Presentation is loading. Please wait.

Presentation is loading. Please wait.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive."— Presentation transcript:

1 Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive Non-interactive – Smart-cards

2 Apr 22, 2003Mårten Trolin2 Symmetric vs. asymmetric cryptography Symmetric ciphers – sender and recipient use the same key – D key (E key (m)) = m Substitution cipher is an example of a symmetric cipher Impractical for big systems – number of keys is quadratic in the number of users The solution – asymmtric algorithms. Think of a locked mailbox! Different keys for encryption and decryption – D private key (E public key (m)) = m

3 Apr 22, 2003Mårten Trolin3 Hash functions A hash function computes a fixed length value from a variable length source – Example: Check sums in communication protocols – Indices in databases More convenient to handle a hash of a document instead of the document itself We will consider cryptographically secure hash functions.

4 Apr 22, 2003Mårten Trolin4 Properties of good hash functions Let H be a hash function One-way – Given v, unfeasible to compute an x such that H(x) = v Collision-free – Infeasible to find x 1 and x 2 such that H(x 1 ) = H(x 2 ) and x 1  x 2

5 Apr 22, 2003Mårten Trolin5 Digital signatures Used to ensure authenticity. A digital signatures binds a document to a person. In a public key infrastructure (PKI), a person produces a digital signature using his private key The signature can be verified using the public key.

6 Apr 22, 2003Mårten Trolin6 Use of a digital signature Signature generation Private key Document Signature Signature verification Public key Document OK / not OK SignerVerifier

7 Apr 22, 2003Mårten Trolin7 Message Authentication Codes Digital signatures requires public/private keys The same functionality can be achieved with symmetric keys – Called MAC – Message Authentication Code – Signer and verifier uses the same key Question: What are the advantages compared to digital signatures? What are the disadvantages?

8 Apr 22, 2003Mårten Trolin8 Two simple MACs Let E key, D key be a symmetric cipher, and let H be a hash function. Let m be the message to MAC and let k be the symmetric key. First proposition: Compute a hash of the document and encrypt it – E k (H(m)) Second proposition: Concatinate the message and the key and compute the hash – H(m  k)

9 Apr 22, 2003Mårten Trolin9 Interactive Protocol TCP/IP User (p u, s u ) Web server User’s public key p u Symmetric key k encrypted under p u Communication encrypted under k Generates symmetric key k Decrypts k using s u

10 Apr 22, 2003Mårten Trolin10 User (p u, s u ) Web server User’s public key p u Symmetric key k encrypted under p m Communication encrypted under k Generates symmetric key k Decrypts k using s u Replaces p u with his own p m Man in the middle (p m, s m ) pmpm Decrypts k using s m and reencrypts using p u Symmetric key k encrypted under p u

11 Apr 22, 2003Mårten Trolin11 Public key certificates A public key certificate consists of – A public key – Information on the owner Name, address, photograph, finger-print, credit card number, etc. – A signature on the above data by a trusted party Trusted party could be the government, a bank, etc. User’s public key Identification data Digital signature by CA User’s Private key Public information Private information

12 Apr 22, 2003Mårten Trolin12 Certificate chains Certificates can be chained – Each certificate in the chain is signed with the private key of the certificate above. If the user knows the root certificate, he can verify that each step is valid. Using chains, the CA can outsource signing to other organizations it trusts without giving away its private key.

13 Apr 22, 2003Mårten Trolin13 Certificate chains The end user certificates are verified by following the chain up to the root certificate authority (CA) –If every step in the chain is valid, the end user certificate is considered valid.

14 Apr 22, 2003Mårten Trolin14 SSL/TLS SSL (Secure Socket Layer) and TLS (Transport Layer Security) are standards for how to secure TCP/IP communications TLS is a layer on top of the TCP layer

15 Apr 22, 2003Mårten Trolin15 TLS IP TCP HTTPTLS IP TCP HTTP Not secureSecure

16 Apr 22, 2003Mårten Trolin16 TLS Handshake Client Server ClientHello ServerHello ServerKeyExchange ClientKeyExchange ChangeCipherSpec Finished ChangeCipherSpec Finished ServerHelloDone Certificate

17 Apr 22, 2003Mårten Trolin17 Non-interactive protocols For interactive protocols, the symmetric key is decided in the handshake. For non- interactive protocols, this must be solved in another way. – The key cannot be negotiated. – Encrypt a session key using the recipients public key.

18 Apr 22, 2003Mårten Trolin18 Session key in non-interactive protocols For non-interactive protocols, the sender generates a session key. The session key is encrypted using the recipient’s public key. – Recipient’s public key must be known in advance. The message is encrypted with the (symmetric) session key. The encrypted message consists of the encrypted session key and the cipher text. The recipient decrypts the session key with his private key and decrypts the message.

19 Apr 22, 2003Mårten Trolin19 Pretty Good Privacy Protocol overview – Symmetric session key encrypted with asymmetric key Key management – Distributed, non-centralized Trust model – Web of trust – Introducers

20 Apr 22, 2003Mårten Trolin20 Password generated keys – problems and solutions Password generated keys suffer from the same general problem as passwords for authentication. – Number of passwords is relatively small – possible to create a list with all possible passwords and corresponding keys. Use a salt to avoid dictionary attacks. Make key generation “slow”, to make brute-force attacks more time consuming.

21 Apr 22, 2003Mårten Trolin21 Generating keys Key generation requires a good source of random bits – Bad key material makes system vulnerable to attacks. Has been done in practice. – Hardware generators provide the best source. – For end-user applications - some user interaction can be used (mouse movement, key strokes, etc.) – Using system time for high security requirements is a bad idea! For high-security applications, key generation should take place in a closed environment.

22 Apr 22, 2003Mårten Trolin22 Distributing symmetric keys Symmetric keys are very sensitive and must be distributed with great care. Depending on how valueable the key is, different approaches are possible. – Send the key to recipient by physically secure means, e.g., by courier, by registered mail etc. – If a common key exists, send the new key encrypted under the common key. – Split the key into components and send the key components with different security officers.

23 Apr 22, 2003Mårten Trolin23 What Is a Smart-Card A smart-card is a small computer Often placed on a credit-card sized plastic card Can have contacts or be contact-less Has a well-defined interface – Can have secret information that is protected from direct access First appeared in the 1970s

24 Apr 22, 2003Mårten Trolin24 Advantages with Smart-Cards Can have secret data – Data used for internal computations and never revealed in clear – Example: PIN and keys can be stored on card Can process data and save information – Count transactions – Check PIN and count unsuccessful tries – Different behavior depending on geographic location – Cryptographic functions Uses the secret keys

Download ppt "Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
CP3397 ECommerce.

CP3397 ECommerce.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS 4362 - CIS 5357 Network Security.

1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS CIS 5357 Network Security.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Feb 12, 2002Mårten Trolin1 Applied Cryptography Main goal –Give some practical experience on cryptographic technics used today. –Show how to use existing.

Feb 12, 2002Mårten Trolin1 Applied Cryptography Main goal –Give some practical experience on cryptographic technics used today. –Show how to use existing.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Feb 18, 2003Mårten Trolin1 Previous lecture Block ciphers Modes of operations First assignment Hash functions.

Feb 18, 2003Mårten Trolin1 Previous lecture Block ciphers Modes of operations First assignment Hash functions.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment.

Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Similar presentations

Ads by Google