

Subject Code: KCS074

Dr. Pankaj Kumar

Associate Professor

Department of Computer Science & Engineering

Pranveer Singh Institute of Technology, Kanpur, India

December 28, 2023

 Public Key Distribution

• In asymmetric-key cryptography, people do not need to know a sym-

metric shared key; everyone shields a private key and advertises a public
key.

Figure: Public anouncement

Dr. Pankaj Kumar December 28, 2023 2/15

 Public Key Distribution

Trusted Center:

Dr. Pankaj Kumar December 28, 2023 3/15

 Public Key Distribution

Controlled Trusted Center:

Dr. Pankaj Kumar December 28, 2023 4/15

 Public Key Distribution

Certificate Authority:

Dr. Pankaj Kumar December 28, 2023 5/15

 Public Key Distribution

• An X.509 certificate is a standard defining the format of public key

certificates.
• These certificates are used in various internet protocols to secure com-
munication and establish the identity of parties involved.

Dr. Pankaj Kumar December 28, 2023 6/15

 X.509 Certificate

Dr. Pankaj Kumar December 28, 2023 7/15

 X.509 Certificate

• Version: This field indicates the version number of the X.509 standard
being used (e.g., version 1, version 2, version 3).
• Serial number: A unique identifier assigned by the certificate issuer
to distinguish the certificate from others.
• Signature Algo Identifier: Specifies the algorithm used to create the
digital signature.
• Issuer: Identifies the entity that issued the certificate, typically a Cer-
tificate Authority (CA).
• Validity period: Specifies the time frame during which the certificate
is considered valid. It includes two dates: the not Before date (when the
certificate becomes valid) and the not After date (when the certificate
expires).

Dr. Pankaj Kumar December 28, 2023 8/15

 X.509 Certificate

• Subject name: Identifies the entity the certificate is associated with

(e.g., an individual, organization, or device).
• Subject public key: It contains information about the public key being
certified, including the algorithm and the actual public key.
• Issuer unique identifier (optional):An optional field that may contain
a unique identifier for the issuer to help distinguish between certificates
issued by the same CA.
• Subject unique identifier (optional): Similar to the issuer’s unique
identifier, this optional field may contain a unique identifier for the
subject.
• Extension (optional): Additional fields that can be included to provide
extra information or features. Common extensions include key usage,
subject alternative name, and basic constraints.
Dr. Pankaj Kumar December 28, 2023 9/15
 X.509 certificate

• Certificate signature algorithm: It specifies the algorithm used to

sign the certificate.
• Certificate signature: The digital signature created by the issuer using
its private key to verify the authenticity and integrity of the certificate.
These fields collectively provide the necessary information for validating the
certificate, ensuring the identity of the certificate subject, and establishing
secure communication.

Dr. Pankaj Kumar December 28, 2023 10/15

 X.509 certificate

• Certificate Renewal: Each certificate has a period of validity. If there

is no problem with the certificate, the CA issues a new certificate before
the old one expires.
• In some cases a certificate must be revoked before its expiration.
• Delta Revocation: To make revocation more efficient, the delta cer-
tificate revocation list (delta CRL) has been introduced.

Dr. Pankaj Kumar December 28, 2023 11/15

Responsibilities of Public Key Infrastructure (PKI)

Duties of PKI:

Dr. Pankaj Kumar December 28, 2023 12/15

 PKI Hierarchical Model

Trust Model:

Dr. Pankaj Kumar December 28, 2023 13/15

 PKI Mess Model

Dr. Pankaj Kumar December 28, 2023 14/15

 Thank You!

Dr. Pankaj Kumar December 28, 2023 15/15