1 / 15

This lecture

This lecture. Diffie-Hellman key agreement Authentication Certificates Certificate Authorities. Previous lecture. General differences between asymmetric and symmetric cryptography General design of interactive protocols Key exchange Man-in-the-middle. Diffie-Hellman.

selia
Download Presentation

This lecture

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. This lecture • Diffie-Hellman key agreement • Authentication • Certificates • Certificate Authorities Mårten Trolin

  2. Previous lecture • General differences between asymmetric and symmetric cryptography • General design of interactive protocols • Key exchange • Man-in-the-middle Mårten Trolin

  3. Diffie-Hellman • The first public key type result to be published! • Performs agreement on a common key without a need for the parties to have public and private keys Mårten Trolin

  4. Diffie-Hellman key agreement TCP/IP User Web server Decides on a prime p and a number g < p Generates a number 0 < a < p and computes x = ga mod p Sends x ( = ga mod p) Generates a number 0 < b < p and computes y = gb mod p Sends y ( = gb mod p) Communication encrypted under k = gab mod p Computes k = ya mod p Computes k = xb mod p Mårten Trolin

  5. Diffie-Hellman key agreement • The user computes xb = (ga)b mod p • The server computes ya = (gb)a mod p • Since (ga)b = gab = gba = (gb)a mod p both parties will use the same key! • Vulnerable to a man-in-the-middle attack • The man-in-the-middle negotiates one key with the user and one key with the server Mårten Trolin

  6. Authentication • Authentication is the process where the parties convince each other of their identity • Your passpart authenticates you to the border guard • Producing your signature on a credit card slip authenticates you to the sales-person • Shared secret (password) • Known public key • Public key certificate Mårten Trolin

  7. Shared secret • The server has given the user a password on a secure channel (registered mail, in person etc.) • After negotiating a common symmetric key, the user sends his password to the server. • The server verifies the password against the password stored in the database • If the contents match, the user is accepted. Mårten Trolin

  8. Shared secret – problems • Vulnerable to the man-in-the-middle attack if server not authenticated • Secure in combinations with other methods • Suitable only for situations where there are a limited number of users • Webmail services (www.hotmail.com, www.mail.ru, www.one.lv) • Online banking • Each user needs a different shared secret for each server Mårten Trolin

  9. Known public key • If the user knows the server’s public key in advance, he can verify its correctness during key agreement • Protects against man-in-the-middle, since the user would detect that the public key has been replaced • Protects against fake servers, since the fake server does not know the original server’s private key Mårten Trolin

  10. Known public key – problems • Complicated key distribution • Each user must know the key of the server it connects to Mårten Trolin

  11. Public key certificates • Known public keys eliminates the man-in-the-middle attack, but leaves the key management complicated • Public key certificates address this problem • Public key certificates lets a trusted third party (Certificate Authority, CA) use a digital signature to certify that a public key belongs to a certain entity (person or organization) • Compare with passports Mårten Trolin

  12. Public key certificates • A public key certificate consists of • A public key • Information on the owner • Name, address, photograph, finger-print, credit card number, etc. • A signature on the above data by a trusted party • Trusted party could be the government, a bank, etc. Public information User’s public key Identification data Digital signature by CA Private information User’s Private key Mårten Trolin

  13. Certificate authorities (CAs) • Trusted parties that sign certificates • Trusted because they are known to sign only true information • Their public keys are widely spread • If a user knows a CA’s public key, he can verify every certificate that CA has signed Mårten Trolin

  14. Example of use of certificates TCP/IP User(pu, su) Web server(ps, ss) User’s public key pu k1encrypted under pu. Public key certificate containing ps. Generates k1 Decrypts k1 using su. Generates k2 k2encrypted under ps. Decrypts k2 using ss. Communication encryptedunder k = k1 k2 Mårten Trolin

  15. Certificates and man in the middle • If the user knows the CA public key in advance, he can verify the certificate. • We are now safe from the man-in-middle • A man-in-the-middle has to replace the original public key with his own. • The signature in the certificate is no longer valid since the public key changed! • The user expects a certificate with certain identifying information. The man-in-the-middle does not possess such a certificate. • User will terminate the transaction. Mårten Trolin

More Related