Monday, May 30, 2011

PKI Implementing and Managing E-Security






Contents
Foreword xv
About the Authors xvii
About the Reviewers xix
Preface xxi
Chapter 1 Introduction 1
Security Trends 2
Electronic Commerce and Security Today 3
Security Services 3
Public Key Infrastructure 6
Applications 7
Audience 7
About this Book 8
About the Authors 10
Chapter 2 Introduction to Cryptography 11
My Mom 11
Is Cryptography Really Needed? 12
Cryptography 15
Cryptographic Algorithms 15
Cryptology and Cryptanalysis 16
Security by Obscurity 17
Cryptography 101 18
The Characters 19
Symmetric Cryptography 21
Pick a Number, Any Number 21
Symmetric Cryptography Recap 28
Asymmetric Cryptography 29
Public and Private Keys 31
The Benefits and Drawbacks of Asymmetric Cryptography 34
Asymmetric Cryptography Recap 35
The Best of Both Worlds 35
Hashes 39
Digital Signatures 41
Digital Certificates 45
Non-Repudiation 49
Congratulations! 50
Cryptography Recap 50
Securing Web Transactions 51
Why Isn’t Cryptography Pervasive Yet? 56
Standards-Based, Interoperable Solutions 57
Getting Burned 57
Migration 59
The Test 60
Reference 61
Chapter 3 Public Key Infrastructure Basics 63
Public Key Infrastructure Basics 63
Why Isn’t Public Key Cryptography Enough? 64
The Need for Trusted Identities 66
Certification Authorities 68
What Is a Digital Certificate? 70
Application Use of Certificates 77
Why Do You Need a Public Key Infrastructure? 79
User Authentication 80
Public Key Infrastructure Components 83
Key and Certificate Life Cycle Management 88
The Role of Authorization 89
Summary 93
References 94
Chapter 4 PKI Services and Implementation 95
Key and Certificate Life Cycle Management 95
Certificate Issuance 96
How Long Will that Key Last? 103
Certificate Revocation 106
Certificate Validation 108
Certification Paths 109
Types of Keys 115
Certificate Distribution 118
Fundamental Requirements 121
Protection of Private Keys 122
Deploying PKI Services 128
Public Certification Authority Services 129
In-House Enterprise Certification Authorities 132
Outsourced Enterprise CAs 133
How Do You Decide? 135
Summary 136
References 137
Chapter 5 Key and Certificate Life Cycles 139
Non-Repudiation and Key Management 139
Key Management 141
Key Generation 141
Key Stores 144
Key Transport 145
Key Archival 147
Key Recovery 150
Certificate Management 155
Certificate Registration 156
End-Entity Certificate Renewal 163
CA Certificate Renewal 163
Certificate Revocation 165
Summary 178
Chapter 6 A PKI Architecture—The PKIX Model 179
Public Key Infrastructure Architecture 179
The PKIX Model 179
PKIX Architecture 181
PKIX Functions 183
PKIX Specifications 186
PKI Entities 188
Registration Authority 188
Certification Authority 190
Repository 191
PKIX Management Protocols 191
CMP 192
CMC 197
Non-PKIX Management Protocols 200
SCEP 200
PKIX Certificate Validation Protocols 202
OCSP 203
SCVP 205
OCSP-X 207
Summary 208
References 208
Chapter 7 Application Use of PKI 211
PKI-Based Services 211
Digital Signature 211
Authentication 212
Timestamp 213
Secure Notary Service 213
Non-Repudiation 214
PKI-Based Protocols 216
Diffie-Hellman Key Exchange 217
Secure Sockets Layer 219
IPsec 223
S/MIME 228
Time Stamp Protocol
WTLS
Formatting Standards
X.509
PKIX
IEEE P1363
PKCS
XML
Application Programming Interfaces
Microsoft CryptoAPI
Common Data Security Architecture
Generic Security Service API 238
Lightweight Directory Access Protocol 238
Application and PKI Implementations 239
Signed Data Application 240
Summary 241
Chapter 8 Trust Models 243
What Is a Trust Model? 243
Trust 244
Trust Domains 245
Trust Anchors 246
Trust Relationships 247
General Hierarchical Organizations 249
Trust Models 251
Subordinated Hierarchical Models 251
Peer-to-Peer Models 256
Mesh Models 260
Hybrid Trust Models 268
Who Manages Trust? 273
User Control 273
Local Trust Lists 276
Managed Trust 278
Certificate Policy 280
Constrained Trust Models 281
Path Length 281
Certificate Policies 282
Path Construction and Validation 286
Path Construction 287
Path Validation 289
Implementations 290
Identrus Trust Model 290
ISO Banking Trust Model 292
Bridge CA 294
Summary 296
References 296
Chapter 9 Authentication and PKI 299
Who Are You? 299
Authentication 299
Authentication and PKI 301
Secrets 302
Passwords 302
Passwords in the Clear 302
Something Derived from Passwords 304
Adding a Little Randomness 306
Password Update 311
Here Come the Problems 312
The Costs of Passwords 315
Passwords Recap 316
Passwords and PKI 316
Moore’s Law Has Got Us! 318
Work to Strengthen Passwords 319
Authentication Tokens 320
2-Factor Authentication 321
Types of Authentication Tokens 322
PIN Management 331
Authentication Token Recap 334
Authentication Tokens and PKI 334
Smart Cards 337
Smart Card Construction 337
Talking to a Smart Card 339
Smart Card Classifications 341
Non-Crypto Cards 342
Crypto Cards 343
When Are Smart Cards Not Smart Cards? 345
Applications on a Smart Card 346
Smart Card Operating Systems 347
Smart Card Tamper Resistance 348
Structural Tamper Resistance 351
Smart Card Recap 354
Smart Cards and PKI 355
Biometric Authentication 359
How Biometrics Work 359
Biometric Data 360
Registration 361
FAR/FRR 362
The Biometric Design Center 362
Issues with Biometrics 364
Coverage 364
Agent-Side Spoofing 365
Server-Side Attacks 367
Social Issues 368
Cross-System Replay 369
Revocation 370
Recommendations 371
The Holy Grail: Biometrics and PKI 372
Biometric Recap 373
Wrapping Up Authentication 374
Chapter 10 Deployment and Operation 377
PKI Planning 377
Business Drivers 378
Applications Planning 380
Architecture Planning 381
User Impact 384
Support and Administration 386
Infrastructure Impact 387
Certificate Content Planning 389
Database Integration 391
Legal and Policy Considerations 393
Trust Models 397
Deployment Considerations 403
Operational Considerations 405
Summary 407
Chapter 11 PKI and Return on Investment 409
Total Cost of Ownership: The “I” in ROI 410
Products/Technologies 411
Plant (Facilities) 413
People 413
Process 413
Total Cost of Ownership: Summary 414
Financial Returns: The “R” in ROI 414
Business Process 416
Metrics 421
Revenues 421
Costs 423
Compliance 427
Risks 428
Financial Returns: Summary 430
PKI ROI: Summary 431
References 433
Appendix A X.509 Certificates 435
Appendix B Solution to the Test 461
Appendix C Privilege Management Infrastructure 469
Glossary 487
Index 497


Another Computer Security Books
Download

No comments:

Post a Comment

Related Posts with Thumbnails

Put Your Ads Here!