Module Four

Digital certificates counter this attack a

Info iconThis preview shows pages 8–11. Sign up to view the full content.

View Full Document Right Arrow Icon
Digital certificates counter this attack, a certificate can bind individuals to their key n A Certificate Authority (CA) acts as a notary to bind the key to the person n CA must be cross-certified by another CA
Background image of page 8

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Public Key Infrastructure - (PKI) Integration of digital signatures and certificates. n Digital Certificates n Certificate Authorities (CA) n Registrations Authorities n Policies and procedures n Certificate Revocation n Non-repudiation support n Timestamping n Lightweight Directory Access Protocol n Security Enabled Applications n Cross Certification Approaches to Escrowed Encryption n Allowing law enforcement to obtain the keys to view peoples encrypted data n Escrow the key in two pieces with two trusted escrow agents n Court order to get both pieces n Clipper Chip – implemented in tamper proof hardware Key Escrow using Public Key Cryptography n Fair Cryptosystems – Sylvio Micali, MIT n Private key is split and distributed n Can verify each portion of the key without joining Key Management n Key control n Key recovery n Key storage n Key retirement/destruction n Key Change n Key Generation n Key theft n Frequency of key use E-mail Security n Non-repudiation n Confidentiality of messages n Authentication of Source n Verification of delivery n Labeling of sensitive material n Control Access Secure Multipurpose Internet Mail Extensions (S/MIME) n Adds secure services to messages in MIME format n Provides authentication through digital signatures n Follows Public Key Cryptography Standards (PKCS) n Uses X.509 Signatures MIME Object Security Services (MOSS) n Provides flexibility by supporting different trust models n Uses MD5, RSA Public Key and DES n Permits identification outside of the X.509 Standard
Background image of page 9
Privacy Enhanced Mail (PEM) n Compliant with Public Key Cryptography Standards (PKCS) n Developed by consortium of Microsoft, Sun, and Novell n Triple DES-EDE – Symmetric Encryption n MD2 and MD5 Message Digest n RSA Public Key – signatures and key distribution n X.509 Certificates and formal CA Pretty Good Privacy - PGP n Phil Zimmerman n Symmetric Cipher using IDEA n RSA is used for signatures and key distribution n No CA, uses “web of trust” n Users can certify each other Message Authentication Code n Check value derived from message contents SET – Secure Electronic Transaction n Visa and Mastercard developed in 1997 n Encrypts the payment information n DES – Symmetric Encryption n RSA Public Key – signatures and key distribution Secure Sockets Layer (SSL) - HTTPS n Developed by Netscape in 1994 n Uses public key to authenticate server to the client n Also provides option client to sever authentication n Supports RSA public Key Algorithms, IDEA, DES, and 3DES n Supports MD5 Hashing n HTTPS header n Resides between the application and TCP layer n Can be used by telnet, FTP, HTTP and e-mail protocols. n
Background image of page 10

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 11
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page8 / 12

Digital certificates counter this attack a certificate can...

This preview shows document pages 8 - 11. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online