The combination of private key (symmetric) and public key

advertisement
http://www-math.cudenver.edu/~wcherowi/courses/m5410/ctcrsa.html
The combination of private key (symmetric) and public key (asymmetric) encryption appears in two widely used
security enhancements for electronic mail - PGP - and Web browsing - SSL.
PGP - Pretty Good Privacy
PGP is a hybrid system for sending enciphered, digitally signed messages usually by email.
Features:
 combination of algorithms in a set of utility software for encryption of messages, digests, and keys
 message digest used for digital signature
 key generation for private session key
 key generation for users' public/private key pairs
 key management and certification
Sending a message
1. Attach message signature
128 bit message digest plus timestamp
is enciphered with sender's private key
2. Compress message + digest
Removes redundancy - makes more secure (harder to attack)
and makes message smaller
3. Create session key
4. Symmetric encryption for message contents and signature
Method is not DES - uses IDEA (see Tanenbaum p 596).
Uses session key.
5. Encrypt session key
The session key is encrypted using RSA on receiver's public key.
6. Transmit (4) & (5)
Session key - digest and encryption










a session key is generated for each message sent
changes every time
made different by timestamp
made different by timing how user types input on the spot
key is sent to recipient using receiver's public key + RSA (asymmetric)
message is sent using session key +IDEA (symmetric encryption)
message includes digital signature using MD5 and RSA
authentication
non-repudiation
integrity
PGP key management summary



a public key/private key pair
is generated by PGP utility software for user on request
user's private key is stored securely on user's disk,
encrypted using user's pass phrase
(from user's wetware memory)
user's public key is made available in a record for giving away to others
(user id, public key, timestamp)
Certification is a key concept
Client/user will trust a public key if can get a Certificate for that key
 a digitally signed (user id, public key, timestamp)
encrypted with a trusted person's private key
Certificates can be checked by decryption with this trusted person's public key.
This person may be a CA (Certificate Authority).
Any accepted certificates are kept as trusted public keys in a public keyring file
and can be used automatically to check any later incoming certificates.
Leads to a network of trust building up.
PGP Standardisation and legal issues
Legal Issues
Not allowed to use within some countries by law (e.g. France)
Early version violates some USA patents (in USA only)
Zimmerman may be on trial for "exporting munitions"
but see New Scientist this week,
Standards
PGP is not a standard, but is freely available.
Algorithms are open.
Techno-politics
A political agenda is evident in the documentation.
Privacy - independence from government
SSL - Secure Socket Layer
Netscape Communications Corporation proprietary protocol.
see <URL:http://home.netscape.com/newsref/std/ssl_2.0_certificate.html>
and <URL:http://home.netscape.com/newsref/ref/128bit.html>
Protocol is built into Netscape browsers (and servers).
Provides
 privacy by encryption
 authentication by certificates and public/private keys
 data integrity by digital signature
SSL is a replacement for the socket layer - i.e. transport layer not specific to HTTP alone.
Available servers listen on different ports.




shttp secure HTTP server
ssmtp secure mail transfer (between MTAs)
snews secure news
spop3 secure mail post office protocol (between user mail agent and store)
Transparent to user in operation
Appears within HTML as replacement of URL
http://somewhere.org/thing.html
with
https://somewhere.org/thing.html
or use in HTML form for ACTION
<form method=POST
action="https://abc.com/cgi_bin/get_credit-card_no" ...>
SSL operation
Initial handshake between client and server when making connection
 server sends certificate containing ID and public key to client
- certificate is RSA public key encrypted with a CA's private key
 client checks certificate against own certificate database
or else checks signature of CA on the certificate - Certificate Authority
User can accept certificates and build up own list in client database.
Netscape builds in initial list of trusted Certificate Authorities
see Netscape browser->options->Security preferences->Site certificates
 length/type of secret session keys and algorithm to use are negotiated between client and server
 client creates 4 x private keys for session with a server
 client sends 4 keys to server encrypted with server's public key (known from certificate)
 client sends requests
- encrypted - RC2, RC4 or DES (using key K1)
- digitally signed - MD5 or SHA-1, RSA (using key K2)
 server sends responses similarly encrypted (K3), digitally signed (K4)
For efficiency a session can contain several HTTP requests with a server.
SSL - standardisation and legal issues
Legal issues
SSL is exported as crippled outside USA
(< 512 bit RSA keys; <40 bit secret keys)
so is not barred by USA export restrictions.
Standard
SSL has been submitted to Internet Engineering Task Force (IETF) as a draft standard - like an RFC.
Techno-politics
Netscape interests in commerce on the Web - want to build trust for transmission of Credit Card details etc.
- commercial reasons for them to make the protocol as (apparently) openly trustworthy as possible
Ssh






Ssh was built by Tatu Ylonen as a secure replacement for telnet. It uses port 22.
The client and server use encryption to make sure that an intruder listening to the network and inserting
messages on the network cannot derive useful information about the conversation and cannot interfere with
the conversation.
During the first phase of connection, the client and server use public-key encryption to agree on a session
key.
Public-key encryption was first described by Diffie and Hellman in 1976.
 Every computer has a key pair (two keys) that it invents. The two keys in the pair are related to
each other, but knowing one does not help anybody discover the other.
 One of the two keys is called the public key. It is published and is given to anybody who asks for
it.
 The other key is called the private key. It is never revealed to anybody.
 A message can be encrypted (that is, scrambled) with either the public or the private key. It can
then be decrypted (that is, unscrambled) only with the other key in the key pair.
 If A and B want to send each other secret messages, then the messages A sends to B should be
encrypted with B's public key, and the messages B sends to A should be encrypted with A's public
key. Only the recipients of these messages know how to decrypt (by using their private keys).
 If A wants to send B a signed message, A can encrypt the message with A's private key. B can
read the message by decrypting with A's public key, and knows that only A (or anyone who has
stolen A's private key) could have sent such a message.
 The methods of public-key encryption are slow, so ssh only uses them for initial connection and to
agree on a session key for this conversation.
Then the ssh client and server switch to one of several conventional encryption methods such as idea,
blowfish, des, 3des, arcfour, or tss for the rest of the conversation, using the session key they have agreed
on. Conventional encryption uses the same key for both encryption and decryption.
The length of a key dictates how easy it is to break the cipher using a brute-force attack, that is, one that
just tries all possible keys. A key of only 10 bits requires only 1024 guesses, which can be done in well
under a second. A key of 56 bits can be guessed in a few months of time on the Internet. For its first phase,
Ssh uses keys of about 1000 bits.
Download