PKI Implementation - Introduction to Cryptography - Lecture Slides, Slides of Network security

The major points in the database are given as: Pki Implementation, User Names, Trust, Authorization, Revocation, Keys, Unique Individual, Identification, Multiple, Social Security Number

Typology: Slides

2012/2013

Uploaded on 04/22/2013

sathiamoorthy
sathiamoorthy 🇮🇳

4.4

(24)

106 documents

1 / 13

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
PKI Implementation
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd

Partial preview of the text

Download PKI Implementation - Introduction to Cryptography - Lecture Slides and more Slides Network security in PDF only on Docsity!

1

PKI Implementation

2

PKI Implementation

  • User names and PKI
  • Trust
  • Authorization
  • Revocation
  • Keys and PKI

4

User names and PKI

  • Certificate Authority assigns unique names
  • CA also provides verification

5

Trust

  • PKI enables key management for

cryptography

  • PKI relies on the trustworthiness of the CA
  • Cryptography emphasizes trust for key

exchange

7

Authorization

  • Credentialing is another way to provide

authorization

  • Credentialing enables time-based

authorization

  • Credentialing could be cumbersome in

online validation of certificates

8

Revocation

  • CA revokes certificates based on:
    • User request (possibly lost key)
    • Failure to follow policies
    • Employee left the organization
  • Users should be educated to check for revocation
  • Revocation involves:
    • Reliability
    • Speed
  • Revocation system should be dynamic

10

Keys and PKI

  • Key server could perform the role of PKI
  • Key server has some disadvantages
  • Key server must be available all the time for validation
  • PKI, because of CRL and expiration, does not have to be available all the time
  • Key server is centralized by its very nature
  • PKI uses certificates used by CAs by other validation means

11

Keys and PKI

  • PKI provides non-repudiation
  • The root key of CA need not be online for

authentication or verification

  • PKI is more complex than a key server

system

  • Key servers are well suited for small

systems

  • PKI is well suited for large systems

13

Keys and PKI

  • Alice generates the public/private key and

shares the public key with the CA who validates Alice

  • CA distributes the public key
  • Keys should have a passive use time with

reference to expiration of key