Question Diffie Hellman Key Exchange protocol that we studied in - PowerPoint PPT Presentation

Question • Diffie Hellman Key Exchange protocol that we studied in the last class is used to exchange:  symmetric key or  asymmetric key

Question • What is the mean/method that we studied to exchange asymmetric keys?  Hint: If you don’t know key of Bob; ask Sam – the TTP

Digital Certificate

Digital Certificates • Digital Certificates are meant to communicate public keys • Issuer of a digital certificate vouches for the principal (subject of the certificate) to whom the certificate is issued • Anyone who trusts the certificate issuer, trusts the subject of the certificate

Certification Authority (CA) • An organization that creates, publishes, and revokes certificates. • Verifies the information in the certificate, binds identities to cryptographic keys. – May outsource identity verification to registration authorities (RA) • Protects general security & policies of the system and its records. • Allows end user to check certificates so they can decide whether to use them in transactions. • Has one/more trusted Roots, called a trust anchor

PKI – Public Key Infrastructure • A setup, meant for public key distribution, involving an interconnected , hierarchical , network of: – CA: certification authority – RA: registration authority

Certificate Pinning

Certificate Pinning Certificate Pinning: Process of hard-coding/inserting a certificate into the trust zone of a computer / application / browsers, etc.

Hierarchy of CA

Top-Down flow of Implicit Trust

Islands of Trust

Cross-Certification as Trust Delegation

Exercise • I have a certificate issued from IIT Bombay • You have a certificate issued from IIT Jodhpur  What are the conditions under which my trust is implied on your certificate?