pki ten years present

100 %
0 %
Information about pki ten years present
Education

Published on June 20, 2007

Author: Aric85

Source: authorstream.com

PKI: Ten Years Later:  PKI: Ten Years Later Carlisle Adams School of Information Technology and Engineering University of Ottawa Mike Just Treasury Board of Canada, Secretariat Outline:  Outline Motivation Public key technology and PKI PKI examples PKI criticisms PKI evolution and a current definition The road ahead… Motivation:  Motivation We have reached an anniversary in PKI Has our understanding of this technology grown in any way? If so, how? PK Technology and PKI:  PK Technology and PKI Public key technology Each entity in a collection has a pair of keys Alice has pubA, privA Enc, d-sig. possible (mathematical operations) Public Key Infrastructure (PKI) Makes PK technology available to applications and environments that wish to use it Enc, d-sig. possible (security operations) Key pair bound to an entity identifier in a way that makes it useful to a variety of apps PKI (cont’d):  PKI (cont’d) 'Identifier' Uniquely specifies entity within some context or environment (no ambiguity), but need not reveal actual identity Anonym (single-use identifier; no mapping to entity) Pseudonym (multiple-use identifier; no mapping to entity) Veronym (multiple-use identifier; clear mapping to entity) Context/environment need not be global in scope (depends on apps that will use keys) PKI (cont’d):  PKI (cont’d) Binding of key pair and identifier Validity of bindings Authority (making andamp; breaking) Issuance process (syntax andamp; dissemination) Termination process (alerting) Use of bindings Anchor management process (augment andamp; diminish) Private key management process ('fit for purpose') Binding validation process (trusting someone else’s key) Slide7:  Outline Motivation Public key technology and PKI PKI examples PKI criticisms PKI evolution and a current definition The road ahead… PKI Examples:  PKI Examples Over the past ten years, there have been several different approaches to modeling and implementing a PKI These approaches can be compared based on the 6 components of the 'binding' concept We look at the following: X.509, PGP, X9.59, SPKI Slide9:  Sample Comparisons (see paper for others) Sample Comparisons(see paper for others):  Sample Comparisons (see paper for others) PKI Criticisms:  PKI Criticisms Many criticisms have been leveled at this technology Probably the best-known collection is the '10 Risks' paper by Ellison andamp; Schneier But criticisms cannot always be taken at face value: need to consider whether the 'flaw' being criticized is actually related to PKI or not PKI Criticisms (cont’d):  PKI Criticisms (cont’d) Examples: Authentication versus authorization Security of computing platforms Linkage between identifier and real entity ('John Robinson problem') PKI Criticisms (cont’d):  PKI Criticisms (cont’d) Understatement alert: PKI has had its share of critics over the years A number of criticisms have been unjustified, and a number have been misdirected (aimed at PKI when the actual problem is elsewhere) The remainder have been very beneficial, driving evolution and leading to a deeper understanding of this technology Slide14:  Outline Motivation Public key technology and PKI PKI examples PKI criticisms PKI evolution and a current definition The road ahead… Evolution:  Evolution Ten years ago, the 1993 version of the ISO/IEC CCITT/ITU-T IS X.509 began to be disseminated, recognized, and implemented in small-scale environments Late 1993 / early 1994 was effectively the birth of PKI (although the acronym was yet to be coined) Infrastructural considerations were paramount (how to make PK technology available to a wide variety of applications) Evolution (cont’d):  Evolution (cont’d) Initial definition (1994) Authority: always and only a CA Issuance: X.509 syntax; DN; X.500 Directory Termination: CRL; X.500 Directory Anchor: root of CA hierarchy Private key: CA gen.; OOB reg.; local storage Validation: large, special-purpose s/w toolkit Evolution (cont’d):  Evolution (cont’d) After ten years of extensive discussion, research, and implementation by numerous interested parties world-wide: Each of the 6 components has broadened quite considerably with deeper understanding BUT, the same 6 components comprise the core of the definition (i.e., the essential characteristics of the definition remain unchanged) Evolution (cont’d):  Evolution (cont’d) Current definition (2004) Authority: multiple choices (incl. end entity) Issuance: multiple choices (syntax andamp; dissem.) Termination: multiple choices (incl. online) Anchor: multiple choices (augment andamp; diminish) Private key: multiple choices (gen., reg., storage) Validation: mult. choices (thin client; native apps) Outline:  Outline Motivation Public key technology and PKI PKI examples PKI criticisms PKI evolution and a current definition The road ahead… Future of PKI:  Future of PKI Moving from theory to practice Over ten years, innovative thinking, fruitful technical discussion, constructive criticism, and implementation efforts have driven the recognition of the need for options Research into secure architectures and secure protocols have made options possible BUT options have yet to be embraced in a significant way in real products Future of PKI (cont’d):  Future of PKI (cont’d) Example: identifier bound to public key Sometimes there are valid reasons for the identifier to be a veronym; sometimes a pseudonym; sometimes an anonym Standards (in their language and syntax) do not preclude different identifier types However, history and tradition have made rigid interpretations: PKI deployments are almost exclusively one type or another WHY NOT HAVE CAs THAT CAN BIND KEYS TO ANY OF THE THREE TYPES, AS REQUIRED? This would make PKIs more suited to real-world needs Conclusion:  Conclusion The goal of this work has been to demonstrate that the PKI community has significantly broadened its understanding of this technology over the past ten years The challenge now is to translate that understanding to real PKI deployments that solve authentication challenges in real, heterogeneous environments

Add a comment

Related presentations

Related pages

PDF: X.509 Certificates, subtitled: PKI: The OSI of a new ...

PKI: The OSI of a new ... • Still used even today by some CAs (!!), ten years after it was ... • digitalSignature or nonRepudiation must be present in all
Read more

Indonesia: The Rise and Fall of the PKI – Socialist Party ...

Three times in fifty years the PKI rose up and three ... The present writer, who was in ... Ten and more years after independence and none of the tasks of ...
Read more

Pki | LinkedIn

View 62781 Pki posts, presentations, experts, and more. Get the professional knowledge you need on LinkedIn.
Read more

Guidance for PKI

This final version of the Records Management Guidance for PKI-Unique ... The remainder of this section presents an overview of the PKI ... every ten years ...
Read more

PKI considered harmful - iang.org

... and to present the strengths in PKI. This present paper does not propose removing or unwinding any PKI or any aspect of ... Arguably, ten years ago, ...
Read more

PKI | Conspiracies

The interviews were with a broad range of past and present members ... a ten-year “institution ... 30.103 But a year earlier an alleged PKI ...
Read more

ENGLISH PAGE - Verb Tense Exercise 8

Present Perfect / Present Perfect Continuous ... Verb Tense Exercise 8 Present Perfect / Present Perfect Continuous. ... the same car for more than ten years.
Read more

ENGLISH PAGE - Verb Tense Practice Test

Present Continuous ; Simple Past ; ... Verb Tense Practice Test ... (have) the same car for more than ten years.
Read more

gifts | notonthehighstreet.com

Looking for gifts? ... by My 1st Years. ... original gifts too. You can find the perfect present quickly with notonthehighstreet.com’s unique gift ...
Read more

Die wichtigsten englischen Zeiten auf einen Blick ...

Simple Present. Das simple present nennt man häufig auch einfache ... „Ich kenne ihn seit zehn Jahren“ heißt „I have known him for ten years ...
Read more