Public Key Infrastructure

Major: Security of Information and Communication Systems
Code of subject: 7.125.01.O.002
Credits: 4.00
Department: Information Technology Security
Lecturer: Assoc. Prof. Stepan Voytusik.
Semester: 1 семестр
Mode of study: денна
Learning outcomes: • Knowledge of the provisions of the regulatory framework of the CPI and the national EDS system; • Knowledge of the basic architectures of the CPI and the national EDS system; • Knowledge of third party trust models and mechanisms; • Knowledge of the life cycle of the private key and public key certificate; • Knowledge of the classification and structure of CPI certificates (EDS); • Knowledge of basic standards in the field of CPI and the national EDS system; • Knowledge of cryptographic protocols, data formats and technical specifications of CPI (EDS); • Knowledge of mechanisms for ensuring cryptographic survivability of subjects and objects of CPI; • Ability to apply standards in the field of cryptographic protection of information and to select specific parameters of cryptographic algorithms that support and operate the public key infrastructure. • Ability to justify the choice of the architecture of the CPI (EDS system) taking into account the tasks to be solved at the level of the state, department, government agencies, private organizations, public organizations; • Ability to determine the functional structure, topology of certification centers and justify security requirements for centers in order to ensure the required quality of service;
Required prior and related subjects: Prerequisites: • Cryptographic systems and protocols, • Applied cryptology. Co-requisites: • Information security in cyber - physical systems.
Summary of the subject: Electronic trust services. Classification and formats of public key certificates. Life cycles of private keys and public certificates. Private key formats. Maintenance of public key certificates. Models and mechanisms of electronic trust services. Electronic trust services based on EDS and NS. Classification of CPI protocols, features, application and analysis. The main existing and future provisions of certification policies. Problems of theory and practice of providing electronic trust services
Assessment methods and criteria: Examining during lectures (without points) as the frontal or partial individual oral examination of students on the previously given material, especially in sections of the course that are necessary for understanding the lecture topics being read, or to assess the degree of digesting of previous lectures. • Current control on laboratory works in the form of individual examination. • Written tests. • Oral examination in the form of an interview. • Written examination. The maximum score in points (total for discipline): 100, particularly: • Execution and defense of laboratory works: 40 • Examination control: 60 (written component: 30, oral component: 30)
Recommended books: 1. ISO/IEC 18033-2:2006 Information technology – Security techniques – Encryption algorithms – Part 2: Asymmetric ciphers. 2. ISO/IEC 9796-3:2006 Information technology – Security techniques – Digital signature schemes giving message recovery – Part 3: Discrete logarithm based mechanisms (містить 5 механізмів з ISO/IEC 15946-4:2004). 3. DSTU ISO / IEC 15946-1: 2006 "Information technology. Methods of protection. Cryptographic transformations based on elliptic curves. Part 1. Basic provisions ". 4. DSTU 4145-2002 "Information technology. Cryptographic protection of information. Digital signature based on elliptical curves. Formation and verification ". 5. DSTU ISO / IEC 15946-3: 2006 "Information technology. Methods of protection. Cryptographic methods based on elliptic curves. Part 3: Installing the keys. 6. DSTU GOST 28147: 2009 "Information processing systems. Cryptographic protection. Cryptographic transformation algorithm ". 7. DSTU ISO / IEC 10118-3: 2005 "Information technology. Methods of protection. Hash functions. Part 3: Specialized hash functions.