Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key  Otherwise, you.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key  Otherwise, you."— Presentation transcript:

1 1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key  Otherwise, you can only encrypt/decrypt to those key handed to you A solution: digital certificates (or certs) A form of credentials (like a physical passport) Included with a person’s public key to verify that a key is valid

2 2 Components of a digital certificate A digital certificate  A public key  Certificate info (identifying information such as name, ID)  One (or more) digital signatures  A stamp of approval from a trusted entity Certificates are used when it is necessary to exchange public keys with someone (when you cannot manually exchange via a diskette or USB drive)

3 3 Components of a digital certificate [2]

4 4 Digital certificate distribution Digital servers: a networked database that allows users to submit and receive digital certs  Example: PGP Keyserver Public Key Infrastructures (PKIs)  Storage facilities like the certificate servers  More structured  Provide additional key management services  Issue revoke, store, and trust certificates  Certificate authority: a group of human beings authorized to issue certs (like a passport office)

5 5 Common certificate format The certificate holder’s public key: the public portion of key pair and key algorithm, e.g., RSA The certificate holder’s information: identity information about the user (e.g., name, user ID, email address, photograph, and so on) The digital signature of the certificate owner: the signature using the corresponding private key of the public key of the certificate The certificate’s validity period: the certificate’s start date/time and expiration date/time; The preferred symmetric encryption algorithm for the key: e.g., AES, Triple-DES, Twofish

6 6 Common certificate format [2]

7 7 Other substitution techniques Choose a keyword, e.g., Jayhawk, drop repeated letters, thus jayhwk The keyword defines the permutation of English letters: ABCDEFGHIJKLMNOPQRSTUVWXYZ jayhwkbcdefgilmnopqrstuvxz Another keyword: Professional ABCDEFGHIJKLMNOPQRSTUVWXYZ profesinalbcdghjkmqtuvwxyz

8 8 Other substitution techniques [2] Use every third letter (apply mod 26) adgjmpsvybehknqtwzcfilorux Consider any possible permutation of the English letters  How many? 26!  Even applying decryption at 1 microsecond, still takes over 1,000 years  The primary issue: the knowledge of letter patterns in a text  Solution: Avoid using the same substitution for a letter

9 9 One-time pads (using Vigenere tableau) Assume a set of large, non-repeating keys written on sheets of paper, glued into a pad Assume keys are 20 characters Assume a text that is 300 characters Sender tears off 15 pages from the pad Sender writes the keys one at a time above the text letters and enciphers in a prearranged chart Receiver must have the same pad Concerns: (1) key distribution, (2) sender/receiver must synchronize (3) need unlimited keys

10 10 One-time pads [2] A toy example Assume keys are 5 letters each; assume these two keys XYSWD and DHJTU Assume you have a text that is eight characters, e.g., “fly today” Need two keys XYSWDDHJTU flytoday Ciphertext: XYSWDDHJ

11 11 One-time pads [3] Using computers, random numbers can be generated for the keys To send a 300-letter message  Generate the next 300 random numbers  Scale to be between 1-26  Use a number to decipher each letter

12 12 One-time pads [4] Pictorially

13 13 The Vernam cipher (a one-time pad) Devised by Gilbert Vernam for AT&T Non-repeating random numbers How? Consider plaintext Vernam Cipher V E R N A M C I P H E R ord# 21 4 17 13 0 12 2 8 15 7 4 17 +rnd 76 48 16 82 44 3 58 11 60 5 48 88 = 97 52 33 95 44 15 60 19 75 12 52 105 %26 19 0 7 17 18 15 8 19 23 12 0 1 cipher T A H R S P I T X M A B

14 14 An example of combining substitution and transposition The Soviet encryption during the WWII Handout

15 15 How is a key used? Suppose we have a key, computer How is it used to encrypt a plaintext? A toy approach The key, computer, in ASCII is  Dec: 097 111 109 112 117 116 101 114  Binary: 01100011 01101111 01101101 … A plaintext, “secretly” in binary:  01110011 01100101 01100011 … XOR the two!

16 16 How is a key used? [2] Much more complex in real algorithms F is a round function K i, for i in 2..16, are new keys generated from the original key by a complex algorithm  is the xor operation

17 17 The key application in DES

18 18 The key application in AES

19 19 Key distribution revisited Five persons need to communicate securely How many keys should the system maintain? How many lines of communication? n * (n -1)/2  Two people: 1 line of communication  Three people: 3 lines of communication  Four people: 6 lines of communication  Five people: 10 lines of communication Concerns: Maintaining the distributed the keys

Download ppt "1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key  Otherwise, you."

Similar presentations

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Crytography Chapter 8.

Crytography Chapter 8.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,

Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Cryptographic Technologies

Cryptographic Technologies
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Lecture 1 Overview.

Lecture 1 Overview.
Cryptography 101 EECS710: Info Security and Assurance Professor Hossein Saiedian Resources: Terry Ritter’s Learning About Cryptography, Network Associates’

Cryptography 101 EECS710: Info Security and Assurance Professor Hossein Saiedian Resources: Terry Ritter’s Learning About Cryptography, Network Associates’
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Lecture 9: Email Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.

1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.

Similar presentations

Ads by Google