Esitlus laaditakse üles. Palun oodake

Esitlus laaditakse üles. Palun oodake

Sidevõrgud IRT 4060/ IRT 0020 vooruloeng 9 / 10

Seotud esitlused


Teema esitlus: "Sidevõrgud IRT 4060/ IRT 0020 vooruloeng 9 / 10"— Esitluse väljavõte:

1 Sidevõrgud IRT 4060/ IRT 0020 vooruloeng 9 / 10
Sidevõrgud IRT 4060/ IRT vooruloeng 9 / 10. nov 2004 Voogude terviklikkus Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.

2 Võrgukasutus Erivajadused Kasutus Avatud keskkond Juhtmevaba Trust
Security Efficiency

3 Internet security concepts
Authentication Identity of the principle (can be a person or computer) For people, can be any combination of something you know, something you have, or something you are For computers it is usually a cryptographic secret Data Integrity Ensure information is not modified in transit Data Confidentiality Ensures information is only disclosed in accordance with policy Non-repudiation Ensures transaction cannot be denied at a later date

4 The Public and Private Key
Public Key Private Key Serial Number xxxxx: Validity: Nov.08, Nov.08,1998 User Organization CA - Ref.,LIAB.LTD(c)96 Organizational Unit = Digital ID Class 2 -Chelmsford Certificate Authority Public Key: ie86502hhd009dkias736ed55ewfgk98dszbcvcqm85k309nviidywtoofkkr2834kl So why isn’t the public/private key exchange sufficient authentication? Why do I need a two-factor authentication solution? Let’s quickly review some of the basics The success of public key systems lies in 1. Keeping your private key secret 2. Making your public key public How does a user have assurance that your public key is really yours? This is where certificates and certificate authorities come in. A certificate is a document attesting to the fact that a public key belongs to a named user. A certificate conforming to a (the X.509v3) standard is formatted to include your name, your public key, details of the issuer, the validity period and other user definable extensions. Finally, the certificate is digitally signed by the issuer. The issuer is a Certificate Authority. Certificate authorities are organizations that issue people certificates, underwriting their validity in some way. They act like insurance companies, but insuring digital trust not a physical item. They are stepping up and stating that “This public key belongs to this user.” Status: Signed By: VeriSign, Inc.:

5 What PKI Provides Authentication to ensure parties are who they say they are Confidentiality to protect sensitive information Authorization to ensure parties can access specific information Integrity to guarantee the transaction is not altered Non-repudiation to prove the transaction occurred Fundamentally, the linchpin for the widespread deployment of eCommerce is the ability of the merchant and the customer to ensure the validity of the electronic contractual commitment. Basically, five security principles can be applied to eCommerce transactions. Although each focuses on a securing a distinct aspect of a transaction, all five must work in concert to provide a truly secure eCommerce application. Let’s take a look at each principle. Authentication ensures both the parties are who they say they are. Forms of authentication include tokens, smartcards, digital certificates and eventually biometrics. Privacy protects confidential information using various forms of cryptography. Privacy in eCommerce transactions must be a two-way street. Customer want to protect purchasing information, social security number, credit card numbers, etc. Merchants want to protect internal information (costs, margins, sales, pricing) and customer information (preferences, credit card numbers, purchase/credit histories) Authorization ensures each party is allowed to enter the commitment. Integrity ensures that a transaction has not been altered or destroyed while the communication is in transit. Non-Repudiation provides evidence for both parties that the transaction actually occurred. In essence it provides an electronic receipt of the transaction.

6 Turvalisuse tagamine Nõuded Saavutamine Käideldavus Töökindlus
Terviklikkus Konfidentsiaalsus Saavutamine Arusaamine protsessidest Täiuslikumad seadmed kvalifitseeritum personal otstarbekam rutiin pidev riskianalüüs

7 Turvarikke teke (ISO 2382-8)
Oht threat Risk risk + Nõrkus vulnerability = Rünne attack Paljang exposure + = Murre breach Kahju loss Sissetung penetration Turvarike compromise

8 PKI kasutus Kataloogi- teenus CA OCSP Sertifikaadid ja CRL
Avaldus Sertifikaat Kehtivusinfo Võtme omanik PKI kasutaja Kommunikatsioon

9 Digiallkiri digitaalallkiri on failile lisatav andmekogum, mis arvutatakse andmetest ja allkirja andja privaatvõtmest krüptograafiliste primitiividega Digitaalallkiri tagab staatilise (muutumatu, üksiku) dokumendi tervikluse ehk tõestusväärtuse, sidudes ta looja isikuandmetega

10 Digiallkirja kasutus Digitaalallkirja seadus kehtib ja ta annab digiallkirjaga varustatud digidokumendile samasuguse õigusliku tähenduse nagu omakäelise allkirjaga varustatud paberdokumendile On olemas turvaline andmeside vahend ehk privaatvõtme konteiner ID kaardi näol

11 Sertifitseerimine Sertifitseerimisteenuse osutaja Sertifitseerimiskeskuse AS-i näol Sertifitseerimiskeskuse AS-i projekt DigiDoc nii portaali kui ka vabavarakliendi näol, mis võimaldab digiallkirja andja ja verifitseerida


Alla laadida ppt "Sidevõrgud IRT 4060/ IRT 0020 vooruloeng 9 / 10"

Seotud esitlused


Google'i reklaam