Luibpc eky fsueirtcrnartu
Download
1 / 29

- PowerPoint PPT Presentation


  • 277 Views
  • Uploaded on

luibPc eKy fsueIrtcrnartu oeJ dlofrdO E5 7E9 0M 2r0 6a Public Key Infrastructure Joe Oldford EE 579 02 Mar 06 Spartans vs. Persians Overview Introduction Classical (symmetric) Cryptography Public Key (asymmetric) Cryptography Digital Signatures Public Key Infrastructures

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about '' - Patman


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Luibpc eky fsueirtcrnartu l.jpg

luibPc eKyfsueIrtcrnartu

oeJ dlofrdO

E5 7E9

0M 2r0 6a


Public key infrastructure l.jpg

Public KeyInfrastructure

Joe Oldford

EE 579

02 Mar 06



Overview l.jpg
Overview

  • Introduction

  • Classical (symmetric) Cryptography

  • Public Key (asymmetric) Cryptography

  • Digital Signatures

  • Public Key Infrastructures

  • Insecurities

  • Summary


Symmetric cryptography l.jpg
Symmetric Cryptography

Shared Secret Key


Symmetric cryptography6 l.jpg
Symmetric Cryptography

  • Same function and key are used for both encryption and decryption.


Public key cryptography l.jpg
Public Key Cryptography

Separate Unrelated Keys


Public key cryptography8 l.jpg
Public Key Cryptography

  • The encryption and decryption functions use separate unrelated keys.


What goes public and what doesn t l.jpg

PUBLIC

Your encryption algorithm

Your encryption key

SECRET

Your decryption key

What goes public and what doesn’t??


What does this mean l.jpg
What does this mean??

  • Anyone can encrypt a message using your public key.

  • Only you can decrypt it.

  • No one can derive your decryption (secret) key from your algorithm and encryption (public) key.

  • The encryption and decryption order are reversible

    What if I encrypt a message using my secret key??



Too good to be true l.jpg
Too good to be true?

  • Public Key Cryptosystems are very computationally intensive.

  • Practical only for very short messages i.e. secret key exchange, message hashes

  • Public Key cryptosystems cannot be proven secure.

    Hmmm…..

    Could the NSA break them…..




Public key technology provides l.jpg
Public Key technology provides:

  • Strong authentication. Users can securely identify themselves to other users and servers on a network without sending secret information (for example, passwords) over the network.

  • Data integrity. The verifier of a digital signature can easily determine whether or not digitally signed data has been altered since it was signed.

  • Support for non-repudiation. The user who signed data cannot successfully deny signing that data.


So then is this enough l.jpg
So then, is this enough…

Not quite, how do we ensure:

  • Secret Key management

  • Public Directory security

    Need a Public Key Infrastructure

    (ITU-T standard X.509)


What is a public key infrastructure itu t standard x 509 l.jpg
What is a public key infrastructure? (ITU-T standard X.509)

  • A public key infrastructure (PKI) is the comprehensive system required to provide public-key encryption and digital signature services.

  • A PKI enables the use of encryption and digital signature services across a wide variety of applications by establishing and maintaining a trustworthy networking environment.


Public key infrastructure x 509 l.jpg
Public Key Infrastructure (X.509)

  • Registration

  • Key Generation

  • Certification

  • Key Backup

  • Key Update

  • Certificate Revocation


Certification authorities ca l.jpg
Certification Authorities (CA)

  • Act as agents of trust in a PKI

  • Create certificates for user’s by generating key sets and digitally signing a user’s data set.

  • The CA’s signature ensures that any tampering with the contents can easily be detected


Registration key generation l.jpg
Registration – Key Generation

  • New users must register with the CA

  • The CA generates at least two separate key pairs, one pair for encryption and one pair for digital signing

  • Public keys are published in the CA’s directory

  • Secret keys MUST be kept secure, usually stored on a device; magnetic card, smart card


Digital certificates l.jpg
Digital Certificates

  • Each user’s registered identity is stored in a digital format known as a digital certificate.

  • Digital Certificates contain (at least):

    -unique username

    -user’s public key

    -generating algorithm

    -validity period

    -specific use of the public key

    -name of the CA

    -certificate serial #



Key backup l.jpg
Key Backup

  • A business must be able to retrieve encrypted data when users lose their decryption keys

  • Decryption keys are backed up securely by the CA

  • Signing keys must NOT be backed up, to support non-repudiation the signing key must be under the sole control of the user at all times


Key update l.jpg
Key Update

  • Cryptographic key pairs should not be used forever

  • Updating key pairs should be transparent to the user, i.e. automatically updated

  • Key history must be maintained and securely managed by the key backup and recovery system


Certificate revocation l.jpg
Certificate Revocation

  • Certificate’s can be revoked before expiring

  • Revoked certificates are managed by the CA through a Certificate Revocation List

  • The revocation status of the certificate must be checked prior to each use.


So can we attack a pki l.jpg
So can we attack a PKI….

  • Representation problem

  • Single key pair for challenge response and signing

  • Insecure updating


Summary l.jpg
Summary

  • Symmetric Cryptography

  • Public Key Cryptography

  • Digital Signatures

  • Framework of X.509 – PKI

  • Attacks on a PKI


References l.jpg
References

  • J. Buchmann. Introduction to Cryptography. Springer-Verlag, 2002

  • S. Singh. The Code Book. Anchor Books, 1999

  • Trusted Public-Key Infrastructure:

    http://www.entrust.com/resources/whitepapers.cfm