public key infrastructure alex bardas. what is cryptography ? cryptography is a mathematical method...
TRANSCRIPT
![Page 1: Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,](https://reader036.vdocuments.us/reader036/viewer/2022062511/551b9266550346d6338b5f99/html5/thumbnails/1.jpg)
Public Key Infrastructure
Alex Bardas
![Page 2: Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,](https://reader036.vdocuments.us/reader036/viewer/2022062511/551b9266550346d6338b5f99/html5/thumbnails/2.jpg)
What is Cryptography ?
• Cryptography is a mathematical method of protecting information– Cryptography is part of, but not equal to,
security
• In modern computing, crypto is used to remediate deficiencies in the cyber space
![Page 3: Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,](https://reader036.vdocuments.us/reader036/viewer/2022062511/551b9266550346d6338b5f99/html5/thumbnails/3.jpg)
Cryptographic Primitives
• Four Cryptographic Primitives:
1. Cryptographic Hash
2. Symmetric Encryption
3. Asymmetric Encryption
4. Digital Signatures
![Page 4: Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,](https://reader036.vdocuments.us/reader036/viewer/2022062511/551b9266550346d6338b5f99/html5/thumbnails/4.jpg)
Cryptographic Hash
• If the message content is changed, the hash will be different (provides integrity guarantee)
• Knowing the hash does not reveal the input message
Hashing is NOT encryption!
Examples: SHA-1
Text Message(variable length)
Cryptographic Hash Function
“Unique” Fixed-length String (Hash or Digest)
![Page 5: Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,](https://reader036.vdocuments.us/reader036/viewer/2022062511/551b9266550346d6338b5f99/html5/thumbnails/5.jpg)
Image source: http://en.wikipedia.org/wiki/File:Cryptographic_Hash_Function.svg
Cryptographic Hash Example
![Page 6: Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,](https://reader036.vdocuments.us/reader036/viewer/2022062511/551b9266550346d6338b5f99/html5/thumbnails/6.jpg)
Encryption vs. Hashing
Image source: http://www.unixwiz.net/techtips/iguide-crypto-hashes.html
![Page 7: Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,](https://reader036.vdocuments.us/reader036/viewer/2022062511/551b9266550346d6338b5f99/html5/thumbnails/7.jpg)
Symmetric Encryption (Secret-key Encryption)
• Encryption and decryption use the same key• Examples: AES
Clear Text Message Encryption Algorithm
Encrypted Message
Shared Key
Encrypted Message Decryption Algorithm
Clear Text Message
Shared Key
1.
2.
![Page 8: Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,](https://reader036.vdocuments.us/reader036/viewer/2022062511/551b9266550346d6338b5f99/html5/thumbnails/8.jpg)
Asymmetric Encryption (Public-key Encryption)
• Every party has a pair of keys: <Kpub , Kpriv>
• Encryption and decryption use different keys• It is hard to infer private key from the public key
Examples: RSA, El-Gamal
Public Key: announced to
everyone
Private Key: known to the owner only
![Page 9: Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,](https://reader036.vdocuments.us/reader036/viewer/2022062511/551b9266550346d6338b5f99/html5/thumbnails/9.jpg)
Asymmetric Encryption (Public-key Encryption)
Clear Text Message Encryption Algorithm
Encrypted Message
Public Key
Encrypted Message Decryption Algorithm
Clear Text Message
Private Key
1.
2.
![Page 10: Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,](https://reader036.vdocuments.us/reader036/viewer/2022062511/551b9266550346d6338b5f99/html5/thumbnails/10.jpg)
Digital Signature
• Based on asymmetric crypto - Examples: RSA, DSA, El-Gamal
• Properties of a Digital Signature:1. Verification of the validity of a digital signature
needs only the public key
2. Only the owner of the corresponding private key can produce a valid signature
There is also MAC (Message Authentication Code) – signing using a shared key (based on symmetric cryptography)
![Page 11: Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,](https://reader036.vdocuments.us/reader036/viewer/2022062511/551b9266550346d6338b5f99/html5/thumbnails/11.jpg)
Digital Signature
Message Signing Algorithm
Signed Message
Private Key
Signed Message Verification Algorithm
Signature is valid
Public Key
1.
2.
![Page 12: Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,](https://reader036.vdocuments.us/reader036/viewer/2022062511/551b9266550346d6338b5f99/html5/thumbnails/12.jpg)
A digitally signed Email Message
Image source: http://www.wintellect.com/cs/blogs/pmehner/archive/2009/10/10/howto-obtain-and-configure-a-free-certificate-for-digitally-signing-your-outlook-2007-email.aspx
![Page 13: Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,](https://reader036.vdocuments.us/reader036/viewer/2022062511/551b9266550346d6338b5f99/html5/thumbnails/13.jpg)
Public Crypto Challenge
Alice has Bob’s Public
KeyBob has Alice’s
Public KeyI am out of
luck today
- What if Alice and Bob cannot meet and exchange public keys ?- What if Alice and Bob don’t know each other ?- How to do they know that the public key that they are using belongs to the other
legitimate party and not to a malicious third party ?
![Page 14: Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,](https://reader036.vdocuments.us/reader036/viewer/2022062511/551b9266550346d6338b5f99/html5/thumbnails/14.jpg)
Man-In-The-Middle
Alice thinks she has
Bob’s Public Key Bob thinks
he has Alice’s
Public Key
1. Eve has Bob’s and Alice legitimate public keys2. “Somehow” Alice and Bob have Eve’s public keys3. It’s Eve’s lucky day
![Page 15: Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,](https://reader036.vdocuments.us/reader036/viewer/2022062511/551b9266550346d6338b5f99/html5/thumbnails/15.jpg)
How to Distribute Public Keys ?
• Ad-Hoc public key distribution (distribute at will)– Alice and Bob exchange public keys in a reliable
way• Public directory (similar to the telephone
directory)– Use a read-only directory (hard to modify/forge in
a large scale)• Published on paper
![Page 16: Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,](https://reader036.vdocuments.us/reader036/viewer/2022062511/551b9266550346d6338b5f99/html5/thumbnails/16.jpg)
Public Key Distribution
• We want to distribute public keys in electronic form, NOT on paper
• How to verify the authenticity of the digital directory?Use digital signature
![Page 17: Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,](https://reader036.vdocuments.us/reader036/viewer/2022062511/551b9266550346d6338b5f99/html5/thumbnails/17.jpg)
Certification Authority (CA)
• Alice and Bob don’t know each other but they both trust Cindy (Certification Authority)
• Alice and Bob have Cindy’s public key
• Cindy certifies Alice and Bob’s public keys => Digital Certificates
![Page 18: Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,](https://reader036.vdocuments.us/reader036/viewer/2022062511/551b9266550346d6338b5f99/html5/thumbnails/18.jpg)
Digital Certificates
Cindy’s (CA) Digital Signature
What does the certificate tell us?• This public key belongs to Alice. • Alice is not a CA (Certification Authority)
![Page 19: Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,](https://reader036.vdocuments.us/reader036/viewer/2022062511/551b9266550346d6338b5f99/html5/thumbnails/19.jpg)
Public Key Infrastructure
• What if Alice and Bob do not have a common friend?
– Cindy cannot be everywhere, Bob knows her but Alice doesn’t
• We have to find a trustworthy person that knows Cindy and Alice– Carl knows Cindy but doesn’t know Alice directly– Carl knows John and John knows Alice
• Certification chain
![Page 20: Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,](https://reader036.vdocuments.us/reader036/viewer/2022062511/551b9266550346d6338b5f99/html5/thumbnails/20.jpg)
Multiple Certification Authorities (CAs)
R
L11 L12
L21 L22L23 L24
L31 L32 L33 L34 L35 L36 L37 L38
CA hierarchy
Alice Bob
John
Carl
Cindy
![Page 21: Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,](https://reader036.vdocuments.us/reader036/viewer/2022062511/551b9266550346d6338b5f99/html5/thumbnails/21.jpg)
How are we getting the CA keys?
• Web Browsers are coming with an important number of root CA keys
• Other CA’s or single digital certificates can be added by the user (can be risky)
![Page 22: Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,](https://reader036.vdocuments.us/reader036/viewer/2022062511/551b9266550346d6338b5f99/html5/thumbnails/22.jpg)
Valid Certificate (signed by VeriSign)
![Page 23: Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,](https://reader036.vdocuments.us/reader036/viewer/2022062511/551b9266550346d6338b5f99/html5/thumbnails/23.jpg)
Valid Certificate Example
![Page 24: Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,](https://reader036.vdocuments.us/reader036/viewer/2022062511/551b9266550346d6338b5f99/html5/thumbnails/24.jpg)
Certificates Warnings in Different Web Browsers
![Page 25: Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,](https://reader036.vdocuments.us/reader036/viewer/2022062511/551b9266550346d6338b5f99/html5/thumbnails/25.jpg)
Sources of Information
• CIS751 Basic Crypto & PKI slide sets by Xinming (Simon) Ou – Kansas State University