Introduction to Public Key Infrastructure and OpenCA PKI

Document Sample
Introduction to Public Key Infrastructure and OpenCA PKI Powered By Docstoc
					       Introduction to Public Key Infrastructure and OpenCA PKI

                        ECE Scholarly Paper Presentation
                                    Ayesha Ghori

                          Advisor: Prof. Jens-Peter Kaps

                                Date: April 30th 2009
                                  Time: 5:00 pm
                                Location: Research I
                                    Room# 162
With the advent of e-commerce, almost all of our monetary transactions are being
carried out over the internet. The users of e-commerce and e-banking connect to a
network and accomplish transactions in which a lot of sensitive data is exchanged, like
credit card details, bank account details, passwords etc. It is very important that the
information shared should reach the intended recipient and is not available publicly. The
users expect to have integrity, confidentiality, authentication and non-repudiation when
they access a public network. To facilitate secure communication between two entities,
there is a need of some private information or key to be shared between the two. The fact
that the sender and the intended recipient alone share some secret information (key)
prior to transmission of the messages between them, requires them to convey the key in
an out-of band secure communication before starting the intended communication. The
concept of sharing a key that can be publicly revealed without compromising
communication security is the basis of Public Key Infrastructure. The PKI provides for
services like authentication, integrity, digital signatures, key establishment, and zero
knowledge/minimum knowledge protocols. The services are realized by a combination of
symmetric and asymmetric cryptographic techniques enabled through a single, easily
managed infrastructure/trusted authority. OpenCA is an open source PKI software,
among the others available today. It is designed for UNIX/LINUX operating systems;
however anyone using other operating systems can request, revoke and obtain their
certificate through the web-interface OpenCA offers. It is an economical substitute for
the other more expensive Certificate authorities. In this paper we discuss features of
OpenCA and how it realizes the standards of the technology of PKI. The goal is to gain
knowledge a fully functional PKI and to understand and use digital certificates better.

 Index Terms—
 OpenCA, Certificate Authority, Digital Signature, Digital Certificate. Public key
Cryptography, Public Key Infrastructure.