Internet Security Basics

803 views
719 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
803
On SlideShare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
21
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Internet Security Basics

  1. 1. Internet Security Basics
  2. 2. Symmetric Encryption
  3. 3. <ul><li>Symmetric key should NOT travel un-protected over a network. Following are two algorithms normally used to exchange the keys. </li></ul><ul><ul><li>Diffie-Hellman key exchange (D-H) is a cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel . </li></ul></ul><ul><ul><li>RSA as key exchange algorithm. </li></ul></ul>
  4. 4. Alice Bob
  5. 5. <ul><li>Encryption Algorithms </li></ul><ul><ul><li>RC4 ( Rivest Cipher 4 ) was designed by Ron Rivest of RSA Security in 1987. RC4 5% performance degradation. </li></ul></ul><ul><ul><li>DES (Data Encryption Standard (IBM)) 24% performance degradation. </li></ul></ul>
  6. 6. PKI Encryption
  7. 8. Important: These forms the basis for all the internet security protocols.
  8. 9. Alice Bob
  9. 13. PKI Digital Signatures
  10. 15. Third PKI-Rule Satisfied.
  11. 18. First & Third PKI Rule Satisfied. Unique sequence number is used inside the Digital Signatures to prevent interception and replay of the messages.
  12. 21. Certificates and Certificate Authorities
  13. 23. Here’s a trust relationship between a customer, his bank and his credit card company. When he drops a cheque at his bank to pay-off his credit card bill, he is assured that his credit card will be paid.
  14. 24. <ul><li>Some of the well known are: </li></ul><ul><ul><ul><li>Verisign, Inc. </li></ul></ul></ul><ul><ul><ul><li>Entrust Technologies. </li></ul></ul></ul><ul><ul><ul><li>Baltimore Technologies. </li></ul></ul></ul><ul><ul><ul><li>Thawte. </li></ul></ul></ul><ul><li>You can be a CA on your own using free and open source OpenSSL. </li></ul>
  15. 28. Carries Bobs Distinguished Name (DN) and his Public Key with other details. CA will do a lot of physical validations and issue a certificate to Bob. Normally Bob gets that either through email or CA requests him to download it from their web site.
  16. 30. You can store the certificate on your file system as a file (.cer), right click and check the properties. You can check the CAs and trusted parties certificates installed on your browser. Internet Explorer > Tools > Internet Options > Content > Certificates (button)
  17. 31. X.509 v3 Structure of a certificate <ul><li>The structure of an X.509 v3 digital certificate is as follows: </li></ul><ul><li>Certificate </li></ul><ul><ul><ul><li>Version </li></ul></ul></ul><ul><ul><ul><li>Serial Number </li></ul></ul></ul><ul><ul><ul><li>Algorithm ID </li></ul></ul></ul><ul><ul><ul><li>Issuer </li></ul></ul></ul><ul><ul><ul><li>Validity </li></ul></ul></ul><ul><ul><ul><ul><li>Not Before </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Not After </li></ul></ul></ul></ul><ul><ul><ul><li>Subject </li></ul></ul></ul><ul><ul><ul><li>Subject Public Key Info </li></ul></ul></ul><ul><ul><ul><ul><li>Public Key Algorithm </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Subject Public Key </li></ul></ul></ul></ul><ul><ul><ul><li>Issuer Unique Identifier (Optional) </li></ul></ul></ul><ul><ul><ul><li>Subject Unique Identifier (Optional) </li></ul></ul></ul><ul><ul><ul><li>Extensions (Optional) </li></ul></ul></ul><ul><li>Certificate Signature Algorithm </li></ul><ul><li>Certificate Signature </li></ul><ul><li>Issuer and subject unique identifiers were introduced in Version 2, Extensions in Version 3. </li></ul>
  18. 32. Certificate filename extensions <ul><li>Common filename extensions for X.509-certificates are: </li></ul><ul><ul><ul><li>.DER - DER encoded certificate </li></ul></ul></ul><ul><ul><ul><li>. PEM - ( Privacy Enhanced Mail ) Base64 encoded DER certificate, enclosed between &quot;-----BEGIN CERTIFICATE-----&quot; and &quot;-----END CERTIFICATE-----&quot; (also sometimes represented as .CER) </li></ul></ul></ul><ul><ul><ul><li>.P7B - See .p7c </li></ul></ul></ul><ul><ul><ul><li>.P7C - PKCS#7 SignedData structure without data, just certificate(s) or CRL(s) </li></ul></ul></ul><ul><ul><ul><li>.PFX - See .p12 </li></ul></ul></ul><ul><ul><ul><li>.P12 - PKCS#12 , may contain certificate(s) (public) and private keys (password protected) </li></ul></ul></ul><ul><ul><ul><li>PKCS#7 is a standard for signing or encrypting (officially called &quot;enveloping&quot;) data. Since the certificate is needed to verify signed data, it is possible to include them in the SignedData structure. A .P7C-file is just a degenerated SignedData structure, without any data to sign. </li></ul></ul></ul><ul><ul><ul><li>PKCS#12 evolved from the PFX (Personal inFormation eXchange) standard and is used to exchange public and private objects in a single file. </li></ul></ul></ul><ul><ul><ul><li>A .PEM-file may contain certificate(s) or private key(s), enclosed between the appropriate BEGIN/END-lines (CERTIFICATE or RSA PRIVATE KEY). </li></ul></ul></ul>PeopleSoft uses PEM format.

×