Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications

Public Key Cryptography

advertisement 
Public Key Cryptography
July 2011
Topics




Symmetric and Asymmetric Cryptography
Public Key Cryptography
Digital Signatures
Digital Certificates
The briefcase example with shared key
Private-Key Cryptography

Traditional private/secret cryptography uses one key




Shared by both sender and receiver
If this key is disclosed, communications are compromised
Symmetric : keys used in parties are equal
No protection of sender from receiver forging a message
& claiming is sent by sender
Symmetric Key Cryptography
Plain-text input
Cipher-text
Plain-text output
“The quick
“The quick
brown fox
jumps over the
lazy dog”
“AxCv;5bmEseTfid3)fGsmW
e#4^,sdgfMwir3:dkJeTsY8R
\s@!q3%”
Encryption
brown fox
jumps over the
lazy dog”
Decryption
Same key
(shared secret)
Symmetric Pros and Cons

Strength:

Simple and really very fast (order of 1000 to 10000 faster than
asymmetric mechanisms)


Super-fast (and somewhat more secure) if done in hardware (3DES,
Rijndael)
Weakness:


Must agree the key beforehand
Securely pass the key to the other party
Key Distribution Problem

In symmetric key cryptosystems



Over complete graph with n nodes, nC2 = n(n-1)/2 pairs secret
keys are required.
Example: n=100, 99 x 50 = 4,950 keys are required
Problem: Managing large number of keys and keeping
them in a secure manner is difficult
a
e
b
c
d
Secret keys are required between
(a,b), (a,c), (a,d), (a,e), (b,c),
(b,d), (b,e), (c,d), (c,e), (d,e)
The briefcase example with unshared key
•
The briefcase has to be sent back and forward three times, which seems
pretty inefficient.
Desirable properties
Use briefcase example to come up with a specification that are
desirable for any cipher system that is to be used between two
entities who do not already share a symmetric key.
9
Topics




Symmetric and Asymmetric Cryptography
Public Key Cryptography
Digital Signatures
Digital Certificates
Public-Key Cryptography


Probably most significant advance in the history of
cryptography
Uses two keys – a public & a private key





One for encryption and another one for decryption
Knowledge of the encryption key doesn’t give knowledge of
the decryption key
Asymmetric since parties are not equal
Uses number theoretic concepts to function
Complements rather than replaces private key crypto
Analogy
Public-Key Cryptography issues

Developed to address two key issues:


key distribution – how to have secure communications in
general without having to trust a KDC with your key
digital signatures – how to verify a message comes intact
from the claimed sender
The Two Keys
Alice
Alice’s
Private key

Bob
Alice’s
Public key
Bob’s
Private key
Each party has two keys
Charlie
Bob’s
Public key
Charlie’s
Private key
Charlie’s
Public key
Main uses of Each Key

A public-key



Public to anybody
used to encrypt messages and verify signatures
A private-key


known only to the owner
used to decrypt messages, and sign (create) signatures
How does 2 different keys work?

Just an very simple example:


Public Key = 4, Private Key = 1/4, message M = 5
Encryption:



Ciphertext C = M * Public Key
5 * 4 = 20
Decryption:


Plaintext M = C * Private Key
20 * ¼ = 5
An Example: Internet Commerce




Bob wants to use his credit card to buy some brownies
from Alice over the Internet.
Alice sends her public key to Bob.
Bob uses this key to encrypt his credit-card number
and sends the encrypted number to Alice.
Alice uses her private key to decrypt this message (and
get Bob’s credit-card number).
Public Key Encryption
Clear-text Input
Cipher-text
“The quick
brown fox
jumps over the
lazy dog”
“The quick
brown fox
jumps over the
lazy dog”
“Py75c%bn&*)9|fDe^bDFa
q#xzjFr@g5=&nmdFg$5knv
Md’rkvegMs”
Encryption
public
Recipient’s
public key
Clear-text Output
Decryption
Different keys
private
Recipient’s
private key
Hybrid Encryption Systems



All known public key encryption algorithms are much
slower than the fastest secret-key algorithms.
In a hybrid system, Alice uses Bob’s public key to send him
a secret shared session key.
Alice and Bob use the session key to exchange
information.
Topics




Symmetric and Asymmetric Cryptography
Public Key Cryptography
Digital Signatures
Digital Certificates
A Digital Signature

Digital data that carries the intent of a signature related
to a digital document

Use to demonstrate the authenticity of a digital message
or document

A valid digital signature gives a recipient reason to believe
that the message was created by a known sender, and
that it was not altered in transit
Sender: Creating a Digital Signature
Message or File
Message Digest
This is the
document
created by
Charlotte
Digital Signature
(Typically 128 bits)
3kJfgf*£$&
3kJfgf*£$&
Py75c%bn
RSA
SHA, MD5
Asymmetric
Encryption
Generate
Hash
Calculate a short message digest
from even a long input using a
one-way message digest function
(hash)
priv
Charlotte’s
private key
Signed
Document
Receiver: Verifying a Digital Signature
This is the
document
created by
Charlotte
Message Digest
Generate
Hash
Py75c%bn
3kJfgf*£$&
Signed
Document
pub
Charlotte's public key
(from certificate)
Digital
Signature
Asymmetric
Decryption
Equal??
Py75c%bn
Topics




Symmetric and Asymmetric Cryptography
Public Key Cryptography
Digital Signatures
Digital Certificates
What is a Certificate ?

The simplest certificate just contains:



2wsR46%frd
pub
EWWrswe(*^
$G*^%#%#
%DvtrsdFDfd
3%.6,7
A public key
Information about the entity that is being certified to own
that public key
… and the whole is

Digitally signed by someone trusted (like your friend or a CA)
This public
key belongs
to Charlotte
3kJfgf*£$&4d
ser4@358g6
*gd7dT
Can be a person or a computer
or a device..
Digital
Signature
Certificate
25
X.509 Certificate
X.500 Subject
Who is the owner, CN=Charlotte,O=CERN,C=CH
Public Key
The public key or info about it
X.500 issuer
Who is signing, O=CERN,C=CH
Expiration date
See later why expiration date is important
Serial Number
Extensions
Additional arbitrary information
Info
CA Digital Signature
… of the issuer, of course
Certificate
26
Elements of Digital Cert.

A Digital ID typically contains the following information:

Your public key, Your name and email address

Expiration date of the public key, Name of the CA who issued your Digital ID
Certificate Validation


Essentially, this is just checking the digital signature
But you may have to “walk the path” of all subordinate authorities
“In BigRoot We Trust”
until you reach the root

Unless you explicitly trust a subordinate CA
(installed root CA certificate)
Public key
Public key
Public key
This public
key belongs
to Charlotte
This public
key belongs
to CERN
This public
key belongs
to BigRoot
Check DS of
CERN
Check DS of
Foobar
Issued by:
CERN
Issued by:
BigRoot
Issued by:
BigRoot
CERN Digital
Signature
BigRoot Digital
Signature`
BigRoot Digital
Signature
Certificate
Certificate
Certificate
Q&A
Related documents
- projectgenie
- projectgenie
Final Project Presentation
Final Project Presentation
HardCrypto
HardCrypto
Digital Certificates
Digital Certificates
Topic 7 Using cryptography in mobile computing
Topic 7 Using cryptography in mobile computing
lecture10 - Department of Mathematics & Computer Science
lecture10 - Department of Mathematics & Computer Science
Cryptography Applied to Linear Functions
Cryptography Applied to Linear Functions
Cryptography and Secret Codes
Cryptography and Secret Codes
Implementing SSL/TLS - Command Line Fanatic
Implementing SSL/TLS - Command Line Fanatic
Engineering Notebook Layout
Engineering Notebook Layout
The two main branches of public key cryptography
The two main branches of public key cryptography
Element Birth Certificate
Element Birth Certificate
Download
advertisement