Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Security Services in Information Systems.

Slides:



Advertisements
Presentaciones similares
PLT EXPERIENCES IN SPAIN
Advertisements

Learning Achievement in Creativity and Design Subjects according to Professional Profiles (2006) European Transfer Credit System (ECTS) Methodology in.
MOY Meeting Joyce Tucker Meghan Heller November 3, 2011.
How to Conjugate… SPANISH VERBS.
MEXICAN CUSTOMS UPDATE
To be, or not to be? Lets start out with one of the most important verbs in Spanish: ser, which means to be.
Telling Time Grammar Essential #8.
© 2006 XBRL International, All Rights Reservedwww.xbrl.org/Legal Ignacio Hernández-Ros Technology development XBRL International Using XQuery to process.
Grupos de Trabajo 6 - Informe Working Group 6 – Report Transparency.
Grupos de Trabajo # 7 - Informe Working Group # 7 – Report General Business and Operational Risks.
Empresa y Sociedad Tema 1. Teoría de la Empresa y de la Sociedad Dr. Antonio Lloret 17 de Enero de 2011.
Los Infinitivos ¿Qué es un infinitivo?.
You have already learned that ser and estar both mean to be but are used for different purposes. These charts summarize the key differences in usage between.
Game Cluedo: How to Play 1.Your group should have the 21 cards containing 6 cards of suspects, 9 rooms and 6 weapons, a tally card for each member and.
Affirmative and Negative Words
Time Expression with Hacer
Copyright © 2008 Vista Higher Learning. All rights reserved You have already learned that ser and estar both mean to be but are used for different.
Expresiones Lección 1 Presentaciones con el verbo presentarle.
Español 1 El 15 de octubre de 2012 Entrada: Pronouns[en el libro importante] Answer the following questions in complete sentences in English: 1.What is.
A Comer Vamos a Poner la Mesa.
más con la ropa y tener que el tiempo de la playa y de las montañas
¿ Que día es hoy? Hoy es lunes ¿ Cual es la fecha de hoy? Hoy es el 26 de septiembre ¿ Cual es tu clase favorita? Mi clase favorita es… BELL RINGER.
¿Cómo te llamas? ¿De dónde eres?
Subject Pronouns and AR verb conjugations As you click through this powerpoint, you will need to answer the questions on your worksheet. At the end, you.
(por favor) By emory gibson Para describir how long ago en español, presta attencion.
Forming questions Grammar Essential 1.
Antonio Gámir TSP – Windows Client Microsoft Ibérica.
Su Negocio Conectado. VisibilidadVisibilidad ColaboraciónColaboración PlanificaciónPlanificación EjecuciónEjecución Build Connections.
Clustered Hard Disk Drives Cold data.
Departamento de Ing. Electrónica Circuitos Digitales II Universidad de Antioquia Departamento de Ing. Electrónica Circuitos Digitales II Universidad.
Cancela, JM. Ayán C. University Of Vigo. Throughout history the definition of learning has been conceptualized in many different ways depending on the.
La Lección del Repaso Antes de entrar en la clase de Español IV, necesita saber esta información.
Articles, nouns and contractions oh my!. The POWER of the article THE 1. There are four ways to express THE in Spanish 2. The four ways are: El La Los.
 Making complete sentences How to make complete sentences in Spanish. The following presentation is designed to help you learn how to do the following:
Practica para “la foto” Año B Diversidad cultural Ciencia y Tecnologia 15 min. para preparar 3-4 min. describe en relación a una opción 5-6 min. Discusión.
What are subject pronouns??? They replace the subject in the sentence. For example: IWe You HeThey She.
Direct Objects & Direct Object Pronouns An English and Spanish Lesson.
 1. Why should a person learn Spanish? Give at least 3 reasons in your explanation.  2. What Spanish experiences have you had? (None is not an option.
Negatives and Questions. Negatives Consider the following sentences: Juan estudia mucho. Marta y Antonio viven en Georgia. Rita y el chico necesitan.
Español la memoria (1): cómo trabajarla bien. Hoy vamos a… mirar escucharpensar hablar memorizar.
Derechos de Autor©2008.SUAGM.Derechos Reservados Sistema Universitario Ana G. Méndez División de Capacitación Basic Quality Tools CQIA Primer Section VII.
Quantity How much? How many?
Santiago de Chile January 2012 Roundtable 6: Lobby regulation János Bertók Head of Public Sector Integrity Division Organización para la cooperación.
Health Products Beauty Products Diet/Weight loss Financial Freedom.
Digital Photography: Selfie Slides
To be, or not to be? Let’s start out with one of the most important verbs in Spanish: ser, which means “to be.”
Un juego de adivinanzas: ¿Dónde está el tesoro? A1B1C1D1E1F1 A4B4C4D4E4F4 A2B2C2D2E2F2 A5B5C5D5E5F5 A3B3C3D3E3F3 A6B6C6D6E6F6 Inténtalo de nuevo Inténtalo.
  Jugó=he/she played  Use the preterite tense for past actions that are viewed as over and are not being connected to the present. ¿Te acuerdas?
Preparación/ Review Hoy es miércoles el 23 de septiembre de 2015 Today is day, September 23, 2015 ¿Te gusta o no te gusta? What do you like and what you.
¿Cuánto tiempo hace que…? You can ask when something happened in Spanish by using: ¿Cuándo + [preterit verb]…? ¿Cuándo llegaste a la clínica? When did.
© Copyright Showeet.com E XAMPLE 1 A BSTRACT 3D P APER I NFOGRAPHICS Your own text goes here.
To be, or not to be? Let’s start out with one of the most important verbs in Spanish: ser, which means “to be.”
Notes #20 Notes #20 There are three basic ways to ask questions in Spanish. Can you guess what they are by looking at the photos and photo captions on.
Hoy vamos a .. repasar los países
To be, or not to be? Let’s start out with one of the most important verbs in Spanish: ser, which means “to be.”
First Grade Dual High Frequency Words
Día número 24 Español 1—Acelerado
More sentences that contain if…
Los números.
Recetas 3 Objetivo: Hacer preguntas Hablar sobre la comida
Quasimodo: Get ready for the quiz! Make sure you know what kind of stem changer each word is!
UNIVERSIDAD TECNICA DE MACHALA UNIDAD ACADEMICA DE CIENCIAS EMPRESARIALES CARRERA DE ECONOMIA ESTUDENTS: FIRST CONDITIONAL SENTENCES TEACHER: - Calvache.
Preparacion Hoy es jueves el 3 de diciembre
Indirect Questions First Day on the Job 11 Focus on Grammar 4 Part X, Unit 28 By Ruth Luman, Gabriele Steiner, and BJ Wells Copyright © Pearson Education,
Fundamentals of Web Development - 2 nd Ed.Randy Connolly and Ricardo Hoar Fundamentals of Web DevelopmentRandy Connolly and Ricardo Hoar © 2017 Pearson.
Part II of your project.
Development of the concert programme
The causative is a common structure in English. It is used when one thing or person causes another thing or person to do something.
Integrated Management System
Globalization Politics and the preservation of nation state.
Transcripción de la presentación:

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Security Services in Information Systems

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Digital Certificates

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez What is a Digital Certificate? Electronic counterparts to driver licenses,passports. Enable individuals and organizations to secure business and personal transactions across communication networks.

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez How do they secure the data? Authentication Integrity Encryption Token verification

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez What certificates are typically used for Secure channel TLS / SSL for web servers Sign s Authentication Code signing Encrypt files (EFS in Windows/2000) IPsec (encrypt network layer)

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Certificates and PKI qA public key certificate consists of some payload and a digital signature over this data. qThe certificate payload consists of a public key and some additional data (e.g. subject and issuer information, validity period, privileges, attributes etc.). qThe digital signature binds these additional data to the public key. qIt is the responsibility of a PKI (Public Key Infrastructure) to generate, distribute, and manage certificates. Signature Public key Additional data: attributes, privileges, etc. Digitally signed hash value

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Certificates Certified Entity CA Verifier FJRRH

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Real World Analogies Is a certificate an “electronic identity”? Concerns –a certificate is a binding between an identity and a key, not a binding between an identity and a real person –one must submit its certificate to identify itself, but submission is not sufficient, the key must be used in a protocol –anyone can submit someone else’s certificate

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Real World Analogies Result: Certificates are not picture IDs So, what is the real world analogy for certificates? –Endorsed document/card that serves as a binding between the identity and signature

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Issues Related Certificates TRUST –verifiers must trust CAs –CAs need not trust the certified entities –certified entity need not trust its CA, unless it is not the verifier What is “trust” in certification systems? –Answer to the question: “How correct is the certificate information?” –related to certification policies

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Issues Related Certificates Certificate Revocation –certificates have lifetimes, but they may be revoked before the expiration time –Reasons: certificate holder key compromise/lost CA key compromise end of contract (e.g. certificates for employees) –Certificate Revocation Lists (CRLs) hold the list of certificates that are not expired but revoked each CA periodically issues such a list with digital signature on it

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Digital Certificate - Lifecycle Key Pair Generated Certificate Issued Certificate valid and in use Private Key compromised Certificate Expires Recertify Certificate Revoked Keypair Expired

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez X.509 ITU-T standard (recommendation) –ISO is the equivalent ISO standard part of X.500 family for “directory services” –distributed set of servers that store user information an utopia that has never been carried out –X.509 defines the authentication services and the pubic-key certificate structure (certificates are to be stored in the directory) –so that the directory would contain public keys of the users

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez X.509 Defines identity certificates –attribute (authorization) certificates are added in 4 th edition (2000) Defines certificate structure, not PKI Supports both hierarchical model and cross certificates End users cannot be CAs

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez X.509 Certificate Format

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez X.509v3 Extensions Not enough flexibility in X.509 v1 and v2 –mostly due to “directory” specific fields –real-world security needs are different /URL names should be included in a certificate key identification was missing (so should be included) policy details should indicate under which conditions a certificate can be used (was not the case in v1 and v2) avoidance of blind trust was not possible in v1 and v2 Rather than explicitly naming new fields a general extension method is defined –extensions consist of extension identifier, value and criticality indicator

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Key and policy information –subject & issuer key identifiers –indicators of certificate policies supported by the cert –key usage (list of purposes like signature, encryption, etc) Alternative names, in alternative formats for certificate subject and issuer Certificate path constraints (for CA to CA certs) –to restrict certificate issuance based on path length (restricting number of subordinate CAs) policy identifiers names Verifier could exercise its own restrictions during verification as well –No blind trust to CAs X.509v3 Extensions

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Main parts of a digital certificate system Request and issue certificates (different categories) with verification of identity Storage of certificate (including the private key) Publishing of certificates (public part) to anyone (LDAP, HTTP) Pre-install root certificates in a trusted environment Support by platform, applications and services to use certificates Maintain database of issued certificates (no private keys!) Helpdesk (information, lost + compromised private keys) Publishing of CRLs (and enforce apps to do revocation checking)

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez X.509 Certificate Format

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Certification Authority

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Certification Authority(CA) Trusted entity which issue and manage certificates for a population of public-private key-pair holders. A digital certificate is issued by a CA and is signed with CA’s private key.

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez CA X Y CRL Verifica certificado ? ? 1235 Verifica CRL

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez CA Policies CA certification policies (Certificate Practice Statement) –how reliable is the CA? –certification policies describe the methodology of certificate issuance –ID-control practices loose control: only address tight control: apply in person and submit picture IDs and/or hard documentation

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Arquitectura típica de una AC Certificate Distribution

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez VeriSign Certificates Several companies provide CA services: Nortel, GTE, U.S. Postal Service and VeriSign among others. Of those, the most widely used is the latter. Over 35K commercial WEB sites were using VeriSign digital certificates as early as Over a million consumer digital certificates had been issued to users of Netscape and Microsoft browsers. VeriSign Class1 certificate cost: U.S. $14.95 per year, or free 60-day trial edition

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez VeriSign Certificates There are three classes of VeriSign certificates: a)Class 1. VeriSign confirms the user’s address by sending a PIN and Digital ID pick-up to the address provided in the application. b)Class 2. VeriSign uses a consumer database in addition to performing the checkings of class 1. Confirmation is sent to the specific postal address alerting the customer that his/her certificate is ready for pick-up. c)Class 3. VeriSign requires a higher level of identity assurance. An individual must prove his/her identity by providing notarized credentials and/or applying in person.

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Public Key Infrastructure

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Organization-wide PKI Local PKI for organizations –may have global connections, but the registration facilities remain local –generally to solve local problems local secure access to resources

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez PKI Business Practice: Issue certificates and make money –several CAs Several CAs are also necessary due to political, geographical and trust reasons 3 interconnection models –hierarchical –cross certificates –hybrid

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Public Key Infrastructure (PKI) PKI is a complete system and well-defined mechanisms for certificates –certificate issuance –certificate revocation –certificate storage –certificate distribution

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez CAs End users Upper level CAs Root CA Hierarchical PKI Example

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez CAs End users Cross certificates Cross Certificate Based PKI Example

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Hybrid PKI example

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Certificate Paths

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Verifier must know public key of the first CA Other public keys are found out one by one All CAs on the path must be trusted by the verifier Certificate Paths

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Reverse certificates Certificate Paths with Reverse Certificates

Seguridad en sistemas de Información verano 2004 Francisco Rodríguez Henríquez Hosted vs. Standalone PKI Hosted PKI –PKI vendor acts as CA –PKI owner is the RA Standalone PKI –PKI owner is both RA and CA

Feedback: Política de privacidad Feedback
Do Not Sell My Personal Information
Sobre el proyecto: SlidePlayer Condiciones de uso

© 2024 SlidePlayer.es Inc. All rights reserved.