Presentation is loading. Please wait.

Presentation is loading. Please wait.

Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment."— Presentation transcript:

1 Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment

2 Apr 9, 2002Mårten Trolin2 This lecture Non-interactive protocols PGP – pretty good privacy –Protocol overview –Key management –Trust model

3 Apr 9, 2002Mårten Trolin3 Encrypting documents So far, we have mainly been discussing encryption in interactive protocols (e.g., TLS). In many cases, there is no interaction between the sender and the recipient –Email –Fax –Encrypted backups – in this case the sender and the receiver is the same. All these systems have in common that encryption and decryption take place at different times.

4 Apr 9, 2002Mårten Trolin4 Non-interactive protocols For interactive protocols, the symmetric key is decided in the handshake. For non-interactive protocols, this must be solved in another way. –The key cannot be negotiated. Different possibilities –Exchange a symmetric key. –Encrypt only using a public-key scheme. –Encrypt a session key using the recipients public key.

5 Apr 9, 2002Mårten Trolin5 Session key in non-interactive protocols For non-interactive protocols, the sender generates a session key. The session key is encrypted using the recipient’s public key. –Recipient’s public key must be known in advance. The message is encrypted with the (symmetric) session key. The encrypted message consists of the encrypted session key and the cipher text. The recipient decrypts the session key with his private key and decrypts the message.

6 Apr 9, 2002Mårten Trolin6 Key distribution The method is chosen in a way similar to interactive protocols –Symmetric key only when key exchange is possible, or when the person encrypting and decrypting is the same (e.g., for backups). –Asymmetric when no key exchange is possible. Public keys are preferably distributed in certificates. –Contains identifying information. –Either self-signed or signed by a CA.

7 Apr 9, 2002Mårten Trolin7 Encrypting and/or signing When encrypting documents, we can choose to –only encrypt. –encrypt and sign. –only sign. What we choose to do depends on the application. It is recommended to first sign and then encrypt.

8 Apr 9, 2002Mårten Trolin8 Signing before encrypting If both signing and encryption is used, it is recommended to sign first encrypt second. This way a third party can verify the signature without knowing the recipients key. –If the encrypted document is signed, the signature becomes specific to the recipient’s encrypted copy. The resulting message may or may not include the sender’s public key in a public key certificate.

9 Apr 9, 2002Mårten Trolin9 Signing and encrypting Document Signature Encrypted message Session key encrypted under Bob’s public key Session key encrypted under Clive’s public key Session key Message to be sent

10 Apr 9, 2002Mårten Trolin10 Pretty Good Privacy – PGP Pretty Good Privacy (PGP) is an email encryption and signing system. –First version in 1991. Uses public key certificates for key distribution and symmetric encryption with a session key. Available for almost any environment. –Commercial and non-commercial versions exist.

11 Apr 9, 2002Mårten Trolin11 PGP trust model Since PGP originally was targeted at individual users when no major CA’s were active, a distributed trust model was chosen. For Alice to verify Bob’s signature on a message, Alice must know Bob’s public key. Alice can choose to explicitly trust Bob’s key. –Useful if Alice herself can verify that the key belongs to Bob. –Unpractical for large communities.

12 Apr 9, 2002Mårten Trolin12 PGP trust model – introducers To solve the practical problem with key distribution, PGP uses introducers. Introducers sign other certificates. Anyone who trusts the introducer also trusts the certificate he has signed. –A certificate can have an unlimited number of signatures. A large number of signatures makes it more likely that the certificate will be trusted. –The system with introducers makes every user a CA. –Every user must decide which decide which introducers to trust.

13 Apr 9, 2002Mårten Trolin13 Extending the concept – meta-introducers Since the model with introducers is effectivaly one-layer, it is inefficient in many cases. –Example: A company with several departments employing PGP internally may want each department to sign the certificates of the employees. Meta-introducers exist for this purpose. Meta-introducers sign keys of other introducers, giving a three-layer model.

14 Apr 9, 2002Mårten Trolin14 Web of trust The CA model is hierarchical, whereas the PGP model is not. The PGP rather resembles a web. Which model to choose very much depends on the application. The CA model is better suited for well- structured organizations. The web model works better for informal communities.

15 Apr 9, 2002Mårten Trolin15 Partial trust A problem with the PGP model is that one user that goes bad destroys the whole system. –If a widely trusted user starts signing bogus certificates, all these bogus certificates will be as widely trusted A natural extension to the PGP model is to require not only one, but several signatures on a certificate for it to be valid. –Taken to another level – a user can assign to each introducer a certain number of trust points, and require have signatures for a certain sum of trust points to be trusted.

Download ppt "Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment."

Similar presentations

Email Security 1. email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.

Security 1. is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Pretty Good Privacy (PGP). How PGP works PGP uses both public-key cryptography and symmetric key cryptography, and includes a system which binds the public.

Pretty Good Privacy (PGP). How PGP works PGP uses both public-key cryptography and symmetric key cryptography, and includes a system which binds the public.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Apr 30, 2002Mårten Trolin1 Previous lecture – passwords Passwords for authentication –Storing hashed passwords –Use of salt Passwords for key generation.

Apr 30, 2002Mårten Trolin1 Previous lecture – passwords Passwords for authentication –Storing hashed passwords –Use of salt Passwords for key generation.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.

Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
May 21, 2002Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

May 21, 2002Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Similar presentations

Ads by Google