SlideShare a Scribd company logo

PKI: Is it worth something, or what?

John ILIADIS
John ILIADIS

Fifth European Intensive Programme on Information and Communication Technologies Security (IPICS 2002), organised by the University of the Aegean, Greece and IFIP. July 2002, Samos island, Greece

TechnologyEducation
1 of 37
Download to read offline
University of the Aegean De Facto Joint Research Group PKI: Is it worth something, or what? John Iliadis1,2, Stefanos Gritzalis1 Department of Information and Communication Systems Engineering University of the Aegean E-mail: {jiliad,sgritz}@aegean.gr 1 2 Department of Informatics Technological Educational Institute of Athens E-mail: jiliad@cs.teiath.gr
Overview ➢ ➢ ➢ ➢ ➢ Communication Networks: Now and Then. Symmetric Cryptosystems versus Asymettric Cryptosystems Applications of Asymmetric Cryptosystems Facing Threats in Electronic Transactions Certification Service Providers, (a.k.a. Certification Authorities, a.k.a. Trusted Third Parties ???) ➢ ➢ ➢ EU Directive on Digital Signatures Further Research on PKI Conclusions John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 2 out of 37
Communication Networks: Now and Then ➢ Then: Centralised, Closed ➢ ➢ ➢ ➢ ➢ private or semi-private, no access allowed, wide spectrum of proprietary networking/communication protocols, expensive, targeted user group, early Internet instances. John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 3 out of 37
Communication Networks: Now and Then (cont.) ➢ Now: Distributed, Open ➢ ➢ ➢ ➢ ➢ ➢ no ownership, no central control, resilience. access to anyone, standardised protocols, low-cost access. John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 4 out of 37
Key Distribution Symmetric Cryptosystems ➢ ➢ ➢ ➢ Direct Key Translation Center Key Distribution Center Based on asymmetric techniques ➢ ➢ secret key agreement secret key transport John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 5 out of 37
Key Translation Center (symmetric crypto) 1 A 3 KTC 2 B 4 •A->KTC: enciphered key •KTC->B: sends B re-enciphered key, OR •KTC->A: sends A re-enciphered key •A->B: A sends B re-enciphered key John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 6 out of 37
Key Distribution Center (symmetric crypto) 1 A 2a KDC 2b B •A->KDC: request for shared key •KDC->A: sends A enciphered shared key •KDC->B: sends B enciphered shared key If KDC cannot communicate securely with B (2b), then A assumes responsibility for distribution of enciphered shared key to B John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 7 out of 37
Key Distribution in Symmetric Cryptosystems A Note ➢ All mechanisms require the existence of a shared symmetric or asymmetric key and an inline Key Center. Centralised Closed Private Proprietary protocols Expensive John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Distributed No ownership No central control Resilience Access to anyone Standardised protocols Low-cost access. Slide 8 out of 37
Key Distribution: Asymmetric Cryptosystems ➢ ➢ Protected channels (data origin authentication and data integrity protection, e.g. courier and registered mail) CSP-assisted (i.e. certificates) John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 9 out of 37
Key Distribution: Asymmetric Cryptosystems (cont.) CA 1 2 3 4 A B •A->CA: KeyA (?) •CA->A: CertificateA •CA<->B: CertificateA or CertificateCA •A->B: CertificateA John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 10 out of 37
Key Distribution in Asymmetric Cryptosystems - A Note ➢ Mechanisms require the existence of either an integrity protected channel, or at least an offline CSP* Centralised Closed Private Proprietary protocols Expensive *Other CSP operational requirements, like revocation, necessitate the online operation of CSPs John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Distributed No ownership No central control Resilience Access to anyone Standardised protocols Low-cost access. Slide 11 out of 37
Key Distribution: A Final Note The Case of Asymmetric versus Symmetric Cryptosystems, and vice-versa. Verdict: Innocent on all charges, both of them. – there are applications that necessitate symmetric crypto, like small scale closed networks, top-secret communication lines (onetime pads), requirements for fast encryption (e.g. slow processor speeds: smart cards) etc. – there are applications that necessitate asymmetric crypto, like applications over communication channels where one cannot protect the confidentiality of the exchanged messages (key distribution?) John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 12 out of 37
Key Distribution: A Final Note (cont.) The Case of Asymmetric versus Symmetric Cryptosystems, and vice-versa. Verdict 2: The Case should never have been taken to court! – There’s no point in excluding either one of them. Joint usage leads to best results (e.g. Digital Envelopes, asymmetric based distribution of symmetric keying material). – There are advantages and disadvantages in both. The main difference is in key management requirements: confidentiality against authenticity John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 13 out of 37
Key Distribution: A Final Note (cont.) Asymmetric crypto was not invented to meet the needs of new, distributed and loosely federated networking environments. It existed before. It has been a solution in search of a problem… John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 14 out of 37
Digital Certificates Offline authentication token Third, trusted entity vouches for it Expiration, revocation Contents: – – – – – – identification info of certificate holder identification info of CA public key of certificate holder expiration date other info (e.g. CSI location info) signed by CA John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 15 out of 37
Digital Signatures ➢ ➢ Generating certificate-supported signatures Non-repudiation ➢ ➢ ➢ Timestamping Non-repudiation mechanisms Underlying legal framework John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 16 out of 37
Some Threats in Electronic Transactions ➢ ➢ ➢ ➢ ➢ ➢ ➢ Monitoring of communication lines Shared key guessing/stealing Shared key stealing Unauthorised modification of information in transit Masquerade - Web spoofing Password stealing Unauthorised access John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 17 out of 37
Insecure Electronic Transactions Entity1 Network Entity2 insecure communication channel John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 18 out of 37
Facing Threats monitoring of communication lines Encryption with randomly generated shared session key shared session key stealing/guessing -cryptographically secure random key generators -encryption of shared session key with the public key of the receiving entity Non-authorised modification of (in-transit) information secure hashing algorithms for message authentication codes John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 19 out of 37
Facing Threats (cont.) Masquerade - Web spoofing Exchange of X509v3 certificates and verification against a Directory Password stealing Passwords are never transmitted in the network Unauthorised access Local ACL. Authentication by certificate verification John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 20 out of 37
Securing electronic transactions Entity1 Network Issuing certificates Entity2 Issuing certificates CSP John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 21 out of 37
CSP : The Cornerstone of PKI. An Overview ➢ ➢ TTP : “an impartial organisation delivering business confidence, through commercial and technical security features, to an electronic transaction” CSPs are Trusted Third Parties that control the life cycle of certificates John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 22 out of 37
CSP : The Cornerstone of a Public Key Infrastructure. Technical Infrastructure • • • • • Certification Authority, providing certificates. Registration Authority, registering users and binding their identities to certificates. Repositories, storage and dissemination entities containing CSP-related public material such as certificates and CRLs. Certificate holders, holding certificates issued from Cas, which they use in order to sign or authenticate themselves. Dependent entities, entities that use the certificates presented by other certificate holders in order to authenticate the latter or verify their signature. John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 23 out of 37
CSP : The Cornerstone of a Public Key Infrastructure. Technical Infrastructure Database local to CSP CSP Directory Services Certificate holder Dependent entity John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 24 out of 37
CSP services and functions ➢ ➢ ➢ ➢ ➢ ➢ Electronic Registration Key Personalisation, Generation, and Repository Certificates: Structure, Generation, Distribution, Storage, and Retrieval Certificate Directory Management CRLs: Structure, Generation and Maintenance, Distribution, Storage, and Retrieval Auditing John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 25 out of 37
PKI ➢ ➢ ➢ ➢ Set of CSPs Interoperability and corroboration Legal framework Value-Added services ➢ ➢ ➢ ➢ Timestamping Information Archiving Notary Public ... John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 26 out of 37
European Directive on Electronic Signatures Directive aims at technology independence Problem: Directive identifies requirements that fall under the scope of technology (e.g. secure signature creation devices, Annex III) Solution: Define sets of components that comply with the Directive. Caution needed when defining these sets; they must not conflict with other, underlying regulatory frameworks John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 27 out of 37
Secure Signature Creation Devices Hardware tokens – easier to deploy – wide acceptance by public as a «secure» method – degree of security awareness required: low Security requirements and evaluation standards – harder to deploy; compliance certification (enduser systems?) – degree of public confidence: low – degree of security awareness required: high John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 28 out of 37
Secure Signature Creation Devices (cont.) ➢ Factors to consider: ➢ ➢ ➢ ➢ ➢ Ease of use, confidence/acceptance by public, cost of implementation, operation and maintenance, security level and assurance, others... John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 29 out of 37
Areas needing further research Identification and naming (global naming? translation versus transliteration?), Certificate path validation (who? trust model?), Signature policy (underlying legal framework?), Scalable revocations and scalable suspensions (scalability, transparency?). John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 30 out of 37
Areas needing further research (cont.) ➢ ➢ ➢ Role of notaries and timestamping authorities (underlying legal framework? timely submission?), Trusted archival services (how long should an archive hold info? Who should it be revealed to?), Use of biometrics in relation to electronic signatures (beware: “panic password” versus finger cut-off…). John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 31 out of 37
Some interesting problems to be studied Certificate 1 Certificate 2 John Doe John Doe org: X org: Y (X?) Country: GR Country: GR In general, TTP service-level collaboration has to be studied further – cross-certification (technical, legal) – revocation – ... John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 32 out of 37
Qualified Value-added Services ➢ ➢ Need for «Qualified Value-added Services» Should there be a limit on the kind of services CSPs may develop and offer to the public? Should we ensure that the new services they will be providing in the future will not damage their impartiality? John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 33 out of 37
Fashion and PKI Current commercial PKI trends – It’s fashionable – It’s easy to deploy… – It meets several security requirements, through a wide set of security services ranging from confidentiality to public notary – It’s a panacea! John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 34 out of 37
Fashion and PKI (cont.) …however: – Typical installations and operation of CSP software, withour prior analysis of requirements and without designing a Security Policy and a Certificate Policy, are a present tense situation, at least on an internal company-wide level. The resulting problems will soon be present and tense. PKI is nor a cure-all, neither a magical solution to security problems John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 35 out of 37
Fashion and PKI (cont.) ➢ ➢ ➢ ➢ ➢ ➢ ➢ Requirements->Services->Functions ->Implementation Certificate and Security Policy of CSP Legal framework and regulations Complexity in design and development User-awareness needed Low user-acceptance Clearly not an InfoSec bandage John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 36 out of 37
Conclusion PKI is a panacea for security as much as aspirin is a panacea for pain. Easing ulcer pains with aspirin SHOULD BE AVOIDED AT ALL COSTS... John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 37 out of 37

Recommended

Reshaping Key Management: A Tale of Two Decades
Reshaping Key Management: A Tale of Two DecadesReshaping Key Management: A Tale of Two Decades
Reshaping Key Management: A Tale of Two Decades
John ILIADIS
 
Io t security_review_blockchain_solutions
Io t security_review_blockchain_solutionsIo t security_review_blockchain_solutions
Io t security_review_blockchain_solutions
Shyam Goyal
 
General Version 8 Jul 09
General Version 8 Jul 09General Version 8 Jul 09
General Version 8 Jul 09
tverbeck
 
SmartCard Forum 2009 - New trends in smart-cards technology
SmartCard Forum 2009 - New trends in smart-cards technologySmartCard Forum 2009 - New trends in smart-cards technology
SmartCard Forum 2009 - New trends in smart-cards technology
OKsystem
 
Icete Secrypt2007 Presentation
Icete Secrypt2007 PresentationIcete Secrypt2007 Presentation
Icete Secrypt2007 Presentation
Carlos Serrao
 
Iadis Tns2007 Presentation
Iadis Tns2007 PresentationIadis Tns2007 Presentation
Iadis Tns2007 Presentation
Carlos Serrao
 
General Version 9 21 09
General Version 9 21 09General Version 9 21 09
General Version 9 21 09
tverbeck
 
Cognitive Secure Shield – A Machine Learning enabled threat shield for resour...
Cognitive Secure Shield – A Machine Learning enabled threat shield for resour...Cognitive Secure Shield – A Machine Learning enabled threat shield for resour...
Cognitive Secure Shield – A Machine Learning enabled threat shield for resour...
hanumayamma
 

Recommended

Reshaping Key Management: A Tale of Two Decades
Reshaping Key Management: A Tale of Two DecadesReshaping Key Management: A Tale of Two Decades
Reshaping Key Management: A Tale of Two Decades
John ILIADIS
 
Io t security_review_blockchain_solutions
Io t security_review_blockchain_solutionsIo t security_review_blockchain_solutions
Io t security_review_blockchain_solutions
Shyam Goyal
 
General Version 8 Jul 09
General Version 8 Jul 09General Version 8 Jul 09
General Version 8 Jul 09
tverbeck
 
SmartCard Forum 2009 - New trends in smart-cards technology
SmartCard Forum 2009 - New trends in smart-cards technologySmartCard Forum 2009 - New trends in smart-cards technology
SmartCard Forum 2009 - New trends in smart-cards technology
OKsystem
 
Icete Secrypt2007 Presentation
Icete Secrypt2007 PresentationIcete Secrypt2007 Presentation
Icete Secrypt2007 Presentation
Carlos Serrao
 
Iadis Tns2007 Presentation
Iadis Tns2007 PresentationIadis Tns2007 Presentation
Iadis Tns2007 Presentation
Carlos Serrao
 
General Version 9 21 09
General Version 9 21 09General Version 9 21 09
General Version 9 21 09
tverbeck
 
Cognitive Secure Shield – A Machine Learning enabled threat shield for resour...
Cognitive Secure Shield – A Machine Learning enabled threat shield for resour...Cognitive Secure Shield – A Machine Learning enabled threat shield for resour...
Cognitive Secure Shield – A Machine Learning enabled threat shield for resour...
hanumayamma
 
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGCPKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
Nizar Ben Neji
 
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
SafeNet
 
Security
SecuritySecurity
Security
Bilcareltd
 
IRJET- Secured Real Estate Transactions using Blockchain Technology
IRJET- Secured Real Estate Transactions using Blockchain TechnologyIRJET- Secured Real Estate Transactions using Blockchain Technology
IRJET- Secured Real Estate Transactions using Blockchain Technology
IRJET Journal
 
Vanderhoof smartcard-roadmap
Vanderhoof smartcard-roadmapVanderhoof smartcard-roadmap
Vanderhoof smartcard-roadmap
Hai Nguyen
 
USB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines ComplianceUSB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines Compliance
Netwrix Corporation
 
Digital Security Capacity Building: Role of the University
Digital Security Capacity Building: Role of the UniversityDigital Security Capacity Building: Role of the University
Digital Security Capacity Building: Role of the University
Nizar Ben Neji
 
ETIS Information Security Benchmark Successful Practices in telco security
ETIS Information Security Benchmark Successful Practices in telco securityETIS Information Security Benchmark Successful Practices in telco security
ETIS Information Security Benchmark Successful Practices in telco security
ETIS - the Global IT Association for Telecommunications
 
The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...
Ulf Mattsson
 
SMi Group's 7th annual European Smart Grid Cyber Security 2017 conference
SMi Group's 7th annual European Smart Grid Cyber Security 2017 conferenceSMi Group's 7th annual European Smart Grid Cyber Security 2017 conference
SMi Group's 7th annual European Smart Grid Cyber Security 2017 conference
Dale Butler
 
A robust fsm watermarking scheme for ip protection of sequential circuit desi...
A robust fsm watermarking scheme for ip protection of sequential circuit desi...A robust fsm watermarking scheme for ip protection of sequential circuit desi...
A robust fsm watermarking scheme for ip protection of sequential circuit desi...
Ece Rljit
 
Ireland - The location of choice for International Payments firms
Ireland - The location of choice for International Payments firmsIreland - The location of choice for International Payments firms
Ireland - The location of choice for International Payments firms
Martina Naughton
 
PCI DSS Conference in London UK 2011
PCI DSS Conference in London UK 2011PCI DSS Conference in London UK 2011
PCI DSS Conference in London UK 2011
Ulf Mattsson
 
UniCredit Business Integrated Solutions
UniCredit Business Integrated SolutionsUniCredit Business Integrated Solutions
UniCredit Business Integrated Solutions
Cisco Case Studies
 
A survey on secure communication protocols for io t systems
A survey on secure communication protocols for io t systemsA survey on secure communication protocols for io t systems
A survey on secure communication protocols for io t systems
Vishwesh Nagamalla
 
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's Problems
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's ProblemsDevil's Bargain: Sacrificing Strategic Investments to Fund Today's Problems
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's Problems
scoopnewsgroup
 
Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16
Symantec APJ
 
Internet of Things Forensics
Internet of Things ForensicsInternet of Things Forensics
Internet of Things Forensics
Aakashjit Bhattacharya
 
BluStor's CyberGate uses biometrics to guard Personal Mobile Cloud _ Biometri...
BluStor's CyberGate uses biometrics to guard Personal Mobile Cloud _ Biometri...BluStor's CyberGate uses biometrics to guard Personal Mobile Cloud _ Biometri...
BluStor's CyberGate uses biometrics to guard Personal Mobile Cloud _ Biometri...
Mark W. Bennett
 
Threat Modeling / iPad
Threat Modeling / iPadThreat Modeling / iPad
Threat Modeling / iPad
Sylvain Maret
 
Certificate Revocation: What Is It And What Should It Be
Certificate Revocation: What Is It And What Should It BeCertificate Revocation: What Is It And What Should It Be
Certificate Revocation: What Is It And What Should It Be
John ILIADIS
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private clouds
Ulf Mattsson
 

More Related Content

What's hot

PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGCPKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
Nizar Ben Neji
 
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
SafeNet
 
Security
SecuritySecurity
Security
Bilcareltd
 
IRJET- Secured Real Estate Transactions using Blockchain Technology
IRJET- Secured Real Estate Transactions using Blockchain TechnologyIRJET- Secured Real Estate Transactions using Blockchain Technology
IRJET- Secured Real Estate Transactions using Blockchain Technology
IRJET Journal
 
Vanderhoof smartcard-roadmap
Vanderhoof smartcard-roadmapVanderhoof smartcard-roadmap
Vanderhoof smartcard-roadmap
Hai Nguyen
 
USB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines ComplianceUSB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines Compliance
Netwrix Corporation
 
Digital Security Capacity Building: Role of the University
Digital Security Capacity Building: Role of the UniversityDigital Security Capacity Building: Role of the University
Digital Security Capacity Building: Role of the University
Nizar Ben Neji
 
ETIS Information Security Benchmark Successful Practices in telco security
ETIS Information Security Benchmark Successful Practices in telco securityETIS Information Security Benchmark Successful Practices in telco security
ETIS Information Security Benchmark Successful Practices in telco security
ETIS - the Global IT Association for Telecommunications
 
The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...
Ulf Mattsson
 
SMi Group's 7th annual European Smart Grid Cyber Security 2017 conference
SMi Group's 7th annual European Smart Grid Cyber Security 2017 conferenceSMi Group's 7th annual European Smart Grid Cyber Security 2017 conference
SMi Group's 7th annual European Smart Grid Cyber Security 2017 conference
Dale Butler
 
A robust fsm watermarking scheme for ip protection of sequential circuit desi...
A robust fsm watermarking scheme for ip protection of sequential circuit desi...A robust fsm watermarking scheme for ip protection of sequential circuit desi...
A robust fsm watermarking scheme for ip protection of sequential circuit desi...
Ece Rljit
 
Ireland - The location of choice for International Payments firms
Ireland - The location of choice for International Payments firmsIreland - The location of choice for International Payments firms
Ireland - The location of choice for International Payments firms
Martina Naughton
 
PCI DSS Conference in London UK 2011
PCI DSS Conference in London UK 2011PCI DSS Conference in London UK 2011
PCI DSS Conference in London UK 2011
Ulf Mattsson
 
UniCredit Business Integrated Solutions
UniCredit Business Integrated SolutionsUniCredit Business Integrated Solutions
UniCredit Business Integrated Solutions
Cisco Case Studies
 
A survey on secure communication protocols for io t systems
A survey on secure communication protocols for io t systemsA survey on secure communication protocols for io t systems
A survey on secure communication protocols for io t systems
Vishwesh Nagamalla
 
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's Problems
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's ProblemsDevil's Bargain: Sacrificing Strategic Investments to Fund Today's Problems
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's Problems
scoopnewsgroup
 
Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16
Symantec APJ
 
Internet of Things Forensics
Internet of Things ForensicsInternet of Things Forensics
Internet of Things Forensics
Aakashjit Bhattacharya
 
BluStor's CyberGate uses biometrics to guard Personal Mobile Cloud _ Biometri...
BluStor's CyberGate uses biometrics to guard Personal Mobile Cloud _ Biometri...BluStor's CyberGate uses biometrics to guard Personal Mobile Cloud _ Biometri...
BluStor's CyberGate uses biometrics to guard Personal Mobile Cloud _ Biometri...
Mark W. Bennett
 
Threat Modeling / iPad
Threat Modeling / iPadThreat Modeling / iPad
Threat Modeling / iPad
Sylvain Maret
 

What's hot (20)

PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGCPKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
 
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
 
Security
SecuritySecurity
Security
 
IRJET- Secured Real Estate Transactions using Blockchain Technology
IRJET- Secured Real Estate Transactions using Blockchain TechnologyIRJET- Secured Real Estate Transactions using Blockchain Technology
IRJET- Secured Real Estate Transactions using Blockchain Technology
 
Vanderhoof smartcard-roadmap
Vanderhoof smartcard-roadmapVanderhoof smartcard-roadmap
Vanderhoof smartcard-roadmap
 
USB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines ComplianceUSB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines Compliance
 
Digital Security Capacity Building: Role of the University
Digital Security Capacity Building: Role of the UniversityDigital Security Capacity Building: Role of the University
Digital Security Capacity Building: Role of the University
 
ETIS Information Security Benchmark Successful Practices in telco security
ETIS Information Security Benchmark Successful Practices in telco securityETIS Information Security Benchmark Successful Practices in telco security
ETIS Information Security Benchmark Successful Practices in telco security
 
The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...
 
SMi Group's 7th annual European Smart Grid Cyber Security 2017 conference
SMi Group's 7th annual European Smart Grid Cyber Security 2017 conferenceSMi Group's 7th annual European Smart Grid Cyber Security 2017 conference
SMi Group's 7th annual European Smart Grid Cyber Security 2017 conference
 
A robust fsm watermarking scheme for ip protection of sequential circuit desi...
A robust fsm watermarking scheme for ip protection of sequential circuit desi...A robust fsm watermarking scheme for ip protection of sequential circuit desi...
A robust fsm watermarking scheme for ip protection of sequential circuit desi...
 
Ireland - The location of choice for International Payments firms
Ireland - The location of choice for International Payments firmsIreland - The location of choice for International Payments firms
Ireland - The location of choice for International Payments firms
 
PCI DSS Conference in London UK 2011
PCI DSS Conference in London UK 2011PCI DSS Conference in London UK 2011
PCI DSS Conference in London UK 2011
 
UniCredit Business Integrated Solutions
UniCredit Business Integrated SolutionsUniCredit Business Integrated Solutions
UniCredit Business Integrated Solutions
 
A survey on secure communication protocols for io t systems
A survey on secure communication protocols for io t systemsA survey on secure communication protocols for io t systems
A survey on secure communication protocols for io t systems
 
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's Problems
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's ProblemsDevil's Bargain: Sacrificing Strategic Investments to Fund Today's Problems
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's Problems
 
Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16
 
Internet of Things Forensics
Internet of Things ForensicsInternet of Things Forensics
Internet of Things Forensics
 
BluStor's CyberGate uses biometrics to guard Personal Mobile Cloud _ Biometri...
BluStor's CyberGate uses biometrics to guard Personal Mobile Cloud _ Biometri...BluStor's CyberGate uses biometrics to guard Personal Mobile Cloud _ Biometri...
BluStor's CyberGate uses biometrics to guard Personal Mobile Cloud _ Biometri...
 
Threat Modeling / iPad
Threat Modeling / iPadThreat Modeling / iPad
Threat Modeling / iPad
 

Similar to PKI: Is it worth something, or what?

Certificate Revocation: What Is It And What Should It Be
Certificate Revocation: What Is It And What Should It BeCertificate Revocation: What Is It And What Should It Be
Certificate Revocation: What Is It And What Should It Be
John ILIADIS
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private clouds
Ulf Mattsson
 
Sect f43
Sect f43Sect f43
Sect f43
SelectedPresentations
 
A STUDY ON ADOPTION OF BLOCKCHAIN TECHNOLOGY IN CYBERSECURITY
A STUDY ON ADOPTION OF BLOCKCHAIN TECHNOLOGY IN CYBERSECURITYA STUDY ON ADOPTION OF BLOCKCHAIN TECHNOLOGY IN CYBERSECURITY
A STUDY ON ADOPTION OF BLOCKCHAIN TECHNOLOGY IN CYBERSECURITY
IRJET Journal
 
Ethical hacking, the way to get product & solution confidence and trust in an...
Ethical hacking, the way to get product & solution confidence and trust in an...Ethical hacking, the way to get product & solution confidence and trust in an...
Ethical hacking, the way to get product & solution confidence and trust in an...
Pierre-Jean Verrando
 
Cyber security
Cyber securityCyber security
Cyber security
Aman Pradhan
 
Blockchain for Manufacturing Sector
Blockchain for Manufacturing SectorBlockchain for Manufacturing Sector
Blockchain for Manufacturing Sector
SuradhaIyer
 
Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...
IJwest
 
Blockchain based Security Architectures - A Review
Blockchain based Security Architectures - A ReviewBlockchain based Security Architectures - A Review
Blockchain based Security Architectures - A Review
Gokul Alex
 
Design of programmable hardware security modules for enhancing blockchain bas...
Design of programmable hardware security modules for enhancing blockchain bas...Design of programmable hardware security modules for enhancing blockchain bas...
Design of programmable hardware security modules for enhancing blockchain bas...
IJECEIAES
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2
Mukesh Chinta
 
2
22
2
ttttttttttttt23
 
IRJET- An Approach to Authenticating Devise in IoT using Blockchain
IRJET- An Approach to Authenticating Devise in IoT using BlockchainIRJET- An Approach to Authenticating Devise in IoT using Blockchain
IRJET- An Approach to Authenticating Devise in IoT using Blockchain
IRJET Journal
 
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITYCOST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
Shakas Technologies
 
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...
TelecomValley
 
A QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATA
A QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATAA QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATA
A QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATA
ijcisjournal
 
A QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATA
A QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATAA QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATA
A QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATA
ijcisjournal
 
20161201 witdom bdva summit
20161201 witdom bdva summit20161201 witdom bdva summit
20161201 witdom bdva summit
Elsa Prieto
 
Integrating Anonymous Credentials with eIDs for Privacy-respecting Online Au...
Integrating Anonymous Credentials with eIDs for Privacy-respecting Online Au...Integrating Anonymous Credentials with eIDs for Privacy-respecting Online Au...
Integrating Anonymous Credentials with eIDs for Privacy-respecting Online Au...
Ioannis Krontiris
 
Cryptographysecurity 1222867498937700-9
Cryptographysecurity 1222867498937700-9Cryptographysecurity 1222867498937700-9
Cryptographysecurity 1222867498937700-9
muthulx
 

Similar to PKI: Is it worth something, or what? (20)

Certificate Revocation: What Is It And What Should It Be
Certificate Revocation: What Is It And What Should It BeCertificate Revocation: What Is It And What Should It Be
Certificate Revocation: What Is It And What Should It Be
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private clouds
 
Sect f43
Sect f43Sect f43
Sect f43
 
A STUDY ON ADOPTION OF BLOCKCHAIN TECHNOLOGY IN CYBERSECURITY
A STUDY ON ADOPTION OF BLOCKCHAIN TECHNOLOGY IN CYBERSECURITYA STUDY ON ADOPTION OF BLOCKCHAIN TECHNOLOGY IN CYBERSECURITY
A STUDY ON ADOPTION OF BLOCKCHAIN TECHNOLOGY IN CYBERSECURITY
 
Ethical hacking, the way to get product & solution confidence and trust in an...
Ethical hacking, the way to get product & solution confidence and trust in an...Ethical hacking, the way to get product & solution confidence and trust in an...
Ethical hacking, the way to get product & solution confidence and trust in an...
 
Cyber security
Cyber securityCyber security
Cyber security
 
Blockchain for Manufacturing Sector
Blockchain for Manufacturing SectorBlockchain for Manufacturing Sector
Blockchain for Manufacturing Sector
 
Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...
 
Blockchain based Security Architectures - A Review
Blockchain based Security Architectures - A ReviewBlockchain based Security Architectures - A Review
Blockchain based Security Architectures - A Review
 
Design of programmable hardware security modules for enhancing blockchain bas...
Design of programmable hardware security modules for enhancing blockchain bas...Design of programmable hardware security modules for enhancing blockchain bas...
Design of programmable hardware security modules for enhancing blockchain bas...
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2
 
2
22
2
 
IRJET- An Approach to Authenticating Devise in IoT using Blockchain
IRJET- An Approach to Authenticating Devise in IoT using BlockchainIRJET- An Approach to Authenticating Devise in IoT using Blockchain
IRJET- An Approach to Authenticating Devise in IoT using Blockchain
 
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITYCOST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
 
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...
 
A QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATA
A QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATAA QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATA
A QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATA
 
A QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATA
A QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATAA QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATA
A QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATA
 
20161201 witdom bdva summit
20161201 witdom bdva summit20161201 witdom bdva summit
20161201 witdom bdva summit
 
Integrating Anonymous Credentials with eIDs for Privacy-respecting Online Au...
Integrating Anonymous Credentials with eIDs for Privacy-respecting Online Au...Integrating Anonymous Credentials with eIDs for Privacy-respecting Online Au...
Integrating Anonymous Credentials with eIDs for Privacy-respecting Online Au...
 
Cryptographysecurity 1222867498937700-9
Cryptographysecurity 1222867498937700-9Cryptographysecurity 1222867498937700-9
Cryptographysecurity 1222867498937700-9
 

More from John ILIADIS

Information security and digital payments; thoughts about current trends
Information security and digital payments; thoughts about current trendsInformation security and digital payments; thoughts about current trends
Information security and digital payments; thoughts about current trends
John ILIADIS
 
Security in RegTech's Playground
Security in RegTech's PlaygroundSecurity in RegTech's Playground
Security in RegTech's Playground
John ILIADIS
 
Malicious Software. In Greek.
Malicious Software. In Greek.Malicious Software. In Greek.
Malicious Software. In Greek.
John ILIADIS
 
PKI : The role of TTPs for the Development of secure Transaction Systems
PKI : The role of TTPs for the Development of secure Transaction SystemsPKI : The role of TTPs for the Development of secure Transaction Systems
PKI : The role of TTPs for the Development of secure Transaction Systems
John ILIADIS
 
Evaluating Open Source Security Software
Evaluating Open Source Security SoftwareEvaluating Open Source Security Software
Evaluating Open Source Security Software
John ILIADIS
 
ADoCSI: Towards a Transparent Mechanism for Disseminating Certificate Status ...
ADoCSI: Towards a Transparent Mechanism for Disseminating Certificate Status ...ADoCSI: Towards a Transparent Mechanism for Disseminating Certificate Status ...
ADoCSI: Towards a Transparent Mechanism for Disseminating Certificate Status ...
John ILIADIS
 
E-Commerce Security: A Primer
E-Commerce Security: A PrimerE-Commerce Security: A Primer
E-Commerce Security: A Primer
John ILIADIS
 
PKI: Overpromising and Underdelivering
PKI: Overpromising and UnderdeliveringPKI: Overpromising and Underdelivering
PKI: Overpromising and Underdelivering
John ILIADIS
 
What is (not) Network Security
What is (not) Network SecurityWhat is (not) Network Security
What is (not) Network Security
John ILIADIS
 
Network Security: Putting Theory into Practice, the Wrong Way
Network Security: Putting Theory into Practice, the Wrong WayNetwork Security: Putting Theory into Practice, the Wrong Way
Network Security: Putting Theory into Practice, the Wrong Way
John ILIADIS
 
Addressing security issues in programming languages for mobile code - Confere...
Addressing security issues in programming languages for mobile code - Confere...Addressing security issues in programming languages for mobile code - Confere...
Addressing security issues in programming languages for mobile code - Confere...
John ILIADIS
 

More from John ILIADIS (11)

Information security and digital payments; thoughts about current trends
Information security and digital payments; thoughts about current trendsInformation security and digital payments; thoughts about current trends
Information security and digital payments; thoughts about current trends
 
Security in RegTech's Playground
Security in RegTech's PlaygroundSecurity in RegTech's Playground
Security in RegTech's Playground
 
Malicious Software. In Greek.
Malicious Software. In Greek.Malicious Software. In Greek.
Malicious Software. In Greek.
 
PKI : The role of TTPs for the Development of secure Transaction Systems
PKI : The role of TTPs for the Development of secure Transaction SystemsPKI : The role of TTPs for the Development of secure Transaction Systems
PKI : The role of TTPs for the Development of secure Transaction Systems
 
Evaluating Open Source Security Software
Evaluating Open Source Security SoftwareEvaluating Open Source Security Software
Evaluating Open Source Security Software
 
ADoCSI: Towards a Transparent Mechanism for Disseminating Certificate Status ...
ADoCSI: Towards a Transparent Mechanism for Disseminating Certificate Status ...ADoCSI: Towards a Transparent Mechanism for Disseminating Certificate Status ...
ADoCSI: Towards a Transparent Mechanism for Disseminating Certificate Status ...
 
E-Commerce Security: A Primer
E-Commerce Security: A PrimerE-Commerce Security: A Primer
E-Commerce Security: A Primer
 
PKI: Overpromising and Underdelivering
PKI: Overpromising and UnderdeliveringPKI: Overpromising and Underdelivering
PKI: Overpromising and Underdelivering
 
What is (not) Network Security
What is (not) Network SecurityWhat is (not) Network Security
What is (not) Network Security
 
Network Security: Putting Theory into Practice, the Wrong Way
Network Security: Putting Theory into Practice, the Wrong WayNetwork Security: Putting Theory into Practice, the Wrong Way
Network Security: Putting Theory into Practice, the Wrong Way
 
Addressing security issues in programming languages for mobile code - Confere...
Addressing security issues in programming languages for mobile code - Confere...Addressing security issues in programming languages for mobile code - Confere...
Addressing security issues in programming languages for mobile code - Confere...
 

Recently uploaded

Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Zilliz
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Zilliz
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 

Recently uploaded (20)

Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 

PKI: Is it worth something, or what?

  • 1. University of the Aegean De Facto Joint Research Group PKI: Is it worth something, or what? John Iliadis1,2, Stefanos Gritzalis1 Department of Information and Communication Systems Engineering University of the Aegean E-mail: {jiliad,sgritz}@aegean.gr 1 2 Department of Informatics Technological Educational Institute of Athens E-mail: jiliad@cs.teiath.gr
  • 2. Overview ➢ ➢ ➢ ➢ ➢ Communication Networks: Now and Then. Symmetric Cryptosystems versus Asymettric Cryptosystems Applications of Asymmetric Cryptosystems Facing Threats in Electronic Transactions Certification Service Providers, (a.k.a. Certification Authorities, a.k.a. Trusted Third Parties ???) ➢ ➢ ➢ EU Directive on Digital Signatures Further Research on PKI Conclusions John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 2 out of 37
  • 3. Communication Networks: Now and Then ➢ Then: Centralised, Closed ➢ ➢ ➢ ➢ ➢ private or semi-private, no access allowed, wide spectrum of proprietary networking/communication protocols, expensive, targeted user group, early Internet instances. John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 3 out of 37
  • 4. Communication Networks: Now and Then (cont.) ➢ Now: Distributed, Open ➢ ➢ ➢ ➢ ➢ ➢ no ownership, no central control, resilience. access to anyone, standardised protocols, low-cost access. John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 4 out of 37
  • 5. Key Distribution Symmetric Cryptosystems ➢ ➢ ➢ ➢ Direct Key Translation Center Key Distribution Center Based on asymmetric techniques ➢ ➢ secret key agreement secret key transport John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 5 out of 37
  • 6. Key Translation Center (symmetric crypto) 1 A 3 KTC 2 B 4 •A->KTC: enciphered key •KTC->B: sends B re-enciphered key, OR •KTC->A: sends A re-enciphered key •A->B: A sends B re-enciphered key John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 6 out of 37
  • 7. Key Distribution Center (symmetric crypto) 1 A 2a KDC 2b B •A->KDC: request for shared key •KDC->A: sends A enciphered shared key •KDC->B: sends B enciphered shared key If KDC cannot communicate securely with B (2b), then A assumes responsibility for distribution of enciphered shared key to B John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 7 out of 37
  • 8. Key Distribution in Symmetric Cryptosystems A Note ➢ All mechanisms require the existence of a shared symmetric or asymmetric key and an inline Key Center. Centralised Closed Private Proprietary protocols Expensive John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Distributed No ownership No central control Resilience Access to anyone Standardised protocols Low-cost access. Slide 8 out of 37
  • 9. Key Distribution: Asymmetric Cryptosystems ➢ ➢ Protected channels (data origin authentication and data integrity protection, e.g. courier and registered mail) CSP-assisted (i.e. certificates) John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 9 out of 37
  • 10. Key Distribution: Asymmetric Cryptosystems (cont.) CA 1 2 3 4 A B •A->CA: KeyA (?) •CA->A: CertificateA •CA<->B: CertificateA or CertificateCA •A->B: CertificateA John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 10 out of 37
  • 11. Key Distribution in Asymmetric Cryptosystems - A Note ➢ Mechanisms require the existence of either an integrity protected channel, or at least an offline CSP* Centralised Closed Private Proprietary protocols Expensive *Other CSP operational requirements, like revocation, necessitate the online operation of CSPs John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Distributed No ownership No central control Resilience Access to anyone Standardised protocols Low-cost access. Slide 11 out of 37
  • 12. Key Distribution: A Final Note The Case of Asymmetric versus Symmetric Cryptosystems, and vice-versa. Verdict: Innocent on all charges, both of them. – there are applications that necessitate symmetric crypto, like small scale closed networks, top-secret communication lines (onetime pads), requirements for fast encryption (e.g. slow processor speeds: smart cards) etc. – there are applications that necessitate asymmetric crypto, like applications over communication channels where one cannot protect the confidentiality of the exchanged messages (key distribution?) John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 12 out of 37
  • 13. Key Distribution: A Final Note (cont.) The Case of Asymmetric versus Symmetric Cryptosystems, and vice-versa. Verdict 2: The Case should never have been taken to court! – There’s no point in excluding either one of them. Joint usage leads to best results (e.g. Digital Envelopes, asymmetric based distribution of symmetric keying material). – There are advantages and disadvantages in both. The main difference is in key management requirements: confidentiality against authenticity John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 13 out of 37
  • 14. Key Distribution: A Final Note (cont.) Asymmetric crypto was not invented to meet the needs of new, distributed and loosely federated networking environments. It existed before. It has been a solution in search of a problem… John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 14 out of 37
  • 15. Digital Certificates Offline authentication token Third, trusted entity vouches for it Expiration, revocation Contents: – – – – – – identification info of certificate holder identification info of CA public key of certificate holder expiration date other info (e.g. CSI location info) signed by CA John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 15 out of 37
  • 16. Digital Signatures ➢ ➢ Generating certificate-supported signatures Non-repudiation ➢ ➢ ➢ Timestamping Non-repudiation mechanisms Underlying legal framework John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 16 out of 37
  • 17. Some Threats in Electronic Transactions ➢ ➢ ➢ ➢ ➢ ➢ ➢ Monitoring of communication lines Shared key guessing/stealing Shared key stealing Unauthorised modification of information in transit Masquerade - Web spoofing Password stealing Unauthorised access John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 17 out of 37
  • 18. Insecure Electronic Transactions Entity1 Network Entity2 insecure communication channel John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 18 out of 37
  • 19. Facing Threats monitoring of communication lines Encryption with randomly generated shared session key shared session key stealing/guessing -cryptographically secure random key generators -encryption of shared session key with the public key of the receiving entity Non-authorised modification of (in-transit) information secure hashing algorithms for message authentication codes John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 19 out of 37
  • 20. Facing Threats (cont.) Masquerade - Web spoofing Exchange of X509v3 certificates and verification against a Directory Password stealing Passwords are never transmitted in the network Unauthorised access Local ACL. Authentication by certificate verification John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 20 out of 37
  • 21. Securing electronic transactions Entity1 Network Issuing certificates Entity2 Issuing certificates CSP John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 21 out of 37
  • 22. CSP : The Cornerstone of PKI. An Overview ➢ ➢ TTP : “an impartial organisation delivering business confidence, through commercial and technical security features, to an electronic transaction” CSPs are Trusted Third Parties that control the life cycle of certificates John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 22 out of 37
  • 23. CSP : The Cornerstone of a Public Key Infrastructure. Technical Infrastructure • • • • • Certification Authority, providing certificates. Registration Authority, registering users and binding their identities to certificates. Repositories, storage and dissemination entities containing CSP-related public material such as certificates and CRLs. Certificate holders, holding certificates issued from Cas, which they use in order to sign or authenticate themselves. Dependent entities, entities that use the certificates presented by other certificate holders in order to authenticate the latter or verify their signature. John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 23 out of 37
  • 24. CSP : The Cornerstone of a Public Key Infrastructure. Technical Infrastructure Database local to CSP CSP Directory Services Certificate holder Dependent entity John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 24 out of 37
  • 25. CSP services and functions ➢ ➢ ➢ ➢ ➢ ➢ Electronic Registration Key Personalisation, Generation, and Repository Certificates: Structure, Generation, Distribution, Storage, and Retrieval Certificate Directory Management CRLs: Structure, Generation and Maintenance, Distribution, Storage, and Retrieval Auditing John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 25 out of 37
  • 26. PKI ➢ ➢ ➢ ➢ Set of CSPs Interoperability and corroboration Legal framework Value-Added services ➢ ➢ ➢ ➢ Timestamping Information Archiving Notary Public ... John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 26 out of 37
  • 27. European Directive on Electronic Signatures Directive aims at technology independence Problem: Directive identifies requirements that fall under the scope of technology (e.g. secure signature creation devices, Annex III) Solution: Define sets of components that comply with the Directive. Caution needed when defining these sets; they must not conflict with other, underlying regulatory frameworks John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 27 out of 37
  • 28. Secure Signature Creation Devices Hardware tokens – easier to deploy – wide acceptance by public as a «secure» method – degree of security awareness required: low Security requirements and evaluation standards – harder to deploy; compliance certification (enduser systems?) – degree of public confidence: low – degree of security awareness required: high John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 28 out of 37
  • 29. Secure Signature Creation Devices (cont.) ➢ Factors to consider: ➢ ➢ ➢ ➢ ➢ Ease of use, confidence/acceptance by public, cost of implementation, operation and maintenance, security level and assurance, others... John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 29 out of 37
  • 30. Areas needing further research Identification and naming (global naming? translation versus transliteration?), Certificate path validation (who? trust model?), Signature policy (underlying legal framework?), Scalable revocations and scalable suspensions (scalability, transparency?). John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 30 out of 37
  • 31. Areas needing further research (cont.) ➢ ➢ ➢ Role of notaries and timestamping authorities (underlying legal framework? timely submission?), Trusted archival services (how long should an archive hold info? Who should it be revealed to?), Use of biometrics in relation to electronic signatures (beware: “panic password” versus finger cut-off…). John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 31 out of 37
  • 32. Some interesting problems to be studied Certificate 1 Certificate 2 John Doe John Doe org: X org: Y (X?) Country: GR Country: GR In general, TTP service-level collaboration has to be studied further – cross-certification (technical, legal) – revocation – ... John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 32 out of 37
  • 33. Qualified Value-added Services ➢ ➢ Need for «Qualified Value-added Services» Should there be a limit on the kind of services CSPs may develop and offer to the public? Should we ensure that the new services they will be providing in the future will not damage their impartiality? John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 33 out of 37
  • 34. Fashion and PKI Current commercial PKI trends – It’s fashionable – It’s easy to deploy… – It meets several security requirements, through a wide set of security services ranging from confidentiality to public notary – It’s a panacea! John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 34 out of 37
  • 35. Fashion and PKI (cont.) …however: – Typical installations and operation of CSP software, withour prior analysis of requirements and without designing a Security Policy and a Certificate Policy, are a present tense situation, at least on an internal company-wide level. The resulting problems will soon be present and tense. PKI is nor a cure-all, neither a magical solution to security problems John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 35 out of 37
  • 36. Fashion and PKI (cont.) ➢ ➢ ➢ ➢ ➢ ➢ ➢ Requirements->Services->Functions ->Implementation Certificate and Security Policy of CSP Legal framework and regulations Complexity in design and development User-awareness needed Low user-acceptance Clearly not an InfoSec bandage John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 36 out of 37
  • 37. Conclusion PKI is a panacea for security as much as aspirin is a panacea for pain. Easing ulcer pains with aspirin SHOULD BE AVOIDED AT ALL COSTS... John Iliadis, Stefanos Gritzalis University of the Aegean, IPICS 2002 Copyright © 2002 Slide 37 out of 37