2. Digital Certificate
Secret Key
Key
Distribution Center)
Public Key
Authority (CA)
Public Key
Key
CA
‣
‣
Faculty of Information Technology
CA
Key
KDC (Key
Certificate
CA
Public
CA
(Digital Certificate)
Page
2
3. Digital Certificate
Digital Certificate
Public Key
Digital Certificate
Digital Signature
Owner’s Info
CA
Owner’s public key
Issuer’s Info
Issuer’s signature
Certificate
Faculty of Information Technology
Public Key
Digital Certificate
Digital
Page
3
4. Public Key
Infrastructure (PKI)
public key cryptosystem
public/private
key pair
certificate
Trusted
Third Party (TTP)
public/private key pair
identity
certificate
certificate
public
key
certificate
TTP
sign
certificate
Subjec Public Expiratio
…
TTP
private key
TTP Issuer
t ID
Faculty of Information Technology
Key
n Date
(TTP ID)
Certificate Structure
Signature
Page
4
5. Public Key
Infrastructure (PKI)
Certificate Authority (CA)
TTP
certificate
CA 1
certificate
CA
verify certificate
public key
CA
CA
(hierarchy)
Public Key Infrastructure (PKI)
‣
CA
‣
Faculty of Information Technology
Root CA
certificate
public key
Root
Page
5
6. Public Key
Infrastructure (PKI)
Root
CertC
A1
CA PKC Sigr CA
1
A1
oot
1
CertAl
ice
Alic PKA Sig
lice
CA1
e
CA
CertC
CA PKC Sigr
CA A2
A2
oot
2
2
CertC
CA2
CA2 A2.2 PKC SigC
CA
.1 Cert
.2
A2
2.2 A2.2
ob
Bob
B
PKB SigC
ob
A2.2
Alice Bob: message || CertAlice || CertCA1
Bob Alice: message || CertBob || CertCA2.2 || CertCA2
tree
certificate
CA
certificate
CA
hash
certificate
Faculty of Information Technology
copy
CA
certificate
Page
6
8. Certificates
Windows
Internet Explorer (IE)
Certificates
Applications
‣
Microsoft
Certificates
IE
Tools Internet Options
Faculty of Information Technology
Page
12. X.509
X.509
ITU-T (International
Telecommunication Union –
Telecommunication Standardization
Sector)
Public Key Infrastructure
(PKI)
‣
Certificate,
Revocation List,
Certificate
Faculty of Information Technology
PKI
Certificate
Page
12
13. X.509 Certificate
X.509
Version 3
certificate
CA
Sign Certificate
CA
Certificate
Sign
Certificate
Certificate
Public Key
Key
Pubic Key
CA
Certificate
Hash
Private Key
CA
Certificate
CA
Hash
Faculty of Information Technology
Page
13
16. X.509 Certification
Signature Chain
Certification Signature
Chain
trust
cross-certified
CA
Alice
Cathy
Alice
certificate signature chain
Bob
Cathy<<Dan>> Dan<<Bob>>
‣
• Alice
Dan
Alice
Faculty of Information Technology
Dan
Certificate
Cathy
Cathy
Bob
Bob
Certificate
Page
16
31. (Countermeasures)
Against popular password attack
‣ Policies
password
‣ Scan
IP addresses
authentication requests
cookies
client
pattern
password
Against password guessing against
single user
‣
‣ policies
,
Faculty of Information Technology
password policies
password
password, set
,
Page
31
32. (Countermeasures)
Against exploiting user mistakes
‣
,
intrusion detection
‣
passwords
authentication
Against exploiting multiple password
use
‣ policies
password
network device
Against electronic monitoring
‣
Replay Attack
Faculty of Information Technology
Page
32