Public Key Infrastructure Fundamentals - Bart Preneel
Вставка
- Опубліковано 27 січ 2025
- The function of a public key infrastructure (PKI) is to ensure secure delivery and management of public keys. Alternative trust models lead to different key architectures.
Public keys are published by means of digitally signed certificates.
A private key may be compromised, in which case the certificate containing the corresponding public key must be revoked. Many revocation methods are in current use. Publication of Certificate Revocation Lists (CRLs) and checking with an Online Certificate Status Protocol (OCSP) responder are best established.
Learning objectives
learn the components of a public key infrastructure.
understand key delivery and management mechanisms.
A lecture by Bart Preneel at SecAppDev 2013 in Leuven, Belgium.
Professor Bart Preneel of KU Leuven heads the COSIC (COmputer Security and Industrial Cryptography) research group. His main research area is information security with a focus on cryptographic algorithms and protocols as well as their applications to both computer and network security, and mobile communications.
He teaches cryptology, network security and coding theory at the K.U.Leuven and was visiting professor at the Ruhr Universitaet Bochum (Germany), the T.U.Graz (Austria), the University of Bergen (Norway), and the Universiteit Gent (Belgium). In '93-'94 he was a research fellow at the University of California at Berkeley. He has taught intensive courses around the world.
He undertakes industrial consulting (Mastercard International, S.W.I.F.T., Proton World International,...), and participates in the work of ISO/IEC JTC1/SC27/WG2.
Professor Preneel is Vice President of the International Association for Cryptologic Research (IACR) and co-founder and chairman of LSEC vzw (Leuven Security Excellence Consortium).
NICE, this was a very good explanation of the PKI system.
Thank you for posting this.
I really enjoyed watching this video. Thank you for posting this video. I look forward to the next video.
39:30 FYI - a notary public in U.S. does a very different job from a European notary public.
Thank for introducing us Public Key
Thank you for posting. Very helpful
Great video. Thank you so much!!
I am working on a project that requires public keys to be transferred from person to person (multiple times). The challenge though, is that I must be sure that the private key pertaining to the public key has not been accessed or can ever be accessed by any of the previous holders. I have to make the private key accessible only by the current holder and once it's violated, I'd like to broadcast this public key as retired to the entire network. Any ideas on how to get this done? Is there something out there that already does this?
If you are asking how you can make sure that someone, who had a private key once, forgets it, then I must confess I do not know. Presumably it cannot be done.
Wrt revocation of public keys, the common techniques are Certificate Revocation Lists (CRLs) and Online Certificate Status Protocol (OCSP). Both have their weaknesses. OCSP Stapling seems to be the technique which is currently favored.
No... I am not asking to recover a lost private key. The other information you offered is helpful though. Someone else suggested X.509. What do you think about that? I am working on un-counterfeit-able, transferable cryptocurrencies. Do you have any experience with cryptocurrencies?
George Danezis did a great talk on cryptocurrencies a couple of years ago: ua-cam.com/video/vC6IBu-BNRw/v-deo.html. Bart Preneel did one this year - recording should be available on our channel in a couple of weeks.
CRLs and OCSP are indeed techniques from the X.509 eco-system. That may not be the best solution for cryptocurrencies. Maybe you can learn from the concepts they implemented and the problems that emerged subsequently.
Not writing down his email in a non-scrapable document, that's security.
Professor Preneel is very knowledgeable, but his accent and speed of communication makes it hard for me to understand. Who did he say coined the name Public key infrastructure?
Was thinking exactly the same thing!
His name is
en.wikipedia.org/wiki/Loren_Kohnfelder