Title: Pengenalan kepada Prasarana Kekunci Awam (PKI) dan Konsep Mobile PKI
1Pengenalan kepada Prasarana Kekunci Awam (PKI)
dan Konsep Mobile PKI
Introduction to Public Key Infrastructure (PKI)
and Mobile PKI concept
- By Ami Azrul bin Abdullah
2Notes
- Dengan izin, the content of this presentation
will be in English for the ease of understanding.
3AGENDA
4PREAMBLE 1
5PREAMBLE 2
- Preservation of Confidentiality, Integrity,
Availability (CIA)
Confidentiality
Information is observed by or disclosed to only
those who have a right to know.
Availability
Integrity
Information is available and usable when
required, and the systems that provide it can
resist attacks and recover from failure.
Information is accurate and protected from
unauthorized modification.
6HISTORY OF ENCRYPTION
7In the beginning
- The needs to encrypt/decrypt message
- E.g. Ami Azrul -? gqi18qhoi
- Creation of Keys
- Keys are drived from an algorithm/set of formulas
- At first symmetric key is used
8Next
- The flaws of symmetric key
- The Creation of Assymetric Key
- Two keys are not the same yet interrelated
- One cannot exist without the other
- Always term as key pairs private and public
- The process done by private (secret) can only be
reversed by public (and vice versa)
9Intermezzo
- Symmetric Key Pairs are the same encrypt and
decrypt - Common Algorithm AES Blowfish DES Triple
DES Serpent Twofish - Assymmetric Public and Private Key Pairs
- Common examples Diffie-Helman, ECC, RSA
Further reading http//en.wikipedia.org/wiki/RSA
or http//en.wikipedia.org/wiki/Assymetric_key_cr
yptography
10And so..
- "private key" means the key of a key pair used to
create a digital signature "public key" means
the key of a key pair used to verify a digital
signature
Definitions from DSA 1997
11But
- Keys are only algorithms -gtnumbers
- The numbers -gt keys are unique
- Associate identity with keys
- The birth of the Certification Authority,
Registration Authority, and of course our
regulator.
12PKI IN A NUTSHELL
13Digital Certificates
Electronic counterparts to driver licenses,
passports, membership cards or any legal
identification documents Proof of identity when
communicating online Contain information about
the owner i.e Name, Public Key, Issuer Name,
Validity Date etc Contain a pair of key Private
Key and Public Key
14Digital Certificate Sample
- a) Identity of the public key owner
- b) Public Key
- c) Version Number
- d) Certificate serial number
- e) Identity of the issuer
- f) Validity period
- g) Extension fields
- The digital certificates format is defined by
CCITT X.509 International standard
15The story continues..
- digital signature" means a transformation of a
message using an asymmetric cryptosystem such
that a person having the initial message and the
signer's public key can accurately determine-
(a) whether the transformation was created
using the private key that corresponds to the
signer's public key and (b) whether the
message has been altered since the transformation
was made
"
16SOME TECHNICAL CONCEPT
The Concept of Digital Certificates - Private
Public Key
CA via RA
17Asymmetric encryption
The quick brown fox jumps over the lazy dog
H88gikp080h6 54gcv.Tgf7676f HF76yt476hTPcs
Encryption
Encrypted data
Clear data
Receivers Public key
H88gikp080h6 54gcv.Tgf7676f HF76yt476hTPcs
The quick brown fox jumps over the lazy dog
Decryption
Clear data
Encrypted data
cret
Receivers Private key
Different keys
se
- Suggested for the first time in 1976 by two
Americans, Diffie Hellman
- Only receiver can decrypt with his private key
- Everyone can encrypt with receivers public key
18Digital Signature and authentication
The quick brown fox jumps over the lazy dog
H88gikp080h6 54gcv.Tgf7676f HF76yt476hTPcs
Me mod n
Encrypted data (but not secret)
Clear data
Senders Private key
H88gikp080h6 54gcv.Tgf7676f HF76yt476hTPcs
The quick brown fox jumps over the lazy dog
Re mod n
Encrypted data
Clear data
Senders Public key
- Private key can be used for encryption
- Only sender can have generated this message!
- Used for authentication and digital signatures
19WHAT DOES PKI FULFILL?
- Confidentiality
- Authenticity
- Integrity
- Non Repudiation
20PKI IN MACRO LEVEL
21(No Transcript)
22MEDIA FOR CERTIFICATES
Key Certificates Storage Smart Card incl.
MyKad Crypto USB Token Hard / Floppy Disk MOBILE
PHONES
23AND .
Reader Driver for communication between OS/Devices
PKI Agent/Software needed to give card / token
function. Similar to mobile.
24MOBILE PKI CONCEPT
25Background
- There are more users of smart phones than PC
- On the go transaction
- Concept wise User download Agent on mobile
phone - Android, iOS, Windows and Blackberry
26Socket Based Connection
- User opens the third partys website
- User provides needed info
- Third party calls the required function from our
server. - Our server calls the client side app.
- Client side app sent back the result
- Our Server sends the result back to the server.
- The client side (phone/pc) is having two way
connection with our server. - Third parties can issue a request for operation
- Our server will ask the client to do that
operation - Server will send the result back to the third
party.
27Socket Based Connection
- Functions
- Encrypt
- Verify
- Authentication
Mobile GPKI Agent
Bidirectional Socket
Web Service Calling
Third Party Application
GPKI Agent Gateway Server
PC GPKI Agent
28Question and Answers