Public Key in Ns2
HI everybody here like to brief or just info about the Public Key infrastructure (Pki). Public Key is one of the method for cryptography using digital certificates used to transfer the data safe and securely. Explains how is done in Ns2.General explanation follows
Public-key cryptography requires that entities that want to communicate in a secure manner, possess certain security credentials. This collection of security credentials is stored in a wallet. Security credentials consist of a public/private key pair, a "user" certificate, a certificate chain, and "trusted" certificates.
The secrecy of encrypted data generally depends on the existence of a secret key shared between the communicating parties. Providing and distributing such secret keys is one aspect of key management. In a multiuser environment, secure key distribution may be difficult; public key cryptography was invented to solve this problem.
Public key cryptography is based on a secure secret key pair. Each key (one half of the pair) can only decrypt information encrypted by its corresponding key (the other half of the pair). A key pair includes:
• The private key, known only to its owner
• The public key, distributed widely, but still associated with its owner
Use of the cryptographic key pair to set up a secure, encrypted channel ensures the privacy of a message and validates the authenticity of the sender of the message. It also provides an important benefit: the ability to widely distribute the public key on a server, or in a central directory, without jeopardizing the integrity of the private key component of the key pair. This eliminates the need to transmit the public key to every correspondent in the system.
Each entity that participates in a public key system must have a public/private key pair. The public key for an entity is published by a certificate authority (CA) in a user certificate. Then, other entities that want to send it secure information can encrypt the information with the recipient entity's public key. Another use for a public key is for an entity that receives a communication to validate the sender's organizational affiliation.
Main Useful of Public Key
The PKI approach to security does not take the place of all other security technologies; rather, it is an alternative means of achieving security. The following advantages of PKI have led to its emergence as an industry standard for securing Internet and e-commerce applications.
• PKI is a standards-based technology.
• It allows the choice of trust provider.
• It is highly scalable. Users maintain their own certificates, and certificate authentication involves exchange of data between client and server only. This means that no third party authentication server needs to be online. There is thus no limit to the number of users who can be supported using PKI.
• PKI allows delegated trust. That is, a user who has obtained a certificate from a recognized and trusted certificate authority can authenticate himself to a server the very first time he connects to that server, without having previously been registered with the system.
• Although PKI is not notably a single sign-on service, it can be implemented in such a way as to enable single sign-on.
A certificate authority (CA) is a trusted third party that certifies that other entities--users, databases, administrators, clients, servers--are who they say they are. When it certifies a user, the certificate authority verifies the user's identity and grants a certificate, signing it with the certificate authority's private key. The certificate authority has its own certificate and public key, which it publishes, as well as a private key, which is securely maintained. Servers and clients use the CA's root certificate to verify signatures that the certificate authority has made. A certificate authority might be an external company that offers certificate services, or an internal organization such as a corporate MIS department
A certificate is like an electronic passport that proves the identity of a user or device that seeks to access the network. The certificate ensures that the entity's information is correct and that the public key actually belongs to that entity. A certificate is created when an entity's public key is signed by a trusted identity (a certificate authority). It contains information such as the following:
• the certificate user's name
• an expiration date
• a unique serial number assigned to the certificate by the CA
• the user's public key
• information about the rights and uses associated with the certificate
• the name of the certificate authority that issued the certificate
• the CA's signature
• an algorithm identifier that identifies which algorithm was used to sign the certificate
A trusted certificate, sometimes known as a root key certificate, typically belongs to a third party entity that is trusted to issue certificates. It is obtained in a secure manner and, operationally, does not need to be validated for its authenticity each time it is accessed because it is self-signed. A client or a server can validate that an entity is who it claims to be by verifying that the entity's certificate was issued by a known and trusted certificate authority.
Typically, certificate authorities whom you trust issue the user certificates. Oracle provides several default trusted certificates, so users do not have to install their own. These trusted certificates also enable servers to perform SSL authentication to clients who have wallets containing only trusted certificates.