SlideShare a Scribd company logo

Unit 4 (Part II) - Authentication Framework for PKC.pptx

Download as PPTX, PDF
R
RAMESHMRA21130030110

This document discusses public key cryptography and authentication frameworks. It covers: - Public key cryptography uses key pairs (public and private keys) to authenticate identity and encrypt/sign data. - Authentication frameworks like X.509 use a certification authority to issue certificates that bind users' identities to their public keys. - PGP uses a "web of trust" where users can sign each other's keys rather than relying on a central authority. - ID-based cryptography aims to simplify authentication frameworks by deriving public keys directly from users' identities.

Education
1 of 20
Authentication Framework for Public-Key Cryptography Priyadharshini.SP RA2113003011051
Public-Key Cryptography • Public key cryptography involves a pair of keys known as a public key and a private key (a public key pair), which are associated with an entity that needs to authenticate its identity electronically or to sign or encrypt data. • Each public key is published and the corresponding private key is kept secret. • Public-key = F(Private-key)
Authentication Framework • A "simple" key-management method requires each parties to manage huge number of public keys in an open communication. • In public-key cryptography a trusted principal helps in the management of secret keys. • Service is a combination of sub-services such as key registration, authentication and name-directory. • Relationship has to be established between the server principal to conduct a secure communication. • Each end user has to manage a single secret key shared with the authentication server.
• Key-management service is called public-key certification service, and a trusted server is called a certification authority (CA). • CA will issue a public-key certificate for each end user in the domain of that CA. • A public-key certificate is a structured data record with uniquely identifiable identity of the holder and public key parameter. • Certificate is digitally signed by the issuing CA which provides a cryptographic binding between the holder's identity and their public key. • Thus the verification principal establishes a secure key channel between the CA and the end user.
Public Key certificate
Public Key certificate
Certificate Issuance • In the issuance of a certificate, a CA validate the identity of a principal who requests a certificate. • The principal should also prove that she/he knows the private component of the public key to be certified. • The proof can either be in the form of a user creating a signature, verifiable using the public key, or zero-knowledge proof protocol between the user and the CA. • Some applications requires the private component of a public key to have certain structure. • In such applications, a zero-knowledge protocol can be designed to enable a proof of the needed structure.
Certificate Revocation • Compromise of a user's private key or a change of user information are two examples of this situation. • In the case of the directory-based certification framework, the root CA should maintain a hot list of the revoked certificates in online. • Alternatively, the root CA may issue a "D-revocation list”, which only contains newly revoked certificates. • The system-wide users can update their local copies of the certificate revocation list whenever they receive a D-revocation list. • A revocation of a certificate should be timestamped by the revocation CA. • Signatures of a principal issued prior to the date of her/his certificate's revocation is considered as valid.
Framework - X.509 Public-key Certification Framework • The standard public-key certification framework, called the X.509 [152] certification infrastructure, called a directory information tree (DIT). • In such a tree hierarchy, each node represents a principal whose public- key certificate is issued by its immediate parent node. • The leaf nodes are end-user principals. • The non-leaf nodes are CAs at various levels and domains • Each of these domains has many sub-domains, e.g, the education domain has various university sub-domains. • The root node is called the root CA which is a well-known principal in the whole system. • The root CA should certify its own public key. • Two end-user principals can establish a secure communication channel by finding upward in the DIT a CA who is the nearest common ancestor node of them.
PGP "Web of Trust" • PGP "web of trust" or "key-ring" (PGP stands for "Pretty Good Privacy" which is a secure e-mail software developed by Zimmermann. • This authentication model scales up in an unhierarchical manner. • In the PGP "web of trust," any individual can be a "CA" for any other principals in the system by signing their "key certificates" which is simply a pair name key . • Evidently, the signing relationship forms a web structure. • Thus, when Alice wants to establish the authenticity of Bob's key, she should request to see a number of Bob's "key certificates." If some of the issuing "CAs" of these certificates are "known" by Alice "to some extent," then she gains a certain level of authenticity about Bob's public key. Alice can demand Bob to provide more "certificates" until she is satisfied with the level of the trust.
Simple Public Key Infrastructure (SPKI) • A directory-based public-key certification framework named SPKI is also a tree-structured framework, similar to an X.509 key certification framework. • However, its naming convention includes a person's usual name and a hash of the public key value. • This naming method is suggested by Rivest and Lampson in SDSI (which stands for "A Simple Distributed Security Infrastructure"). • SDSI features localization naming rules. • These features also aim to make a decentralized authentication and authorization framework. • Thus, a SPKI name is also called a SDSI name. • SPKI also considers "authorization" and "delegation" entries which carry authorization and delegation information.
Protocols associated with X.509 Public-key Authentication Infrastructure • Certificate Management Protocol (CMP) : This protocol supports online interactions between Public Key Infrastructure (PKI) components. • For example, a management protocol might be used between a Certification Authority (CA) and a client system with which a key pair is associated with two CAs that issue cross-certificates for each other. • These interactions are needed when, e.g., an entity is required to prove the possession of a private key upon its request for key certification or key update. • Online Certificate Status Protocol (OCSP) : This protocol enables applications to determine the (revocation) state of an identified certificate. • OCSP may be used to satisfy some of the operational requirements of providing more timely revocation information than is possible with CRLs and may also be used to obtain additional status information
Protocols associated with X.509 Public-key Authentication Infrastructure • Internet X.509 Public Key Infrastructure Time Stamp Protocols : This protocol consists of a request sent to a Time Stamping Authority (TSA) and of the response that is returned. • Non-repudiation services require the ability to establish the existence of data before specified times. • This protocol may be used as a building block to support such services. • Internet X.509 Public Key Infrastructure Operational Protocols: FTP and HTTP. • This is a specification of protocol conventions for PKI to use the File Transfer Protocol (FTP) and the Hypertext Transfer Protocol (HTTP) to obtain certificates and certificate revocation lists (CRLs) from PKI repositories.
Non-Directory Based Authentication Framework • The key generation procedure in the usual sense of public-key cryptography renders all public keys random. Consequently, it is necessary to associate a public key with the identity information of its owner in an authentic manner. • We have seen that such an association can be realized by a public- key authentication framework: a tree-like hierarchical public-key certification infrastructure (e.g., X.509 certification framework). However, to establish and maintain a tree hierarchy, PKI incur a non-trivial level of system complexity and cost. • It has long been desired that the standard public-key authentication framework be simplified. • It is reasonable to think that, if public keys are not random-looking, then the system complexity and the cost for establishing and maintaining the public-key authentication framework may be reduced. • Postal mail systems work properly this way. • Private-key = F(Master-key, Public-key)
Shamir's ID-Based Signature Scheme • In Shamir's ID-based signature scheme there are four algorithms: Setup: this algorithm is operated by TA (from now on let us call TA Trent) to generate global system parameters and master-key. User-key-generate: this algorithm (also operated by Trent), inputting master-key and an arbitrary bit string id {0, 1}*, outputs private-key which corresponds to id; Sign: a signature generation algorithm; inputting a message and the signer's private key, it outputs a signature. Verify: a signature verification algorithm; inputting a message-signature pair and id, it outputs True or False.
Algorithm for Shamir's ID-Based Signature Scheme
Signature Verification
THANK YOU

Recommended

Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applicationsArash Ramez
 
I would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdfI would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdfJUSTSTYLISH3B2MOHALI
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
 
Authentication services
Authentication servicesAuthentication services
Authentication servicesGreater Noida Institute Of Technology
 
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2dP2PSystem
 
Authentication and Authorization Models
Authentication and Authorization ModelsAuthentication and Authorization Models
Authentication and Authorization ModelsCSCJournals
 
Public key infrastructure
Public key infrastructurePublic key infrastructure
Public key infrastructureAditya Nama
 
Alpha Education
Alpha EducationAlpha Education
Alpha EducationAlpha20 Group
 

Recommended

Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applicationsArash Ramez
 
I would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdfI would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdfJUSTSTYLISH3B2MOHALI
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
 
Authentication services
Authentication servicesAuthentication services
Authentication servicesGreater Noida Institute Of Technology
 
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2dP2PSystem
 
Authentication and Authorization Models
Authentication and Authorization ModelsAuthentication and Authorization Models
Authentication and Authorization ModelsCSCJournals
 
Public key infrastructure
Public key infrastructurePublic key infrastructure
Public key infrastructureAditya Nama
 
Alpha Education
Alpha EducationAlpha Education
Alpha EducationAlpha20 Group
 
The world of encryption
The world of encryptionThe world of encryption
The world of encryptionMohammad Yousri
 
Blockchain Poc for Certificates and Degrees
Blockchain Poc for Certificates and DegreesBlockchain Poc for Certificates and Degrees
Blockchain Poc for Certificates and DegreesCyberBahn Federal Solutions
 
Microservices Security landscape
Microservices Security landscapeMicroservices Security landscape
Microservices Security landscapeSagara Gunathunga
 
PKI & SSL
PKI & SSLPKI & SSL
PKI & SSLRitaThakkar1
 
Blockchain PoC For Education
Blockchain PoC For EducationBlockchain PoC For Education
Blockchain PoC For EducationSanjeev Raman
 
Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Avirot Mitamura
 
MCSA 70-412 Chapter 06
MCSA 70-412 Chapter 06MCSA 70-412 Chapter 06
MCSA 70-412 Chapter 06Computer Networking
 
GlobalSign's Hosted OCSP for IoT PKIs
GlobalSign's Hosted OCSP for IoT PKIsGlobalSign's Hosted OCSP for IoT PKIs
GlobalSign's Hosted OCSP for IoT PKIsGlobalSign
 
SSL Everywhere!
SSL Everywhere!SSL Everywhere!
SSL Everywhere!Simon Haslam
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureInformation Technology
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkpromediakw
 
Blockchain Poc for Certificates and Degrees
Blockchain Poc for Certificates and DegreesBlockchain Poc for Certificates and Degrees
Blockchain Poc for Certificates and DegreesCyberbahn Training and Advisory Services
 
Digital signature
Digital signatureDigital signature
Digital signatureAJAL A J
 
E collaborationscottrea
E collaborationscottreaE collaborationscottrea
E collaborationscottreaCollaborative Health Consortium
 
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docxdurantheseldine
 
PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in BangladeshBangladesh Network Operators Group
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificatesStephane Potier
 
ch1 eriht eriotery erogyteip ergy7.ppt
ch1 eriht eriotery erogyteip ergy7.pptch1 eriht eriotery erogyteip ergy7.ppt
ch1 eriht eriotery erogyteip ergy7.pptSonukumarRawat
 
Certification Authority - Sergio Lietti
Certification Authority - Sergio LiettiCertification Authority - Sergio Lietti
Certification Authority - Sergio LiettiNúcleo de Computação Científica
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 

More Related Content

Similar to Unit 4 (Part II) - Authentication Framework for PKC.pptx

Microservices Security landscape
Microservices Security landscapeMicroservices Security landscape
Microservices Security landscapeSagara Gunathunga
 
Blockchain PoC For Education
Blockchain PoC For EducationBlockchain PoC For Education
Blockchain PoC For EducationSanjeev Raman
 
Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Avirot Mitamura
 
GlobalSign's Hosted OCSP for IoT PKIs
GlobalSign's Hosted OCSP for IoT PKIsGlobalSign's Hosted OCSP for IoT PKIs
GlobalSign's Hosted OCSP for IoT PKIsGlobalSign
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureInformation Technology
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkpromediakw
 
Digital signature
Digital signatureDigital signature
Digital signatureAJAL A J
 
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docxdurantheseldine
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificatesStephane Potier
 
ch1 eriht eriotery erogyteip ergy7.ppt
ch1 eriht eriotery erogyteip ergy7.pptch1 eriht eriotery erogyteip ergy7.ppt
ch1 eriht eriotery erogyteip ergy7.pptSonukumarRawat
 

Similar to Unit 4 (Part II) - Authentication Framework for PKC.pptx (20)

The world of encryption
The world of encryptionThe world of encryption
The world of encryption
 
Blockchain Poc for Certificates and Degrees
Blockchain Poc for Certificates and DegreesBlockchain Poc for Certificates and Degrees
Blockchain Poc for Certificates and Degrees
 
Microservices Security landscape
Microservices Security landscapeMicroservices Security landscape
Microservices Security landscape
 
PKI & SSL
PKI & SSLPKI & SSL
PKI & SSL
 
Blockchain PoC For Education
Blockchain PoC For EducationBlockchain PoC For Education
Blockchain PoC For Education
 
Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)
 
MCSA 70-412 Chapter 06
MCSA 70-412 Chapter 06MCSA 70-412 Chapter 06
MCSA 70-412 Chapter 06
 
GlobalSign's Hosted OCSP for IoT PKIs
GlobalSign's Hosted OCSP for IoT PKIsGlobalSign's Hosted OCSP for IoT PKIs
GlobalSign's Hosted OCSP for IoT PKIs
 
SSL Everywhere!
SSL Everywhere!SSL Everywhere!
SSL Everywhere!
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key Infrastructure
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talk
 
Blockchain Poc for Certificates and Degrees
Blockchain Poc for Certificates and DegreesBlockchain Poc for Certificates and Degrees
Blockchain Poc for Certificates and Degrees
 
Digital signature
Digital signatureDigital signature
Digital signature
 
E collaborationscottrea
E collaborationscottreaE collaborationscottrea
E collaborationscottrea
 
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx
 
PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in Bangladesh
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificates
 
ch1 eriht eriotery erogyteip ergy7.ppt
ch1 eriht eriotery erogyteip ergy7.pptch1 eriht eriotery erogyteip ergy7.ppt
ch1 eriht eriotery erogyteip ergy7.ppt
 
Certification Authority - Sergio Lietti
Certification Authority - Sergio LiettiCertification Authority - Sergio Lietti
Certification Authority - Sergio Lietti
 

Recently uploaded

Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
The byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxThe byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxShobhayan Kirtania
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 

Recently uploaded (20)

Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
The byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxThe byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptx
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 

Unit 4 (Part II) - Authentication Framework for PKC.pptx

  • 1. Authentication Framework for Public-Key Cryptography Priyadharshini.SP RA2113003011051
  • 2. Public-Key Cryptography • Public key cryptography involves a pair of keys known as a public key and a private key (a public key pair), which are associated with an entity that needs to authenticate its identity electronically or to sign or encrypt data. • Each public key is published and the corresponding private key is kept secret. • Public-key = F(Private-key)
  • 3.
  • 4. Authentication Framework • A "simple" key-management method requires each parties to manage huge number of public keys in an open communication. • In public-key cryptography a trusted principal helps in the management of secret keys. • Service is a combination of sub-services such as key registration, authentication and name-directory. • Relationship has to be established between the server principal to conduct a secure communication. • Each end user has to manage a single secret key shared with the authentication server.
  • 5. • Key-management service is called public-key certification service, and a trusted server is called a certification authority (CA). • CA will issue a public-key certificate for each end user in the domain of that CA. • A public-key certificate is a structured data record with uniquely identifiable identity of the holder and public key parameter. • Certificate is digitally signed by the issuing CA which provides a cryptographic binding between the holder's identity and their public key. • Thus the verification principal establishes a secure key channel between the CA and the end user.
  • 8. Certificate Issuance • In the issuance of a certificate, a CA validate the identity of a principal who requests a certificate. • The principal should also prove that she/he knows the private component of the public key to be certified. • The proof can either be in the form of a user creating a signature, verifiable using the public key, or zero-knowledge proof protocol between the user and the CA. • Some applications requires the private component of a public key to have certain structure. • In such applications, a zero-knowledge protocol can be designed to enable a proof of the needed structure.
  • 9. Certificate Revocation • Compromise of a user's private key or a change of user information are two examples of this situation. • In the case of the directory-based certification framework, the root CA should maintain a hot list of the revoked certificates in online. • Alternatively, the root CA may issue a "D-revocation list”, which only contains newly revoked certificates. • The system-wide users can update their local copies of the certificate revocation list whenever they receive a D-revocation list. • A revocation of a certificate should be timestamped by the revocation CA. • Signatures of a principal issued prior to the date of her/his certificate's revocation is considered as valid.
  • 10. Framework - X.509 Public-key Certification Framework • The standard public-key certification framework, called the X.509 [152] certification infrastructure, called a directory information tree (DIT). • In such a tree hierarchy, each node represents a principal whose public- key certificate is issued by its immediate parent node. • The leaf nodes are end-user principals. • The non-leaf nodes are CAs at various levels and domains • Each of these domains has many sub-domains, e.g, the education domain has various university sub-domains. • The root node is called the root CA which is a well-known principal in the whole system. • The root CA should certify its own public key. • Two end-user principals can establish a secure communication channel by finding upward in the DIT a CA who is the nearest common ancestor node of them.
  • 11. PGP "Web of Trust" • PGP "web of trust" or "key-ring" (PGP stands for "Pretty Good Privacy" which is a secure e-mail software developed by Zimmermann. • This authentication model scales up in an unhierarchical manner. • In the PGP "web of trust," any individual can be a "CA" for any other principals in the system by signing their "key certificates" which is simply a pair name key . • Evidently, the signing relationship forms a web structure. • Thus, when Alice wants to establish the authenticity of Bob's key, she should request to see a number of Bob's "key certificates." If some of the issuing "CAs" of these certificates are "known" by Alice "to some extent," then she gains a certain level of authenticity about Bob's public key. Alice can demand Bob to provide more "certificates" until she is satisfied with the level of the trust.
  • 12. Simple Public Key Infrastructure (SPKI) • A directory-based public-key certification framework named SPKI is also a tree-structured framework, similar to an X.509 key certification framework. • However, its naming convention includes a person's usual name and a hash of the public key value. • This naming method is suggested by Rivest and Lampson in SDSI (which stands for "A Simple Distributed Security Infrastructure"). • SDSI features localization naming rules. • These features also aim to make a decentralized authentication and authorization framework. • Thus, a SPKI name is also called a SDSI name. • SPKI also considers "authorization" and "delegation" entries which carry authorization and delegation information.
  • 13. Protocols associated with X.509 Public-key Authentication Infrastructure • Certificate Management Protocol (CMP) : This protocol supports online interactions between Public Key Infrastructure (PKI) components. • For example, a management protocol might be used between a Certification Authority (CA) and a client system with which a key pair is associated with two CAs that issue cross-certificates for each other. • These interactions are needed when, e.g., an entity is required to prove the possession of a private key upon its request for key certification or key update. • Online Certificate Status Protocol (OCSP) : This protocol enables applications to determine the (revocation) state of an identified certificate. • OCSP may be used to satisfy some of the operational requirements of providing more timely revocation information than is possible with CRLs and may also be used to obtain additional status information
  • 14. Protocols associated with X.509 Public-key Authentication Infrastructure • Internet X.509 Public Key Infrastructure Time Stamp Protocols : This protocol consists of a request sent to a Time Stamping Authority (TSA) and of the response that is returned. • Non-repudiation services require the ability to establish the existence of data before specified times. • This protocol may be used as a building block to support such services. • Internet X.509 Public Key Infrastructure Operational Protocols: FTP and HTTP. • This is a specification of protocol conventions for PKI to use the File Transfer Protocol (FTP) and the Hypertext Transfer Protocol (HTTP) to obtain certificates and certificate revocation lists (CRLs) from PKI repositories.
  • 15.
  • 16. Non-Directory Based Authentication Framework • The key generation procedure in the usual sense of public-key cryptography renders all public keys random. Consequently, it is necessary to associate a public key with the identity information of its owner in an authentic manner. • We have seen that such an association can be realized by a public- key authentication framework: a tree-like hierarchical public-key certification infrastructure (e.g., X.509 certification framework). However, to establish and maintain a tree hierarchy, PKI incur a non-trivial level of system complexity and cost. • It has long been desired that the standard public-key authentication framework be simplified. • It is reasonable to think that, if public keys are not random-looking, then the system complexity and the cost for establishing and maintaining the public-key authentication framework may be reduced. • Postal mail systems work properly this way. • Private-key = F(Master-key, Public-key)
  • 17. Shamir's ID-Based Signature Scheme • In Shamir's ID-based signature scheme there are four algorithms: Setup: this algorithm is operated by TA (from now on let us call TA Trent) to generate global system parameters and master-key. User-key-generate: this algorithm (also operated by Trent), inputting master-key and an arbitrary bit string id {0, 1}*, outputs private-key which corresponds to id; Sign: a signature generation algorithm; inputting a message and the signer's private key, it outputs a signature. Verify: a signature verification algorithm; inputting a message-signature pair and id, it outputs True or False.
  • 18. Algorithm for Shamir's ID-Based Signature Scheme