Professional Documents
Culture Documents
Topic 2:
PKI
Topic 2 – Lecture 1:
The Public Key Infrastructure
Learning Outcomes
By the end of this topic students will be able to:
• Describe the Public Key Infrastructure
• Explain digital signatures
• Explain the role of Certification Authorities
Overview
• This topic provides an overview to the key terms
and concepts used in a PKI including:
- Encryption
- Public keys
- Private keys
- Digital signatures
- Digital certificates
What is PKI?
• Public Key Infrastructure (PKI) is a security
architecture that has been introduced to provide an
increased level of confidence for exchanging
information over the Internet.
• It is defined in 2 ways:
- The method, technology and technique used to
create a secure data infrastructure.
- The use of the public and private key pair to
authenticate and for proof of content.
Benefits of PKI
• PKI aims to offer its users the following benefits:
- Certainty regarding the quality of information
transmitted electronically
- Certainty of the source and destination of such
information
- Assurance of the time and timing of such information
- Certainty of the privacy of such information
- Assurance that such information may be used as
evidence in a court of law
Use of PKI
• To support secure information exchange over
insecure networks.
- e.g. the Internet where such features cannot be
provided easily
• For information exchange over private networks.
- e.g. an organisation’s internal network
• To securely deliver cryptographic keys.
• To facilitate other cryptographically delivered
security services.
10
11
mQINBFbg474BEACnGJfCnFul7poxEEZWhMMK2XMpbEQxYB9Vb+wYufwq/7fW/bhZ
i589u6f8C1B5rHFP79IkxGlMIQRBHs3sXMZU4d/3TqWnACeubOB9WbMn3/zy0dq8
hWY5mHhO93T934Om30UCJjQUqd3+svSnVDIgbnGaP50G+/71TVHPI0BsPxXHXzHh
qDNCrOhfOyB+CUfUxmZ2sVdb7NJTyWccA3/XnW4neIo8VEzkN+VdCExHyqd1Doza
FUSDjkkVtCJ4UMoAY6tPN4Nk0DaYZAAJXw/RONQ0JOsmw7OZxmQIYhGLTNrKKwKd
t9D223XOunTH0RZqGKISQVzl58jIHLN4LkNZbhwI9Mn/fQ25hgNA8wSRuNUVlkbn
bkCcEZDjJzK4mJiGAFv+RNfkWfbkK3wIliVTjVYHFg+4P8hoCIQSpVpiUiyEc2kx
0HSV8xEk0q/bUr6iL3/K4zzIYZK9+dB5vpkGw5kM81fFehotDBPqAsi/ZOHJbQVs
3IxTMSj+mcQnd7OPtxdoS+TOJ6dHHXonAZpJA9IN8B/o204R2Vx4xoXiF7UREyYY
PE80PG4mSziw77F/Rx7K42JfoH4FxXgjAuFcL4XuZ2mV4uSWjhP6SIuYGAdg9KGm
YrVxMtdbUBgTeOx/bWrutalmWNOKkzo0FZoiH2GgRlZ9xbm9+5jNCPnaywARAQAB
tItTaW5nQ0VSVCAoQ3JlYXRlZCBhIG5ldyBzZXQgb2YgUEdQIGtleXMgZm9yIFNp
bmdDRVJUIGFzIEV2aWVvbiBoYXMgbW92ZWQgdG8gYW5vdGhlciBkaXZpc2lvbiBl
ZmZlY3RpdmUgMTAgTWFyY2ggMjAxNikgPHNpbmdjZXJ0QGNzYS5nb3Yuc2c+iQI5
BBMBCAAjBQJW4OO+AhsDBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQHfi2
mZ0nPfbjUxAAim7UgAnQNcP+PHyj/dJPCeqRAY9Fmft7k35IIF0dyXCb77zReKen
5h3xOaHFpu/vRYFp5/ndpzTK+COjCyAZNSrSd6C4Y9VBSnSx8oQ3uCNUX1uS0wOU
klrxylquXUFkzkauuGs20oFpeqqmkVjXklSJJfyfplaI0YZVggPYoomsfYZQiqlR
IrL4E7VsKFBfGXwns0dYZirXzmJmbkW6R4uRDblrElB7DQ9OOJYoWeLy6eFMs0W5
12
Asymmetric v Symmetric
Asymmetric Symmetric
• Two keys, one each for • Same key for encrypting
encrypting and decrypting and decrypting
13
14
• Two keys used in this system (Public Key and Private Key –
both are mathematically related)
• The receiver starts the process (generates the keys) not the
sender.
15
16
17
Digital Signature
• A digital signature is a unique, encrypted
numerical value.
• It differs each time it is generated and is used to
prove the ownership or copyright of data.
• A hashing algorithm is performed on the document
to be signed producing a unique numerical value.
- This is why it differs each time it is generated
• This is then encrypted using a private cryptographic
key and links the result to the document.
18
19
20
21
Receiving a Document
• You receive a document via email.
• This was digitally signed by the sender by
calculating a hash value for the document and
encrypting it with their private key.
• You calculate a hash value for the same document
and decrypt the encrypted hash value.
- If the both values are the same, this verifies the sender
and that the document has not been edited.
- If the two values don't match, then the document has
been edited or the sender is not who they claim to be.
22
Summary
• Public Key Cryptography is the encryption &
decryption and signing/verification of data.
- Ensures privacy between sender and receiver of the
data by directly preventing unintended disclosure of
the data.
- Identifies the sender of the data by authentication.
- Ensures that the data has not been modified or
tampered with.
23
Topic 2 – Lecture 2:
The Public Key Infrastructure
24
25
26
Checking Usage
• Key usage may be set in the certificate but this
does not ensure that the software which uses the
public key has done any checks on the content of
the certificate.
27
Certificate Standards
• The data in a certificate usually conforms to the ITU
(IETF) standard X.509.
• Includes information about:
- the identity of the owner of the corresponding private key
- the length of the key
- the algorithm used by the key
- the associated hashing algorithm
- dates of validity of the certificate
- the actions that the key can be used for
28
29
30
31
32
33
CA – Digital Certificates
• A person may have many certificates issued by
many CAs.
• Some applications may insist that you use
certificates issued by certain CAs.
• The CA may be:
- part of your own organisation
- a company (e.g. a bank or a post office)
- or an independent entity (e.g. VeriSign)
34
35
Revocation
• There is a system for making it known that
certificates are no longer valid (revoked).
• A system of revocation lists has been developed
that exists outside the directory/database that
stores certificates.
- It is a list of certificates that are no longer valid.
36
37
38
Publishing in Directories
• Directories are databases that are X.500/LDAP
compliant.
- The databases contain certificates in the X.509 format.
- They provide specific search facilities which are specified
in the LDAP standards published by the IETF.
39
Publishing in Databases
• Databases can be configured to accept X.509
format certificates.
40
41
42
43
References
• Stallings, W. (2016). Cryptography and Network
Security: Principles and Practice. Pearson
Education.
44
Topic 2 – PKI
Any Questions?
45