Why digital certificate?

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello and this is sunny welcome back today my topic is digital certificate before I explain digital certificate we need to understand how digital signature works and find out the weakness with a digital signature and thus we could understand why detailed certificate is necessary the following example demonstrates how digital signature works here is the scenario Bob wants to send a detailee signed message to Alice first barbra creates a parable Keys public key and a private key he keeps his private key and put his public key in a public place then Bob creates his message and uses his private key to assign the message and sends them to Alice when Alice the guests Bob's a digitally signed message she goes to get his public key and she use it to verify Bob's digital signature if Alice verify the Bob's detail signature with his public key she has reason to believe the message was created and sent by Bob and his message was not ordered in transit I have one video about digital signature it shows how it works in detail I put is link below if you want to fully understand digital signature you can watch that video first otherwise please continue as we look at the example how digital signature was created and how it was verified we find out there's one bigger problem let's look at this example again first Baba creates a pair of icky public key and private key it keeps his probably the key and put in his public key in a public place then Bob creates his message and it uses his primary key to de tolly sign the message and sends them to Alice now the problem suppose a hacker intercepts Bob digitally signed message the hacker simply throws them away and it creates a whole new package a craze his own public key and a private key and put his own public key in public place just like Bob the heckler creates a totally different message and it creates our hackers own signature with his own private key the hacker says them to Alice he tells Alice this is Bob please go to get my public key so that you can verify my dito signature and my digitally signed a message Alice gets hackers public key and use it to verify hackers a signature and of course everything would work fine but Alice has no idea about the true identity of the sender because anyone can pretend to be Bob therefore there's one weakness in digital signature lack of authentication digital signature itself does not verify to identity of the sender and his public key the solution is digital certificate [Music] these are certificates are electronic credentials issued by trusted third-party a detail certificate not only verified identity of the owner but also verified the owner owns the public key use the same scenario as an example when Bob sends public key to Alice he does not ask her to retrieve his public key from a central site instead Bob attaches a digital certificate to his public key and ascended them to Alice together with his detailee signed message so what's the information is contained in a dieter certifcate it typically includes items such as certificate owner's name owners public key and an expiration date the detailed certificate the issues name the certificate issues details signature and I saw Alice would check all this information on certificate and it says she trusts a third party she would trust the dieter certificate Alice who can safely assume that the public key contained in a dieter certificate is actually from Bob not anyone else thus preventing man-in-the-middle attack keep in mind dieter certificate is based on trust the trustee the third party is a certificate authority an entity that issues dieter certificates like in real life you believe my passport can verify my identity simply because you trust my passports issuer another analogy in life when we sign a very important context we need a public notary such as Bank to verify the identity of the signer signing the paper witnesses the signatures and marks the document with step or sill a notary is supposed to ensure all signatures on a document are legitimate so is detailed certificate in summary digital certificate is based on trust or chain of trust it verifies the identity of the public key owner in other words it verifies details signature is a truly signed by the claimed signer and thank you very much as you next time [Music]
Info
Channel: Sunny Classroom
Views: 173,266
Rating: 4.9328094 out of 5
Keywords: networking, cybersecurity, security+, networking +, cyber threats, cyber defense, IoT, Wi-Fi security, digital certificate, CA, digital signature, man in the middle attack, Certificate Authority, weakness of digitally signed doc, public key, private key
Id: UbMlPIgzTxc
Channel Id: undefined
Length: 7min 33sec (453 seconds)
Published: Thu Jan 25 2018
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.