KEMBAR78
x.509-Directory Authentication Service | PPTX
ST
Uploaded bySwathy T
PPTX, PDF22,263 views

x.509-Directory Authentication Service

The document provides an overview of the x.509 directory authentication service, part of x.500 directory services, which defines a framework for authentication using public-key cryptography and digital signatures. It details the characteristics and structure of x.509 certificates, the role of certification authorities (CAs), including trust issues and the practicality of using multiple CAs for large user communities. Additionally, it describes alternative authentication procedures that assume prior knowledge of public keys between parties.

Engineering
In this document
Powered by AI

Introduction to X.509 Authentication as part of X.500, it's history since 1988, authentication service framework, public-key repositories, and RSA use.

Details on public-key certificates tied to users, issued by Certificate Authorities, and stored in a directory.

The format of X.509 certificates includes version, serial number, issuer, validity period, subject names, unique identifiers, and extensions.

Standard notation for certificates generated by CAs, with a structure describing how a certificate is encoded.

User certificates features, including accessibility, integrity, and security, allowing public keys to be retrieved reliably.

Trust dynamics among users relying on a common CA, facilitating direct certificate sharing and secure messaging.

Challenges in supporting extensive user groups with multiple CAs, each assigned to smaller segments.

Overview of authentication procedures in X.509, highlighting the use of public-key signatures and prior knowledge of keys.

Downloaded 229 times
X.509-DIRECTORY AUTHENTICATION SERVICE
X.509 Authentication Service Introduction„ ITU-T X.509:  Part of X.500 Directory Services  Issued in 1988; revised in 1993 and 1995  Defines a framework for authentication service using the X.500 directory  Repository of public-key certificates„  Based on use of public-key cryptography and digital signatures  Recommends use of RSA
Public-key Certificates„  Associated with user  Created by trusted third party  Certificate authority (CA)  Placed in directory by CA or by the user  Directory server  „location for certificate access  does not create the certificates
X.509 Certificate Format The general format for a certificate is:  „Version V  „Serial number SN  „Signature algorithm identifier AI  „Issuer Name CA  „Period of Validity TA
 „Subject Name A  „Subject’s Public-key Information Ap  „Issuer Unique Identifier (added in Version 2)  „Subject Unique Identifier (added in Version 2)  „Extensions (added in Version 3)  „Signature
X.509 Standard Notation  „User certificates generated by a CA use the following standard notation:  CA<<A>> = CA {V, SN, AI, CA, TA, A, Ap} where Y<<X>> = the certificate of user X issued by the certification authority Y Y {I} = the signing of I by Y consisting of I with an encrypted hash code appended.
X.509: Obtaining A User Certificate user certificates generated by a CA have the following characteristics:  „Any user with access to the public key of the CA can recover the user public key that was certified.  „No party other than the CA can modify the certificate without being detected.  „Since they are unforgeable,they can be placed in a directory without the need for the directory to make special efforts to protect them.
X.509: CA Trust Issues  If all users subscribe to the same CA, then there is a common trust of that CA.  „All user certificates can be placed in the directory for access by all users.  „Any user can transmit his/her certificate directly to other users.  „Once B is in possession of A’s certificate, B has confidence that:  „Messages it encrypts will be secure.  „Messages signed with A’s private key are unforgivable.
X.509: Multiple CAs  „Large User Community  „Not Practical to Support All Users  „More Practical to Have Multiple CAs  „Each CA Provides Its Public Key to A Smaller User Group
X.509: Authentication Procedures Three alternative authentication procedures for X.509 Directory Authentication Service  „Each use public-key signatures  „Each assumes that two parties know each other’s public key.  „either obtained from Directory  „or obtained in an initial message

More Related Content

PPT
key distribution in network security
bybabak danyal
 
PPTX
Hash function
bySalman Memon
 
PPT
Intruders and Viruses in Network Security NS9
bykoolkampus
 
PPT
Network security cryptographic hash function
byMijanur Rahman Milon
 
PPTX
Security services and mechanisms
byRajapriya82
 
PPT
Message authentication
byCAS
 
DOCX
S/MIME
bymaria azam
 
PPTX
Symmetric and asymmetric key cryptography
byMONIRUL ISLAM
 
key distribution in network security
bybabak danyal
 
Hash function
bySalman Memon
 
Intruders and Viruses in Network Security NS9
bykoolkampus
 
Network security cryptographic hash function
byMijanur Rahman Milon
 
Security services and mechanisms
byRajapriya82
 
Message authentication
byCAS
 
S/MIME
bymaria azam
 
Symmetric and asymmetric key cryptography
byMONIRUL ISLAM
 

What's hot

PPT
Digital signature
byHossain Md Shakhawat
 
PDF
Web Security
byDr.Florence Dayana
 
PPTX
Message digest 5
byTirthika Bandi
 
PPTX
Key management and distribution
byRiya Choudhary
 
PPTX
Kerberos : An Authentication Application
byVidulatiwari
 
PPTX
Kerberos
bySutanu Paul
 
PPT
block ciphers
byAsad Ali
 
PPTX
Pgp pretty good privacy
byPawan Arya
 
PPTX
Diffie hellman key exchange algorithm
bySunita Kharayat
 
PDF
Block Ciphers and the Data Encryption Standard
byDr.Florence Dayana
 
PPT
X.509 Certificates
bySou Jana
 
PPTX
Intruders in cns. Various intrusion detection and prevention technique.pptx
bySriK49
 
PPTX
MAC-Message Authentication Codes
byDarshanPatil82
 
PDF
Intruders
byDr.Florence Dayana
 
PPT
Block Cipher and its Design Principles
bySHUBHA CHATURVEDI
 
PPTX
Data Encryption Standard (DES)
byHaris Ahmed
 
PPT
program partitioning and scheduling IN Advanced Computer Architecture
byPankaj Kumar Jain
 
PPT
Communication primitives
byStudent
 
PPT
Digital signature schemes
byravik09783
 
PPTX
Email security
byBaliram Yadav
 
Digital signature
byHossain Md Shakhawat
 
Web Security
byDr.Florence Dayana
 
Message digest 5
byTirthika Bandi
 
Key management and distribution
byRiya Choudhary
 
Kerberos : An Authentication Application
byVidulatiwari
 
Kerberos
bySutanu Paul
 
block ciphers
byAsad Ali
 
Pgp pretty good privacy
byPawan Arya
 
Diffie hellman key exchange algorithm
bySunita Kharayat
 
Block Ciphers and the Data Encryption Standard
byDr.Florence Dayana
 
X.509 Certificates
bySou Jana
 
Intruders in cns. Various intrusion detection and prevention technique.pptx
bySriK49
 
MAC-Message Authentication Codes
byDarshanPatil82
 
Intruders
byDr.Florence Dayana
 
Block Cipher and its Design Principles
bySHUBHA CHATURVEDI
 
Data Encryption Standard (DES)
byHaris Ahmed
 
program partitioning and scheduling IN Advanced Computer Architecture
byPankaj Kumar Jain
 
Communication primitives
byStudent
 
Digital signature schemes
byravik09783
 
Email security
byBaliram Yadav
 

Viewers also liked

PPT
Pretty good privacy
byPushkar Dutt
 
PPTX
5. message authentication and hash function
byChirag Patel
 
PDF
CRYPTOGRAPHY AND NETWORK SECURITY
byKathirvel Ayyaswamy
 
PPT
Pgp smime
byTania Agni
 
PPTX
Introduction to Cryptography
byBharat Kumar Katur
 
PPT
Digital certificates
bySheetal Verma
 
Pretty good privacy
byPushkar Dutt
 
5. message authentication and hash function
byChirag Patel
 
CRYPTOGRAPHY AND NETWORK SECURITY
byKathirvel Ayyaswamy
 
Pgp smime
byTania Agni
 
Introduction to Cryptography
byBharat Kumar Katur
 
Digital certificates
bySheetal Verma
 

Similar to x.509-Directory Authentication Service

PPT
Unit 4.ppt
byDHANABALSUBRAMANIAN
 
PPTX
X.509 AUTHENTICATION SERVICE digital.pptx
bysujithangam
 
PPTX
Module III CNS Kerberos and its example.pptx
byNithyasriA2
 
PPTX
Public Key Infrastructures
byZefren Edior
 
PPT
Digital Certifiacates by Ravi Sandhu Good
bysomeoneelse1981
 
PPTX
ET4045-2-cryptography-3
byTutun Juhana
 
PPT
ch14.ppt
bySomuPatil8
 
PPTX
Introduction to SHA-512 in Cryptographic
byshailajacse
 
PDF
An introduction to X.509 certificates
byStephane Potier
 
PPT
PKI by Gene Itkis
byInformation Security Awareness Group
 
PDF
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
byKathirvel Ayyaswamy
 
PPT
X 509 Certificates How And Why In Vb.Net
byPuneet Arora
 
PPT
unit6.ppt
bySrinivas Devulapalli
 
PPT
Java Cert Pki
byphanleson
 
PDF
EKON28 - Diving Into X.509 Certificates with mORMot 2
byArnaud Bouchez
 
PPT
Authentication services
byGreater Noida Institute Of Technology
 
PPT
Ch14
byJoe Christensen
 
PDF
Computer security module 4
byDeepak John
 
PDF
Ch14
byFrancis Alamina
 
PDF
Unit 3_Digital Certificate_Intro_Types.pdf
byKanchanPatil34
 
Unit 4.ppt
byDHANABALSUBRAMANIAN
 
X.509 AUTHENTICATION SERVICE digital.pptx
bysujithangam
 
Module III CNS Kerberos and its example.pptx
byNithyasriA2
 
Public Key Infrastructures
byZefren Edior
 
Digital Certifiacates by Ravi Sandhu Good
bysomeoneelse1981
 
ET4045-2-cryptography-3
byTutun Juhana
 
ch14.ppt
bySomuPatil8
 
Introduction to SHA-512 in Cryptographic
byshailajacse
 
An introduction to X.509 certificates
byStephane Potier
 
PKI by Gene Itkis
byInformation Security Awareness Group
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
byKathirvel Ayyaswamy
 
X 509 Certificates How And Why In Vb.Net
byPuneet Arora
 
unit6.ppt
bySrinivas Devulapalli
 
Java Cert Pki
byphanleson
 
EKON28 - Diving Into X.509 Certificates with mORMot 2
byArnaud Bouchez
 
Authentication services
byGreater Noida Institute Of Technology
 
Ch14
byJoe Christensen
 
Computer security module 4
byDeepak John
 
Ch14
byFrancis Alamina
 
Unit 3_Digital Certificate_Intro_Types.pdf
byKanchanPatil34
 

Recently uploaded

PPTX
Hydrocarbon traps, migration and accumulation of petroleum
byAhmadnawaz144515
 
PPTX
An improved feature extraction algorithm of EEG signals
byAnirban Nath
 
PPTX
hanumantha_s_Netflix Data Analysis Project PPT.pptx
bylikipiki689
 
PPTX
UNIT - IV - Computer aided process planning - part 2.pptx
byrameshrajendhra
 
DOCX
material selection for preparation of glider
bybityasteraye
 
PDF
Overcoming QoS Challenges in a Full Automotive Ethernet Architecture
byRealTime-at-Work (RTaW)
 
PDF
Vertical Roller Mill more detail inside function
byagungcemindo
 
PDF
Project photos of Caliagua's new Telemark project for FivePoint.
byjhines4
 
PPTX
E waste_management_module 4.pptx_22_scheme_VTU
byvarshinijs3
 
PDF
LOW POWER CLASS AB SI POWER AMPLIFIER FOR WIRELESS MEDICAL SENSOR NETWORK
byRandyClara
 
PPTX
UNIT - V - Flexible Manufacturing System.pptx
byrameshrajendhra
 
PDF
Certified Cloud Security Professional (CCSP): Unit 4
byVICTOR MAESTRE RAMIREZ
 
PDF
Certified Kubernetes Security Specialist (CKS): Unit 8
byVICTOR MAESTRE RAMIREZ
 
PDF
【EN】Accelerating Flutter UI Development with 
Figma Dev Mode MCP × Claude Code
byYuta Asada
 
PPTX
Semiconductor and diode theory and application.pptx
bygetnetzegeye
 
PDF
Introduction to Machine Learning: Foundations and Applications
byremoved_2838c0f85dcbdf1a3b55b256d9455357
 
PPTX
Blockchain for Digital identity security
bysamirsarar2
 
PDF
How Are Learning-Based Methods Reshaping Trajectory Planning in Autonomous D...
byimagnejane
 
PPTX
All About Introduction to Artificial IntelligenceAI.pptx
byRAJASEKARAN G
 
PPT
GSM concepts_Slide with frame structure.ppt
byATULJOSHI721117
 
Hydrocarbon traps, migration and accumulation of petroleum
byAhmadnawaz144515
 
An improved feature extraction algorithm of EEG signals
byAnirban Nath
 
hanumantha_s_Netflix Data Analysis Project PPT.pptx
bylikipiki689
 
UNIT - IV - Computer aided process planning - part 2.pptx
byrameshrajendhra
 
material selection for preparation of glider
bybityasteraye
 
Overcoming QoS Challenges in a Full Automotive Ethernet Architecture
byRealTime-at-Work (RTaW)
 
Vertical Roller Mill more detail inside function
byagungcemindo
 
Project photos of Caliagua's new Telemark project for FivePoint.
byjhines4
 
E waste_management_module 4.pptx_22_scheme_VTU
byvarshinijs3
 
LOW POWER CLASS AB SI POWER AMPLIFIER FOR WIRELESS MEDICAL SENSOR NETWORK
byRandyClara
 
UNIT - V - Flexible Manufacturing System.pptx
byrameshrajendhra
 
Certified Cloud Security Professional (CCSP): Unit 4
byVICTOR MAESTRE RAMIREZ
 
Certified Kubernetes Security Specialist (CKS): Unit 8
byVICTOR MAESTRE RAMIREZ
 
【EN】Accelerating Flutter UI Development with 
Figma Dev Mode MCP × Claude Code
byYuta Asada
 
Semiconductor and diode theory and application.pptx
bygetnetzegeye
 
Introduction to Machine Learning: Foundations and Applications
byremoved_2838c0f85dcbdf1a3b55b256d9455357
 
Blockchain for Digital identity security
bysamirsarar2
 
How Are Learning-Based Methods Reshaping Trajectory Planning in Autonomous D...
byimagnejane
 
All About Introduction to Artificial IntelligenceAI.pptx
byRAJASEKARAN G
 
GSM concepts_Slide with frame structure.ppt
byATULJOSHI721117
 

x.509-Directory Authentication Service

  • 1.
  • 2.
    X.509 Authentication Service Introduction„ ITU-TX.509:  Part of X.500 Directory Services  Issued in 1988; revised in 1993 and 1995  Defines a framework for authentication service using the X.500 directory  Repository of public-key certificates„  Based on use of public-key cryptography and digital signatures  Recommends use of RSA
  • 3.
    Public-key Certificates„  Associatedwith user  Created by trusted third party  Certificate authority (CA)  Placed in directory by CA or by the user  Directory server  „location for certificate access  does not create the certificates
  • 4.
    X.509 Certificate Format Thegeneral format for a certificate is:  „Version V  „Serial number SN  „Signature algorithm identifier AI  „Issuer Name CA  „Period of Validity TA
  • 5.
     „Subject NameA  „Subject’s Public-key Information Ap  „Issuer Unique Identifier (added in Version 2)  „Subject Unique Identifier (added in Version 2)  „Extensions (added in Version 3)  „Signature
  • 6.
    X.509 Standard Notation „User certificates generated by a CA use the following standard notation:  CA<<A>> = CA {V, SN, AI, CA, TA, A, Ap} where Y<<X>> = the certificate of user X issued by the certification authority Y Y {I} = the signing of I by Y consisting of I with an encrypted hash code appended.
  • 7.
    X.509: Obtaining AUser Certificate user certificates generated by a CA have the following characteristics:  „Any user with access to the public key of the CA can recover the user public key that was certified.  „No party other than the CA can modify the certificate without being detected.  „Since they are unforgeable,they can be placed in a directory without the need for the directory to make special efforts to protect them.
  • 8.
    X.509: CA TrustIssues  If all users subscribe to the same CA, then there is a common trust of that CA.  „All user certificates can be placed in the directory for access by all users.  „Any user can transmit his/her certificate directly to other users.  „Once B is in possession of A’s certificate, B has confidence that:  „Messages it encrypts will be secure.  „Messages signed with A’s private key are unforgivable.
  • 9.
    X.509: Multiple CAs „Large User Community  „Not Practical to Support All Users  „More Practical to Have Multiple CAs  „Each CA Provides Its Public Key to A Smaller User Group
  • 10.
    X.509: Authentication Procedures Threealternative authentication procedures for X.509 Directory Authentication Service  „Each use public-key signatures  „Each assumes that two parties know each other’s public key.  „either obtained from Directory  „or obtained in an initial message