luibpc eky fsueirtcrnartu l.
Skip this Video
Loading SlideShow in 5 Seconds..
luibPc eKy fsueIrtcrnartu PowerPoint Presentation
Download Presentation
luibPc eKy fsueIrtcrnartu

Loading in 2 Seconds...

play fullscreen
1 / 29

luibPc eKy fsueIrtcrnartu - PowerPoint PPT Presentation

  • Uploaded on

luibPc eKy fsueIrtcrnartu oeJ dlofrdO E5 7E9 0M 2r0 6a Public Key Infrastructure Joe Oldford EE 579 02 Mar 06 Spartans vs. Persians Overview Introduction Classical (symmetric) Cryptography Public Key (asymmetric) Cryptography Digital Signatures Public Key Infrastructures

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'luibPc eKy fsueIrtcrnartu' - Patman

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
luibpc eky fsueirtcrnartu

luibPc eKyfsueIrtcrnartu

oeJ dlofrdO

E5 7E9

0M 2r0 6a

public key infrastructure

Public KeyInfrastructure

Joe Oldford

EE 579

02 Mar 06

  • Introduction
  • Classical (symmetric) Cryptography
  • Public Key (asymmetric) Cryptography
  • Digital Signatures
  • Public Key Infrastructures
  • Insecurities
  • Summary
symmetric cryptography
Symmetric Cryptography

Shared Secret Key

symmetric cryptography6
Symmetric Cryptography
  • Same function and key are used for both encryption and decryption.
public key cryptography
Public Key Cryptography

Separate Unrelated Keys

public key cryptography8
Public Key Cryptography
  • The encryption and decryption functions use separate unrelated keys.
what goes public and what doesn t

Your encryption algorithm

Your encryption key


Your decryption key

What goes public and what doesn’t??
what does this mean
What does this mean??
  • Anyone can encrypt a message using your public key.
  • Only you can decrypt it.
  • No one can derive your decryption (secret) key from your algorithm and encryption (public) key.
  • The encryption and decryption order are reversible

What if I encrypt a message using my secret key??

too good to be true
Too good to be true?
  • Public Key Cryptosystems are very computationally intensive.
  • Practical only for very short messages i.e. secret key exchange, message hashes
  • Public Key cryptosystems cannot be proven secure.


Could the NSA break them…..

public key technology provides
Public Key technology provides:
  • Strong authentication. Users can securely identify themselves to other users and servers on a network without sending secret information (for example, passwords) over the network.
  • Data integrity. The verifier of a digital signature can easily determine whether or not digitally signed data has been altered since it was signed.
  • Support for non-repudiation. The user who signed data cannot successfully deny signing that data.
so then is this enough
So then, is this enough…

Not quite, how do we ensure:

  • Secret Key management
  • Public Directory security

Need a Public Key Infrastructure

(ITU-T standard X.509)

what is a public key infrastructure itu t standard x 509
What is a public key infrastructure? (ITU-T standard X.509)
  • A public key infrastructure (PKI) is the comprehensive system required to provide public-key encryption and digital signature services.
  • A PKI enables the use of encryption and digital signature services across a wide variety of applications by establishing and maintaining a trustworthy networking environment.
public key infrastructure x 509
Public Key Infrastructure (X.509)
  • Registration
  • Key Generation
  • Certification
  • Key Backup
  • Key Update
  • Certificate Revocation
certification authorities ca
Certification Authorities (CA)
  • Act as agents of trust in a PKI
  • Create certificates for user’s by generating key sets and digitally signing a user’s data set.
  • The CA’s signature ensures that any tampering with the contents can easily be detected
registration key generation
Registration – Key Generation
  • New users must register with the CA
  • The CA generates at least two separate key pairs, one pair for encryption and one pair for digital signing
  • Public keys are published in the CA’s directory
  • Secret keys MUST be kept secure, usually stored on a device; magnetic card, smart card
digital certificates
Digital Certificates
  • Each user’s registered identity is stored in a digital format known as a digital certificate.
  • Digital Certificates contain (at least):

-unique username

-user’s public key

-generating algorithm

-validity period

-specific use of the public key

-name of the CA

-certificate serial #

key backup
Key Backup
  • A business must be able to retrieve encrypted data when users lose their decryption keys
  • Decryption keys are backed up securely by the CA
  • Signing keys must NOT be backed up, to support non-repudiation the signing key must be under the sole control of the user at all times
key update
Key Update
  • Cryptographic key pairs should not be used forever
  • Updating key pairs should be transparent to the user, i.e. automatically updated
  • Key history must be maintained and securely managed by the key backup and recovery system
certificate revocation
Certificate Revocation
  • Certificate’s can be revoked before expiring
  • Revoked certificates are managed by the CA through a Certificate Revocation List
  • The revocation status of the certificate must be checked prior to each use.
so can we attack a pki
So can we attack a PKI….
  • Representation problem
  • Single key pair for challenge response and signing
  • Insecure updating
  • Symmetric Cryptography
  • Public Key Cryptography
  • Digital Signatures
  • Framework of X.509 – PKI
  • Attacks on a PKI
  • J. Buchmann. Introduction to Cryptography. Springer-Verlag, 2002
  • S. Singh. The Code Book. Anchor Books, 1999
  • Trusted Public-Key Infrastructure: