Certificates and Authentication
Introduction

Task

Data Dictionary

Teacher's Tools

Bit Commitment

Blinding

Digital Signatures

Key Distribution

Public Key

Secret Splitting

Security Basics

Symmetric Key

 

 A certificate is an electronic identification document that identifies an individual with a public key.   This guards against impersonation attacks.  An impersonation attack is an attempt to pretend that you are someone else.  By pretending to be someone else, you can use their public key to obtain secret information.

The certificate binds the public key to the owner.   The certificate includes:

  • Name of the entity that owns the public key.
  • Serial Number
  • The issuer of the certificate
  • An expiration date for the certificate

The certificates are issued by certificate authorities.  These entities issue and validate certificates.

The certificates are used to confirm an identity.  The process of confirming an identity is known as authentication.   A common authentication is:

  1. The sender signs some data with its private key.
  2. The sender issues the certificate and the signed data to the receiver.
  3. The receiver checks the expiration date of the certificate. If the date has expired, then the authentication fails.
  4. The receiver checks the name of the entity to see if it knows who the entity is.
  5. The receiver works with the certificate authority to validate the certificate.
  6. The receiver decrypts the signature with the sender's public key.  The sender's public key is in the certificate.
  7. If the last two steps are successful, the authentication is successful.

Impersonation is guarded against in several manners:

  • The receiver must encrypt data with its private key.  The private key would not be known to an impersonator.
  • The certificate must be kept by the sender.  Though an impersonator can intercept it, he will not have the corresponding private key.
  • The impersonator will only have a finite number of days to determine the private key because the certificate has an expiration date.
  • The actual name of the certificate holder is present in the data.  This prevents unauthorized access to other areas.

Certificates can be issued for many reasons.

  • A company might issue certificates to allow certain levels of access.
  • A certificate may be associated with a user who has downloaded software but can only have it for a period of time.
  • A bank could issue a certificate to a customer to allow access to an account at a later point in time.

Clearly, certificates and authentication are important parts of secure systems.  The Internet uses certificates in its protocols.  The most popular protocol is the SSL protocol which is the Secure Sockets Layer Protocol.  Netscape uses this protocol to implement authentication.

For more information:

  1. Definition of digital certificate is available at http://www.whatis.com/digitace.htm.
  2. Definition of authentication is available at http://www.whatis.com/authenti.htm.
  3. "Introduction to SSL" by Netscape provides Certificate and Authentication Examples with the SSL protocol can be found at http://developer.netscape.com/docs/manuals/security/sslin/contents.htm.  October 9, 1998.
  4. "Digital Certificates" by David Cyganski, John A. Orr and Richard F. Vaz is available at http://www.ece.wpi.edu/infoeng/textbook/node216.html. January 26, 1998