1 / 25

P ublic K ey I nfrastructure

P ublic K ey I nfrastructure. Alex Bardas. What is Cryptography ?. Cryptography is a mathematical method of protecting information Cryptography is part of, but not equal to, security In modern computing, crypto is used to remediate deficiencies in the cyber space.

inigo
Télécharger la présentation

P ublic K ey I nfrastructure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Public Key Infrastructure Alex Bardas

  2. What is Cryptography ? • Cryptography is a mathematical method of protecting information • Cryptography is part of, but not equal to, security • In modern computing, crypto is used to remediate deficiencies in the cyber space

  3. Cryptographic Primitives • Four Cryptographic Primitives: • Cryptographic Hash • Symmetric Encryption • Asymmetric Encryption • Digital Signatures

  4. Cryptographic Hash • If the message content is changed, the hash will be different (provides integrity guarantee) • Knowing the hash does not reveal the input message Hashing is NOT encryption! Examples: SHA-1 “Unique” Fixed-length String (Hash or Digest) Text Message (variable length) Cryptographic Hash Function

  5. Cryptographic Hash Example Image source: http://en.wikipedia.org/wiki/File:Cryptographic_Hash_Function.svg

  6. Encryption vs. Hashing Image source: http://www.unixwiz.net/techtips/iguide-crypto-hashes.html

  7. Symmetric Encryption (Secret-key Encryption) • Encryption and decryption use the same key • Examples: AES Encrypted Message Clear Text Message Clear Text Message Encrypted Message Encryption Algorithm Decryption Algorithm 1. Shared Key Shared Key 2.

  8. Asymmetric Encryption (Public-key Encryption) • Every party has a pair of keys: <Kpub , Kpriv> • Encryption and decryption use different keys • It is hard to infer private key from the public key Examples: RSA, El-Gamal Public Key: announced to everyone Private Key: known to the owner only

  9. Asymmetric Encryption (Public-key Encryption) 1. Encrypted Message Clear Text Message Clear Text Message Encrypted Message Encryption Algorithm Decryption Algorithm Public Key Private Key 2.

  10. Digital Signature • Based on asymmetric crypto - Examples: RSA, DSA, El-Gamal • Properties of a Digital Signature: • Verification of the validity of a digital signature needs only the public key • Only the owner of the corresponding private key can produce a valid signature • There is also MAC (Message Authentication Code) – signing using a shared key (based on symmetric cryptography)

  11. Digital Signature 1. Signed Message Signature is valid Message Signed Message Signing Algorithm Verification Algorithm Private Key Public Key 2.

  12. A digitally signed Email Message Image source: http://www.wintellect.com/cs/blogs/pmehner/archive/2009/10/10/howto-obtain-and-configure-a-free-certificate-for-digitally-signing-your-outlook-2007-email.aspx

  13. Public Crypto Challenge Alice has Bob’s Public Key Bob has Alice’s Public Key I am out of luck today  • What if Alice and Bob cannot meet and exchange public keys ? • What if Alice and Bob don’t know each other ? • How to do they know that the public key that they are using belongs to the other legitimate party and not to a malicious third party ?

  14. Man-In-The-Middle Alice thinks she has Bob’s Public Key Bob thinks he has Alice’s Public Key Eve has Bob’s and Alice legitimate public keys “Somehow” Alice and Bob have Eve’s public keys It’s Eve’s lucky day

  15. How to Distribute Public Keys ? • Ad-Hoc public key distribution (distribute at will) • Alice and Bob exchange public keys in a reliable way • Public directory (similar to the telephone directory) • Use a read-only directory (hard to modify/forge in a large scale) • Published on paper

  16. Public Key Distribution • We want to distribute public keys in electronic form, NOT on paper • How to verify the authenticity of the digital directory? Use digital signature

  17. Certification Authority (CA) • Alice and Bob don’t know each other but they both trust Cindy (Certification Authority) • Alice and Bob have Cindy’s public key • Cindy certifies Alice and Bob’s public keys => Digital Certificates

  18. Digital Certificates Cindy’s (CA) Digital Signature • What does the certificate tell us? • This public key belongs to Alice. • Alice is not a CA (Certification Authority)

  19. Public Key Infrastructure • What if Alice and Bob do not have a common friend? • Cindy cannot be everywhere, Bob knows her but Alice doesn’t • We have to find a trustworthy person that knows Cindy and Alice • Carl knows Cindy but doesn’t know Alice directly • Carl knows John and John knows Alice • Certification chain

  20. Multiple Certification Authorities (CAs) Carl R L11 L12 CA hierarchy John Cindy L23 L21 L22 L24 L31 L32 L33 L35 L34 L36 L37 L38 Alice Bob

  21. How are we getting the CA keys? • Web Browsers are coming with an important number of root CA keys • Other CA’s or single digital certificates can be added by the user (can be risky)

  22. Valid Certificate (signed by VeriSign)

  23. Valid Certificate Example

  24. Certificates Warnings in Different Web Browsers

  25. Sources of Information • CIS751 Basic Crypto & PKI slide sets by Xinming (Simon) Ou – Kansas State University

More Related