SlideShare a Scribd company logo

Certificates pink programming

Jenny Dybedahl
Jenny Dybedahl

This document discusses security and identity on the internet. It covers topics like identity, trust, encryption, and certificates. Symmetrical encryption uses the same key to encrypt and decrypt but can't verify identity. Asymmetrical encryption uses a public/private key pair so identity of the key owner is guaranteed. Certificate authorities issue digital certificates that browsers and operating systems trust to identify website owners. Certificates can be revoked if compromised through certificate revocation lists.

Internet
1 of 42
Download to read offline
Security and Identity on the internet Pink Programming Sunday October 15th, 2017 1 Jenny Dybedahl, B3IT Init AB
Who am I? How do you know? 2Security and Identity on the Internet Identity Who am I? Jenny Dybedahl, from B3IT Init AB How do you know? Well, you don't. You could ask to see my ID card or driver's license, perhaps?
Who do you trust? What if you need to trust someone else? What if you need someone to trust you? 3Security and Identity on the Internet Trust Who do you trust? People you know personally If you need to trust someone else? You ask someone you know to vouch for them, or they show you some identification from an institution that you trust - such as the Police, who issue passports, or Transportstyrelsen, who issue drivers' licenses... If you need someone to trust you? You get someone they trust to vouch for you, or you get a trusted institution to vouch for you. That's where SSL/TLS certificates come in!
Who is listening? Who is reading? Who is altering data? 4Security and Identity on the Internet Security Who is listening? Usually only the people around you, unless there are bugs. (There are almost never bugs.) Who is reading? Usually just the people in the room. But who can see the text through the window? Or when you're using your phone, or your tablet, or your computer on the train or bus? And on the internet, who can get read access to the data you send and receive? On the internet, you can't know, unless you're using some form of encryption!
Basic cryptography 5Security and Identity on the Internet Who am I? Jenny Dybedahl, from B3IT Init AB How do you know? Well, you don't. You could ask to see my ID card or driver's license, perhaps? Who do you trust? People you know personally If you need to trust someone else? You ask someone you know to vouch for them, or they show you some identification from an institution that you trust - such as the Police, who issue passports, or Transportstyrelsen, who issue drivers' licenses...
Security and Identity on the Internet Symmetrical encryption Plain text Encrypted text Shared secret - same "key" used to encrypt and decrypt Symmetrical encryption cannot verify identity - anyone who has the key can both encrypt and decrypt. You can't know who used the key.
Security and Identity on the Internet Symmetrical encryption Plain text Encrypted text Shared secret - same "key" used to encrypt and decrypt
Security and Identity on the Internet Substitution cipher ROT 13 • A = N, B = O, C = P, [...], N = A, O = B, etc • Example: Uryyb Jbeyq! Hello World! Rot13 - "rotate 13 steps" - is one example of symmetrical encryption. It's very bad encryption. Its main use has been as a tool to avoid showing spoilers of books or TV series on discussion forums.
Security and Identity on the Internet Substitution cipher Playfair cipher M O N A R C H Y B D E F G I/J K L P Q S T U V W X Z This is a better substitution cipher. I won't explain it here; you should get the book by Dorothy L Sayers. It's got a whole chapter explaining the cipher and it's a really good book!
Security and Identity on the Internet Asymmetrical encryption •A pair of keys •One is kept secret - called private key •One is made public - called public key Asymmetrical encryption still does not guarantee identity - but it does guarantee which key has been used. If something can be decrypted with the public key, that means that you can be sure that it was encrypted with the private key. So if I sign something with my private key, you can verify it by using the public key.
Security and Identity on the Internet Private key Encrypted text Plain text Plain text Encrypted textPublic key Text encrypted with one key can only be decrypted with the other paired key If something can be decrypted with the private key, that means that you can be sure that it was encrypted with the public key. This can be used to sign things - emails, code...
Security and Identity on the Internet Private key Encrypted text Plain text Plain text Encrypted text Public key Text encrypted with one key can only be decrypted with the other paired key If something has been encrypted with the public key, that means that you can be sure that only the person who has the private key can decrypt it. That way, if someone has my public key, they can send me a message that only I can read.
• How do you know that a public key belongs to me? • It gets signed by someone you trust! Security and Identity on the Internet Identity
• Who do you trust? • What if you need to trust someone else? • What if you need someone to trust you? 14Security and Identity on the Internet Trust I know I said this before, but it bears repeating... Who do you trust? People you know personally If you need to trust someone else? You ask someone you know to vouch for them, or they show you some identification from an institution that you trust - such as the Police, who issue passports, or Transportstyrelsen, who issue drivers' licenses... If you need someone to trust you? You get someone they trust to vouch for you, or you get a trusted institution to vouch for you. That's where SSL/TLS certificates come in!
How do you start trusting someone? 15Security and Identity on the Internet When you float on a sea of uncertainty, and you want to create some security, the first thing you do is to anchor yourself to something you trust. (It's really called "trust anchors", that's not just me being poetic!)
Why trust an anchor? 16Security and Identity on the Internet • You know them • Someone you trust knows them • They have documentations, rules and processes that are trustworthy
Trust anchors In the 3D-world: 17Security and Identity on the Internet • The Police - passports - National ID cards • Transportstyrelsen - Driving license
How does it work? 18Security and Identity on the Internet • People trust things that are issued or signed by someone they trust • A public key that has been signed by someone is called a certificate
Identification 19Security and Identity on the Internet
Identification 20Security and Identity on the Internet Subject
21Security and Identity on the Internet Serial number Identification
22Security and Identity on the Internet Validity Identification
23Security and Identity on the Internet Valid usage Identification This license is valid for motorcycle, car with heavy trailer, and heavy trucks with trailer
24Security and Identity on the Internet Issued by Identification
How does it work? 25Security and Identity on the Internet • People trust things that are issued or signed by someone they trust • A public key that has been signed by someone is called a certificate
Trust anchors On the Internet 26Security and Identity on the Internet • Certificate Authorities - Everyone that your operating system trusts - Everyone that your web browser trusts This is who you are trusting every day!
27Security and Identity on the Internet You are trusting everyone that your operating system and/or web browser trusts 168 items Trust anchors On the Internet My computer is trusting 168 certificate authorities! (Though some of them are my own personal lab environment, for instance "Admin-Root-CA" in the list above. But at least 160 of them are there because Apple has chosen to trust them!)
Trust anchors 28Security and Identity on the Internet https://cabforum.org The CA Browser Forum is an organisation that checks out certificate authorities, and tries to make sure that they aren't issuing certificates to the wrong people or in the wrong way. They have a lot of interesting information if you are interested in the processes and regulations of certificate authorities.
Web site identification 29Security and Identity on the Internet Here's a web site that uses a certificate. If you click on the green padlock, you get some information about the certificate. Note that it doesn't say anything about who owns the domain!
Web site certificates 30Security and Identity on the Internet Subject Valid from Valid until Issued by Valid usage Serial The web site certificate contains basically the same kind of information as the drivers license!
Web site certificates 31Security and Identity on the Internet openssl x509 -in pinkprogrammingse.crt -noout -subject
 -issuer -dates -purpose -serial subject= /CN=pinkprogramming.se issuer= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 notBefore=Aug 27 14:20:00 2017 GMT notAfter=Nov 25 14:20:00 2017 GMT serial=038A11933134D6A51AC6BFE4AD60261847C3 Certificate purposes: SSL client : Yes SSL server : Yes Here's the same information again, in another format.
Who is listening? Who is reading? Who is altering data? 32Security and Identity on the Internet Security Yes, I said this before - but the questions are important! Who is listening? Usually only the people around you, unless there are bugs. (There are almost never bugs.) Who is reading? Usually just the people in the room. But who can see the text through the window? And on the internet, who can get read access to the data you send and receive? On the internet, you can't know, unless you're using some form of encryption!
• Only someone who has the key can decipher data 33Security and Identity on the Internet Who's listening/reading? This means that TLS/SSL protects against eavesdroppers on the internet!
 You should still be careful when using your laptop, tablet or phone in public, though...
• If you alter a signed document, the signature becomes invalid 34Security and Identity on the Internet Who is altering data? This means that if you are using encryption, such as TLS/SSL, nobody can know alter the data. For instance, nobody will be able inject an order for your bank to send money to a scammer.
• Common certificates only identify the domain name • Extended Validation certificates identify the domain owner 35Security and Identity on the Internet Identity The difference between "ordinary" certificate and Extended Validation certificates.
Extended Validation 36Security and Identity on the Internet "Ordinary" certificates don't really tell you anything about the identity of the organisation behind the domain. They just show that the web server is set up by someone who has ownership of the domain. "Extended validation" certificates are only issued after verifying the identity of the organisation, and their ownership of the domain
• Certificates can be revoked • It's up to the browser or application to check for revocation 37Security and Identity on the Internet Revocation A certificate can be cancelled, just like a credit card can be cancelled if you find out that it's been skimmed or stolen. For certificates, this is called revocation.
• Certificate Revocation Lists - CRL:s • Issued at intervals, contain all revoked certificates 38Security and Identity on the Internet Revocation
Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/O=IdenTrust/OU=TrustID Server/CN=TrustID Server CA A52 Last Update: Oct 14 00:36:18 2017 GMT Next Update: Oct 15 00:36:18 2017 GMT Revoked Certificates: Serial Number: 7F00000100000152892D02C7007200A1 Revocation Date: Jan 28 18:44:54 2016 GMT CRL entry extensions: X509v3 CRL Reason Code: Superseded 39Security and Identity on the Internet CRL Here's an example of a certificate revocation list.
• Online Certificate Status Protocol - OCSP • Answers directly 40Security and Identity on the Internet Revocation
Web site certificates 41Security and Identity on the Internet https://letsencrypt.org If you want to use certificates in your web server or application, this is a good place to start!
Questions? 42Security and Identity on the Internet jenny.dybedahl@b3it.se

Recommended

How To Secure Online Activities
How To Secure Online ActivitiesHow To Secure Online Activities
How To Secure Online Activities- Mark - Fullbright
 
Hidden Dangers Lurking in E-Commerce and Reducing Fraud with the Right SSL Ce...
Hidden Dangers Lurking in E-Commerce and Reducing Fraud with the Right SSL Ce...Hidden Dangers Lurking in E-Commerce and Reducing Fraud with the Right SSL Ce...
Hidden Dangers Lurking in E-Commerce and Reducing Fraud with the Right SSL Ce...CheapSSLsecurity
 
Don't ask, don't tell the virtues of privacy by design
Don't ask, don't tell the virtues of privacy by designDon't ask, don't tell the virtues of privacy by design
Don't ask, don't tell the virtues of privacy by designEleanor McHugh
 
3.5 Online Services and Security and Privacy of Data
3.5 Online Services and Security and Privacy of Data3.5 Online Services and Security and Privacy of Data
3.5 Online Services and Security and Privacy of DataMomina Mateen
 
Extra unit 2
Extra unit 2Extra unit 2
Extra unit 2Sheetal Verma
 
Reducing Fraud with the Right SSL Certificate in E-Commerce
Reducing Fraud with the Right SSL Certificate in E-CommerceReducing Fraud with the Right SSL Certificate in E-Commerce
Reducing Fraud with the Right SSL Certificate in E-CommerceRapidSSLOnline.com
 
I Did Not Write This Document And Can Prove It!
I Did Not Write This Document And Can Prove It!I Did Not Write This Document And Can Prove It!
I Did Not Write This Document And Can Prove It!jmoquendo
 
Don't Ask, Don't Tell - The Virtues of Privacy By Design
Don't Ask, Don't Tell - The Virtues of Privacy By DesignDon't Ask, Don't Tell - The Virtues of Privacy By Design
Don't Ask, Don't Tell - The Virtues of Privacy By DesignEleanor McHugh
 

Recommended

How To Secure Online Activities
How To Secure Online ActivitiesHow To Secure Online Activities
How To Secure Online Activities- Mark - Fullbright
 
Hidden Dangers Lurking in E-Commerce and Reducing Fraud with the Right SSL Ce...
Hidden Dangers Lurking in E-Commerce and Reducing Fraud with the Right SSL Ce...Hidden Dangers Lurking in E-Commerce and Reducing Fraud with the Right SSL Ce...
Hidden Dangers Lurking in E-Commerce and Reducing Fraud with the Right SSL Ce...CheapSSLsecurity
 
Don't ask, don't tell the virtues of privacy by design
Don't ask, don't tell the virtues of privacy by designDon't ask, don't tell the virtues of privacy by design
Don't ask, don't tell the virtues of privacy by designEleanor McHugh
 
3.5 Online Services and Security and Privacy of Data
3.5 Online Services and Security and Privacy of Data3.5 Online Services and Security and Privacy of Data
3.5 Online Services and Security and Privacy of DataMomina Mateen
 
Extra unit 2
Extra unit 2Extra unit 2
Extra unit 2Sheetal Verma
 
Reducing Fraud with the Right SSL Certificate in E-Commerce
Reducing Fraud with the Right SSL Certificate in E-CommerceReducing Fraud with the Right SSL Certificate in E-Commerce
Reducing Fraud with the Right SSL Certificate in E-CommerceRapidSSLOnline.com
 
I Did Not Write This Document And Can Prove It!
I Did Not Write This Document And Can Prove It!I Did Not Write This Document And Can Prove It!
I Did Not Write This Document And Can Prove It!jmoquendo
 
Don't Ask, Don't Tell - The Virtues of Privacy By Design
Don't Ask, Don't Tell - The Virtues of Privacy By DesignDon't Ask, Don't Tell - The Virtues of Privacy By Design
Don't Ask, Don't Tell - The Virtues of Privacy By DesignEleanor McHugh
 
Cyber security macau
Cyber security macau Cyber security macau
Cyber security macau OMNIRISC SECURITY SERVICES
 
Cryptograpy Exam
Cryptograpy ExamCryptograpy Exam
Cryptograpy ExamLisa Olive
 
Public Vs. Private Keys
Public Vs. Private KeysPublic Vs. Private Keys
Public Vs. Private Keys101 Blockchains
 
How encryption works
How encryption worksHow encryption works
How encryption worksRaxTonProduction
 
Network securities cn
Network securities cnNetwork securities cn
Network securities cnDhaval Bhatia
 
Protecting Your Privacy: Cyberspace Security, Real World Safety
Protecting Your Privacy: Cyberspace Security, Real World SafetyProtecting Your Privacy: Cyberspace Security, Real World Safety
Protecting Your Privacy: Cyberspace Security, Real World SafetyAEGILITY
 
DIGITAL FORENSIC 25In this chapter, youll learn more about.docx
DIGITAL FORENSIC 25In this chapter, youll learn more about.docxDIGITAL FORENSIC 25In this chapter, youll learn more about.docx
DIGITAL FORENSIC 25In this chapter, youll learn more about.docxlynettearnold46882
 
Infosec 4 The Home
Infosec 4 The HomeInfosec 4 The Home
Infosec 4 The Homejaysonstreet
 
Identity On The Internet
Identity On The InternetIdentity On The Internet
Identity On The InternetJon Spriggs
 
A public discussion about privacy careers: Training, certification and experi...
A public discussion about privacy careers: Training, certification and experi...A public discussion about privacy careers: Training, certification and experi...
A public discussion about privacy careers: Training, certification and experi...Infosec
 
Rayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayanehaz
 
Trusted Data Ecosystems(信頼できるデータエコシステム):アイデンティティに価値を見出す
Trusted Data Ecosystems(信頼できるデータエコシステム):アイデンティティに価値を見出すTrusted Data Ecosystems(信頼できるデータエコシステム):アイデンティティに価値を見出す
Trusted Data Ecosystems(信頼できるデータエコシステム):アイデンティティに価値を見出すHyperleger Tokyo Meetup
 
Slideshow - Lil Rat
Slideshow - Lil RatSlideshow - Lil Rat
Slideshow - Lil Ratmegg16
 
enkripsi and authentication
enkripsi and authenticationenkripsi and authentication
enkripsi and authenticationahmad amiruddin
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerCheapSSLUSA
 
Self-Sovereign-Identity.pptx
Self-Sovereign-Identity.pptxSelf-Sovereign-Identity.pptx
Self-Sovereign-Identity.pptxSanketKulkarni94
 
Securing & Safeguarding Your Library Setup.pptx
Securing & Safeguarding Your Library Setup.pptxSecuring & Safeguarding Your Library Setup.pptx
Securing & Safeguarding Your Library Setup.pptxBrian Pichman
 
Personal data on the blockchain and GDPR compatibility
Personal data on the blockchain and GDPR compatibility Personal data on the blockchain and GDPR compatibility
Personal data on the blockchain and GDPR compatibility Alexandra Giannopoulou
 
How can i hide my ip on permanent basis
How can i hide my ip on permanent basisHow can i hide my ip on permanent basis
How can i hide my ip on permanent basishidemyipaddress
 
Encryption by fastech
Encryption by fastechEncryption by fastech
Encryption by fastechAbdulafeez Fasasi
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 

More Related Content

Similar to Certificates pink programming

Cryptograpy Exam
Cryptograpy ExamCryptograpy Exam
Cryptograpy ExamLisa Olive
 
Network securities cn
Network securities cnNetwork securities cn
Network securities cnDhaval Bhatia
 
Protecting Your Privacy: Cyberspace Security, Real World Safety
Protecting Your Privacy: Cyberspace Security, Real World SafetyProtecting Your Privacy: Cyberspace Security, Real World Safety
Protecting Your Privacy: Cyberspace Security, Real World SafetyAEGILITY
 
DIGITAL FORENSIC 25In this chapter, youll learn more about.docx
DIGITAL FORENSIC 25In this chapter, youll learn more about.docxDIGITAL FORENSIC 25In this chapter, youll learn more about.docx
DIGITAL FORENSIC 25In this chapter, youll learn more about.docxlynettearnold46882
 
Infosec 4 The Home
Infosec 4 The HomeInfosec 4 The Home
Infosec 4 The Homejaysonstreet
 
Identity On The Internet
Identity On The InternetIdentity On The Internet
Identity On The InternetJon Spriggs
 
A public discussion about privacy careers: Training, certification and experi...
A public discussion about privacy careers: Training, certification and experi...A public discussion about privacy careers: Training, certification and experi...
A public discussion about privacy careers: Training, certification and experi...Infosec
 
Rayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayanehaz
 
Trusted Data Ecosystems(信頼できるデータエコシステム):アイデンティティに価値を見出す
Trusted Data Ecosystems(信頼できるデータエコシステム):アイデンティティに価値を見出すTrusted Data Ecosystems(信頼できるデータエコシステム):アイデンティティに価値を見出す
Trusted Data Ecosystems(信頼できるデータエコシステム):アイデンティティに価値を見出すHyperleger Tokyo Meetup
 
Slideshow - Lil Rat
Slideshow - Lil RatSlideshow - Lil Rat
Slideshow - Lil Ratmegg16
 
enkripsi and authentication
enkripsi and authenticationenkripsi and authentication
enkripsi and authenticationahmad amiruddin
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerCheapSSLUSA
 
Self-Sovereign-Identity.pptx
Self-Sovereign-Identity.pptxSelf-Sovereign-Identity.pptx
Self-Sovereign-Identity.pptxSanketKulkarni94
 
Securing & Safeguarding Your Library Setup.pptx
Securing & Safeguarding Your Library Setup.pptxSecuring & Safeguarding Your Library Setup.pptx
Securing & Safeguarding Your Library Setup.pptxBrian Pichman
 
Personal data on the blockchain and GDPR compatibility
Personal data on the blockchain and GDPR compatibility Personal data on the blockchain and GDPR compatibility
Personal data on the blockchain and GDPR compatibility Alexandra Giannopoulou
 
How can i hide my ip on permanent basis
How can i hide my ip on permanent basisHow can i hide my ip on permanent basis
How can i hide my ip on permanent basishidemyipaddress
 

Similar to Certificates pink programming (20)

Cyber security macau
Cyber security macau Cyber security macau
Cyber security macau
 
Cryptograpy Exam
Cryptograpy ExamCryptograpy Exam
Cryptograpy Exam
 
Public Vs. Private Keys
Public Vs. Private KeysPublic Vs. Private Keys
Public Vs. Private Keys
 
How encryption works
How encryption worksHow encryption works
How encryption works
 
Network securities cn
Network securities cnNetwork securities cn
Network securities cn
 
Protecting Your Privacy: Cyberspace Security, Real World Safety
Protecting Your Privacy: Cyberspace Security, Real World SafetyProtecting Your Privacy: Cyberspace Security, Real World Safety
Protecting Your Privacy: Cyberspace Security, Real World Safety
 
DIGITAL FORENSIC 25In this chapter, youll learn more about.docx
DIGITAL FORENSIC 25In this chapter, youll learn more about.docxDIGITAL FORENSIC 25In this chapter, youll learn more about.docx
DIGITAL FORENSIC 25In this chapter, youll learn more about.docx
 
Infosec 4 The Home
Infosec 4 The HomeInfosec 4 The Home
Infosec 4 The Home
 
Identity On The Internet
Identity On The InternetIdentity On The Internet
Identity On The Internet
 
A public discussion about privacy careers: Training, certification and experi...
A public discussion about privacy careers: Training, certification and experi...A public discussion about privacy careers: Training, certification and experi...
A public discussion about privacy careers: Training, certification and experi...
 
Rayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and students
 
Trusted Data Ecosystems(信頼できるデータエコシステム):アイデンティティに価値を見出す
Trusted Data Ecosystems(信頼できるデータエコシステム):アイデンティティに価値を見出すTrusted Data Ecosystems(信頼できるデータエコシステム):アイデンティティに価値を見出す
Trusted Data Ecosystems(信頼できるデータエコシステム):アイデンティティに価値を見出す
 
Slideshow - Lil Rat
Slideshow - Lil RatSlideshow - Lil Rat
Slideshow - Lil Rat
 
enkripsi and authentication
enkripsi and authenticationenkripsi and authentication
enkripsi and authentication
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets Layer
 
Self-Sovereign-Identity.pptx
Self-Sovereign-Identity.pptxSelf-Sovereign-Identity.pptx
Self-Sovereign-Identity.pptx
 
Securing & Safeguarding Your Library Setup.pptx
Securing & Safeguarding Your Library Setup.pptxSecuring & Safeguarding Your Library Setup.pptx
Securing & Safeguarding Your Library Setup.pptx
 
Personal data on the blockchain and GDPR compatibility
Personal data on the blockchain and GDPR compatibility Personal data on the blockchain and GDPR compatibility
Personal data on the blockchain and GDPR compatibility
 
How can i hide my ip on permanent basis
How can i hide my ip on permanent basisHow can i hide my ip on permanent basis
How can i hide my ip on permanent basis
 
Encryption by fastech
Encryption by fastechEncryption by fastech
Encryption by fastech
 

Recently uploaded

Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Roomdivyansh0kumar0
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一3sw2qly1
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Deliverybabeytanya
 
Call Girls in East Of Kailash 9711199171 Delhi Enjoy Call Girls With Our Escorts
Call Girls in East Of Kailash 9711199171 Delhi Enjoy Call Girls With Our EscortsCall Girls in East Of Kailash 9711199171 Delhi Enjoy Call Girls With Our Escorts
Call Girls in East Of Kailash 9711199171 Delhi Enjoy Call Girls With Our Escortsindian call girls near you
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneCall girls in Ahmedabad High profile
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 

Recently uploaded (20)

Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
 
Call Girls in East Of Kailash 9711199171 Delhi Enjoy Call Girls With Our Escorts
Call Girls in East Of Kailash 9711199171 Delhi Enjoy Call Girls With Our EscortsCall Girls in East Of Kailash 9711199171 Delhi Enjoy Call Girls With Our Escorts
Call Girls in East Of Kailash 9711199171 Delhi Enjoy Call Girls With Our Escorts
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 

Certificates pink programming

  • 1. Security and Identity on the internet Pink Programming Sunday October 15th, 2017 1 Jenny Dybedahl, B3IT Init AB
  • 2. Who am I? How do you know? 2Security and Identity on the Internet Identity Who am I? Jenny Dybedahl, from B3IT Init AB How do you know? Well, you don't. You could ask to see my ID card or driver's license, perhaps?
  • 3. Who do you trust? What if you need to trust someone else? What if you need someone to trust you? 3Security and Identity on the Internet Trust Who do you trust? People you know personally If you need to trust someone else? You ask someone you know to vouch for them, or they show you some identification from an institution that you trust - such as the Police, who issue passports, or Transportstyrelsen, who issue drivers' licenses... If you need someone to trust you? You get someone they trust to vouch for you, or you get a trusted institution to vouch for you. That's where SSL/TLS certificates come in!
  • 4. Who is listening? Who is reading? Who is altering data? 4Security and Identity on the Internet Security Who is listening? Usually only the people around you, unless there are bugs. (There are almost never bugs.) Who is reading? Usually just the people in the room. But who can see the text through the window? Or when you're using your phone, or your tablet, or your computer on the train or bus? And on the internet, who can get read access to the data you send and receive? On the internet, you can't know, unless you're using some form of encryption!
  • 5. Basic cryptography 5Security and Identity on the Internet Who am I? Jenny Dybedahl, from B3IT Init AB How do you know? Well, you don't. You could ask to see my ID card or driver's license, perhaps? Who do you trust? People you know personally If you need to trust someone else? You ask someone you know to vouch for them, or they show you some identification from an institution that you trust - such as the Police, who issue passports, or Transportstyrelsen, who issue drivers' licenses...
  • 6. Security and Identity on the Internet Symmetrical encryption Plain text Encrypted text Shared secret - same "key" used to encrypt and decrypt Symmetrical encryption cannot verify identity - anyone who has the key can both encrypt and decrypt. You can't know who used the key.
  • 7. Security and Identity on the Internet Symmetrical encryption Plain text Encrypted text Shared secret - same "key" used to encrypt and decrypt
  • 8. Security and Identity on the Internet Substitution cipher ROT 13 • A = N, B = O, C = P, [...], N = A, O = B, etc • Example: Uryyb Jbeyq! Hello World! Rot13 - "rotate 13 steps" - is one example of symmetrical encryption. It's very bad encryption. Its main use has been as a tool to avoid showing spoilers of books or TV series on discussion forums.
  • 9. Security and Identity on the Internet Substitution cipher Playfair cipher M O N A R C H Y B D E F G I/J K L P Q S T U V W X Z This is a better substitution cipher. I won't explain it here; you should get the book by Dorothy L Sayers. It's got a whole chapter explaining the cipher and it's a really good book!
  • 10. Security and Identity on the Internet Asymmetrical encryption •A pair of keys •One is kept secret - called private key •One is made public - called public key Asymmetrical encryption still does not guarantee identity - but it does guarantee which key has been used. If something can be decrypted with the public key, that means that you can be sure that it was encrypted with the private key. So if I sign something with my private key, you can verify it by using the public key.
  • 11. Security and Identity on the Internet Private key Encrypted text Plain text Plain text Encrypted textPublic key Text encrypted with one key can only be decrypted with the other paired key If something can be decrypted with the private key, that means that you can be sure that it was encrypted with the public key. This can be used to sign things - emails, code...
  • 12. Security and Identity on the Internet Private key Encrypted text Plain text Plain text Encrypted text Public key Text encrypted with one key can only be decrypted with the other paired key If something has been encrypted with the public key, that means that you can be sure that only the person who has the private key can decrypt it. That way, if someone has my public key, they can send me a message that only I can read.
  • 13. • How do you know that a public key belongs to me? • It gets signed by someone you trust! Security and Identity on the Internet Identity
  • 14. • Who do you trust? • What if you need to trust someone else? • What if you need someone to trust you? 14Security and Identity on the Internet Trust I know I said this before, but it bears repeating... Who do you trust? People you know personally If you need to trust someone else? You ask someone you know to vouch for them, or they show you some identification from an institution that you trust - such as the Police, who issue passports, or Transportstyrelsen, who issue drivers' licenses... If you need someone to trust you? You get someone they trust to vouch for you, or you get a trusted institution to vouch for you. That's where SSL/TLS certificates come in!
  • 15. How do you start trusting someone? 15Security and Identity on the Internet When you float on a sea of uncertainty, and you want to create some security, the first thing you do is to anchor yourself to something you trust. (It's really called "trust anchors", that's not just me being poetic!)
  • 16. Why trust an anchor? 16Security and Identity on the Internet • You know them • Someone you trust knows them • They have documentations, rules and processes that are trustworthy
  • 17. Trust anchors In the 3D-world: 17Security and Identity on the Internet • The Police - passports - National ID cards • Transportstyrelsen - Driving license
  • 18. How does it work? 18Security and Identity on the Internet • People trust things that are issued or signed by someone they trust • A public key that has been signed by someone is called a certificate
  • 20. Identification 20Security and Identity on the Internet Subject
  • 21. 21Security and Identity on the Internet Serial number Identification
  • 22. 22Security and Identity on the Internet Validity Identification
  • 23. 23Security and Identity on the Internet Valid usage Identification This license is valid for motorcycle, car with heavy trailer, and heavy trucks with trailer
  • 24. 24Security and Identity on the Internet Issued by Identification
  • 25. How does it work? 25Security and Identity on the Internet • People trust things that are issued or signed by someone they trust • A public key that has been signed by someone is called a certificate
  • 26. Trust anchors On the Internet 26Security and Identity on the Internet • Certificate Authorities - Everyone that your operating system trusts - Everyone that your web browser trusts This is who you are trusting every day!
  • 27. 27Security and Identity on the Internet You are trusting everyone that your operating system and/or web browser trusts 168 items Trust anchors On the Internet My computer is trusting 168 certificate authorities! (Though some of them are my own personal lab environment, for instance "Admin-Root-CA" in the list above. But at least 160 of them are there because Apple has chosen to trust them!)
  • 28. Trust anchors 28Security and Identity on the Internet https://cabforum.org The CA Browser Forum is an organisation that checks out certificate authorities, and tries to make sure that they aren't issuing certificates to the wrong people or in the wrong way. They have a lot of interesting information if you are interested in the processes and regulations of certificate authorities.
  • 29. Web site identification 29Security and Identity on the Internet Here's a web site that uses a certificate. If you click on the green padlock, you get some information about the certificate. Note that it doesn't say anything about who owns the domain!
  • 30. Web site certificates 30Security and Identity on the Internet Subject Valid from Valid until Issued by Valid usage Serial The web site certificate contains basically the same kind of information as the drivers license!
  • 31. Web site certificates 31Security and Identity on the Internet openssl x509 -in pinkprogrammingse.crt -noout -subject
 -issuer -dates -purpose -serial subject= /CN=pinkprogramming.se issuer= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 notBefore=Aug 27 14:20:00 2017 GMT notAfter=Nov 25 14:20:00 2017 GMT serial=038A11933134D6A51AC6BFE4AD60261847C3 Certificate purposes: SSL client : Yes SSL server : Yes Here's the same information again, in another format.
  • 32. Who is listening? Who is reading? Who is altering data? 32Security and Identity on the Internet Security Yes, I said this before - but the questions are important! Who is listening? Usually only the people around you, unless there are bugs. (There are almost never bugs.) Who is reading? Usually just the people in the room. But who can see the text through the window? And on the internet, who can get read access to the data you send and receive? On the internet, you can't know, unless you're using some form of encryption!
  • 33. • Only someone who has the key can decipher data 33Security and Identity on the Internet Who's listening/reading? This means that TLS/SSL protects against eavesdroppers on the internet!
 You should still be careful when using your laptop, tablet or phone in public, though...
  • 34. • If you alter a signed document, the signature becomes invalid 34Security and Identity on the Internet Who is altering data? This means that if you are using encryption, such as TLS/SSL, nobody can know alter the data. For instance, nobody will be able inject an order for your bank to send money to a scammer.
  • 35. • Common certificates only identify the domain name • Extended Validation certificates identify the domain owner 35Security and Identity on the Internet Identity The difference between "ordinary" certificate and Extended Validation certificates.
  • 36. Extended Validation 36Security and Identity on the Internet "Ordinary" certificates don't really tell you anything about the identity of the organisation behind the domain. They just show that the web server is set up by someone who has ownership of the domain. "Extended validation" certificates are only issued after verifying the identity of the organisation, and their ownership of the domain
  • 37. • Certificates can be revoked • It's up to the browser or application to check for revocation 37Security and Identity on the Internet Revocation A certificate can be cancelled, just like a credit card can be cancelled if you find out that it's been skimmed or stolen. For certificates, this is called revocation.
  • 38. • Certificate Revocation Lists - CRL:s • Issued at intervals, contain all revoked certificates 38Security and Identity on the Internet Revocation
  • 39. Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=US/O=IdenTrust/OU=TrustID Server/CN=TrustID Server CA A52 Last Update: Oct 14 00:36:18 2017 GMT Next Update: Oct 15 00:36:18 2017 GMT Revoked Certificates: Serial Number: 7F00000100000152892D02C7007200A1 Revocation Date: Jan 28 18:44:54 2016 GMT CRL entry extensions: X509v3 CRL Reason Code: Superseded 39Security and Identity on the Internet CRL Here's an example of a certificate revocation list.
  • 40. • Online Certificate Status Protocol - OCSP • Answers directly 40Security and Identity on the Internet Revocation
  • 41. Web site certificates 41Security and Identity on the Internet https://letsencrypt.org If you want to use certificates in your web server or application, this is a good place to start!
  • 42. Questions? 42Security and Identity on the Internet jenny.dybedahl@b3it.se