Advertisement
Pki 201 Key Management
Pki 201 Key Management
Pki 201 Key Management
Pki 201 Key Management
Pki 201 Key Management
Pki 201 Key Management
Pki 201 Key Management
Pki 201 Key Management
Pki 201 Key Management
Pki 201 Key Management
Pki 201 Key Management
Pki 201 Key Management
Pki 201 Key Management
Pki 201 Key Management
Pki 201 Key Management
Pki 201 Key Management
Pki 201 Key Management
Pki 201 Key Management
Pki 201 Key Management
Pki 201 Key Management
Pki 201 Key Management
Pki 201 Key Management

Check these out next

How to do Cryptography right in Android Part One
How to do Cryptography right in Android Part One
Arash Ramez
How to do right cryptography in android part 3 / Gated Authentication reviewed
How to do right cryptography in android part 3 / Gated Authentication reviewed
Arash Ramez
Ch 6: Attacking Authentication
Ch 6: Attacking Authentication
Sam Bowne
CNIT 50: 1. Network Security Monitoring Rationale
CNIT 50: 1. Network Security Monitoring Rationale
Sam Bowne
CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)
Sam Bowne
CISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access Management
Sam Bowne
How to write secure code
How to write secure code
Flaskdata.io
Malware for Red Team
Malware for Red Team
Satria Ady Pradana
1 of 22

Pki 201 Key Management

Sep. 3, 2013
Download to read offline
Technology
Education
NCC Group
NCC Group
Advertisement
Advertisement
Advertisement

Recommended

Cryptography101Cryptography101
Cryptography101NCC Group5K views27 slides
5. Identity and Access Management5. Identity and Access Management
5. Identity and Access ManagementSam Bowne1.5K views70 slides
Zerotrusting serverless applications protecting microservices using secure d...Zerotrusting serverless applications protecting microservices using secure d...
Zerotrusting serverless applications protecting microservices using secure d...Trupti Shiralkar, CISSP64 views29 slides
Common crypto attacks and secure implementationsCommon crypto attacks and secure implementations
Common crypto attacks and secure implementationsTrupti Shiralkar, CISSP135 views32 slides
CNIT 125 6. Identity and Access ManagementCNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access ManagementSam Bowne533 views70 slides
Key managementKey management
Key managementBrandon Byungyong Jo6K views17 slides

More Related Content

Slideshows for you(20)

How to do Cryptography right in Android Part OneHow to do Cryptography right in Android Part One
How to do Cryptography right in Android Part One
Arash Ramez1.3K views
How to do right cryptography in android part 3 / Gated Authentication reviewedHow to do right cryptography in android part 3 / Gated Authentication reviewed
How to do right cryptography in android part 3 / Gated Authentication reviewed
Arash Ramez1.1K views
Ch 6: Attacking AuthenticationCh 6: Attacking Authentication
Ch 6: Attacking Authentication
Sam Bowne136 views
CNIT 50: 1. Network Security Monitoring RationaleCNIT 50: 1. Network Security Monitoring Rationale
CNIT 50: 1. Network Security Monitoring Rationale
Sam Bowne280 views
CISSP Prep: Ch 4. Security Engineering (Part 2)CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)
Sam Bowne1.2K views
CISSP Prep: Ch 6. Identity and Access ManagementCISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access Management
Sam Bowne2.4K views
How to write secure codeHow to write secure code
How to write secure code
Flaskdata.io100 views
Malware for Red TeamMalware for Red Team
Malware for Red Team
Satria Ady Pradana153 views
Silabus Training Reverse EngineeringSilabus Training Reverse Engineering
Silabus Training Reverse Engineering
Satria Ady Pradana80 views
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social Engineering
Sam Bowne2.8K views
CNIT 125 Ch 8. Security OperationsCNIT 125 Ch 8. Security Operations
CNIT 125 Ch 8. Security Operations
Sam Bowne425 views
Slide Deck – Session 9 – FRSecure CISSP Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP
FRSecure831 views
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
Shah Sheikh1.3K views
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionEntrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Sachintha Gunasena390 views
Fingerprinting and Attacking a Healthcare InfrastructureFingerprinting and Attacking a Healthcare Infrastructure
Fingerprinting and Attacking a Healthcare Infrastructure
Positive Hack Days834 views
Protecting Sensitive Data (and be PCI Compliant too!)Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)
Security Innovation140 views
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
Edureka!751 views
Cyber securityCyber security
Cyber security
JahirUddinKomol25 views
CNIT 125: Ch 4. Security Engineering (Part 1)CNIT 125: Ch 4. Security Engineering (Part 1)
CNIT 125: Ch 4. Security Engineering (Part 1)
Sam Bowne814 views
CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)
CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)
Sam Bowne538 views

Viewers also liked(20)

Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
IBM Security2.3K views
2012 12-04 --ncc_group_-_mobile_threat_war_room2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_room
NCC Group537 views
The Mobile Internet of Things and Cyber Security The Mobile Internet of Things and Cyber Security
The Mobile Internet of Things and Cyber Security
NCC Group952 views
Docking stations andy_davis_ncc_group_slidesDocking stations andy_davis_ncc_group_slides
Docking stations andy_davis_ncc_group_slides
NCC Group842 views
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprintsAndy Davis' Black Hat USA Presentation Revealing embedded fingerprints
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprints
NCC Group1.2K views
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
NCC Group542 views
2013 07-12 ncc-group_data_anonymisation_technical_aspects_v1 02013 07-12 ncc-group_data_anonymisation_technical_aspects_v1 0
2013 07-12 ncc-group_data_anonymisation_technical_aspects_v1 0
NCC Group1.1K views
Practical SME Security on a ShoestringPractical SME Security on a Shoestring
Practical SME Security on a Shoestring
NCC Group882 views
How we breach small and medium enterprises (SMEs)How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)
NCC Group1.9K views
Pki 202 Architechture Models and CRLsPki 202 Architechture Models and CRLs
Pki 202 Architechture Models and CRLs
NCC Group2K views
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise Checklist
Jignesh Solanki372 views
Exploiting appliances presentation v1.1-vids-removedExploiting appliances presentation v1.1-vids-removed
Exploiting appliances presentation v1.1-vids-removed
NCC Group967 views
NCC Group 44Con Workshop: How to assess and secure ios appsNCC Group 44Con Workshop: How to assess and secure ios apps
NCC Group 44Con Workshop: How to assess and secure ios apps
NCC Group21K views
07182013 Hacking Appliances: Ironic exploits in security products07182013 Hacking Appliances: Ironic exploits in security products
07182013 Hacking Appliances: Ironic exploits in security products
NCC Group2.6K views
Cryptography - 101Cryptography - 101
Cryptography - 101
n|u - The Open Security Community5.2K views
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWS
Amazon Web Services28.5K views
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security Threats
NCC Group1.5K views
USB: Undermining Security BarriersUSB: Undermining Security Barriers
USB: Undermining Security Barriers
NCC Group1.3K views
key distribution in network securitykey distribution in network security
key distribution in network security
babak danyal35.5K views
Real World Application Threat Modelling By ExampleReal World Application Threat Modelling By Example
Real World Application Threat Modelling By Example
NCC Group17.9K views
Advertisement

Similar to Pki 201 Key Management(20)

Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
ST_World 1.2K views
Encryption techniquesEncryption techniques
Encryption techniques
MohitManna144 views
"Mobile security: iOS", Yaroslav Vorontsov, DataArt"Mobile security: iOS", Yaroslav Vorontsov, DataArt
"Mobile security: iOS", Yaroslav Vorontsov, DataArt
DataArt367 views
CryptographyCryptography
Cryptography
Muhammad Shoaib Saleem612 views
Electronic SecurityElectronic Security
Electronic Security
We Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.2.1K views
Electronic securityElectronic security
Electronic security
We Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.349 views
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificates
Stephane Potier7.2K views
Crypto academyCrypto academy
Crypto academy
Paul Gillingwater, MBA602 views
Web-of-Things and Services SecurityWeb-of-Things and Services Security
Web-of-Things and Services Security
Oliver Pfaff1.3K views
15 intro to ssl certificate & pki concept15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept
Mostafa El Lathy248 views
Slidecast - WorkshopSlidecast - Workshop
Slidecast - Workshop
Samant Khajuria100 views
CISSP - Chapter 3 - CryptographyCISSP - Chapter 3 - Cryptography
CISSP - Chapter 3 - Cryptography
Karthikeyan Dhayalan8.4K views
Are your crypto keys safe?Are your crypto keys safe?
Are your crypto keys safe?
Rob Stubbs 🔑 ☁ 🔒111 views
SSL Europa Cloud Security 2013SSL Europa Cloud Security 2013
SSL Europa Cloud Security 2013
ssleuropa698 views
Data Security Essentials for Cloud Computing - JavaOne 2013Data Security Essentials for Cloud Computing - JavaOne 2013
Data Security Essentials for Cloud Computing - JavaOne 2013
javagroup20061.2K views
CryptographyCryptography
Cryptography
PPT4U1.1K views
Data Security for Project ManagersData Security for Project Managers
Data Security for Project Managers
Joseph Wojowski380 views
Essential Guide to Protect Your Data [Key Management Techniques]Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]
SISA Information Security Pvt.Ltd1.5K views
Attacker's Perspective of Active DirectoryAttacker's Perspective of Active Directory
Attacker's Perspective of Active Directory
Sunny Neo1.4K views
Hybrid Cryptography with examples in Ruby and GoHybrid Cryptography with examples in Ruby and Go
Hybrid Cryptography with examples in Ruby and Go
Eleanor McHugh3.4K views

Recently uploaded(20)

Presentation.pptxPresentation.pptx
Presentation.pptx
AyeshaIndunil0 views
01class_object_references & 02Generation_GC.pptx01class_object_references & 02Generation_GC.pptx
01class_object_references & 02Generation_GC.pptx
ssuser95922e0 views
Nanotechnology Infographics.pdfNanotechnology Infographics.pdf
Nanotechnology Infographics.pdf
seed250 views
What is Philosophy in Technology?What is Philosophy in Technology?
What is Philosophy in Technology?
Roman Krzanowski0 views
The Benefits of Serverless ArchitectureThe Benefits of Serverless Architecture
The Benefits of Serverless Architecture
MindInventory0 views
DIGITAL SUPPLY CHAIN WITH BLOCKCHAINDIGITAL SUPPLY CHAIN WITH BLOCKCHAIN
DIGITAL SUPPLY CHAIN WITH BLOCKCHAIN
ABOORVAponnan0 views
Storybook, the best friend we all needStorybook, the best friend we all need
Storybook, the best friend we all need
AnnaSala220 views
TenT-Day02.pptxTenT-Day02.pptx
TenT-Day02.pptx
JohanMyburgh150 views
Ch 2.pdfCh 2.pdf
Ch 2.pdf
MuhammadAsif10690 views
From Project to Product: Leaders, Here's What It Means to YouFrom Project to Product: Leaders, Here's What It Means to You
From Project to Product: Leaders, Here's What It Means to You
Cprime0 views
Ch 4.pdfCh 4.pdf
Ch 4.pdf
MuhammadAsif10690 views
DR Guide Process.pdfDR Guide Process.pdf
DR Guide Process.pdf
blackmambaettijean0 views
Video Coding Enhancements for HTTP Adaptive Streaming Using Machine LearningVideo Coding Enhancements for HTTP Adaptive Streaming Using Machine Learning
Video Coding Enhancements for HTTP Adaptive Streaming Using Machine Learning
Alpen-Adria-Universität0 views
TenT-Day05.pptxTenT-Day05.pptx
TenT-Day05.pptx
JohanMyburgh150 views
Vin secure solutions PPT (1).pdfVin secure solutions PPT (1).pdf
Vin secure solutions PPT (1).pdf
vin secure solutions0 views
C++ Programming.pdfC++ Programming.pdf
C++ Programming.pdf
MrRSmey0 views
OpenACC and Open Hackathons Monthly Highlights May 2023.pdfOpenACC and Open Hackathons Monthly Highlights May 2023.pdf
OpenACC and Open Hackathons Monthly Highlights May 2023.pdf
OpenACC0 views
TenT-Day09.pptxTenT-Day09.pptx
TenT-Day09.pptx
JohanMyburgh150 views
Metaverse x AI x Web3 x Sustainability ConvergenceMetaverse x AI x Web3 x Sustainability Convergence
Metaverse x AI x Web3 x Sustainability Convergence
Alex G. Lee, Ph.D. Esq. CLP0 views
re:Invent ARC307 - Serverless architectural patterns and best practices.pdfre:Invent ARC307 - Serverless architectural patterns and best practices.pdf
re:Invent ARC307 - Serverless architectural patterns and best practices.pdf
Heitor Lessa0 views
Advertisement

Pki 201 Key Management

  1. PKI 201 – Key Management By Aman Hardikar
  2. Agenda • Basic Cryptosystem • Types of Keys • Key Life Cycle • Pre Operational • Creation • Distribution • Operation • Post Operational • Destruction • Storage • X509 Certificate Basics
  3. An Example of a Basic Crypto System • Three keys • 1 symmetric key • 1 public key • 1 private key • Three algorithms • 1 symmetric cipher algorithm (block / stream) • 1 asymmetric cipher algorithm • 1 hashing algorithm • Optional • RNG (Random Number Generator)
  4. Biggest Problem Key Management • Why? • Easier to steal the key than to break the lock. In general, majority of the attacks on a cryptosystem were on Key Management.
  5. Types of Keys To mitigate key management issues, multiple keys were created according to its designated purpose. Private Signature Key Public Key Transport Key Public Signature Key Symmetric Key Agreement Key Symmetric Authentication Key Private Static Key Agreement Key Private Authentication Key Public Static Key Agreement Key Public Authentication Key Private Ephemeral Key Agreement Key Symmetric Data Encryption Key Public Ephemeral Key Agreement Key Symmetric Key Wrapping Key Symmetric Authorization Key Symmetric Master Key Public Authorization Key Private Key Transport Key Private Authorization Key
  6. Cryptographic Strength & Key Size Comparable Key Strength Bits Symmetric Algorithm RSA ECC 80 2kTripleDEA 1024 160–223 112 3kTripleDEA 2048 224–255 128 AES-128 3072 256–383 192 AES-192 7680 384–511 256 AES-256 15360 512+ • Ephemeral or temporary keys • Long life keys OUP (Originator Usage Period) Time during which cryptographic protection may be applied to data
  7. Key Lifecycle
  8. Key Lifecycle - Preoperational • Installing key policies • Selecting algorithms • Registering attributes • Key parameters Keys are registered (binding them to subject’s identity). In PKI, it is implemented using x509 certificate. X.509 certificate binds a public key with subject name (user)
  9. Key Lifecycle - Creation • Avoid weak keys • Avoid weak algorithms or weak implementations of algorithms • Process of key generation • Type, purpose and crypto applications of keys
  10. Key Lifecycle – Creation (2) Random Number Generators (RNG) • Produce a sequence of 0s and 1s for use in cryptography • Combined into sub-sequences or blocks of random numbers • Types • Deterministic • Produces sequence based on a known value (seed) • Nondeterministic • Produces sequence based on an unpredictable source
  11. Key Lifecycle - Distribution • Based on the type of the key • Requirements • Availability of the keys • Association of keys with intended use • Integrity – detection of change during transit • Confidentiality – split knowledge principle • Distribution • Private keys – split knowledge, trusted entities for distribution • Public keys – X509 certificate • Manual key distribution (encrypted using key wrapping keys) • Wrapping keys are generally public keys • If private keys are used, then a separate distribution channel should be established Keys used only for encrypting data in storage should not be distributed.
  12. Key Lifecycle - Operation • Backup and recovery mechanisms • Compromised backups • Controls for detecting a compromise • Regeneration • Updates and changes • Crypto period expiration • Suspected or real key compromise • Rekeying • Needs redistribution • Updating the key • No redistribution required • Produced based on the old key • Known to all parties
  13. Key Lifecycle – Post-operation • Key not operational • Access to keys needed • Decrypt data • Verify signature
  14. Key Lifecycle - Destruction • Zeroization • Replacing key material with ‘0’ or ‘o’ or something meaning less • Not just the key material at rest, other places should also be considered
  15. Key Storage • Provide Integrity • Provide Confidentiality • Association with application and objects • Assurance of domain parameters Keys are protected with additional level of access control. Destroying of key material using zeroization, if required.
  16. Key Escrow • Multiple parties/agencies storing part of the key. • Generally operates with two components held with two independent agents. • Risks • Collusion • Failure of reassembling Ex: SKIPJACK and LEAF method.
  17. Key States / Transitions
  18. Digital Certificate An electronic identity issued to a person, system, or an organization by a competent authority after verifying the credentials of the entity. In PKI, all digital certificates were issued based on the X.509 standard.
  19. X.509v3 Certificate
  20. SSL Certificate: Version: 2 Serial Number: 4294967295 Signature Algorithm: sha1WithRSAEncryption Issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3 Not valid before: Dec 1 00:00:00 2010 GMT Not valid after: Dec 4 12:00:00 2013 GMT Subject: /C=GB/ST=Lancashire/L=Bolton/O=Bolton Metropolitan Borough Council/OU=Bolton/CN=*.bolton.gov.uk Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:c4:84:24:fb:93:61:c4:3e:82:dc:6b:f0:d7:75: 7e:93:93:a3:fe:34:05:1b:f0:12:37:e0:b2:f1:0f: bd:b5:aa:57:ee:53:ac:67:af:62:48:15:21:c8:14: ………… 48:a5:46:07:77:07:c0:e5:ff:5c:b9:5c:72:27:e6: d6:e4:2c:a4:3d:55:3b:3c:aa:bf:71:69:af:c8:63: 66:1f Exponent: 65537 (0x10001) X509v3 Extensions: X509v3 Authority Key Identifier: keyid:50:EA:73:89:DB:29:FB:10:8F:9E:E5:01:20:D4:DE:79:99:48:83:F7 X509v3 Subject Key Identifier: 08:BC:EF:1E:D5:0D:92:26:7B:6C:CA:E9:48:A9:ED:EB:AE:C0:B1:BC X509v3 Subject Alternative Name: DNS:*.bolton.gov.uk, DNS:bolton.gov.uk, DNS:ebiz.bolton.gov.uk X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: URI:http://crl3.digicert.com/ca3-g8.crl URI:http://crl4.digicert.com/ca3-g8.crl X509v3 Certificate Policies: Policy: 2.16.840.1.114412.1.3.0.1 CPS: http://www.digicert.com/ssl-cps-repository.htm User Notice: Explicit Text: Authority Information Access: OCSP - URI:http://ocsp.digicert.com CA Issuers - URI:http://cacerts.digicert.com/DigiCertHighAssuranceCA-3.crt X509v3 Basic Constraints: critical CA:FALSE
  21. X.509v3 Certificate Signing
  22. Continued ….. PKI 202/203 • Trust Models • CRL Models • Working of SSL, SMIME • Walk through using software • Architectural Weaknesses • Auditing a PKI Infrastructure
Advertisement