Scribd
Upload
16 views14 pages

Module 2 - Key Management and X.509 Certificate

Uploaded by

Sarthak Gupta
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
16 views14 pages

Module 2 - Key Management and X.509 Certificate

Uploaded by

Sarthak Gupta
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

CBE 321– Cloud Computing

and Security
Dr. E.Silambarasan
Assistant Professor
Department of CSE - Cyber Security
Indian Institute of Information Technology, Kottayam
Key Management
• In cryptography, it is a very tedious task to distribute the public and private keys between
sender and receiver.
• If the key is known to the third party (forger/eavesdropper) then the whole security
mechanism becomes worthless. So, there comes the need to secure the exchange of keys.
There are two aspects for Key Management:
1. Distribution of public keys.
2. Use of public-key encryption to distribute secrets.
Distribution of Public Key:
The public key can be distributed in four ways:
1.Public announcement
2.Publicly available directory
3.Public-key authority
4.Public-key certificates
Key Management – Key Distribution
Issues:
• hierarchies of KDCs required for large
networks, but must trust each other
• session key lifetimes should be limited for
greater security
• use of automatic key distribution on
behalf of users, but must trust system
• use of decentralized key distribution
• controlling key usage
Key Management – Key Distribution
Key Management
1. Public Announcement:
• Here the public key is broadcasted to everyone.
• The major weakness of this method is a forgery.
• Anyone can create a key claiming to be someone else and broadcast it.
• Until forgery is discovered can masquerade as claimed user.
2. Publicly Available Directory:
• In this type, the public key is stored in a public directory.
• Directories are trusted here, with properties like Participant Registration, access
and allow to modify values at any time, contains entries like {name, public key}.
• Directories can be accessed electronically still vulnerable to forgery or
tampering.
Key Management
3. Public Key Authority:
• It is like the directory but, improves security by tightening control over the distribution of
keys from the directory.
• It requires users to know the public key for the directory.
• Whenever the keys are needed, real-time access to the directory is made by the user to
obtain any desired public key securely.
4. Public Certification:
• This time authority provides a certificate (which binds an identity to the public key) to
allow key exchange without real-time access to the public authority each time.
• The certificate is accompanied by some other info such as period of validity, rights of use,
etc.
• All this content is signed by the private key of the certificate authority, and it can be
verified by anyone possessing the authority’s public key.
• First sender and receiver both request CA for a certificate which contains a public key and
other information and then they can exchange these certificates and can start
communication.
Key Management
Public Key Certificates
• certificates allow key exchange without
real-time access to public-key authority
• a certificate binds identity to public key
• usually with other info such as period of
validity, rights of use etc
• with all contents signed by a trusted
Public-Key or Certificate Authority (CA)
• can be verified by anyone who knows
the public-key authorities public-key
X.509 Certificates
X.509 Certificates
• issued by a Certification Authority (CA), containing:
• version V (1, 2, or 3)
• serial number SN (unique within CA) identifying
certificate
• signature algorithm identifier AI
• issuer X.500 name CA)
• period of validity TA (from - to dates)
• subject X.500 name A (name of owner)
• subject public-key info Ap (algorithm,
parameters, key)
• issuer unique identifier (v2+)
• subject unique identifier (v2+)
• extension fields (v3)
• signature (of hash of all fields in certificate)
• notation CA<<A>> denotes certificate for A signed by CA
Certificate Revocation
• certificates have a period of validity
• may need to revoke before expiry,
eg:
• user's private key is compromised
• user is no longer certified by this CA
• CA's certificate is compromised

• CA’s maintain list of revoked


certificates
• the Certificate Revocation List (CRL)

• users should check certificates with


CA’s CRL
X.509 Certificates
X.509 Certificates
X.509 Certificates

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy