SlideShare a Scribd company logo

Pki by Steve Lamb

Download as PPT, PDF
Information Security Awareness Group
Information Security Awareness Group

The document provides an overview of public key infrastructure (PKI) and how it works. It explains foundational concepts like encryption, authentication, and digital signatures. It then discusses how PKI enables the use of public/private key cryptography to securely distribute keys and authenticate parties through the use of digital certificates verified by a certificate authority. The document covers common algorithms like RSA, ECC, AES, and hash functions and provides recommendations around implementing and securing a PKI.

1 of 39
Public Key Infrastructure – tell me in plain English AND THEN deep technical how PKI works Steve Lamb stephlam@microsoft.com http://blogs.technet.com/steve_lamb IT Pro Security Evangelist Microsoft Ltd
Objectives Demystify commonly used terminology Explain how PKI works Get you playing with PKI in the lab Make some simple recommendations
Agenda Foundational Concept (level 200) PKI and Signatures (level 330) Recommendations (level 310) Reference material Common Algorithms (level 360)
What can PKI enable? Secure Email – sign and/or encrypt messages Secure browsing – SSL – authentication and encryption Secure code – authenticode Secure wireless – PEAP & EAP-TLS Secure documents – Rights Management Secure networks – segmentation via IPsec Secure files – Encrypted File System(EFS)
Foundational Concepts
Encryption vs. Authentication Encrypted information cannot be automatically trusted You still need authentication Which we can implement using encryption, of course
Assets What we are securing? Data Services (i.e. business etc. applications or their individually accessible parts) This session is not about securing: People (sorry), cables, carpets, typewriters and computers (!?) Some assets are key assets Passwords, private keys etc…
Digital Security as Extension of Physical Security of Key Assets Strong Physical Security of KA Weak Physical Security of KA Strong Physical Security of KA Strong Digital Security Strong Digital Security Weak Digital Security Good Security Everywhere Insecure Environment Insecure Environment
Remember CP and CPS! “The Certification Practice & Certification Practice Statement (CP/CPS) is a formal statement that describes who may have certificates, how certificates are generated and what they may be used for.” http://www.nhsia.nhs.uk/pathology/pages/docum ents/cp_cps.doc
Symmetric Key Cryptography Plain-text input Plain-text output “AxCv;5bmEseTfid3) fGsmWe#4^,sdgfMwi r3:dkJeTsY8Rs@!q3 %” “The quick brown fox jumps over the lazy dog” Cipher-text “The quick brown fox jumps over the lazy dog” Encryption Decryption Same key (shared secret)
Symmetric Pros and Cons Strength: Simple and really very fast (order of 1000 to 10000 faster than asymmetric mechanisms) Super-fast (and somewhat more secure) if done in hardware (DES, Rijndael) Weakness: Must agree the key beforehand Securely pass the key to the other party
Public Key Cryptography Knowledge of the encryption key doesn’t give you knowledge of the decryption key Receiver of information generates a pair of keys Publish the public key in a directory Then anyone can send him messages that only she can read
Public Key Encryption Clear-text Input Cipher-text “Py75c%bn&*)9|fDe^ bDFaq#xzjFr@g5=&n mdFg$5knvMd’rkveg Ms” “The quick brown fox jumps over the lazy dog” Clear-text Output “The quick brown fox jumps over the lazy dog” Encryption public Recipient’s public key Decryption Different keys private Recipient’s private key
Public Key Pros and Cons Weakness: Extremely slow Susceptible to “known ciphertext” attack Problem of trusting public key (see later on PKI) Strength Solves problem of passing the key Allows establishment of trust context between parties
Hybrid Encryption (Real World) Launch key for nuclear missile “RedHeat” is... Symmetric encryption (e.g. DES) Symmetric key encrypted asymmetrically (e.g., RSA) RNG Digital Envelope As above, repeated for other recipients or recovery agents User’s public key (in certificate) RandomlyGenerated symmetric “session” key *#$fjda^j u539!3t t389E *&@ 5e%32^kd Digital Envelope Other recipient’s or agent’s public key (in certificate) in recovery policy
Hybrid Decryption *#$fjda^j u539!3t t389E *&@ 5e%32^kd Launch key for nuclear missile “RedHeat” is... Symmetric decryption (e.g. DES) Symmetric “session” key Recipient’s private key Asymmetric decryption of “session” key (e.g. RSA) Digital envelope contains “session” key encrypted using recipient’s public key Digital Envelope Session key must be decrypted using the recipient’s private key
PKI and Signatures
Public Key Distribution Problem We just solved the problem of symmetric key distribution by using public/private keys But… Scott creates a keypair (private/public) and quickly tells the world that the public key he published belongs to Bill People send confidential stuff to Bill Bill does not have the private key to read them… Scott reads Bill’s messages 
Eureka! We need PKI to solve that problem And a few others…
Creating a Digital Signature Message or File 128 bits Message Digest This is a really long message about Bill’s… Digital Signature Jrf843kjfgf* £$&Hdif*7o Usd*&@:<C HDFHSD(** Py75c%bn&*)9|fDe^b DFaq#xzjFr@g5=&n mdFg$5knvMd’rkveg Ms” Hash Function (SHA, MD5) Calculate a short message digest from even a long input using a one-way message digest function (hash) Asymmetric Encryption private Signatory’s private key
Verifying a Digital Signature Digital Signature Jrf843kjf gf*£$&Hd if*7oUsd *&@:<CHD FHSD(** Asymmetric decryption (e.g. RSA) Py75c%bn&*) 9|fDe^bDFaq #xzjFr@g5= &nmdFg$5kn vMd’rkvegMs” ? == ? Signatory’s public key Everyone has access to trusted public key of the signatory Are They Same? Same hash function (e.g. MD5, SHA…) This is a really long message about Bill’s… Py75c%bn&*) 9|fDe^bDFaq #xzjFr@g5= &nmdFg$5kn vMd’rkvegMs” Original Message
Word About Smartcards Some smartcards are “dumb”, i.e. they are only a memory chip Not recommended for storing a private key used in a challenge test (verifying identity) Anyway, they are still better than leaving keys on a floppy disk or on the hard drive Cryptographically-enabled smartcards are more expensive but they give much more security Private key is secure and used as needed Additional protection (password, biometrics) is possible Hardware implements some algorithms Self-destruct is possible
Recommendations Don’t be scared of PKI! Set up a test environment to enable hyou to “play” Minimise the scope of your first implementation Read up on CP & CPS Document the purpose and operating procedures of your PKI
Summary Cryptography is a rich and amazingly mature field We all rely on it, everyday, with our lives Know the basics and make good choices avoiding common pitfalls Plan your PKI early Avoid very new and unknown solutions Certificate Policy Certification Practises statement
References Visit www.microsoft.com/security Read sci.crypt (incl. archives) Attend SEC499 for “Encryption in Detail” on Friday at 14.45 in Room 1 For more detail, read: Cryptography: An Introduction, N. Smart, McGraw-Hill, ISBN 0-07-709987-7 Practical Cryptography, N. Ferguson & B. Schneier, Wiley, ISBN 0-471-22357-3 Contemporary Cryptography, R. Oppliger, Artech House, ISBN 1-58053-642-5 (to be published May 2005, see http://www.esecurity.ch/Books/cryptography.html) Applied Cryptography, B. Schneier, John Wiley & Sons, ISBN 0-471-11709-9 Handbook of Applied Cryptography, A.J. Menezes, CRC Press, ISBN 0-84938523-7, www.cacr.math.uwaterloo.ca/hac (free PDF) PKI, A. Nash et al., RSA Press, ISBN 0-07-213123-3 Foundations of Cryptography, O. Goldereich, www.eccc.uni-trier.de/eccc-local/ECCC-Books/oded_book_readme.html Cryptography in C and C++, M. Welschenbach, Apress, ISBN 1-893115-95-X (includes code samples CD)
Thanks to Rafal Lukawiecki for providing some of the content for this presentation deck – his contact details are as follows… rafal@projectbotticelli.co.uk Strategic Consultant, Project Botticelli Ltd Copyright 2004 © Project Botticelli Ltd & Microsoft Corp. E&OE. For informational purposes only. No warranties of any kind are made and you have to verify all information before relying on it. You can re-use this presentation as long as you read, agree, and follow the guidelines described in the “Comments” field in File/Properties.
Common Algorithms
DES, IDEA, RC2, RC5, Twofish Symmetric DES (Data Encryption Standard) is still the most popular Keys very short: 56 bits Brute-force attack took 3.5 hours on a machine costing US$1m in 1993. Today it is done real-time Triple DES (3DES) more secure, but better options about Just say no, unless value of data is minimal IDEA (International Data Encryption Standard) Deceptively similar to DES, and “not” from NSA 128 bit keys RC2 & RC5 (by R. Rivest) RC2 is older and RC5 newer (1994) - similar to DES and IDEA Blowfish, Twofish B. Schneier’s replacement for DES, followed by Twofish, one of the NIST competition finalists
Rijndael (AES) Standard replacement for DES for US government, and, probably for all of us as a result… Winner of the AES (Advanced Encryption Standard) competition run by NIST (National Institute of Standards and Technology in US) in 1997-2000 Comes from Europe (Belgium) by Joan Daemen and Vincent Rijmen. “X-files” stories less likely (unlike DES). Symmetric block-cipher (128, 192 or 256 bits) with variable keys (128, 192 or 256 bits, too) Fast and a lot of good properties, such as good immunity from timing and power (electric) analysis Construction, again, deceptively similar to DES (Sboxes, XORs etc.) but really different
CAST and GOST CAST Canadians Carlisle Adams & Stafford Tavares 64 bit key and 64 bit of data Chose your S-boxes Seems resistant to differential & linear cryptanalysis and only way to break is brute force (but key is a bit short!) GOST Soviet Union’s “version” of DES but with a clearer design and many more repetitions of the process 256 bit key but really 610 bits of secret, so pretty much “tank quality” Backdoor? Who knows…
Careful with Streams! Do NOT use a block cipher in a loop Use a crypto-correct technique for treating streams of data, such as CBC (Cipher Block Chaining) For developers: .NET Framework implements it as ICryptoTransform on a crypto stream with any supported algorithm
RC4 Symmetric Fast, streaming encryption R. Rivest in 1994 Originally secret, but “published” on sci.crypt Related to “one-time pad”, theoretically most secure But! It relies on a really good random number generator And that is the problem Nowadays, we tend to use block ciphers in modes of operation that work for streams
RSA, DSA, ElGamal, ECC Asymmetric Very slow and computationally expensive – need a computer Very secure Rivest, Shamir, Adleman – 1978 Popular and well researched Strength in today’s inefficiency to factorise into prime numbers Some worries about key generation process in some implementations DSA (Digital Signature Algorithm) – NSA/NIST thing Only for digital signing, not for encryption Variant of Schnorr and ElGamal sig algorithm ElGamal Relies on complexity of discrete logarithms ECC (Elliptic Curve Cryptography) Really hard maths and topology Improves RSA (and others)
Quantum Cryptography Method for generating and passing a secret key or a random stream Not for passing the actual data, but that’s irrelevant Polarisation of light (photons) can be detected only in a way that destroys the “direction” (basis) So if someone other than you observes it, you receive nothing useful and you know you were bugged Perfectly doable over up-to-120km dedicated long fibre-optic link Seems pretty perfect, if a bit tedious and slow Practical implementations still use AES/DES etc. for actual encryption Magiq QPN: http://www.magiqtech.com/press/qpn.pdf Don’t confuse it with quantum computing, which won’t be with us for at least another 50 years or so, or maybe longer…
MD5, SHA Hash functions – not encryption at all! Goals: Not reversible: can’t obtain the message from its hash Hash much shorter than original Two messages won’t have the same hash MD5 (R. Rivest) 512 bits hashed into 128 Mathematical model still unknown But it resisted major attacks SHA (Secure Hash Algorithm) US standard based on MD5
Diffie-Hellman, “SSL”, Certs Methods for key generation and exchange DH is very clever since you always generate a new “keypair” for each asymmetric session STS, MTI, and certs make it even safer Certs (certificates) are the most common way to exchange public keys Foundation of Public Key Infrastructure (PKI) SSL uses a protocol to exchange keys safely See later
Cryptanalysis Brute force Good for guessing passwords, and some 40-bit symmetric keys (in some cases needed only 27 attempts) Frequency analysis For very simple methods only (US mobiles) Linear cryptanalysis For stronger DES-like, needs 243 plain-cipher pairs Differential cryptanalysis Weaker DES-like, needs from 214 pairs Power and timing analysis Fluctuations in response times or power usage by CPU
Strong Systems It is always a mixture! Changes all the time… Symmetric: AES, min. 128 bits for RC2 & RC5, 3DES, IDEA, carefully analysed RC4, 256 bit better Asymmetric: RSA, ElGamal, Diffie-Hellman (for keys) with minimum 1024 bits (go for the maximum, typically 4096, if you can afford it) Hash: Either MD5 or SHA but with at least 128 bit results, 256 better
Weak Systems Anything with 40-bits (including 128 and 56 bit versions with the remainder “fixed”) Most consider DES as fairly weak algorithm CLIPPER A5 (GSM mobile phones outside US) Vigenère (US mobile phones) Dates from 1585! Unverified certs with no trust Weak certs (as in many “class 1” personal certs)

Recommended

Hybrid encryption ppt
Hybrid encryption pptHybrid encryption ppt
Hybrid encryption ppt
prashantdahake
 
Advanced Encryption on the JVM v0.2.8
Advanced Encryption on the JVM v0.2.8Advanced Encryption on the JVM v0.2.8
Advanced Encryption on the JVM v0.2.8
Matthew McCullough
 
Hybrid Cryptography with examples in Ruby and Go
Hybrid Cryptography with examples in Ruby and GoHybrid Cryptography with examples in Ruby and Go
Hybrid Cryptography with examples in Ruby and Go
Eleanor McHugh
 
Cryptography and PKI
Cryptography and PKICryptography and PKI
Cryptography and PKI
Rabei Hassan
 
Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010
Matthew McCullough
 
Pgp smime
Pgp smimePgp smime
Pgp smime
Tania Agni
 
Encryption
EncryptionEncryption
Encryption
IGZ Software house
 
OpenPGP/GnuPG Encryption
OpenPGP/GnuPG EncryptionOpenPGP/GnuPG Encryption
OpenPGP/GnuPG Encryption
Tanner Lovelace
 

Recommended

Hybrid encryption ppt
Hybrid encryption pptHybrid encryption ppt
Hybrid encryption ppt
prashantdahake
 
Advanced Encryption on the JVM v0.2.8
Advanced Encryption on the JVM v0.2.8Advanced Encryption on the JVM v0.2.8
Advanced Encryption on the JVM v0.2.8
Matthew McCullough
 
Hybrid Cryptography with examples in Ruby and Go
Hybrid Cryptography with examples in Ruby and GoHybrid Cryptography with examples in Ruby and Go
Hybrid Cryptography with examples in Ruby and Go
Eleanor McHugh
 
Cryptography and PKI
Cryptography and PKICryptography and PKI
Cryptography and PKI
Rabei Hassan
 
Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010
Matthew McCullough
 
Pgp smime
Pgp smimePgp smime
Pgp smime
Tania Agni
 
Encryption
EncryptionEncryption
Encryption
IGZ Software house
 
OpenPGP/GnuPG Encryption
OpenPGP/GnuPG EncryptionOpenPGP/GnuPG Encryption
OpenPGP/GnuPG Encryption
Tanner Lovelace
 
Encryption
EncryptionEncryption
EncryptionVijay Kumar
 
Encryption
EncryptionEncryption
Encryption
Naiyan Noor
 
Network Security Primer
Network Security PrimerNetwork Security Primer
Network Security Primer
Venkatesh Iyer
 
Encryption techniques
Encryption techniques Encryption techniques
Encryption techniques
ShrikantSharma86
 
Java Crypto
Java CryptoJava Crypto
Java Cryptophanleson
 
Evolution of Network, Internet, Security and Public cryptography
Evolution of Network, Internet, Security and Public cryptographyEvolution of Network, Internet, Security and Public cryptography
Evolution of Network, Internet, Security and Public cryptography
jiricejka
 
Pgp
PgpPgp
PgpAbhishek Kesharwani
 
A comparative study of symmetric key algorithm des, aes and blowfish for vide...
A comparative study of symmetric key algorithm des, aes and blowfish for vide...A comparative study of symmetric key algorithm des, aes and blowfish for vide...
A comparative study of symmetric key algorithm des, aes and blowfish for vide...
pankaj kumari
 
Applying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryApplying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto library
Priyank Kapadia
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI Technology
Sylvain Maret
 
Cryptography Lecture by Sam Bowne
Cryptography Lecture by Sam BowneCryptography Lecture by Sam Bowne
Cryptography Lecture by Sam BowneSecurityTube.Net
 
Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES)
Hardik Manocha
 
Secure 3 kany-vanda
Secure 3 kany-vandaSecure 3 kany-vanda
Secure 3 kany-vanda
Vanda KANY
 
Encryption Techniques
Encryption TechniquesEncryption Techniques
Encryption Techniques
Del Elson
 
Ch12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.comCh12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.com
phanleson
 
computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentation
Alex Punnen
 
Chapter8 nov 29_05[one.]
Chapter8 nov 29_05[one.]Chapter8 nov 29_05[one.]
Chapter8 nov 29_05[one.]LeelaRam Tenneti
 
Encryption Deep Dive
Encryption Deep DiveEncryption Deep Dive
Encryption Deep Dive
Diego Pacheco
 
DOCS ON NETWORK SECURITY
DOCS ON NETWORK SECURITYDOCS ON NETWORK SECURITY
DOCS ON NETWORK SECURITYTuhin_Das
 
Network security cs9 10
Network security cs9 10Network security cs9 10
Network security cs9 10
Infinity Tech Solutions
 
BCS_PKI_part1.ppt
BCS_PKI_part1.pptBCS_PKI_part1.ppt
BCS_PKI_part1.ppt
UskuMusku1
 
The new rocket science stuff in microsoft pki
The new rocket science stuff in microsoft pkiThe new rocket science stuff in microsoft pki
The new rocket science stuff in microsoft pki
Nathan Winters
 

More Related Content

What's hot

Encryption
EncryptionEncryption
Encryption
Naiyan Noor
 
Network Security Primer
Network Security PrimerNetwork Security Primer
Network Security Primer
Venkatesh Iyer
 
Encryption techniques
Encryption techniques Encryption techniques
Encryption techniques
ShrikantSharma86
 
Evolution of Network, Internet, Security and Public cryptography
Evolution of Network, Internet, Security and Public cryptographyEvolution of Network, Internet, Security and Public cryptography
Evolution of Network, Internet, Security and Public cryptography
jiricejka
 
A comparative study of symmetric key algorithm des, aes and blowfish for vide...
A comparative study of symmetric key algorithm des, aes and blowfish for vide...A comparative study of symmetric key algorithm des, aes and blowfish for vide...
A comparative study of symmetric key algorithm des, aes and blowfish for vide...
pankaj kumari
 
Applying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryApplying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto library
Priyank Kapadia
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI Technology
Sylvain Maret
 
Cryptography Lecture by Sam Bowne
Cryptography Lecture by Sam BowneCryptography Lecture by Sam Bowne
Cryptography Lecture by Sam BowneSecurityTube.Net
 
Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES)
Hardik Manocha
 
Secure 3 kany-vanda
Secure 3 kany-vandaSecure 3 kany-vanda
Secure 3 kany-vanda
Vanda KANY
 
Encryption Techniques
Encryption TechniquesEncryption Techniques
Encryption Techniques
Del Elson
 
Ch12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.comCh12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.com
phanleson
 
computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentation
Alex Punnen
 
Encryption Deep Dive
Encryption Deep DiveEncryption Deep Dive
Encryption Deep Dive
Diego Pacheco
 
DOCS ON NETWORK SECURITY
DOCS ON NETWORK SECURITYDOCS ON NETWORK SECURITY
DOCS ON NETWORK SECURITYTuhin_Das
 
Network security cs9 10
Network security cs9 10Network security cs9 10
Network security cs9 10
Infinity Tech Solutions
 

What's hot (20)

Encryption
EncryptionEncryption
Encryption
 
Encryption
EncryptionEncryption
Encryption
 
Network Security Primer
Network Security PrimerNetwork Security Primer
Network Security Primer
 
Encryption techniques
Encryption techniques Encryption techniques
Encryption techniques
 
Java Crypto
Java CryptoJava Crypto
Java Crypto
 
Evolution of Network, Internet, Security and Public cryptography
Evolution of Network, Internet, Security and Public cryptographyEvolution of Network, Internet, Security and Public cryptography
Evolution of Network, Internet, Security and Public cryptography
 
Pgp
PgpPgp
Pgp
 
A comparative study of symmetric key algorithm des, aes and blowfish for vide...
A comparative study of symmetric key algorithm des, aes and blowfish for vide...A comparative study of symmetric key algorithm des, aes and blowfish for vide...
A comparative study of symmetric key algorithm des, aes and blowfish for vide...
 
Applying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryApplying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto library
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI Technology
 
Cryptography Lecture by Sam Bowne
Cryptography Lecture by Sam BowneCryptography Lecture by Sam Bowne
Cryptography Lecture by Sam Bowne
 
Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES)
 
Secure 3 kany-vanda
Secure 3 kany-vandaSecure 3 kany-vanda
Secure 3 kany-vanda
 
Encryption Techniques
Encryption TechniquesEncryption Techniques
Encryption Techniques
 
Ch12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.comCh12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.com
 
computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentation
 
Chapter8 nov 29_05[one.]
Chapter8 nov 29_05[one.]Chapter8 nov 29_05[one.]
Chapter8 nov 29_05[one.]
 
Encryption Deep Dive
Encryption Deep DiveEncryption Deep Dive
Encryption Deep Dive
 
DOCS ON NETWORK SECURITY
DOCS ON NETWORK SECURITYDOCS ON NETWORK SECURITY
DOCS ON NETWORK SECURITY
 
Network security cs9 10
Network security cs9 10Network security cs9 10
Network security cs9 10
 

Similar to Pki by Steve Lamb

BCS_PKI_part1.ppt
BCS_PKI_part1.pptBCS_PKI_part1.ppt
BCS_PKI_part1.ppt
UskuMusku1
 
The new rocket science stuff in microsoft pki
The new rocket science stuff in microsoft pkiThe new rocket science stuff in microsoft pki
The new rocket science stuff in microsoft pki
Nathan Winters
 
Moein
MoeinMoein
Moein
itrraincity
 
amer-network-sihubconferances-security.ppt
amer-network-sihubconferances-security.pptamer-network-sihubconferances-security.ppt
amer-network-sihubconferances-security.ppt
navidkamrava
 
SSL/TLS for Mortals (Voxxed Days Luxembourg)
SSL/TLS for Mortals (Voxxed Days Luxembourg)SSL/TLS for Mortals (Voxxed Days Luxembourg)
SSL/TLS for Mortals (Voxxed Days Luxembourg)
Maarten Mulders
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
Nagendra Um
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
Harry Potter
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
James Wong
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
Young Alista
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
David Hoen
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
Tony Nguyen
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
Luis Goldster
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
Fraboni Ec
 
Information Security Engineering
Information Security EngineeringInformation Security Engineering
Information Security Engineering
Md. Hasan Basri (Angel)
 
Cryptography
CryptographyCryptography
Cryptography
amiable_indian
 
Dnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defsDnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defs
AFRINIC
 
Cryptography - A Brief History
Cryptography - A Brief HistoryCryptography - A Brief History
Cryptography - A Brief History
prasenjeetd
 
The Ultimate IDS Smackdown
The Ultimate IDS SmackdownThe Ultimate IDS Smackdown
The Ultimate IDS SmackdownMario Heiderich
 

Similar to Pki by Steve Lamb (20)

BCS_PKI_part1.ppt
BCS_PKI_part1.pptBCS_PKI_part1.ppt
BCS_PKI_part1.ppt
 
The new rocket science stuff in microsoft pki
The new rocket science stuff in microsoft pkiThe new rocket science stuff in microsoft pki
The new rocket science stuff in microsoft pki
 
Moein
MoeinMoein
Moein
 
amer-network-sihubconferances-security.ppt
amer-network-sihubconferances-security.pptamer-network-sihubconferances-security.ppt
amer-network-sihubconferances-security.ppt
 
Encryption Primer por Cathy Nolan
Encryption Primer por Cathy NolanEncryption Primer por Cathy Nolan
Encryption Primer por Cathy Nolan
 
SSL/TLS for Mortals (Voxxed Days Luxembourg)
SSL/TLS for Mortals (Voxxed Days Luxembourg)SSL/TLS for Mortals (Voxxed Days Luxembourg)
SSL/TLS for Mortals (Voxxed Days Luxembourg)
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Information Security Engineering
Information Security EngineeringInformation Security Engineering
Information Security Engineering
 
Cryptography
CryptographyCryptography
Cryptography
 
Dnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defsDnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defs
 
Nwc rsa
Nwc rsaNwc rsa
Nwc rsa
 
Cryptography - A Brief History
Cryptography - A Brief HistoryCryptography - A Brief History
Cryptography - A Brief History
 
The Ultimate IDS Smackdown
The Ultimate IDS SmackdownThe Ultimate IDS Smackdown
The Ultimate IDS Smackdown
 

More from Information Security Awareness Group

Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Information Security Awareness Group
 
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf... Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Information Security Awareness Group
 
Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...
Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...
Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...
Information Security Awareness Group
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
Information Security Awareness Group
 
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Information Security Awareness Group
 
Big data analysis concepts and references by Cloud Security Alliance
Big data analysis concepts and references by Cloud Security AllianceBig data analysis concepts and references by Cloud Security Alliance
Big data analysis concepts and references by Cloud Security Alliance
Information Security Awareness Group
 
Big data analysis concepts and references
Big data analysis concepts and referencesBig data analysis concepts and references
Big data analysis concepts and references
Information Security Awareness Group
 
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A... Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Information Security Awareness Group
 
PKI by Gene Itkis
PKI by Gene ItkisPKI by Gene Itkis
PKI by Gene Itkis
Information Security Awareness Group
 
Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...
Information Security Awareness Group
 
OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...
OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...
OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...
Information Security Awareness Group
 
Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...
Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...
Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...
Information Security Awareness Group
 
THE OPEN SCIENCE GRID Ruth Pordes
THE OPEN SCIENCE GRID Ruth PordesTHE OPEN SCIENCE GRID Ruth Pordes
THE OPEN SCIENCE GRID Ruth Pordes
Information Security Awareness Group
 
Open Science Grid security-atlas-t2 Bob Cowles
Open Science Grid security-atlas-t2 Bob CowlesOpen Science Grid security-atlas-t2 Bob Cowles
Open Science Grid security-atlas-t2 Bob Cowles
Information Security Awareness Group
 
Security Open Science Grid Doug Olson
Security Open Science Grid Doug OlsonSecurity Open Science Grid Doug Olson
Security Open Science Grid Doug Olson
Information Security Awareness Group
 
Open Science Group Security Kevin Hill
Open Science Group Security Kevin HillOpen Science Group Security Kevin Hill
Open Science Group Security Kevin Hill
Information Security Awareness Group
 
Xrootd proxies Andrew Hanushevsky
Xrootd proxies Andrew HanushevskyXrootd proxies Andrew Hanushevsky
Xrootd proxies Andrew Hanushevsky
Information Security Awareness Group
 
Privilege Project Vikram Andem
Privilege Project Vikram AndemPrivilege Project Vikram Andem
Privilege Project Vikram Andem
Information Security Awareness Group
 
DES Block Cipher Hao Qi
DES Block Cipher Hao QiDES Block Cipher Hao Qi
DES Block Cipher Hao Qi
Information Security Awareness Group
 

More from Information Security Awareness Group (20)

Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
 
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf... Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
 
Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...
Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...
Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
 
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
 
Big data analysis concepts and references by Cloud Security Alliance
Big data analysis concepts and references by Cloud Security AllianceBig data analysis concepts and references by Cloud Security Alliance
Big data analysis concepts and references by Cloud Security Alliance
 
Big data analysis concepts and references
Big data analysis concepts and referencesBig data analysis concepts and references
Big data analysis concepts and references
 
PKI by Tim Polk
PKI by Tim PolkPKI by Tim Polk
PKI by Tim Polk
 
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A... Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
 
PKI by Gene Itkis
PKI by Gene ItkisPKI by Gene Itkis
PKI by Gene Itkis
 
Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...
 
OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...
OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...
OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...
 
Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...
Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...
Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...
 
THE OPEN SCIENCE GRID Ruth Pordes
THE OPEN SCIENCE GRID Ruth PordesTHE OPEN SCIENCE GRID Ruth Pordes
THE OPEN SCIENCE GRID Ruth Pordes
 
Open Science Grid security-atlas-t2 Bob Cowles
Open Science Grid security-atlas-t2 Bob CowlesOpen Science Grid security-atlas-t2 Bob Cowles
Open Science Grid security-atlas-t2 Bob Cowles
 
Security Open Science Grid Doug Olson
Security Open Science Grid Doug OlsonSecurity Open Science Grid Doug Olson
Security Open Science Grid Doug Olson
 
Open Science Group Security Kevin Hill
Open Science Group Security Kevin HillOpen Science Group Security Kevin Hill
Open Science Group Security Kevin Hill
 
Xrootd proxies Andrew Hanushevsky
Xrootd proxies Andrew HanushevskyXrootd proxies Andrew Hanushevsky
Xrootd proxies Andrew Hanushevsky
 
Privilege Project Vikram Andem
Privilege Project Vikram AndemPrivilege Project Vikram Andem
Privilege Project Vikram Andem
 
DES Block Cipher Hao Qi
DES Block Cipher Hao QiDES Block Cipher Hao Qi
DES Block Cipher Hao Qi
 

Recently uploaded

How to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS ModuleHow to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS Module
Celine George
 
Fish and Chips - have they had their chips
Fish and Chips - have they had their chipsFish and Chips - have they had their chips
Fish and Chips - have they had their chips
GeoBlogs
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
Celine George
 
Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)
rosedainty
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
Jisc
 
Palestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptxPalestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptx
RaedMohamed3
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
Jisc
 
Introduction to Quality Improvement Essentials
Introduction to Quality Improvement EssentialsIntroduction to Quality Improvement Essentials
Introduction to Quality Improvement Essentials
Excellence Foundation for South Sudan
 
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptx
Jheel Barad
 
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptxMARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
bennyroshan06
 
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
Nguyen Thanh Tu Collection
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
Special education needs
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
Celine George
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
Vivekanand Anglo Vedic Academy
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
Sandy Millin
 
PART A. Introduction to Costumer Service
PART A. Introduction to Costumer ServicePART A. Introduction to Costumer Service
PART A. Introduction to Costumer Service
PedroFerreira53928
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
MysoreMuleSoftMeetup
 
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdfUnit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Thiyagu K
 

Recently uploaded (20)

How to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS ModuleHow to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS Module
 
Fish and Chips - have they had their chips
Fish and Chips - have they had their chipsFish and Chips - have they had their chips
Fish and Chips - have they had their chips
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
 
Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
 
Palestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptxPalestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptx
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
 
Introduction to Quality Improvement Essentials
Introduction to Quality Improvement EssentialsIntroduction to Quality Improvement Essentials
Introduction to Quality Improvement Essentials
 
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptx
 
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptxMARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
 
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
 
PART A. Introduction to Costumer Service
PART A. Introduction to Costumer ServicePART A. Introduction to Costumer Service
PART A. Introduction to Costumer Service
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
 
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdfUnit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdf
 

Pki by Steve Lamb

  • 1. Public Key Infrastructure – tell me in plain English AND THEN deep technical how PKI works Steve Lamb stephlam@microsoft.com http://blogs.technet.com/steve_lamb IT Pro Security Evangelist Microsoft Ltd
  • 2. Objectives Demystify commonly used terminology Explain how PKI works Get you playing with PKI in the lab Make some simple recommendations
  • 3. Agenda Foundational Concept (level 200) PKI and Signatures (level 330) Recommendations (level 310) Reference material Common Algorithms (level 360)
  • 4. What can PKI enable? Secure Email – sign and/or encrypt messages Secure browsing – SSL – authentication and encryption Secure code – authenticode Secure wireless – PEAP & EAP-TLS Secure documents – Rights Management Secure networks – segmentation via IPsec Secure files – Encrypted File System(EFS)
  • 6. Encryption vs. Authentication Encrypted information cannot be automatically trusted You still need authentication Which we can implement using encryption, of course
  • 7. Assets What we are securing? Data Services (i.e. business etc. applications or their individually accessible parts) This session is not about securing: People (sorry), cables, carpets, typewriters and computers (!?) Some assets are key assets Passwords, private keys etc…
  • 8. Digital Security as Extension of Physical Security of Key Assets Strong Physical Security of KA Weak Physical Security of KA Strong Physical Security of KA Strong Digital Security Strong Digital Security Weak Digital Security Good Security Everywhere Insecure Environment Insecure Environment
  • 9. Remember CP and CPS! “The Certification Practice & Certification Practice Statement (CP/CPS) is a formal statement that describes who may have certificates, how certificates are generated and what they may be used for.” http://www.nhsia.nhs.uk/pathology/pages/docum ents/cp_cps.doc
  • 10. Symmetric Key Cryptography Plain-text input Plain-text output “AxCv;5bmEseTfid3) fGsmWe#4^,sdgfMwi r3:dkJeTsY8Rs@!q3 %” “The quick brown fox jumps over the lazy dog” Cipher-text “The quick brown fox jumps over the lazy dog” Encryption Decryption Same key (shared secret)
  • 11. Symmetric Pros and Cons Strength: Simple and really very fast (order of 1000 to 10000 faster than asymmetric mechanisms) Super-fast (and somewhat more secure) if done in hardware (DES, Rijndael) Weakness: Must agree the key beforehand Securely pass the key to the other party
  • 12. Public Key Cryptography Knowledge of the encryption key doesn’t give you knowledge of the decryption key Receiver of information generates a pair of keys Publish the public key in a directory Then anyone can send him messages that only she can read
  • 13. Public Key Encryption Clear-text Input Cipher-text “Py75c%bn&*)9|fDe^ bDFaq#xzjFr@g5=&n mdFg$5knvMd’rkveg Ms” “The quick brown fox jumps over the lazy dog” Clear-text Output “The quick brown fox jumps over the lazy dog” Encryption public Recipient’s public key Decryption Different keys private Recipient’s private key
  • 14. Public Key Pros and Cons Weakness: Extremely slow Susceptible to “known ciphertext” attack Problem of trusting public key (see later on PKI) Strength Solves problem of passing the key Allows establishment of trust context between parties
  • 15. Hybrid Encryption (Real World) Launch key for nuclear missile “RedHeat” is... Symmetric encryption (e.g. DES) Symmetric key encrypted asymmetrically (e.g., RSA) RNG Digital Envelope As above, repeated for other recipients or recovery agents User’s public key (in certificate) RandomlyGenerated symmetric “session” key *#$fjda^j u539!3t t389E *&@ 5e%32^kd Digital Envelope Other recipient’s or agent’s public key (in certificate) in recovery policy
  • 16. Hybrid Decryption *#$fjda^j u539!3t t389E *&@ 5e%32^kd Launch key for nuclear missile “RedHeat” is... Symmetric decryption (e.g. DES) Symmetric “session” key Recipient’s private key Asymmetric decryption of “session” key (e.g. RSA) Digital envelope contains “session” key encrypted using recipient’s public key Digital Envelope Session key must be decrypted using the recipient’s private key
  • 18. Public Key Distribution Problem We just solved the problem of symmetric key distribution by using public/private keys But… Scott creates a keypair (private/public) and quickly tells the world that the public key he published belongs to Bill People send confidential stuff to Bill Bill does not have the private key to read them… Scott reads Bill’s messages 
  • 19. Eureka! We need PKI to solve that problem And a few others…
  • 20. Creating a Digital Signature Message or File 128 bits Message Digest This is a really long message about Bill’s… Digital Signature Jrf843kjfgf* £$&Hdif*7o Usd*&@:<C HDFHSD(** Py75c%bn&*)9|fDe^b DFaq#xzjFr@g5=&n mdFg$5knvMd’rkveg Ms” Hash Function (SHA, MD5) Calculate a short message digest from even a long input using a one-way message digest function (hash) Asymmetric Encryption private Signatory’s private key
  • 21. Verifying a Digital Signature Digital Signature Jrf843kjf gf*£$&Hd if*7oUsd *&@:<CHD FHSD(** Asymmetric decryption (e.g. RSA) Py75c%bn&*) 9|fDe^bDFaq #xzjFr@g5= &nmdFg$5kn vMd’rkvegMs” ? == ? Signatory’s public key Everyone has access to trusted public key of the signatory Are They Same? Same hash function (e.g. MD5, SHA…) This is a really long message about Bill’s… Py75c%bn&*) 9|fDe^bDFaq #xzjFr@g5= &nmdFg$5kn vMd’rkvegMs” Original Message
  • 22. Word About Smartcards Some smartcards are “dumb”, i.e. they are only a memory chip Not recommended for storing a private key used in a challenge test (verifying identity) Anyway, they are still better than leaving keys on a floppy disk or on the hard drive Cryptographically-enabled smartcards are more expensive but they give much more security Private key is secure and used as needed Additional protection (password, biometrics) is possible Hardware implements some algorithms Self-destruct is possible
  • 23. Recommendations Don’t be scared of PKI! Set up a test environment to enable hyou to “play” Minimise the scope of your first implementation Read up on CP & CPS Document the purpose and operating procedures of your PKI
  • 24. Summary Cryptography is a rich and amazingly mature field We all rely on it, everyday, with our lives Know the basics and make good choices avoiding common pitfalls Plan your PKI early Avoid very new and unknown solutions Certificate Policy Certification Practises statement
  • 25. References Visit www.microsoft.com/security Read sci.crypt (incl. archives) Attend SEC499 for “Encryption in Detail” on Friday at 14.45 in Room 1 For more detail, read: Cryptography: An Introduction, N. Smart, McGraw-Hill, ISBN 0-07-709987-7 Practical Cryptography, N. Ferguson & B. Schneier, Wiley, ISBN 0-471-22357-3 Contemporary Cryptography, R. Oppliger, Artech House, ISBN 1-58053-642-5 (to be published May 2005, see http://www.esecurity.ch/Books/cryptography.html) Applied Cryptography, B. Schneier, John Wiley & Sons, ISBN 0-471-11709-9 Handbook of Applied Cryptography, A.J. Menezes, CRC Press, ISBN 0-84938523-7, www.cacr.math.uwaterloo.ca/hac (free PDF) PKI, A. Nash et al., RSA Press, ISBN 0-07-213123-3 Foundations of Cryptography, O. Goldereich, www.eccc.uni-trier.de/eccc-local/ECCC-Books/oded_book_readme.html Cryptography in C and C++, M. Welschenbach, Apress, ISBN 1-893115-95-X (includes code samples CD)
  • 26. Thanks to Rafal Lukawiecki for providing some of the content for this presentation deck – his contact details are as follows… rafal@projectbotticelli.co.uk Strategic Consultant, Project Botticelli Ltd Copyright 2004 © Project Botticelli Ltd & Microsoft Corp. E&OE. For informational purposes only. No warranties of any kind are made and you have to verify all information before relying on it. You can re-use this presentation as long as you read, agree, and follow the guidelines described in the “Comments” field in File/Properties.
  • 28. DES, IDEA, RC2, RC5, Twofish Symmetric DES (Data Encryption Standard) is still the most popular Keys very short: 56 bits Brute-force attack took 3.5 hours on a machine costing US$1m in 1993. Today it is done real-time Triple DES (3DES) more secure, but better options about Just say no, unless value of data is minimal IDEA (International Data Encryption Standard) Deceptively similar to DES, and “not” from NSA 128 bit keys RC2 & RC5 (by R. Rivest) RC2 is older and RC5 newer (1994) - similar to DES and IDEA Blowfish, Twofish B. Schneier’s replacement for DES, followed by Twofish, one of the NIST competition finalists
  • 29. Rijndael (AES) Standard replacement for DES for US government, and, probably for all of us as a result… Winner of the AES (Advanced Encryption Standard) competition run by NIST (National Institute of Standards and Technology in US) in 1997-2000 Comes from Europe (Belgium) by Joan Daemen and Vincent Rijmen. “X-files” stories less likely (unlike DES). Symmetric block-cipher (128, 192 or 256 bits) with variable keys (128, 192 or 256 bits, too) Fast and a lot of good properties, such as good immunity from timing and power (electric) analysis Construction, again, deceptively similar to DES (Sboxes, XORs etc.) but really different
  • 30. CAST and GOST CAST Canadians Carlisle Adams & Stafford Tavares 64 bit key and 64 bit of data Chose your S-boxes Seems resistant to differential & linear cryptanalysis and only way to break is brute force (but key is a bit short!) GOST Soviet Union’s “version” of DES but with a clearer design and many more repetitions of the process 256 bit key but really 610 bits of secret, so pretty much “tank quality” Backdoor? Who knows…
  • 31. Careful with Streams! Do NOT use a block cipher in a loop Use a crypto-correct technique for treating streams of data, such as CBC (Cipher Block Chaining) For developers: .NET Framework implements it as ICryptoTransform on a crypto stream with any supported algorithm
  • 32. RC4 Symmetric Fast, streaming encryption R. Rivest in 1994 Originally secret, but “published” on sci.crypt Related to “one-time pad”, theoretically most secure But! It relies on a really good random number generator And that is the problem Nowadays, we tend to use block ciphers in modes of operation that work for streams
  • 33. RSA, DSA, ElGamal, ECC Asymmetric Very slow and computationally expensive – need a computer Very secure Rivest, Shamir, Adleman – 1978 Popular and well researched Strength in today’s inefficiency to factorise into prime numbers Some worries about key generation process in some implementations DSA (Digital Signature Algorithm) – NSA/NIST thing Only for digital signing, not for encryption Variant of Schnorr and ElGamal sig algorithm ElGamal Relies on complexity of discrete logarithms ECC (Elliptic Curve Cryptography) Really hard maths and topology Improves RSA (and others)
  • 34. Quantum Cryptography Method for generating and passing a secret key or a random stream Not for passing the actual data, but that’s irrelevant Polarisation of light (photons) can be detected only in a way that destroys the “direction” (basis) So if someone other than you observes it, you receive nothing useful and you know you were bugged Perfectly doable over up-to-120km dedicated long fibre-optic link Seems pretty perfect, if a bit tedious and slow Practical implementations still use AES/DES etc. for actual encryption Magiq QPN: http://www.magiqtech.com/press/qpn.pdf Don’t confuse it with quantum computing, which won’t be with us for at least another 50 years or so, or maybe longer…
  • 35. MD5, SHA Hash functions – not encryption at all! Goals: Not reversible: can’t obtain the message from its hash Hash much shorter than original Two messages won’t have the same hash MD5 (R. Rivest) 512 bits hashed into 128 Mathematical model still unknown But it resisted major attacks SHA (Secure Hash Algorithm) US standard based on MD5
  • 36. Diffie-Hellman, “SSL”, Certs Methods for key generation and exchange DH is very clever since you always generate a new “keypair” for each asymmetric session STS, MTI, and certs make it even safer Certs (certificates) are the most common way to exchange public keys Foundation of Public Key Infrastructure (PKI) SSL uses a protocol to exchange keys safely See later
  • 37. Cryptanalysis Brute force Good for guessing passwords, and some 40-bit symmetric keys (in some cases needed only 27 attempts) Frequency analysis For very simple methods only (US mobiles) Linear cryptanalysis For stronger DES-like, needs 243 plain-cipher pairs Differential cryptanalysis Weaker DES-like, needs from 214 pairs Power and timing analysis Fluctuations in response times or power usage by CPU
  • 38. Strong Systems It is always a mixture! Changes all the time… Symmetric: AES, min. 128 bits for RC2 & RC5, 3DES, IDEA, carefully analysed RC4, 256 bit better Asymmetric: RSA, ElGamal, Diffie-Hellman (for keys) with minimum 1024 bits (go for the maximum, typically 4096, if you can afford it) Hash: Either MD5 or SHA but with at least 128 bit results, 256 better
  • 39. Weak Systems Anything with 40-bits (including 128 and 56 bit versions with the remainder “fixed”) Most consider DES as fairly weak algorithm CLIPPER A5 (GSM mobile phones outside US) Vigenère (US mobile phones) Dates from 1585! Unverified certs with no trust Weak certs (as in many “class 1” personal certs)