the basic details and description of public key infrastructure in network cryptography

1. A Seminar on
Public Key
Infrastructure
Under the guidance of :
K. Jeevan Pradeep, M.Tech
Assistant professor
1
Presented by:
M. Vimal Kumar
(11121A0557)
SREE VIDYANIKETHAN ENGINEERING COLLEGE
(AUTONOMOUS)
Sree Sainath Nagar, A.Rangampet-517102
Chittoor Dist, Andhra Pradesh.
Department of Computer Science and Engineering

2. Contents
 Introduction to Access Control Policy
 Password Authentication
 Symmetric and Asymmetric Encryption
 Hashing
 Digital Signature
 Public Key Infrastructure
 Certification
 Validation
 Revocation
 Authentication
 Keys
 Related Technologies
 Conclusion
 References
2

3. Introduction to Access Control
Policy
 To be able to access data and applications
from within a company, a user first needs to
be authenticated, and then needs to be
authorized to perform the operation.
 Authentication Procedures perform the
former task, and Access Control Decision
functions perform the later task.

4. Password Authentication
 When a company has several applications
hosted by different systems and
servers, there are several ways of identity
authentication.
Multiple passwords, one for each
system/application
Same password, replicated in each system
 Single sign-on software
Directory Server

5. Symmetric and Asymmetric
Encryption
 The objective of encryption is to transform a
message to a cipher text, ensuring confidentiality
 In the symmetric encryption schemes the same key
(called the secret key) is used to both encrypt and
decrypt the text.
Ex :- DES algorithm.
 Asymmetric cryptosystems use one key (the public
key) to encrypt a message and a different key (the
private key) to decrypt it.
Ex:- RSA and ECDSA algorithms.

6. Contd…
• Comparison between symmetric and asymmetric
encryption

7. Hashing
 Hashing is the method used to obtain a "digital
fingerprint" (hash) for a given message.
 The hash code has a fixed-length (normally 128 or
160 bits) and it's designed to be unique
 Some examples are MD2, MD4, MD5 (128 bits)
and SHA1 (Secure Hash Algorithm,160 bits )

8. Digital Signature
 To obtain a secure digital signature,
 At first the message is hashed
 Creating a digital fingerprint which is encrypted using the
receiver's public key
 Creating a digital signature. The clear message is combined with
the digital signature
 The result (an authenticated message) is sent
 After the reception, the message is separated from the digital
signature
 which is decrypted using the receiver's private key
 The message is hashed into a "temporary" digital fingerprint
 which is used to validate the received fingerprint
 If the message has not been modified during the transfer process,
it's authenticated.

9. Mechanism of Digital
Signature

10. Public Key Infrastructure
 Three different formats of messages can be used in public-
key cryptosystems: Encrypted message, Signed
message, Signed and encrypted message.
 An infrastructure must be set-up to allow them to be
undoubtedly trusted , as they are accessible via unsecured
networks (Internet)
 PKI entities:
-CA ( certification authority )
-RA ( registration authority )
-Subscriber
-Relying Party
-Repository

11. PKI basic entities and
operations

12. Certification
 Certification is the fundamental function of all PKIs.
The certificates provide a secure way of publishing
public keys, so that their validity can be trusted.
 A certificate contains (at least) the basic
information needed to provide a third party entity
with the subject's public key:
• Subject Identification information
• Subject public Key
• CA Identification Information
• Validity (e.g. time)

13. Certification contd...
 Cross certification :- Not all the entities will trust the
same CA to hold their certificates. Cross
certification is used to create the certificate
between two CAs. If both CAs trust each other, a
cross certificate pair is established. In other cases,
only one certificate would be created, and not a
pair.

14. Certification contd...
 Certification path :- In a universe composed of
several different CAs an arbitrary number of CAs
must validate each other, until a certificate is
obtained. This process is called certification path
validation.

15. Validation
 This is the process that ensures that
the certificate information is still valid,
as it can change over time.
 Either the user can ask the CA directly
about the validity - every time it's used
- or the CA may include a validity
period in the certificate. This second
alternative is also known as offline
validation.

16. Revocation
 This is the process of informing the users when the
information in a certificate is not valid.
 This is especially interesting in the absence of
online validation approaches, and the most
common revocation methods consist in publishing
Certification Revocation Lists (CRL).
 A CRL is a "black" list of revoked certificates that is
signed and periodically issued by a CA.

17. Authentication
 In order for the subject to gain access
to its private key, it has to possess a
smart card or an encrypted key file
and know something (PIN or
password) or be something (e.g. a
particular fingerprint).

18. Keys
 Key pair models :- To increase the security level,
different key pairs might exist for different
functions, which may be divided into the following
categories:
• Non-repudiatable message signing (e.g. e-mail).
• Encryption/Decryption functions.
• Authentication only (e.g. LOG ON functions).

19. Key Management
 These are the main steps performed
in a PKI structure to handle the key
pairs:
•Key Generation
•Storage of Private Keys
•Revocation of Public Keys
•Publication of certificates and CRL
•Key Update
•Backup / Recovery
•Escrow / Recovery

20. Related Technologies
 CMS - Cryptographic Message Syntax
 SSL
 Secure e-mail / S/MIME
 VPN (Virtual Private Network)
 PGP (Pretty Good Privacy)

21. Conclusion
 RFC 2822(Internet Security Glossary)
defines public-key infrastructure(PKI) as the
set of hardware , software , people , policies
and procedures needed to revoke digital
certificates based on asymmetric
cryptography.
 The principal objective for developing a PKI
is to enable secure , convenient and
efficient acquisition of public keys.

22. References
 Wikipedia
 www.studymafia.com
 Network Security Essentials
-by William Stallings
23

23. QUERIES…???

24. THANK YOU   