PKI - trust & chain of trust -why, who and how?

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello and this is sunny welcome back public-key infrastructure or PKI is a framework for managing digital certificates and a public key encryption the purpose of PGI is to facilitate the secure electronic transfer of information over the internet such as online shopping online banking and email communications there are many policies standards and procedures in pinky but all is for building trust what is a trust trust is a confidence in or relies on another person or entity if one person knows and trusts the other person it is a directed trust if two individuals trust each other because each trust a third party it is a third party trust we are communicating with the strangers over the Internet how do we trust each other in PGI trust comes from third party certificate authority or say a say is our entities responsible for issuing digital certificates CS are external to organisation and they charge for the service this commercial C is such as Verisign Global sign our trusted third parties say ace can be also internal to organisation but here we focus on external commercial cia's but why do we trust them the answer is a simple we have to trust someone to begin with otherwise we could not do business over the internet just as in real life we have to trust our banks otherwise we to hide our money on the mattress back to say is how do they deserve our trust or why they are trustworthy the answer would be less philosophical but a more technical let me talk about a to trust models first and then I use one example to demonstrate how Trust is established between my browser and a web site hi akiko trust model in this trust model on the very top is a root CA rotor say a signs all digital certificates with a single parameter key and this entity is the highest signer it publishes our so-called self signed certificate to display is a special group and self assigned a certificate is a creative device using his own private key to verify his own identity is like me telling the world hello everyone my name is Sonny and this is the certificate for proof and it is a certificate is a signed by me it is sounds silly but it is how this model works but the hierarchical trust model has limitations if root assay is probably the key is compromised or digital certificates it assigned would become worthless distributed trust the model instead were having a single say a in a hierarchical trust model the distributed trust model has multiple series that assigned the digital certificates this essentially eliminates the limitations of a hierarchical trust model the loss of say is a primary key would compromise only those digital certificates for which it had assigned and the workload verifying the digital certificates can be distributed in addition this assay is can delegate authority to other intermediate say is to sign digital certificates the distributed trust model is the basis of the most detailed certificates used on the Internet distributed trust model establishes Ching our trust most the certificates used on internet are issued by intermediate cia's let me use an example to demonstrate Ching our trust when I log on to my gmail the HTTPS and the grain padlock appeared in my address bar it means my browser trusts mail.google.com is the right one and it is a secure but a why technically this is how my browser verifies the site first it checks the digital certificate of melted Google calm you can see the certificate is issued to mail.google.com and assigned by Google Internet Authority let me check the certificate path we can see Google Internet Authority is intermediate C which is assigned by route say a global sign and in the road to see a global sign certificate is very interesting because it is assigned by itself we called self assigned a certificate because my browser is previously installed with all major roads see is public keys and it will use the public key to verify digital signature I will rule to say once very fine the route say my browser would trust the Google Internet Authority the intermediacy they it will trust the site mail.google.com here is the summary of a chain of a trust for my browser mail.google.com detail certificate is issued by intermediate see a Google Internet Authority which verifies mail.google.com by is digital signature the intermediate see is signature is issued and a detailee signed by root see a global sign and a root see a global psy self-assigned is own certificate if my browser trust road say a it will trust the site may alter google calm I hope this video is helpful and thank you very much Anna see you next time [Music] you [Music]

Info

Channel: Sunny Classroom

Views: 92,490

Rating: 4.9495411 out of 5

Keywords: networking, cybersecurity, security+, networking +, cyber threats, cyber defense, IoT, Wi-Fi security, trust, CA, Certificate Authority, Trust models, direct trust, third-party trust, PKI, public key infrastructure

Id: LPxeYtMDxl0

Channel Id: undefined

Length: 8min 19sec (499 seconds)

Published: Sat Feb 03 2018