Upload File

public key infrastructure (pki)...public key certi cates figure: image from cryptography and network...

  • Home
  • Documents
  • Public Key Infrastructure (PKI)...Public key certi cates Figure: image from Cryptography and Network Security - Principles and Practice - William Stallings A certi cate consists mainly
13
Public Key Infrastructure (PKI) Myrto Arapinis School of Informatics University of Edinburgh October 16, 2017 1 / 13

Upload: others

Post on 06-Feb-2021

6 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • Public Key Infrastructure (PKI)

    Myrto ArapinisSchool of Informatics

    University of Edinburgh

    October 16, 2017

    1 / 13

  • Public keys

    Figure: How does Alice trust that pkAmazon is Amazon’s public key?

    Public-key encryption schemes are secure only if the authenticity ofthe public key is assured

    2 / 13

  • Distribution of public keys

    1. Public announcements - participants broadcast their public key/ does not defend against forgeries

    2. Publicly available directories - participants publish their publickey on public directories/ does not defend against forgeries

    3. Public-key authority - participants contact the authority foreach public key it needs/ bottleneck in the system

    4. public-key certificates - CAs issue certificates to participantson their public key, as reliable as public-key authority but avoiding thebottleneck

    3 / 13

  • Public key certificates

    Figure: image from Cryptography and Network Security - Principles and Practice -William Stallings

    A certificate consists mainly of

    I a public key

    I a subject identifying the owner of the key

    I a signature by the CA on the key and the subject bindingthem togetherthe CA is trusted

    4 / 13

  • X.509 certificates

    Figure: image from Cryptography and Network Security - Principles and Practice -William Stallings

    I X.509 defines a framework for the provision of authenticationservices

    I Used by many applications such as TLS

    5 / 13

  • Public key certificates

    Figure: Alice can now verify Amazon’s certificate

    6 / 13

  • Using public key certificates to secure the Internet

    A very important implicit assumption

    The browser is trusted to be “secure”

    7 / 13

  • Amazon’s certificate

    8 / 13

  • Browser root certificates

    9 / 13

  • Chain of trust

    Figure: X.509 Hierarchy - image from Cryptography and Network Security -Principles and Practice - William Stallings

    I Having a single CA sign all certificates is not practical

    I Instead a root CA signs certificates for level 1 CAs, level 1CAs sign certificates for level 2 CAs, etc

    10 / 13

  • Self-signed certificates

    11 / 13

  • The Lenovo Superfish scandal (February 2015)

    12 / 13

  • And more recently (September 2016)

    13 / 13


$819,663,725 (Approximate)ä Guaranteed Grantor Trust Pass ... · Prospectus $819,663,725 (Approximate)ä Guaranteed Grantor Trust Pass-Through Certi—cates Fannie Mae Grantor Trust

THINK YOUR NETWORK IS SAFE? CHECK YOUR PRINTERS…Areas of deployment for common criteria security certi˜cates: 16% 72% 58% 44% Only deploy security certi˜cates for printers. TYPICAL

Farkas certi cates and minimal witnesses for probabilistic ......Farkas certi cates and minimal witnesses 325 fragments of CTL [28]. For a probabilistic system Mand a linear time property

Structured Certi cates of Deposit: Introduction and … Certificates of Deposit.pdf · Structured Certi cates of Deposit: Introduction and Valuation Geng Deng, PhD, FRMy Tim Dulaney,

X.509 Certi cates: A Tutorial for Android · Jorn Lapon MSEC X.509 Tutorial 1 Introduction This tutorial covers the basic steps towards the use of X.509 certi cates for strong authentication

PROJECT PERIODIC REPORT - avantssar.euavantssar.eu/pdf/deliverables/avantssar-ppr-P2.pdf · 3.1.5 WP6: Dissemination and industry migration . . . . .34 ... 9 Certi cates (signed originals

Minimal witnesses for probabilistic timed automatafunke/data/MinimalWitnessPTA.pdf · ence bounds matrices, it is shown how Farkas certi cates of nite-state bisimulation quotients

Subadditive Approaches to Mixed Integer …...Other than optimality certi cates, subadditive generator functions are useful tools for sensitivity analysis in mixed integer optimization

The GNU Name System - Grothoff · I Domain Name System (Root zone) I DNSSEC root certi cate I X.509 CAs (HTTPS certi cates) I Major browser vendors (CA root stores!) I Encryption

STCW - ITF Seafarers · valid STCW certi cate covering the functions performed on-board. Administrations will also issue and recognise and endorse certi cates in accordance with the

Certi cateless Public Key Signature Schemes from Standard ... · Certi cateless public key cryptography (CL-PKC) is designed to have suc-cinct public key management without using

Threshold cryptography in P2P and MANETsgts/paps/COMPNW3557.pdfOur work uses group membership certi cates to assert group membership. Certi cates, as usual, prompt the revocation headache

Optimization and learning techniques for clustering problemsvillar/files/cargese_villar.pdf · I Landscape of manifold optimization I Lower bounds certi cates from SDPs ... 100 150

The Valuation of Derivatives on Carbon Emission Certi ...swiss.cfa/SiteCollectionDocuments/CO2_Paper_CFA_new.pdf · The Valuation of Derivatives on Carbon Emission Certi cates - a

Certi cates for Properties of Reliability Polynomials of ...users.monash.edu/~kmorgan/Rui/Thesis.pdf · Certi cates for Properties of Reliability Polynomials of Graphs by Rui Chen,

Blockchain-based Public Key Infrastructure for Inter ...papadim/publications/...speci c certi cates, etc.) stored in the blockchain. SBTM can provide bene ts over existing approaches

Key Information Booklet Including Policies & Certifi cates · Key Information Booklet Including Policies & Certifi cates FRANCE GERMANY HONG KONG Y IRELAND Y KOREA LUXEMBOURG YSIA

Sum of squares: a concise introduction · 2017-06-24 · 13- Introduction to sums of squares Linear programming duality Certi cates nonexistence ofrealsolutions oflinearequations

Ministry of Education & Higher Education ﻲﻟﺎﻌﻟا …£سس ومعايير معادلة...Ministry of Education & Higher Education Student Information Center Department Certi˜cates

Certi cates for properties of stability polynomials of graphsusers.monash.edu/~kmorgan/Ranjie/Thesis.pdfthe properties of stability polynomials. The upper bounds of the length of certi

Revisiting User Privacy for Certi cate Transparencyramacher.at/_static/papers/ct-privacy.pdf · net. Certi cates issued as part of this PKI provide authentication of web servers among

BioStation L2 EN 사본 · Certi˜cates Fingerprint SUPREMA/ ISO 19794-2/ ANSI 378 MINEX certi˜ed and compliant Supported 125 KHz EM 13.56 MHz Mifare/ DESFire/ DESFire EV1/ Felica/NFC

Research Summary...aIn 2003 certi˜cates included only undergraduate certi˜cates; in 2013 it also included post-graduate certi˜cates, which UAA began reporting in 2006, and occupational

Guaranteed REMIC Pass-Through Certi—cates...of certi—cates in each series will be the ""residual interest’’ in a REMIC; the others will be the ""regular interests.’’ Consider

Work Learn Live in as part of the National Health Service...Nursing Diploma / Degree Nursing Registration Certi cate Experience Certi cates Passport IELTS/OET Test Result NMC Stage

An Analysis of Errors in the Energy Performanceeprints.leedsbeckett.ac.uk/5844/1/AnAnalysisofErrorsin... · 2020. 3. 31. · 1. Introduction Energy performance certi cates (EPCs)

Issue First Activate Later Certi cates for V2Xpart of a broader public key infrastructure, e.g. share a common root. The EA can authenticate a vehicle under its canonical identifier,

Smarters Cat SmartBatt PagCatalogosmarters.eu/documentos/especificaciones/Smarters_Baterias_Smartphone.pdf · REFERENCE CODE Certi˜cates Lithium-Ion Battery Long lasting High capacity

Transparency Overlays and Applications · Key Infrastructure [20] and the related ARPKI [4] both require a distributed infrastructure for not only the storage of issued certi cates

Impacts of Key Community College Strategies on Non-Degree ... · degree credentials, a broad category that includes certi cates and technical diplomas that can be completed in two

Polynomial Certi cates for Propositional Classesmarias/papers/cert.pdf · Polynomial Certi cates for Propositional Classes? Marta Arias Center for Computational Learning Systems Columbia

Certi cate Discovery Using SPKI/SDSI 2.0 Certi catesgroups.csail.mit.edu/cis/theses/elien-masters.pdf · Certi cate Discovery Using SPKI/SDSI 2.0 Certi cates by Jean-Emile Elien S.B

arXiv:1607.05031v1 [math.CO] 18 Jul 2016 · certi cate of this fact. These certi cates have been studied and exhibit com-binatorial meaning. In this paper, we generalize some known

Vector Barrier Certi cates and Comparison Systemsaplatzer/pub/vector-barrier.pdf · Vector Barrier Certi cates and Comparison Systems 419 R. E. Bellman, who rst introduced vector

The E ect of Post-Baccalaureate Certi cates on Job Search ...The E ect of Post-Baccalaureate Certi cates on Job Search: Results from a Correspondence Study Amanda Gaulkeyand Hugh Cassidyz,