Transcript Controller of Certifying Authorities
Controller of Certifying Authorities
PKI Technology -
Role of CCA
Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications & Information Technology
Role of CCA for secure e-Commerce and e-Governance
Authentication of entities in cyberspace Prevention of deliberate or accidental Disclosure and/or Amendment/Deletion of data Punishment for cyber crimes Licencing of CAs and establishment of PKI
Controller of Certifying Authorities
Security Issues :-
Confidentiality Integrity Authenticity Non-Repudiability
Controller of Certifying Authorities
Threats to Authenticity
Masquerading
Counter Measures
Strong Digital Signature - Cryptographically generated credentials.
Controller of Certifying Authorities
Encryption:
Transformation of data to Prevent information being read by unauthorised parties.
Sender and Receiver have to know the rules which have been used to encrypt the data.
Based on Algorithms which are mathematical functions for combining the data with a string of digits called the Key. The result is the encrypted text.
Eg: Adding a fixed number of characters, say 5, to each character in the message that is being encrypted.
The word SECURITY then becomes the encrypted text XJHZWNYD
Controller of Certifying Authorities
Encryption Technologies
Symmetric Key Cryptography Document to be sent
Symmetric key
Encoded Document Encoded Document
Symmetric Key
Received Document
•
Identical keys are used for encryption and decryption.
•
Requires both parties to a digital conversation to know the key
Controller of Certifying Authorities
Encryption Technologies
Symmetric Key Cryptography (contd.)
‘n’ Partners means handling n secret keys Authenticity cannot be proved.
Controller of Certifying Authorities
Public key cryptography
Each party is assigned a pair of keys – private – known only by the owner public - known by everyone Information encrypted with the private key can only be decrypted by the corresponding public key & vice versa Fulfils requirements of confidentiality, integrity, authenticity and non-repudiability
No need to communicate private keys
Controller of Certifying Authorities
Digital Signatures
Pair of keys for every entity One
Public
key – known to everyone One
Private
possessor key – known only to the
Controller of Certifying Authorities
Digital Signatures
To
digitally sign
an electronic document the signer uses his/her
Private
key.
To
verify
a digital signature the verifier uses the signer’s
Public
key.
Controller of Certifying Authorities
Digital Signature
•
The message is encrypted with the sender’s private key
•
Recipient decrypts using the sender’s public key Document
Private
SKA Document Digital Signature Document
Public
PKA Document Digital Signature CONFIRMED Digital Signature
Controller of Certifying Authorities
Message Integrity
one-way hash functions use no key original data cannot be generated from hash output No two messages will generate the same hash.
SIGN the HASH NOT the entire Message
Controller of Certifying Authorities
Maintaining Message Integrity
message message Hash message Hash No Reject Message Hash generation function Hash Check Hash Hash generation function Hash Yes Accept Message SENDER RECEIVER
Controller of Certifying Authorities
Public Key Cryptography
Confidentiality
Encryption Technologies
SKB Document Encrypted Document Encrypted Document PKB Sender A (PKA,SKA) Receiver B (PKB,SKB) Document
Controller of Certifying Authorities
Message Message + signature Hash SIGN hash With
Sender’s Private key
Sender
Confidential
Signed Messages
ENCRYPT Message + signature with
Receiver’s Public Key
Encrypted Message Hash Message + signature with
Receiver’s Private Key
Using Hash function on the message + Signature COMPARE Hash Receiver VERIFY Signature With
Sender’s Public Key Controller of Certifying Authorities
Authenticity and Confidentiality
A signs message with his own private key A then encodes the resulting message with B’s Public key B decodes the message with his own Private key B applies A’s Public key on the digital signature
Controller of Certifying Authorities
Authenticity and Confidentiality
When A uses his own private key, it demonstrates that he wants to sign the document he wants to reveal his identity he shows his will to conclude that agreement The encoded message travels on the Net, but nobody can read it : confidentiality
Controller of Certifying Authorities
Authenticity and Integrity
B needs to know that A and only A sent the message B uses A’s public key on the signature Only A’s public key can decode the message A cannot repudiate his signature Digital signature cannot be reproduced from the message No one can alter a ciphered message without changing the result of the decoding operation
Controller of Certifying Authorities
Issues in Public key Cryptosystems
How will recipient get senders public key?
How will recipient authenticate sender's public key ?
How will the sender be prevented from repudiating his/her public key?
Controller of Certifying Authorities
Certifying Authority
An organization which issues public key certificates. • Must be widely known and trusted • Must have well defined methods of assuring the identity of the parties to whom it issues certificates.
• Must confirm the attribution of a public key to an identified physical person by means of a public key certificate.
• Always maintains online access to the public key certificates issued.
Controller of Certifying Authorities
Public-Key Certification
User Name & other credentials Certificate Request User’s Public key Signed by using CA’s private key User Certificate User Name User’s Public Key CA’s Name Publish Validation period Signature of CA Certificate Database User 1 certificate User 2 certificate .
Controller of Certifying Authorities
Contents of a Public Key Certificate
Issued by a CA as a data message and always available online S.No of the Certificate Applicant’s name, Place and Date of Birth, Company Name Applicant’s legal domicile and virtual domicile Validity period of the certificate and the signature CA’s name, legal domicile and virtual domicile User’s public key Information indicating how the recipient of a digitally signed document can verify the sender’s public key CA’s digital signature
Controller of Certifying Authorities
Certificate Revocation List
•
A list of all known Certificates that have been revoked and declared invalid
Controller of Certifying Authorities
Technical Infrastructure
Controller of Certifying Authorities as the “Root” Authority certifies the technologies and practices of all the Certifying Authorities licensed to issue Digital Signature Certificates
Controller of Certifying Authorities
Technical Infrastructure
..contd
The CCA operates the following : Root Certifying Authority (RCAI) under section 18(b) of the IT Act, and National Repository of Digital Signature Certificates (NRDC) Web site
cca.gov.in
Controller of Certifying Authorities
End entities, subscribers and relying parties
The End entities of RCAI are the Licensed CAs in India.
Subscribers and relying parties using the certificates issued by a CA need to be assured that the CA is licensed by the CCA.
They should be able to verify the licence under which a PKC has been issued by a CA.
Controller of Certifying Authorities
Strong Room for RCAI
Reinforced walls for room housing RCAI 24-hour surveillance through CCTV Access controls through proximity cards and biometric readers Physical security including locks Security personnel
Controller of Certifying Authorities
National Repository : NRDC
National Repository of Digital Certificates Certificate Revocation List
Controller of Certifying Authorities
CA Cert/CRL CA
CCA : National Repository of Certificates of Public Keys of CAs and Certificates issued by CAs
Cert/CRL Internet Directory Client LAN CCA CA Public Keys Certified by RCAI CA’s Revoked Keys CA Cert/CRL
NRDC RCAI
Subscriber Subscriber Subscriber Relying Party
Controller of Certifying Authorities
Controller of Certifying Authorities