SlideShare a Scribd company logo

Ijarcet vol-2-issue-7-2307-2310

E
Editor IJARCET
Technology
1 of 4
Download to read offline
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume 2, Issue 7, July 2013 2307 www.ijarcet.org  Abstract — This paper presents a survey on Public-Key Infrastructure (PKI). This discussion is centered on overview of public-key infrastructure, its key elements, PKI management functions, protocols, digital certificate format and its applications. Public-key infrastructure (PKI) as the set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates based on asymmetric cryptography. Public-key infrastructure based on digital certificates and certificate authorties in order to securely implement public key cryptography. The principle objectives of developing a PKI is to enable secure, conventional, and efficient acquistion of public keys. A PKI enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates. Index Terms—PKI, certificate authority, digital certificate, PGP, SSL I. INTRODUCTION Public-key cryptography is a cryptographic technique that enables users to securely communicate on an insecure public network, and reliably verify the identity of a user with the help of digital certificates. A public-key infrastructure (PKI) is a system for the creation, storage, and distribution of digital certificates which are used to verifythat a particular public keys, securely stores these certificates in a central repositary, and revokes them if required. Security Services supported by PKI:  Authentication - Ability to verify the identity of an entity  Confidentiality - Protection of information from unauthorized disclosure  Data Integrity - Protection of information from undetected modification Manuscript received June, 2013. Anju Sharma, M.tech(network security), B.P.S Mahila Vishwavidhalaya Khanpur Kalan, Sonepat, India,9467772834 .Neeraj Goyat, M.tech(network security), B.P.S Mahila Vishwavidhalaya Khanpur Kalan, Sonepat, India,9034676338 Vinod Saroha, Asst. Professor (CSE & IT dept.) , B.P.S Mahila Vishwavidhalaya Khanpur Kalan, Sonepat, India , 9416427656  Non-repudiation - Prevention of an entity from denying previous actions  Key estalishment II. X.509 DIGITAL CERTIFICATE A digital certificate is a set of data that binds an identity to a particular piece of data. Each certificate contains the public key of a user and is signed with the private key of a trusted certification authority. These user certificates are assumes to be created by some trusted certificate authority (CA) and placed in the directory by the CA or by the user. Fig. 1. X.509 certificate X.509 certificate includes the following elements: 1.Version: - Differentiate among successive versions of certificate format, the default is version 1. If the issuer unique identifier and the subject unique identifier is present, the value must be version 2. If one or more extensions are present, the version must be version 3. 2. Serial number: - An integer value, unique within the issuing CA, that is unambiguously associated with each certificate. 3. Signature algorithm identifier: - The algorithm used to sign the certificate together with the associated parameters. 4. Issuer name: - X.509 name of the CA that created and signed this certificate. Public-Key Infrastructure (PKI) Anju Sharma, Neeraj Goyat, Vinod Saroha
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume 2, Issue 7, July 2013 www.ijarcet.org 2308 5. Period of validity: - Consist of 2 dates: the first and last on which the certificate is valid. 6. Subject name: - The name of the user to whom this certificate refers. That is, this certificate certifies the public key of the user who holds the corresponding private key. 7. Subject’s public key information: - The public key of the user plus the identifier of the algorithm for which this key is to be used, together with any associated parameters. 8. Issuer unique identifier: - An optional bit string used to identifyuniquelythe issuing CA in the event the X.500 name has been reused for different entities. 9. Subject unique identifier: - An optional bit string used to identify uniquely the subject in the event the X.500 name has been reused for different entities. 10. Extensions: - A set of one or more extension fields. 11. Signature: - Covers all the other field of the certificate; it contains the hash code of the other fields, encrypted with the CA’s private key. This field includes the signature algorithm identifier. The unique identifier fields were added in version 2 to handle the possible reuse of subject and issuer names over time. III. PUBLIC-KEY INFRASTRUCTURE(PKI) A PKI allows you to bind public keys with a personthat allows you to trust the certificate. A public-key infrastructure(PKI) is a set of hardware, software, people, policies, and procedure needed to create, manage, distribute, use, store, and revoke digital certificates. Fig. 2 PKIX Architectural Model Fig. 2 shows the interrelationship among the key elements of the PKIX model.These elements are  End entity: A generic term used to denote end users, devices (e.g., servers, routers); or any other entity that can be identified in the subject field of a public key certificate. End entities typically consume and/or support PKI related services.  Certificate authority (CA): The issuer of certificates and (usually) certificate revocation lists(CRLs). It may also support a varietyof administrative functions, although these are often delegated to one or more Registration Authoroties. Some Requirements of certificate authority (CA)  A physically secure operating environment  Tamper resistant modules for cryptographic processing (particularly for high-level keys)  The ability to generate cryptographic keys (a pseudorandom number generator?)  The ability to check both written and digital signatures  The ability to sign certificates  Software to support various certificate formats  The ability to transport keys securely (perhaps smartcards?)  A clearly defined security policy  Auditable procedures for producing certificates  The ability to maintain certificate revocation lists  The ability to cover potential financial liabilities.  Registration authority (RA): An optional component that can assume a number of administrative functions from the CA. The RA is often associated with the End Entity registration process, but can assis in a number of other areas as well.  CRL issuer: An optional component that a CA can delegate to publish CRLs.  Repository: A generic term used to denote any method for storing certificates and CRLs so that they can be retrieved by End Entities. IV. PKIX MANAGEMENT FUNCTIONS Public Key Infrastructure X.509 (PKIX) identifies a number of management functions that potentially need to be supported by management protocols. These are indicated in Fig. 2 and include the following:  Registration: This is theprocess whereby a user first makes itself known to a CA (directly, or through an RA) , prior to that CA issuing a certificate or certificates for that user. Registration begins the process of enrolling in a PKI. Registration usually involves some offline or online procedure for mutual authentication. Typically, the end entity is issued one or more shared secret keys used for subsequently authentication.  Initialization: Before a client system can operate securely, it is necessary to install key materials that have the appropriate relationshipwith keys stored elsewherein the infrastructure. For example, the client needs to be securelyinitialized with the public key and other assured information of the trusted CA(s),to be used in validating certificate paths.
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume 2, Issue 7, July 2013 2309 www.ijarcet.org  Certification: This is the process in which a CA issues a certificate for a user’s client system and/or posts that certificate in a repository.  Key pair recovery: Key pairs can be used to support digital signature creation and verification, encryption and decryption, or both. When a key pair is used for encryption/decryption, it is important to provide a mechanism to recover the necessary decryption keys when normal access to the keying materials is no longer possible, otherwise it will not be possible to recover the encrypted data. Loss of access to the decryption key can result from forgotten passwords/PINs, corrupted disk drivers, damage to hardware tokens, and so on. Key pair recovery allows end entities to restore teir encryption/decryption key pair from an authorized keybackup facility( typically, the CA that issued the End Entity’s certificate).  Key pair update: All key pairs need to be updated regularly (i.e., replaced with a new key pair) and new certificates issued. Update is required when the certificate lifetime expires and as a result of certificate revocation  Revocation request: An authorized person advises a CA of an abnormal situation requiring certificate revocation. Reasons for revocation include private key compromise, change in affiliation, and name change.  Cross certification: Two CAs exchange information used in establishing a cross-certificate. A cross-certificate is a certificate issued by one CA to another CA that contains a CA signature key used for issuing certificates. V. PKIX MANAGEMENT PROTOCOLS The PKIX working group has defines two alternative management protocols between PKIX entites that support the management functions:  RFC 2510 defines the certificate management protocols (CMP).Within CMP, each of the management functions is explictly identfied by specific protocol exchanges. CMP is designedto be a flexible protocol able to accommodate a variety of technical, operational, and business models.  RFC 2797 defines certificate management messages over CMS (CMC), where CMS refers to RFC 2630, cryptographics messages syntax. CMC is built on earlier work and is intended to leverage existing implementations. VI. PKI CERTIFICATION METHODS There are three approaches to getting this trust:  Certificate authorities : The primary role of the CA is to digitally sign and publish the public key bound to a given user. This is done using the CA’s own private key, so that trust in the user key relies on one’s trust in the validity of the CA’s key. When the CA is a third-party seprate from the user and the system, then it is called Registration Authority(RA), which may or may not be seprate from the CA. The term trusted third party (TTP) may also be used for certificate authority (CA).  Web of trust : An alternative approach to the problem of public authentication of public-key information is the web of trust scheme, which uses self-signed certificates and third party attestations of those certificates. Examples of implementations this is PGP ( Preety good privacy)  Simple public-key infrastructure: Another alternative which does not deal with public authentication of public-key information is the simple public-keyinfrastructure (SPKI) that grew to overcome the complexities of X.509 and PGP’s web of trust.PKI does not associate users with persons, since the key is what is trusted, rather than the person. SPKI does not use any notion of trust, as the verifier is also the issuer. This is called an “authorization loop” in SPKI, where authorization is integral to its design. VII. APPLICATIONS A PKI is a means to an end, providing the security framework by which PKI-enabled applications can be confidently deployed to achieve the end benefits. PKIs of one type or another, and from any of several vendors, have many uses, including providing public keys and bindings to user identities which are used for:  Encyption and/or sender authentication of e-mail messages ( e.g, using OpenPGP or S/MIME).  Encryption and/or authentication of documents( e.g., the XML Signature or XML Encryption standards if documents are encoded as XML.  Auhentication of users to applications( e.g. smart card log on, client auhentication with SSL.  Bootstrapping secure communication protocols, such as Internet key exchange (IKE) and SSL.  Mobile signatures are electronic signatures that are created using a mobile device and rely on signature or certification services in a location independent telecommunication enviornment. Client-side applications of PKI fit into three main categories:  Authentication applies to any application that needs to know with assurance the identity of the user and that the user is actually the one who is present.PKI provides a more secure alternative to this whereby identity is proven by possession of a private key instead of password. A password is still usually required to protect the private key, but that password is managed locally by the user instead of shared with the application server ( a major improvement in security)  Digital signatures is the possession of the private key that assures that only the owner of the PKI
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume 2, Issue 7, July 2013 www.ijarcet.org 2310 digital credentials could have executed the signature.  Encryption is standard protection of data in afile with a twist. Anyone can encrypt data intended to be read bya particular user byusing their public keyfor the encryption process. But only the designated user posesses the private key that can decrypt the data, so its privacy is assured by the security of the private key. VIII. CONCLUSION A main driver of PKI technology is the world’s ever-growing dependence on the Internet and all it has to offer is securing all types of e-business activities. Regrettably, four years into the PKI development process, policy-makers and technology-providers have still failed abysmally to appreciate the privacy risks inherent in PKI. Public key infrastructure based on digital certificates and certificate authorities remain the favoured method for trying to securely implement public key cryptography. There are many complicated issues that arise when trying to implement PKIs, most ofwhich do not have simple or technical solutions. PKI’s will not be adopted on a large scale until some of these problems are addressed satisfactorily – the best hope for this is through the establishment of recognized standards and best practice procedures that encourage interoperability between different CAs and PKIs. There are alternatives to traditional PKIs, but these come with their own problems and are most likely to be favoured in various niche application areas. IX. REFERENCES 1. Wikipedia 2. www.networkmagazine.com 3. http://www.infosyssec.net/infosyssec/pkibib1.htm 4. Network Security by William Stallings 5. www.google.com 6. http://searchsecurity.techtarget.com/definition/PKI .

Recommended

www.ijerd.com
www.ijerd.comwww.ijerd.com
www.ijerd.comIJERD Editor
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresOliver Pfaff
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureInformation Technology
 
PKI by Tim Polk
PKI by Tim PolkPKI by Tim Polk
PKI by Tim PolkInformation Security Awareness Group
 
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2dP2PSystem
 
Pki for dummies
Pki for dummiesPki for dummies
Pki for dummiesAlex de Jong
 
Digital signature and certificate authority
Digital signature and certificate authorityDigital signature and certificate authority
Digital signature and certificate authorityKrutiShah114
 
Pki and OpenSSL
Pki and OpenSSLPki and OpenSSL
Pki and OpenSSLTony Fabeen
 

Recommended

www.ijerd.com
www.ijerd.comwww.ijerd.com
www.ijerd.comIJERD Editor
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresOliver Pfaff
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureInformation Technology
 
PKI by Tim Polk
PKI by Tim PolkPKI by Tim Polk
PKI by Tim PolkInformation Security Awareness Group
 
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
317c0cdb 81da-40f9-84f2-1c5fba2f4b2dP2PSystem
 
Pki for dummies
Pki for dummiesPki for dummies
Pki for dummiesAlex de Jong
 
Digital signature and certificate authority
Digital signature and certificate authorityDigital signature and certificate authority
Digital signature and certificate authorityKrutiShah114
 
Pki and OpenSSL
Pki and OpenSSLPki and OpenSSL
Pki and OpenSSLTony Fabeen
 
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...RSIS International
 
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Editor IJMTER
 
Ppt
PptPpt
PptNidhi Bansal
 
Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Venkatesh Jambulingam
 
Cost effective authentic and anonymous data sharing with forward security
Cost effective authentic and anonymous data sharing with forward securityCost effective authentic and anonymous data sharing with forward security
Cost effective authentic and anonymous data sharing with forward securityLeMeniz Infotech
 
Final ppt ecommerce
Final ppt ecommerceFinal ppt ecommerce
Final ppt ecommercepriyanka Garg
 
Digital Certificates and Secure Web Access
Digital Certificates and Secure Web AccessDigital Certificates and Secure Web Access
Digital Certificates and Secure Web Accessbluntm64
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and ApplicationsSvetlin Nakov
 
documentation for identity based secure distrbuted data storage schemes
documentation for identity based secure distrbuted data storage schemesdocumentation for identity based secure distrbuted data storage schemes
documentation for identity based secure distrbuted data storage schemesSahithi Naraparaju
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerCheapSSLUSA
 
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITYCOST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITYShakas Technologies
 
Cost effective authentic and anonymous data sharing with forward security
Cost effective authentic and anonymous data sharing with forward securityCost effective authentic and anonymous data sharing with forward security
Cost effective authentic and anonymous data sharing with forward securityPvrtechnologies Nellore
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key InfrastructureTheo Gravity
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network securityrhassan84
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information securityDevam Shah
 
Cardholder authentication for the piv dig sig key nist ir-7863
Cardholder authentication for the piv dig sig key nist ir-7863Cardholder authentication for the piv dig sig key nist ir-7863
Cardholder authentication for the piv dig sig key nist ir-7863RepentSinner
 
PPT FOR IDBSDDS SCHEMES
PPT FOR IDBSDDS SCHEMESPPT FOR IDBSDDS SCHEMES
PPT FOR IDBSDDS SCHEMESSahithi Naraparaju
 
E collaborationscottrea
E collaborationscottreaE collaborationscottrea
E collaborationscottreaCollaborative Health Consortium
 
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITYCOST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITYNexgen Technology
 
Ciclo De Vida PAB
Ciclo De Vida PABCiclo De Vida PAB
Ciclo De Vida PABandreatcc
 
Seach Slideshow
Seach SlideshowSeach Slideshow
Seach Slideshowdlombana
 
Facebook 101
Facebook 101Facebook 101
Facebook 101CanadaHelps / MyCharityConnects
 

More Related Content

What's hot

Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...RSIS International
 
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Editor IJMTER
 
Cost effective authentic and anonymous data sharing with forward security
Cost effective authentic and anonymous data sharing with forward securityCost effective authentic and anonymous data sharing with forward security
Cost effective authentic and anonymous data sharing with forward securityLeMeniz Infotech
 
Digital Certificates and Secure Web Access
Digital Certificates and Secure Web AccessDigital Certificates and Secure Web Access
Digital Certificates and Secure Web Accessbluntm64
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and ApplicationsSvetlin Nakov
 
documentation for identity based secure distrbuted data storage schemes
documentation for identity based secure distrbuted data storage schemesdocumentation for identity based secure distrbuted data storage schemes
documentation for identity based secure distrbuted data storage schemesSahithi Naraparaju
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerCheapSSLUSA
 
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITYCOST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITYShakas Technologies
 
Cost effective authentic and anonymous data sharing with forward security
Cost effective authentic and anonymous data sharing with forward securityCost effective authentic and anonymous data sharing with forward security
Cost effective authentic and anonymous data sharing with forward securityPvrtechnologies Nellore
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key InfrastructureTheo Gravity
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network securityrhassan84
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information securityDevam Shah
 
Cardholder authentication for the piv dig sig key nist ir-7863
Cardholder authentication for the piv dig sig key nist ir-7863Cardholder authentication for the piv dig sig key nist ir-7863
Cardholder authentication for the piv dig sig key nist ir-7863RepentSinner
 
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITYCOST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITYNexgen Technology
 

What's hot (19)

Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
 
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
 
Ppt
PptPpt
Ppt
 
Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)
 
Cost effective authentic and anonymous data sharing with forward security
Cost effective authentic and anonymous data sharing with forward securityCost effective authentic and anonymous data sharing with forward security
Cost effective authentic and anonymous data sharing with forward security
 
Final ppt ecommerce
Final ppt ecommerceFinal ppt ecommerce
Final ppt ecommerce
 
Digital Certificates and Secure Web Access
Digital Certificates and Secure Web AccessDigital Certificates and Secure Web Access
Digital Certificates and Secure Web Access
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and Applications
 
documentation for identity based secure distrbuted data storage schemes
documentation for identity based secure distrbuted data storage schemesdocumentation for identity based secure distrbuted data storage schemes
documentation for identity based secure distrbuted data storage schemes
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets Layer
 
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITYCOST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
 
Cost effective authentic and anonymous data sharing with forward security
Cost effective authentic and anonymous data sharing with forward securityCost effective authentic and anonymous data sharing with forward security
Cost effective authentic and anonymous data sharing with forward security
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key Infrastructure
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information security
 
Cardholder authentication for the piv dig sig key nist ir-7863
Cardholder authentication for the piv dig sig key nist ir-7863Cardholder authentication for the piv dig sig key nist ir-7863
Cardholder authentication for the piv dig sig key nist ir-7863
 
PPT FOR IDBSDDS SCHEMES
PPT FOR IDBSDDS SCHEMESPPT FOR IDBSDDS SCHEMES
PPT FOR IDBSDDS SCHEMES
 
E collaborationscottrea
E collaborationscottreaE collaborationscottrea
E collaborationscottrea
 
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITYCOST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
 

Viewers also liked

Ciclo De Vida PAB
Ciclo De Vida PABCiclo De Vida PAB
Ciclo De Vida PABandreatcc
 
Seach Slideshow
Seach SlideshowSeach Slideshow
Seach Slideshowdlombana
 
Volume 2-issue-6-2068-2072
Volume 2-issue-6-2068-2072Volume 2-issue-6-2068-2072
Volume 2-issue-6-2068-2072Editor IJARCET
 
Ijarcet vol-2-issue-7-2268-2272
Ijarcet vol-2-issue-7-2268-2272Ijarcet vol-2-issue-7-2268-2272
Ijarcet vol-2-issue-7-2268-2272Editor IJARCET
 
Gimnasia artistica
Gimnasia artisticaGimnasia artistica
Gimnasia artisticaguest17655c
 

Viewers also liked (8)

Ciclo De Vida PAB
Ciclo De Vida PABCiclo De Vida PAB
Ciclo De Vida PAB
 
Seach Slideshow
Seach SlideshowSeach Slideshow
Seach Slideshow
 
Facebook 101
Facebook 101Facebook 101
Facebook 101
 
Volume 2-issue-6-2068-2072
Volume 2-issue-6-2068-2072Volume 2-issue-6-2068-2072
Volume 2-issue-6-2068-2072
 
Ijarcet vol-2-issue-7-2268-2272
Ijarcet vol-2-issue-7-2268-2272Ijarcet vol-2-issue-7-2268-2272
Ijarcet vol-2-issue-7-2268-2272
 
1670 1673
1670 16731670 1673
1670 1673
 
Gimnasia artistica
Gimnasia artisticaGimnasia artistica
Gimnasia artistica
 
Presentation EPiserver kravställ
Presentation EPiserver kravställPresentation EPiserver kravställ
Presentation EPiserver kravställ
 

Similar to Ijarcet vol-2-issue-7-2307-2310

Define PKI (Public Key Infrastructure) and list and discuss the type.pdf
Define PKI (Public Key Infrastructure) and list and discuss the type.pdfDefine PKI (Public Key Infrastructure) and list and discuss the type.pdf
Define PKI (Public Key Infrastructure) and list and discuss the type.pdfxlynettalampleyxc
 
Authentication and Authorization Models
Authentication and Authorization ModelsAuthentication and Authorization Models
Authentication and Authorization ModelsCSCJournals
 
Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Avirot Mitamura
 
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A... Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...Information Security Awareness Group
 
I would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdfI would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdfJUSTSTYLISH3B2MOHALI
 
COMPARISON OF CERTIFICATE POLICIES FORMERGING PUBLIC KEY INFRASTRUCTURESDURIN...
COMPARISON OF CERTIFICATE POLICIES FORMERGING PUBLIC KEY INFRASTRUCTURESDURIN...COMPARISON OF CERTIFICATE POLICIES FORMERGING PUBLIC KEY INFRASTRUCTURESDURIN...
COMPARISON OF CERTIFICATE POLICIES FORMERGING PUBLIC KEY INFRASTRUCTURESDURIN...IJNSA Journal
 
REMOVAL OF CERTIFICATES FROM SET PROTOCOL USING CERTIFICATELESS PUBLIC KEY CR...
REMOVAL OF CERTIFICATES FROM SET PROTOCOL USING CERTIFICATELESS PUBLIC KEY CR...REMOVAL OF CERTIFICATES FROM SET PROTOCOL USING CERTIFICATELESS PUBLIC KEY CR...
REMOVAL OF CERTIFICATES FROM SET PROTOCOL USING CERTIFICATELESS PUBLIC KEY CR...IJNSA Journal
 
IRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor AuthenticationIRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor AuthenticationIRJET Journal
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructurevimal kumar
 
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key SecurityIRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key SecurityIRJET Journal
 
iaetsd Robots in oil and gas refineries
iaetsd Robots in oil and gas refineriesiaetsd Robots in oil and gas refineries
iaetsd Robots in oil and gas refineriesIaetsd Iaetsd
 
Public key infrastructure
Public key infrastructurePublic key infrastructure
Public key infrastructureAditya Nama
 
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docxdurantheseldine
 
Network security unit 4,5,6
Network security unit 4,5,6 Network security unit 4,5,6
Network security unit 4,5,6 WE-IT TUTORIALS
 
Multifactor authenticationMultifactor authentication or MFA .docx
Multifactor authenticationMultifactor authentication or MFA .docxMultifactor authenticationMultifactor authentication or MFA .docx
Multifactor authenticationMultifactor authentication or MFA .docxgilpinleeanna
 
5.[29 38]a practical approach for implementation of public key infrastructure...
5.[29 38]a practical approach for implementation of public key infrastructure...5.[29 38]a practical approach for implementation of public key infrastructure...
5.[29 38]a practical approach for implementation of public key infrastructure...Alexander Decker
 
5.[29 38]a practical approach for implementation of public key infrastructure...
5.[29 38]a practical approach for implementation of public key infrastructure...5.[29 38]a practical approach for implementation of public key infrastructure...
5.[29 38]a practical approach for implementation of public key infrastructure...Alexander Decker
 

Similar to Ijarcet vol-2-issue-7-2307-2310 (20)

Define PKI (Public Key Infrastructure) and list and discuss the type.pdf
Define PKI (Public Key Infrastructure) and list and discuss the type.pdfDefine PKI (Public Key Infrastructure) and list and discuss the type.pdf
Define PKI (Public Key Infrastructure) and list and discuss the type.pdf
 
Authentication and Authorization Models
Authentication and Authorization ModelsAuthentication and Authorization Models
Authentication and Authorization Models
 
Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)
 
Certification Authority - Sergio Lietti
Certification Authority - Sergio LiettiCertification Authority - Sergio Lietti
Certification Authority - Sergio Lietti
 
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A... Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
 
Fu3111411144
Fu3111411144Fu3111411144
Fu3111411144
 
I would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdfI would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdf
 
COMPARISON OF CERTIFICATE POLICIES FORMERGING PUBLIC KEY INFRASTRUCTURESDURIN...
COMPARISON OF CERTIFICATE POLICIES FORMERGING PUBLIC KEY INFRASTRUCTURESDURIN...COMPARISON OF CERTIFICATE POLICIES FORMERGING PUBLIC KEY INFRASTRUCTURESDURIN...
COMPARISON OF CERTIFICATE POLICIES FORMERGING PUBLIC KEY INFRASTRUCTURESDURIN...
 
REMOVAL OF CERTIFICATES FROM SET PROTOCOL USING CERTIFICATELESS PUBLIC KEY CR...
REMOVAL OF CERTIFICATES FROM SET PROTOCOL USING CERTIFICATELESS PUBLIC KEY CR...REMOVAL OF CERTIFICATES FROM SET PROTOCOL USING CERTIFICATELESS PUBLIC KEY CR...
REMOVAL OF CERTIFICATES FROM SET PROTOCOL USING CERTIFICATELESS PUBLIC KEY CR...
 
IRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor AuthenticationIRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor Authentication
 
Everything you need to Know about PKI .pdf
Everything you need to Know about PKI .pdfEverything you need to Know about PKI .pdf
Everything you need to Know about PKI .pdf
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
 
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key SecurityIRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
 
iaetsd Robots in oil and gas refineries
iaetsd Robots in oil and gas refineriesiaetsd Robots in oil and gas refineries
iaetsd Robots in oil and gas refineries
 
Public key infrastructure
Public key infrastructurePublic key infrastructure
Public key infrastructure
 
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx
133IEEE Network • NovemberDecember 2020 0890-804420$25.00 ©.docx
 
Network security unit 4,5,6
Network security unit 4,5,6 Network security unit 4,5,6
Network security unit 4,5,6
 
Multifactor authenticationMultifactor authentication or MFA .docx
Multifactor authenticationMultifactor authentication or MFA .docxMultifactor authenticationMultifactor authentication or MFA .docx
Multifactor authenticationMultifactor authentication or MFA .docx
 
5.[29 38]a practical approach for implementation of public key infrastructure...
5.[29 38]a practical approach for implementation of public key infrastructure...5.[29 38]a practical approach for implementation of public key infrastructure...
5.[29 38]a practical approach for implementation of public key infrastructure...
 
5.[29 38]a practical approach for implementation of public key infrastructure...
5.[29 38]a practical approach for implementation of public key infrastructure...5.[29 38]a practical approach for implementation of public key infrastructure...
5.[29 38]a practical approach for implementation of public key infrastructure...
 

More from Editor IJARCET

Electrically small antennas: The art of miniaturization
Electrically small antennas: The art of miniaturizationElectrically small antennas: The art of miniaturization
Electrically small antennas: The art of miniaturizationEditor IJARCET
 
Volume 2-issue-6-2205-2207
Volume 2-issue-6-2205-2207Volume 2-issue-6-2205-2207
Volume 2-issue-6-2205-2207Editor IJARCET
 
Volume 2-issue-6-2195-2199
Volume 2-issue-6-2195-2199Volume 2-issue-6-2195-2199
Volume 2-issue-6-2195-2199Editor IJARCET
 
Volume 2-issue-6-2200-2204
Volume 2-issue-6-2200-2204Volume 2-issue-6-2200-2204
Volume 2-issue-6-2200-2204Editor IJARCET
 
Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Editor IJARCET
 
Volume 2-issue-6-2186-2189
Volume 2-issue-6-2186-2189Volume 2-issue-6-2186-2189
Volume 2-issue-6-2186-2189Editor IJARCET
 
Volume 2-issue-6-2177-2185
Volume 2-issue-6-2177-2185Volume 2-issue-6-2177-2185
Volume 2-issue-6-2177-2185Editor IJARCET
 
Volume 2-issue-6-2173-2176
Volume 2-issue-6-2173-2176Volume 2-issue-6-2173-2176
Volume 2-issue-6-2173-2176Editor IJARCET
 
Volume 2-issue-6-2165-2172
Volume 2-issue-6-2165-2172Volume 2-issue-6-2165-2172
Volume 2-issue-6-2165-2172Editor IJARCET
 
Volume 2-issue-6-2159-2164
Volume 2-issue-6-2159-2164Volume 2-issue-6-2159-2164
Volume 2-issue-6-2159-2164Editor IJARCET
 
Volume 2-issue-6-2155-2158
Volume 2-issue-6-2155-2158Volume 2-issue-6-2155-2158
Volume 2-issue-6-2155-2158Editor IJARCET
 
Volume 2-issue-6-2148-2154
Volume 2-issue-6-2148-2154Volume 2-issue-6-2148-2154
Volume 2-issue-6-2148-2154Editor IJARCET
 
Volume 2-issue-6-2143-2147
Volume 2-issue-6-2143-2147Volume 2-issue-6-2143-2147
Volume 2-issue-6-2143-2147Editor IJARCET
 
Volume 2-issue-6-2119-2124
Volume 2-issue-6-2119-2124Volume 2-issue-6-2119-2124
Volume 2-issue-6-2119-2124Editor IJARCET
 
Volume 2-issue-6-2139-2142
Volume 2-issue-6-2139-2142Volume 2-issue-6-2139-2142
Volume 2-issue-6-2139-2142Editor IJARCET
 
Volume 2-issue-6-2130-2138
Volume 2-issue-6-2130-2138Volume 2-issue-6-2130-2138
Volume 2-issue-6-2130-2138Editor IJARCET
 
Volume 2-issue-6-2125-2129
Volume 2-issue-6-2125-2129Volume 2-issue-6-2125-2129
Volume 2-issue-6-2125-2129Editor IJARCET
 
Volume 2-issue-6-2114-2118
Volume 2-issue-6-2114-2118Volume 2-issue-6-2114-2118
Volume 2-issue-6-2114-2118Editor IJARCET
 
Volume 2-issue-6-2108-2113
Volume 2-issue-6-2108-2113Volume 2-issue-6-2108-2113
Volume 2-issue-6-2108-2113Editor IJARCET
 
Volume 2-issue-6-2102-2107
Volume 2-issue-6-2102-2107Volume 2-issue-6-2102-2107
Volume 2-issue-6-2102-2107Editor IJARCET
 

More from Editor IJARCET (20)

Electrically small antennas: The art of miniaturization
Electrically small antennas: The art of miniaturizationElectrically small antennas: The art of miniaturization
Electrically small antennas: The art of miniaturization
 
Volume 2-issue-6-2205-2207
Volume 2-issue-6-2205-2207Volume 2-issue-6-2205-2207
Volume 2-issue-6-2205-2207
 
Volume 2-issue-6-2195-2199
Volume 2-issue-6-2195-2199Volume 2-issue-6-2195-2199
Volume 2-issue-6-2195-2199
 
Volume 2-issue-6-2200-2204
Volume 2-issue-6-2200-2204Volume 2-issue-6-2200-2204
Volume 2-issue-6-2200-2204
 
Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194
 
Volume 2-issue-6-2186-2189
Volume 2-issue-6-2186-2189Volume 2-issue-6-2186-2189
Volume 2-issue-6-2186-2189
 
Volume 2-issue-6-2177-2185
Volume 2-issue-6-2177-2185Volume 2-issue-6-2177-2185
Volume 2-issue-6-2177-2185
 
Volume 2-issue-6-2173-2176
Volume 2-issue-6-2173-2176Volume 2-issue-6-2173-2176
Volume 2-issue-6-2173-2176
 
Volume 2-issue-6-2165-2172
Volume 2-issue-6-2165-2172Volume 2-issue-6-2165-2172
Volume 2-issue-6-2165-2172
 
Volume 2-issue-6-2159-2164
Volume 2-issue-6-2159-2164Volume 2-issue-6-2159-2164
Volume 2-issue-6-2159-2164
 
Volume 2-issue-6-2155-2158
Volume 2-issue-6-2155-2158Volume 2-issue-6-2155-2158
Volume 2-issue-6-2155-2158
 
Volume 2-issue-6-2148-2154
Volume 2-issue-6-2148-2154Volume 2-issue-6-2148-2154
Volume 2-issue-6-2148-2154
 
Volume 2-issue-6-2143-2147
Volume 2-issue-6-2143-2147Volume 2-issue-6-2143-2147
Volume 2-issue-6-2143-2147
 
Volume 2-issue-6-2119-2124
Volume 2-issue-6-2119-2124Volume 2-issue-6-2119-2124
Volume 2-issue-6-2119-2124
 
Volume 2-issue-6-2139-2142
Volume 2-issue-6-2139-2142Volume 2-issue-6-2139-2142
Volume 2-issue-6-2139-2142
 
Volume 2-issue-6-2130-2138
Volume 2-issue-6-2130-2138Volume 2-issue-6-2130-2138
Volume 2-issue-6-2130-2138
 
Volume 2-issue-6-2125-2129
Volume 2-issue-6-2125-2129Volume 2-issue-6-2125-2129
Volume 2-issue-6-2125-2129
 
Volume 2-issue-6-2114-2118
Volume 2-issue-6-2114-2118Volume 2-issue-6-2114-2118
Volume 2-issue-6-2114-2118
 
Volume 2-issue-6-2108-2113
Volume 2-issue-6-2108-2113Volume 2-issue-6-2108-2113
Volume 2-issue-6-2108-2113
 
Volume 2-issue-6-2102-2107
Volume 2-issue-6-2102-2107Volume 2-issue-6-2102-2107
Volume 2-issue-6-2102-2107
 

Recently uploaded

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 

Recently uploaded (20)

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 

Ijarcet vol-2-issue-7-2307-2310

  • 1. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume 2, Issue 7, July 2013 2307 www.ijarcet.org  Abstract — This paper presents a survey on Public-Key Infrastructure (PKI). This discussion is centered on overview of public-key infrastructure, its key elements, PKI management functions, protocols, digital certificate format and its applications. Public-key infrastructure (PKI) as the set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates based on asymmetric cryptography. Public-key infrastructure based on digital certificates and certificate authorties in order to securely implement public key cryptography. The principle objectives of developing a PKI is to enable secure, conventional, and efficient acquistion of public keys. A PKI enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates. Index Terms—PKI, certificate authority, digital certificate, PGP, SSL I. INTRODUCTION Public-key cryptography is a cryptographic technique that enables users to securely communicate on an insecure public network, and reliably verify the identity of a user with the help of digital certificates. A public-key infrastructure (PKI) is a system for the creation, storage, and distribution of digital certificates which are used to verifythat a particular public keys, securely stores these certificates in a central repositary, and revokes them if required. Security Services supported by PKI:  Authentication - Ability to verify the identity of an entity  Confidentiality - Protection of information from unauthorized disclosure  Data Integrity - Protection of information from undetected modification Manuscript received June, 2013. Anju Sharma, M.tech(network security), B.P.S Mahila Vishwavidhalaya Khanpur Kalan, Sonepat, India,9467772834 .Neeraj Goyat, M.tech(network security), B.P.S Mahila Vishwavidhalaya Khanpur Kalan, Sonepat, India,9034676338 Vinod Saroha, Asst. Professor (CSE & IT dept.) , B.P.S Mahila Vishwavidhalaya Khanpur Kalan, Sonepat, India , 9416427656  Non-repudiation - Prevention of an entity from denying previous actions  Key estalishment II. X.509 DIGITAL CERTIFICATE A digital certificate is a set of data that binds an identity to a particular piece of data. Each certificate contains the public key of a user and is signed with the private key of a trusted certification authority. These user certificates are assumes to be created by some trusted certificate authority (CA) and placed in the directory by the CA or by the user. Fig. 1. X.509 certificate X.509 certificate includes the following elements: 1.Version: - Differentiate among successive versions of certificate format, the default is version 1. If the issuer unique identifier and the subject unique identifier is present, the value must be version 2. If one or more extensions are present, the version must be version 3. 2. Serial number: - An integer value, unique within the issuing CA, that is unambiguously associated with each certificate. 3. Signature algorithm identifier: - The algorithm used to sign the certificate together with the associated parameters. 4. Issuer name: - X.509 name of the CA that created and signed this certificate. Public-Key Infrastructure (PKI) Anju Sharma, Neeraj Goyat, Vinod Saroha
  • 2. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume 2, Issue 7, July 2013 www.ijarcet.org 2308 5. Period of validity: - Consist of 2 dates: the first and last on which the certificate is valid. 6. Subject name: - The name of the user to whom this certificate refers. That is, this certificate certifies the public key of the user who holds the corresponding private key. 7. Subject’s public key information: - The public key of the user plus the identifier of the algorithm for which this key is to be used, together with any associated parameters. 8. Issuer unique identifier: - An optional bit string used to identifyuniquelythe issuing CA in the event the X.500 name has been reused for different entities. 9. Subject unique identifier: - An optional bit string used to identify uniquely the subject in the event the X.500 name has been reused for different entities. 10. Extensions: - A set of one or more extension fields. 11. Signature: - Covers all the other field of the certificate; it contains the hash code of the other fields, encrypted with the CA’s private key. This field includes the signature algorithm identifier. The unique identifier fields were added in version 2 to handle the possible reuse of subject and issuer names over time. III. PUBLIC-KEY INFRASTRUCTURE(PKI) A PKI allows you to bind public keys with a personthat allows you to trust the certificate. A public-key infrastructure(PKI) is a set of hardware, software, people, policies, and procedure needed to create, manage, distribute, use, store, and revoke digital certificates. Fig. 2 PKIX Architectural Model Fig. 2 shows the interrelationship among the key elements of the PKIX model.These elements are  End entity: A generic term used to denote end users, devices (e.g., servers, routers); or any other entity that can be identified in the subject field of a public key certificate. End entities typically consume and/or support PKI related services.  Certificate authority (CA): The issuer of certificates and (usually) certificate revocation lists(CRLs). It may also support a varietyof administrative functions, although these are often delegated to one or more Registration Authoroties. Some Requirements of certificate authority (CA)  A physically secure operating environment  Tamper resistant modules for cryptographic processing (particularly for high-level keys)  The ability to generate cryptographic keys (a pseudorandom number generator?)  The ability to check both written and digital signatures  The ability to sign certificates  Software to support various certificate formats  The ability to transport keys securely (perhaps smartcards?)  A clearly defined security policy  Auditable procedures for producing certificates  The ability to maintain certificate revocation lists  The ability to cover potential financial liabilities.  Registration authority (RA): An optional component that can assume a number of administrative functions from the CA. The RA is often associated with the End Entity registration process, but can assis in a number of other areas as well.  CRL issuer: An optional component that a CA can delegate to publish CRLs.  Repository: A generic term used to denote any method for storing certificates and CRLs so that they can be retrieved by End Entities. IV. PKIX MANAGEMENT FUNCTIONS Public Key Infrastructure X.509 (PKIX) identifies a number of management functions that potentially need to be supported by management protocols. These are indicated in Fig. 2 and include the following:  Registration: This is theprocess whereby a user first makes itself known to a CA (directly, or through an RA) , prior to that CA issuing a certificate or certificates for that user. Registration begins the process of enrolling in a PKI. Registration usually involves some offline or online procedure for mutual authentication. Typically, the end entity is issued one or more shared secret keys used for subsequently authentication.  Initialization: Before a client system can operate securely, it is necessary to install key materials that have the appropriate relationshipwith keys stored elsewherein the infrastructure. For example, the client needs to be securelyinitialized with the public key and other assured information of the trusted CA(s),to be used in validating certificate paths.
  • 3. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume 2, Issue 7, July 2013 2309 www.ijarcet.org  Certification: This is the process in which a CA issues a certificate for a user’s client system and/or posts that certificate in a repository.  Key pair recovery: Key pairs can be used to support digital signature creation and verification, encryption and decryption, or both. When a key pair is used for encryption/decryption, it is important to provide a mechanism to recover the necessary decryption keys when normal access to the keying materials is no longer possible, otherwise it will not be possible to recover the encrypted data. Loss of access to the decryption key can result from forgotten passwords/PINs, corrupted disk drivers, damage to hardware tokens, and so on. Key pair recovery allows end entities to restore teir encryption/decryption key pair from an authorized keybackup facility( typically, the CA that issued the End Entity’s certificate).  Key pair update: All key pairs need to be updated regularly (i.e., replaced with a new key pair) and new certificates issued. Update is required when the certificate lifetime expires and as a result of certificate revocation  Revocation request: An authorized person advises a CA of an abnormal situation requiring certificate revocation. Reasons for revocation include private key compromise, change in affiliation, and name change.  Cross certification: Two CAs exchange information used in establishing a cross-certificate. A cross-certificate is a certificate issued by one CA to another CA that contains a CA signature key used for issuing certificates. V. PKIX MANAGEMENT PROTOCOLS The PKIX working group has defines two alternative management protocols between PKIX entites that support the management functions:  RFC 2510 defines the certificate management protocols (CMP).Within CMP, each of the management functions is explictly identfied by specific protocol exchanges. CMP is designedto be a flexible protocol able to accommodate a variety of technical, operational, and business models.  RFC 2797 defines certificate management messages over CMS (CMC), where CMS refers to RFC 2630, cryptographics messages syntax. CMC is built on earlier work and is intended to leverage existing implementations. VI. PKI CERTIFICATION METHODS There are three approaches to getting this trust:  Certificate authorities : The primary role of the CA is to digitally sign and publish the public key bound to a given user. This is done using the CA’s own private key, so that trust in the user key relies on one’s trust in the validity of the CA’s key. When the CA is a third-party seprate from the user and the system, then it is called Registration Authority(RA), which may or may not be seprate from the CA. The term trusted third party (TTP) may also be used for certificate authority (CA).  Web of trust : An alternative approach to the problem of public authentication of public-key information is the web of trust scheme, which uses self-signed certificates and third party attestations of those certificates. Examples of implementations this is PGP ( Preety good privacy)  Simple public-key infrastructure: Another alternative which does not deal with public authentication of public-key information is the simple public-keyinfrastructure (SPKI) that grew to overcome the complexities of X.509 and PGP’s web of trust.PKI does not associate users with persons, since the key is what is trusted, rather than the person. SPKI does not use any notion of trust, as the verifier is also the issuer. This is called an “authorization loop” in SPKI, where authorization is integral to its design. VII. APPLICATIONS A PKI is a means to an end, providing the security framework by which PKI-enabled applications can be confidently deployed to achieve the end benefits. PKIs of one type or another, and from any of several vendors, have many uses, including providing public keys and bindings to user identities which are used for:  Encyption and/or sender authentication of e-mail messages ( e.g, using OpenPGP or S/MIME).  Encryption and/or authentication of documents( e.g., the XML Signature or XML Encryption standards if documents are encoded as XML.  Auhentication of users to applications( e.g. smart card log on, client auhentication with SSL.  Bootstrapping secure communication protocols, such as Internet key exchange (IKE) and SSL.  Mobile signatures are electronic signatures that are created using a mobile device and rely on signature or certification services in a location independent telecommunication enviornment. Client-side applications of PKI fit into three main categories:  Authentication applies to any application that needs to know with assurance the identity of the user and that the user is actually the one who is present.PKI provides a more secure alternative to this whereby identity is proven by possession of a private key instead of password. A password is still usually required to protect the private key, but that password is managed locally by the user instead of shared with the application server ( a major improvement in security)  Digital signatures is the possession of the private key that assures that only the owner of the PKI
  • 4. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume 2, Issue 7, July 2013 www.ijarcet.org 2310 digital credentials could have executed the signature.  Encryption is standard protection of data in afile with a twist. Anyone can encrypt data intended to be read bya particular user byusing their public keyfor the encryption process. But only the designated user posesses the private key that can decrypt the data, so its privacy is assured by the security of the private key. VIII. CONCLUSION A main driver of PKI technology is the world’s ever-growing dependence on the Internet and all it has to offer is securing all types of e-business activities. Regrettably, four years into the PKI development process, policy-makers and technology-providers have still failed abysmally to appreciate the privacy risks inherent in PKI. Public key infrastructure based on digital certificates and certificate authorities remain the favoured method for trying to securely implement public key cryptography. There are many complicated issues that arise when trying to implement PKIs, most ofwhich do not have simple or technical solutions. PKI’s will not be adopted on a large scale until some of these problems are addressed satisfactorily – the best hope for this is through the establishment of recognized standards and best practice procedures that encourage interoperability between different CAs and PKIs. There are alternatives to traditional PKIs, but these come with their own problems and are most likely to be favoured in various niche application areas. IX. REFERENCES 1. Wikipedia 2. www.networkmagazine.com 3. http://www.infosyssec.net/infosyssec/pkibib1.htm 4. Network Security by William Stallings 5. www.google.com 6. http://searchsecurity.techtarget.com/definition/PKI .