Professional Documents
Culture Documents
6: Digital
Certificates
Introduction
Authentication Methods
PKI
Digital Certificate Passing
Trent
Bob Trap-door
Eve
Fundamental
principles
Authentication.
Confidence/Assurance.
Privacy/Confidentiality.
Authentication
(Device, Confidentiality Assurance
User, Servers, (Encryption) (Integrity)
Connections, etc)
Bob
Introduction
Fred
Bert
Authentication
Eve Authentication is a
fundamental issue in security.
Bob Alice
Public-key
Introduction
Eve
Authentication is a
fundamental issue in security.
Bob
Alice
Public-key
Introduction
Eve Authentication is a
fundamental issue in security.
Alice
Bob
Public-key
Introduction
Authentication is a
fundamental issue in security.
Trent
Bob
Alice
Introduction
Eve
trust Bob to authenticate that he really
is Bob.
Systems.
Users.
Data.
Servers.
Devices
Methods
Users
Authentication
Data Systems
Intermediate Intermediate
device device
End-to-end authentication
Methods
User
Device Server Service
Intermediate
Authentication
Intermediate
device device
Intermediate authentication
Author: Prof Bill Buchanan
Authentication type
Device
One-way server.
One-way client.
User Two-way.
Device Server
Service
Intermediate Intermediate
device device
Device name
Username/password Digital Certificate
Digital Certificate Pass phrase
Token Card MAC address
Soft Tokens Encryption key
Methods
Session key
Pass phrase
Biometrics
Authentication
Retina Digital
scan certificate
Network/physical
Palm address
prints
Methods
Something you
Something you
Finger prints are
have
Smart card
Authentication
Alice
Bob
Public-key
How to store the private key and pass the public key?
Bob
Details
Public-key
Digital Cert.
Authentication
Issuer
Thumbprint
• SST. Binary.
Author: Prof Bill Buchanan
Alice sends
B her digital
Hello certificate with
her public key
on it
C
Authentication
D Hello
Hello B
Hash C
Alice’s private
Digital Cert.
H&$d. key
Bob’s private
key D Hello
Hash
Authentication
Authenticating Bob
Chapter 6: Digital
Certificates
Introduction
Authentication Methods
PKI
Digital Certificate Passing
Alice
Bob
Trent
Digital Cert.
Drawbacks of PKI
Trusted Root CA Certificate purposes:
• Secure email.
• Server authentication.
Bob
Self signed
- Can never be trusted Trust2
Authentication
Intermediate CA
- Can be trusted for some
things
Author: Prof Bill Buchanan
Levels of trust
The two main problems with digital
certificates are:
Bob Eve
Authentication
Real or fake?
PKI
Bob Eve
Authentication
Real or fake?
Author: Prof Bill Buchanan
Real or fake?
PKI
Bob
Authentication
Real!
Author: Prof Bill Buchanan
Real or fake?
PKI
Bob Eve
Authentication
Real or fake?
Author: Prof Bill Buchanan
Real or fake?
PKI
Eve
Authentication
Fake!
Author: Prof Bill Buchanan
Real or fake?
PKI
Bob Eve
Authentication
Real or fake?
Author: Prof Bill Buchanan
Real or fake?
PKI
Bob
Authentication
Real
Author: Prof Bill Buchanan
Real or fake?
Chapter 6: Digital
Certificates
Introduction
Authentication Methods
PKI
Digital Certificate Passing
MegaCorp
Eve Trent
MegaCorp
Eve Trent
MegaCorp
Eve Trent
MegaCorp
Eve Trent
MegaCorp
Eve Trent
MegaCorp
Eve Trent
MegaCorp
Eve Trent
Hello Alice,
Wish you were
Alice’s Public Key
Bob’s Private Key
here!
- Bob
MegaCorp
Eve Trent
MegaCorp
Eve Trent
Hello Alice,
Wish you were Alice’s Public Key
Bob’s Private Key here!
- Bob
Which key to we
open the signature
with? Alice’s Private Key
Bob’s Public Key
Public key encryption … secret … identity ... trust
MegaCorp
Eve Trent
Hello Alice,
Wish you were Alice’s Public Key
Bob’s Private Key here!
- Bob
Bob’s Public
Key
MegaCorp
Eve Trent
Hello Alice,
Wish you were Alice’s Public Key
Bob’s Private Key here!
- Bob
Encrypted
MD5
MD5
The magic private key
Bob’s
private
key
Bob’s
Bob public
key
Authentication
Message
Encrypted
MD5
MD5
Bob
The magic private key
Bob’s
private Alice
key Encrypted
Content
Alice’s
Bob’s
public
public
key
key
Authentication
Alice’s
private
key
Bob
Bob’s
private
key
Bob’s
The magic private key
public
key
Alice
Alice’s
public
Authentication
key
Encrypted
Content
Alice’s
private
key
Bob
Bob’s
private
key
Bob’s
The magic private key
public
key
Alice
Alice’s
public
Message
Authentication
key
Encrypted
Content
Encrypted Alice’s
MD5 private
key
Bob
Bob’s
private
key
Bob’s
The magic private key
public
key
Alice
MD5 (message)
Message
Authentication
Encrypted
Content Alice compares the MD5
Encrypted
MD5 (result) values. If they are the
MD5
same … Bob sent the
message
Author: Prof Bill Buchanan
Email
Private-key encryption RSA
key
Alice
Public-key
Cardspace
Sender
Recipients
&54FGds
Hello. Private-key
Public-key
1. Secret-key
Is used to
encrypt
Secret-key Alice
message.
2. RSA is used to encrypt
Authentication
Secret-key