Presentation is loading. Please wait.

Presentation is loading. Please wait.

Digital Signature, Digital Certificate CSC1720 – Introduction to Internet Essential Materials.

Similar presentations


Presentation on theme: "Digital Signature, Digital Certificate CSC1720 – Introduction to Internet Essential Materials."— Presentation transcript:

1 Digital Signature, Digital Certificate CSC1720 – Introduction to Internet Essential Materials

2 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.2 Outline Introduction Introduction Cryptography Cryptography –Secret-key algorithms –Public-key algorithms –Message-Digest algorithms Digital Signature Digital Signature Digital Certificate Digital Certificate Public Key Infrastructure (PKI) Public Key Infrastructure (PKI) Secure Electronic Transaction (SET) Secure Electronic Transaction (SET) Summary Summary

3 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.3 Introduction Cryptography and digital certificates are first appeared in closed commercial, financial network and military systems. Cryptography and digital certificates are first appeared in closed commercial, financial network and military systems. We can send/receive secure e-mail, connect to secure website to purchase goods or obtain services. We can send/receive secure e-mail, connect to secure website to purchase goods or obtain services. Problem: How do we implement them in this global, open network, Internet? Problem: How do we implement them in this global, open network, Internet? To what level of encryption is sufficient to provide safe and trust services on the Net? To what level of encryption is sufficient to provide safe and trust services on the Net?

4 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.4 Cryptography 3 cryptographic algorithms: 3 cryptographic algorithms: –Message-digest algorithms Map variable-length plaintext to fixed-length ciphertext. Map variable-length plaintext to fixed-length ciphertext. –Secret-key algorithms Use one single key to encrypt and decrypt. Use one single key to encrypt and decrypt. –Public-key algorithms Use 2 different keys – public key and private key. Use 2 different keys – public key and private key.

5 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.5 Keys It is a variable value that is used by cryptographic algorithms to produce encrypted text, or decrypt encrypted text. It is a variable value that is used by cryptographic algorithms to produce encrypted text, or decrypt encrypted text. The length of the key reflects the difficulty to decrypt from the encrypted message. The length of the key reflects the difficulty to decrypt from the encrypted message. EncryptionDecryption Plaintext Ciphertext Key

6 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.6 Key length It is the number of bits (bytes) in the key. It is the number of bits (bytes) in the key. A 2-bit key has four values A 2-bit key has four values –00, 01, 10, 11 in its key space A key of length “ n ” has a key space of 2^n distinct values. A key of length “ n ” has a key space of 2^n distinct values. E.g. the key is 128 bits E.g. the key is 128 bits –101010101010 ….10010101111111 –There are 2^128 combinations –340 282 366 920 938 463 463 374 607 431 768 211 456

7 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.7 Secret-key Encryption Use a secret key to encrypt a message into ciphertext. Use a secret key to encrypt a message into ciphertext. Use the same key to decrypt the ciphertext to the original message. Use the same key to decrypt the ciphertext to the original message. Also called “ Symmetric cryptography ”. Also called “ Symmetric cryptography ”. EncryptionDecryption Plaintext Ciphertext Secret Key

8 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.8 Secret Key How to? Encrypted Text Original Text + Secret key = Encrypted Text Original TextSecret key + = Encryption Decryption

9 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.9 Secret-Key Problem? All keys need to be replaced, if one key is compromised. All keys need to be replaced, if one key is compromised. Not practical for the Internet environment. Not practical for the Internet environment. On the other hand, the encryption speed is fast. On the other hand, the encryption speed is fast. Suitable to encrypt your personal data. Suitable to encrypt your personal data.

10 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.10 Secret-Key algorithms Algorithm Name Key Length (bits) Blowfish Up to 448 DES56 IDEA128 RC2 Up to 2048 RC4 RC5 Triple DES 192 References: Blowfish DES IDEA RC2 RC4 RC5 DES-3

11 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.11 Public-key Encryption Involves 2 distinct keys – public, private. Involves 2 distinct keys – public, private. The private key is kept secret and never be divulged, and it is password protected (Passphase). The private key is kept secret and never be divulged, and it is password protected (Passphase). The public key is not secret and can be freely distributed, shared with anyone. The public key is not secret and can be freely distributed, shared with anyone. It is also called “ asymmetric cryptography ”. It is also called “ asymmetric cryptography ”. Two keys are mathematically related, it is infeasible to derive the private key from the public key. Two keys are mathematically related, it is infeasible to derive the private key from the public key. 100 to 1000 times slower than secret-key algorithms. 100 to 1000 times slower than secret-key algorithms. EncryptionDecryption Plaintext Ciphertext Public KeyPrivate Key

12 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.12 How to use 2 different keys? Just an example: Just an example: –Public Key = 4, Private Key = 1/4, message M = 5 –Encryption: Ciphertext C = M * Public Key Ciphertext C = M * Public Key 5 * 4 = 20 5 * 4 = 20 –Decryption: Plaintext M = C * Private Key Plaintext M = C * Private Key 20 * ¼ = 5 20 * ¼ = 5

13 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.13 Public-Private Encryption First, create public and private key Public key Private key Private key stored in your personal computer Public Key Directory Public Key Public key stored in the directory

14 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.14 Message Encryption (User A sends message to User B) Public Key Directory Text User A User B ’ s Public Key Encryption Encrypted Text

15 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.15 Message Encryption Original Message Encrypted Message

16 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.16 Transfer Encrypted Data User A Encrypted Text Encrypted Text Insecure Channel User B

17 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.17 Decryption with your Private key Encrypted Text User B ’ s Private key Private key stored in your personal computer Decryption Original Text User B

18 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.18 Asymmetric algorithms Algorithm Name Key Length (bits) DSA Up to 448 El Gamal 56 RSA128 Diffie-Hellman Up to 2048 References: DSA El Gamal RSA Diffie-Hellman

19 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.19 How difficult to crack a key? Key Length Individual Attacker Small Group Academic Network Large Company Military Inteligence Agency 40WeeksDaysHoursMillisecondsMicroseconds 56CenturiesDecadesYearsHoursSeconds 64MillenniaCenturiesDecadesDaysMinutes 80InfeasibleInfeasibleInfeasibleCenturiesCenturies 128InfeasibleInfeasibleInfeasibleInfeasibleMillennia Attacker Computer Resources Keys / Second Individual attacker One high-performance desktop machine & Software 2^17 – 2^24 Small group 16 high-end machines & Software 2^21 – 2^24 Academic Network 256 high-end machines & Software 2^25 – 2^28 Large company $1,000,000 hardware budget 2^43 Military Intelligence agency $1,000,000 hardware budget + advanced technology 2^55

20 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.20 Crack DES-3 (Secret-key) Distributed.net Distributed.net connects 100,000 PCs on the Net, to get a record-breaking 22 hr 15 min to crack the DES algorithm. Speed: 245 billion keys/s Win $10,000

21 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.21 Message-Digest Algorithms It maps a variable-length input message to a fixed-length output digest. It maps a variable-length input message to a fixed-length output digest. It is not feasible to determine the original message based on its digest. It is not feasible to determine the original message based on its digest. It is impossible to find an arbitrary message that has a desired digest. It is impossible to find an arbitrary message that has a desired digest. It is infeasible to find two messages that have the same digest. It is infeasible to find two messages that have the same digest.

22 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.22 Message-Digest How to A hash function is a math equation that create a message digest from message. A hash function is a math equation that create a message digest from message. A message digest is used to create a unique digital signature from a particular document. A message digest is used to create a unique digital signature from a particular document. MD5 example MD5 example MD5 example MD5 example Hash Function Original Message (Document, E-mail) Digest

23 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.23 Message Digest Demo

24 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.24 Message-Digest Message-Digest Algorithm Digest Length (bits) MD2128 MD4128 MD5128 Secure Hash Algorithm (SHA) 160 References: MD2 MD4 MD5 SHA

25 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.25 Break Time – 15 minutes

26 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.26 Digital Signature Digital signature can be used in all electronic communications Digital signature can be used in all electronic communications –Web, e-mail, e-commerce It is an electronic stamp or seal that append to the document. It is an electronic stamp or seal that append to the document. Ensure the document being unchanged during transmission. Ensure the document being unchanged during transmission.

27 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.27 How digital Signature works? User A User B Use A ’ s private key to sign the document Transmit via the Internet User B received the document with signature attached Verify the signature by A ’ s public key stored at the directory

28 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.28 Digital Signature Generation and Verification Message SenderMessage Receiver Message Hash function Digest Encryption Signature Hash function Digest Decryption Expected Digest Private Key Public Key

29 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.29 Digital Signature Reference Reference Reference

30 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.30 Key Management Private key are password-protected. Private key are password-protected. If someone want your private key: If someone want your private key: –They need the file contains the key –They need the passphrase for that key If you have never written down your passphrase or told anyone If you have never written down your passphrase or told anyone –Very hard to crack –Brute-force attack won ’ t work

31 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.31 Digital Certificates Digital Certificate is a data with digital signature from one trusted Certification Authority (CA). Digital Certificate is a data with digital signature from one trusted Certification Authority (CA). This data contains: This data contains: –Who owns this certificate –Who signed this certificate –The expired date –User name & email address

32 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.32 Digital Certificate Reference Reference Reference

33 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.33 Elements of Digital Cert. A Digital ID typically contains the following information: A Digital ID typically contains the following information: –Your public key, Your name and email address –Expiration date of the public key, Name of the CA who issued your Digital ID

34 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.34 Certification Authority (CA) A trusted agent who certifies public keys for general use (Corporation or Bank). A trusted agent who certifies public keys for general use (Corporation or Bank). –User has to decide which CAs can be trusted. The model for key certification based on friends and friends of friends is called “ Web of Trust ”. The model for key certification based on friends and friends of friends is called “ Web of Trust ”. –The public key is passing from friend to friend. –Works well in small or high connected worlds. –What if you receive a public key from someone you don ’ t know?

35 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.35 CA model (Trust model) Root Certificate CA Certificate Browser Cert. CA Certificate Server Cert.

36 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.36 Web of Trust model Bob A B Alice D C

37 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.37 Public Key Infrastructure (PKI) PKI is a system that uses public-key encryption and digital certificates to achieve secure Internet services. PKI is a system that uses public-key encryption and digital certificates to achieve secure Internet services. There are 4 major parts in PKI. There are 4 major parts in PKI. –Certification Authority (CA) –A directory Service –Services, Banks, Web servers –Business Users

38 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.38 Digital 21. gov.hk ReferenceReference: An official homepage which provides lot of PKI, e-commerce information

39 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.39 PKI Structure Certification Authority Directory services User Services, Banks, Webservers Public/Private Keys

40 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.40 4 key services Authentication – Digital Certificate Authentication – Digital Certificate –To identify a user who claim who he/she is, in order to access the resource. Non-repudiation – Digital Signature Non-repudiation – Digital Signature –To make the user becomes unable to deny that he/she has sent the message, signed the document or participated in a transaction. Confidentiality - Encryption Confidentiality - Encryption –To make the transaction secure, no one else is able to read/retrieve the ongoing transaction unless the communicating parties. Integrity - Encryption Integrity - Encryption –To ensure the information has not been tampered during transmission.

41 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.41 Certificate Signers

42 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.42 Certificate Enrollment and Distribution

43 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.43 Secure Web Communication Server authentication is necessary for a web client to identify the web site it is communicating with. Server authentication is necessary for a web client to identify the web site it is communicating with. To use SSL, a special type of digital certificate – “ Server certificate ” is used. To use SSL, a special type of digital certificate – “ Server certificate ” is used. Get a server certificate from a CA. Get a server certificate from a CA. –E.g. www.hitrust.com.hk, www.cuhk.edu.hk/ca/ www.hitrust.com.hkwww.cuhk.edu.hk/ca/www.hitrust.com.hkwww.cuhk.edu.hk/ca/ Install a server certificate at the Web server. Install a server certificate at the Web server. Enable SSL on the Web site. Enable SSL on the Web site. Client authentication – Client certificates Client authentication – Client certificatesClient certificatesClient certificates

44 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.44 Strong and Weak Encryption Strong encryption Strong encryption –Encryption methods that cannot be cracked by brute-force (in a reasonable period of time). –The world fastest computer needs thousands of years to compute a key. Weak encryption Weak encryption –A code that can be broken in a practical time frame. –56-bit encryption was cracked in 1999. –64-bit will be cracked in 2011. –128-bit will be cracked in 2107.

45 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.45 Pretty Good Privacy (PGP) Release in June 1991 by Philip Zimmerman (PRZ) Release in June 1991 by Philip Zimmerman (PRZ) PGP is a hybrid cryptosystem that allows user to encrypt and decrypt. PGP is a hybrid cryptosystem that allows user to encrypt and decrypt. Use session key “ a random generated number from the mouse movement or keystrokes ” Use session key “ a random generated number from the mouse movement or keystrokes ” Demo & Tutorial Demo & TutorialTutorial

46 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.46 PGP Public Key Philip R Zimmermann's Public Keys Philip R Zimmermann's Public Keys Current DSS/Diffie-Hellman Key: Current DSS/Diffie-Hellman Key: Key fingerprint: 055F C78F 1121 9349 2C4F 37AF C746 3639 B2D7 795E Key fingerprint: 055F C78F 1121 9349 2C4F 37AF C746 3639 B2D7 795E -----BEGIN PGP PUBLIC KEY BLOCK----- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGP 7.0.3 Version: PGP 7.0.3 mQGiBDpU6CcRBADCT/tGpBu0EHpjd3G11QtkTWYnihZDBdenjYV2EvotgRZAj5h4ewprq1u/zqzGBYpiYL/9j+5XDFcoWF24bzsUmHXsbD Siv+XEyQND1GUdx4wVcEY5rNjkArX06XuZzObvXFXOvqRj6LskePtw3xLf5uj8jPN0Nf6YKnhfGIHRWQCg/0UAr3hMK6zcA/egvWRGsm9d JecD/18XWekzt5JJeK3febJO/3Mwe43O6VNOxmMpGWOYTrhivyOb/ZLgLedqX+MeXHGdGroARZ+kxYq/a9y5jNcivD+EyN+IiNDPD64rl00 FNZksx7dijD89PbIULDCtUpps2J0gk5inR+yzinf+jDyFnn5UEHI2rPFLUbXWHJXJcp0UBACBkzDdesPjEVXZdTRTLk0sfiWEdcBM/5GpNsw MlK4A7A6iqJoSNJ4pO5Qq6PYOwDFqGir19WEfoTyHW0kxipnVbvq4q2vAhSIKOqNEJGxg4DTEKecf3xCdJ0kW8dVSogHDH/c+Q4+RFQ q/31aev3HDy20YayxAE94BWIsKkhaMyokAYQQfEQIAIQUCOlTwWwIHABcMgBE/xzIEHSPp6mbdtQCcnbwh33TcYQAKCRDHRjY5std5Xl e4AKCh1dqtFxD/BiZMqdP1eZYG8AZgTACfU7VX8NpIaGmdyzVdrSDUo49AJae0IlBoaWxpcCBSLiBaaW1tZXJtYW5uIDxwcnpAbWl0LmV kdT6JAFUEEBECABUFAjpU6CcFCwkIBwMCGQEFGwMAAAAACgkQx0Y2ObLXeV5WUQCfWWfTDHzSezrDawgN2Z4Qb7dHKooAoJyV nm61utdRsdLr2e6QnV5Z0yjjiQBGBBARAgAGBQI6VOkSAAoJEGPLaR3669X8JPcAnim4+Hc0oteQZrNUeuMSuirNVUr7AKC1WXJI7gwM q0Agz07hQs++POJBMokARgQQEQIABgUCOlcobQAKCRDXjLzlZqdLMVBtAKDa5VPcb6NVH6tVeEDJUv+tBjp6oACeLoNtfbs2rvJkgKDH WEIDmJdgy2GJAD8DBRA6WP4Y8CBzV/QUlSsRAkmdAKC3TfkSSeh+poPFnMfW+/Y/+AAEEpGSUYAAQEAAAEAAQAA/9sAQwAKBwc IBwYKCAgICwoKCw4YEA4NDQ4dFRYRGCMfJSQiHyIhJis3LyYpNCkhIjBBMTQ5Oz4+PiUuRElDPEg3PT47///EALUQAAIBAwMCBAMFB mQGiBDpU6CcRBADCT/tGpBu0EHpjd3G11QtkTWYnihZDBdenjYV2EvotgRZAj5h4ewprq1u/zqzGBYpiYL/9j+5XDFcoWF24bzsUmHXsbD Siv+XEyQND1GUdx4wVcEY5rNjkArX06XuZzObvXFXOvqRj6LskePtw3xLf5uj8jPN0Nf6YKnhfGIHRWQCg/0UAr3hMK6zcA/egvWRGsm9d JecD/18XWekzt5JJeK3febJO/3Mwe43O6VNOxmMpGWOYTrhivyOb/ZLgLedqX+MeXHGdGroARZ+kxYq/a9y5jNcivD+EyN+IiNDPD64rl00 FNZksx7dijD89PbIULDCtUpps2J0gk5inR+yzinf+jDyFnn5UEHI2rPFLUbXWHJXJcp0UBACBkzDdesPjEVXZdTRTLk0sfiWEdcBM/5GpNsw MlK4A7A6iqJoSNJ4pO5Qq6PYOwDFqGir19WEfoTyHW0kxipnVbvq4q2vAhSIKOqNEJGxg4DTEKecf3xCdJ0kW8dVSogHDH/c+Q4+RFQ q/31aev3HDy20YayxAE94BWIsKkhaMyokAYQQfEQIAIQUCOlTwWwIHABcMgBE/xzIEHSPp6mbdtQCcnbwh33TcYQAKCRDHRjY5std5Xl e4AKCh1dqtFxD/BiZMqdP1eZYG8AZgTACfU7VX8NpIaGmdyzVdrSDUo49AJae0IlBoaWxpcCBSLiBaaW1tZXJtYW5uIDxwcnpAbWl0LmV kdT6JAFUEEBECABUFAjpU6CcFCwkIBwMCGQEFGwMAAAAACgkQx0Y2ObLXeV5WUQCfWWfTDHzSezrDawgN2Z4Qb7dHKooAoJyV nm61utdRsdLr2e6QnV5Z0yjjiQBGBBARAgAGBQI6VOkSAAoJEGPLaR3669X8JPcAnim4+Hc0oteQZrNUeuMSuirNVUr7AKC1WXJI7gwM q0Agz07hQs++POJBMokARgQQEQIABgUCOlcobQAKCRDXjLzlZqdLMVBtAKDa5VPcb6NVH6tVeEDJUv+tBjp6oACeLoNtfbs2rvJkgKDH WEIDmJdgy2GJAD8DBRA6WP4Y8CBzV/QUlSsRAkmdAKC3TfkSSeh+poPFnMfW+/Y/+AAEEpGSUYAAQEAAAEAAQAA/9sAQwAKBwc IBwYKCAgICwoKCw4YEA4NDQ4dFRYRGCMfJSQiHyIhJis3LyYpNCkhIjBBMTQ5Oz4+PiUuRElDPEg3PT47///EALUQAAIBAwMCBAMFB ………………………………………………………………….. ………………………………………………………………….. QQEAAABfQECAwAEEQUSITFBBhNRYQcicRQygZk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2drh4uPk5ebn6On q8fLz9PX29/j5+v/EAB8BAAMBAQEBAQEBAQEAAAAAAAABAgMEBQYHCAkKC//EALURAAIBAgQEAwQHBQQEAAECdwABAgMRBAU hMQYSQVEHYXETIjKBCBRCkaGxwQkjM1LwFWJy0QoWJDThJfEXGBkaJicoKSo1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWp zdHV2d3h5eoKDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uLj5OXm5+jp6vLz9PX29/j5+v/aAA wDAQACEQMRAD8A9mooooAKKKKACsjW/Eum6FGTdS7pcfLEv3j/AIfjWV428XHQrf7HY4e/lHXIxEvqfevH7y8lupXmmuJppWOZJC+AD9 aly7GkIX1Z3OpfE3Up3K2EUVumcdN7fy/pWLL4415wPM1GWPJyNpK/0Fc5btG/Pktkfx7yTVhYAGLsAxbryf5c5rNvzNlG3Q6yz8ZaxEyudQ kcZ+7JtYH867PRfG9nfIsd7/o8p/iI+U/4V5EI/IGV+XUGfnHy9iUsiGSa6q6Jew1XpTDJvAAICDACNUV4K2PS6h574Z3NaBsIQe5jkVO48MS ohjC6s29CjPhlU79cQIYWmBpuNfwroZ6zltyz6Y2Fm65V0IfvVicR7zvFFCOhahMuk1cr+Qp936OMEq9sLZGxTjClgwrHGS7YpMSZrEC7bp OmERjo4F/n5YmCHJCH8QzCOc9+80gjVEsHiJVABrC8yykjKL5x1V/PSArE4QtMLbkBPGmQYOw8bx6jCHoO43QjUzbqRfBMHZqWVJyoII ZCp+n13XM4+NO/cDVsZ8bjch0LIOyMrT85n24yfXRlP0s7BFjLm59Jjhf4djuJWikJawWETlypAy86OYRRuwCbIyNauBeTKy+avZvF2oLvpw H4UnudpC06/O0jkj2lQpn9EEUw11RwO6sq9zYTwAUyKerN00cbCfyiZl01CIo0btcTO6hQK3c67PaloJ9lVH8/mH7LuqkMLDH5ugkpzmed/8 SorfqVkakne6b4mRySFCBXaVZoKmDHzcH2oSSMhM9exyh6dzi1bGu6JAEwEGBECAAwFAjpU6CcFGwwAAAAACgkQx0Y2ObLXeV7lb QCg+N+fI3bzqF9+fB50J5sFHVHM7hYAn0+9AfDl5ncnr4D7 ReMDlYoIZwRR =Bgy+ QQEAAABfQECAwAEEQUSITFBBhNRYQcicRQygZk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2drh4uPk5ebn6On q8fLz9PX29/j5+v/EAB8BAAMBAQEBAQEBAQEAAAAAAAABAgMEBQYHCAkKC//EALURAAIBAgQEAwQHBQQEAAECdwABAgMRBAU hMQYSQVEHYXETIjKBCBRCkaGxwQkjM1LwFWJy0QoWJDThJfEXGBkaJicoKSo1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWp zdHV2d3h5eoKDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uLj5OXm5+jp6vLz9PX29/j5+v/aAA wDAQACEQMRAD8A9mooooAKKKKACsjW/Eum6FGTdS7pcfLEv3j/AIfjWV428XHQrf7HY4e/lHXIxEvqfevH7y8lupXmmuJppWOZJC+AD9 aly7GkIX1Z3OpfE3Up3K2EUVumcdN7fy/pWLL4415wPM1GWPJyNpK/0Fc5btG/Pktkfx7yTVhYAGLsAxbryf5c5rNvzNlG3Q6yz8ZaxEyudQ kcZ+7JtYH867PRfG9nfIsd7/o8p/iI+U/4V5EI/IGV+XUGfnHy9iUsiGSa6q6Jew1XpTDJvAAICDACNUV4K2PS6h574Z3NaBsIQe5jkVO48MS ohjC6s29CjPhlU79cQIYWmBpuNfwroZ6zltyz6Y2Fm65V0IfvVicR7zvFFCOhahMuk1cr+Qp936OMEq9sLZGxTjClgwrHGS7YpMSZrEC7bp OmERjo4F/n5YmCHJCH8QzCOc9+80gjVEsHiJVABrC8yykjKL5x1V/PSArE4QtMLbkBPGmQYOw8bx6jCHoO43QjUzbqRfBMHZqWVJyoII ZCp+n13XM4+NO/cDVsZ8bjch0LIOyMrT85n24yfXRlP0s7BFjLm59Jjhf4djuJWikJawWETlypAy86OYRRuwCbIyNauBeTKy+avZvF2oLvpw H4UnudpC06/O0jkj2lQpn9EEUw11RwO6sq9zYTwAUyKerN00cbCfyiZl01CIo0btcTO6hQK3c67PaloJ9lVH8/mH7LuqkMLDH5ugkpzmed/8 SorfqVkakne6b4mRySFCBXaVZoKmDHzcH2oSSMhM9exyh6dzi1bGu6JAEwEGBECAAwFAjpU6CcFGwwAAAAACgkQx0Y2ObLXeV7lb QCg+N+fI3bzqF9+fB50J5sFHVHM7hYAn0+9AfDl5ncnr4D7 ReMDlYoIZwRR =Bgy+ -----END PGP PUBLIC KEY BLOCK----- -----END PGP PUBLIC KEY BLOCK-----

47 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.47 PGP encryption Reference Reference Reference

48 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.48 PGP decryption Reference Reference Reference

49 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.49 Secure SHell (SSH) Provide an encrypted secure channel between client and server. Provide an encrypted secure channel between client and server. Replacement for telnet and ftp. Replacement for telnet and ftp. Reference: SSH Reference: SSHSSH

50 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.50 Secure Shell & Secure FTP Secure ShellSecure FTP The Host ’ s Public Key

51 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.51 Secure Electronic Transaction (SET) This protocol is developed by Visa and MasterCard specifically for the secure credit card transactions on the Internet. This protocol is developed by Visa and MasterCard specifically for the secure credit card transactions on the Internet. SET encrypts credit card and purchase information before transmission over the Internet. SET encrypts credit card and purchase information before transmission over the Internet. SET allows the merchant ’ s identify be authenticated via digital certificates, also allows the merchant to authenticate users through their digital certificates (more difficult to someone ’ s stolen credit card). SET allows the merchant ’ s identify be authenticated via digital certificates, also allows the merchant to authenticate users through their digital certificates (more difficult to someone ’ s stolen credit card). SET DEMO SET DEMO SET DEMO SET DEMO

52 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.52 Secure Electronic Transaction (SET) There are four parts in the SET system. There are four parts in the SET system. –A software “ wallet ” on the user ’ s computer “ Cardholder ”. –A commerce server that runs on the merchant ’ s web site “ Merchant ”. –The payment server that runs at the merchant ’ s bank “ Acquiring bank ”. –The Certification Authority “ Issuing bank ”. SET FAQs SET FAQs SET FAQs SET FAQs

53 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.53 SET

54 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.54 Privacy-Enhanced E-mail Encrypted Signed

55 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.55 Summary Make sure you understand the relationship between Make sure you understand the relationship between –Encryption –Digital Signature –Digital Certificate –Certificate Authority Understand which Public/Private key should be used to encrypt/decrypt message to/from you? Understand which Public/Private key should be used to encrypt/decrypt message to/from you? Discuss PGP, SET, SSH, encrypted email. Discuss PGP, SET, SSH, encrypted email.

56 CSC1720 – Introduction to InternetAll copyrights reserved by C.C. Cheung 2003.56 References Digital Certificate (Applied Internet Security) By Feghhi, Feghhi, Williams – Addison Wesley Digital Certificate (Applied Internet Security) By Feghhi, Feghhi, Williams – Addison Wesley Basic Crytography Basic Crytography Basic Crytography Basic Crytography Digital Signature Digital Signature Digital Signature Digital Signature PKI Resources PKI Resources PKI Resources PKI Resources SET Resources SET Resources SET Resources SET Resources General Definitions General Definitions General Definitions General Definitions Digital ID FAQ Digital ID FAQ Digital ID FAQ Digital ID FAQ The End. The End. Thank you for your patience! Thank you for your patience!


Download ppt "Digital Signature, Digital Certificate CSC1720 – Introduction to Internet Essential Materials."

Similar presentations


Ads by Google