Presentation is loading. Please wait.

Presentation is loading. Please wait.

Strong Cryptographic Infrastructure and its Applications Dr Lucas Hui Center for Information Security & Cryptography Department of Computer Science & Information.

Published byReginald Robbins Modified over 8 years ago

Similar presentations

Presentation on theme: "Strong Cryptographic Infrastructure and its Applications Dr Lucas Hui Center for Information Security & Cryptography Department of Computer Science & Information."— Presentation transcript:

1 Strong Cryptographic Infrastructure and its Applications Dr Lucas Hui Center for Information Security & Cryptography Department of Computer Science & Information Systems The University of Hong Kong Tel: 2859-2190 Fax: 2559-8447 hui@csis.hku.hk Workshop on Strong Cryptographic Infrastructure December 17, 1998

2 Content 1. Use of Cryptography (in electronic commerce activities, Internet services) 2. Cryptographic Library 3. Public Key Infrastructure 4. Applications 5. Cryptographic Infrastructure 6. Relations of 2,3,4,5 7. The SCI project in HKUCSIS

3 Use of Cryptography (in E.C. etc) Hash functions (SHA, MD5) Symmetric key crypto-system (DES, DES3) Public Key Crypto-system –Digital signature –Data Encryption –Advanced usage : double hashing, group signature In real usage, techniques are combined

4 Public Key Crypto-system A has public key Apub, & private key Aprv From Apub, almost impossible to find Aprv Apub is known to all; Aprv is secret to A

5 Digital Signature using Public Key Crypto-systems A sends a signed message M to B –A sends Aprv(M) to B, B decrypts with Apub

6 Data Encryption using Public Key Crypto-systems A sends a confidential message M to B –A sends Bpub(M) to B, B decrypts with Bprv

7 Cryptographic Library Provide cryptographic algorithms such as RSA Provide interface to add new cryptographic algorithms easily Provide other functions Q : How to set up/manage the private/public keys? A : Using a Public Key Infrastructure

8 Problem with Pub Key distribution A talks to B, Hacker H attacks as follows: –To A, H pretends B. To B, H pretends A –H sees secrets between A and B, and can modify the messages

9 Solution to Pub Key distribution Need : when B gives Bpub to A, a trusted third party (Certification Authority, CA) is needed to endorse Bpub is correct

10 Certification Authority A wants to get B’s public key Bpub. How? Method 1 : use a repository Method 2 : B gives Bpub to A, which is endorsed by a trusted-third-party, the CA (Certification Authority). This is B’s public key certificate BCert, which is Bpub signed by CA’s private key CAprv CA’s public key, CApub, is known to all A use CApub to verify that BCert is correct

11 X.509 Public Key Infrastructure (PKIX) Set up, manage, and terminate usage of keys (private/public), & public key certificates –Registration & Initialization –Certification (signing of a certificate) –Key pair recovery –Key Generation, Update –Cross-certification –Key Revocation (managing CRLs) Note: Make use of Cryptographic functions

12 Cross Certification

13 Cross-Certification 2 CAs: CA1, CA2, & 2 persons: A, B. CA2 issues a public key Cert BCert to B (Bpub signed by CA2’s private key) CA1 issues a Cross-Cert, XCert, to CA2 (CA2’s public key signed by CA1’s private key) A trusts CA1 (A knows CA1’s public key) B sends BCert and XCert to A A can now verify B’s public key in 2 steps.

14 Applications Examples: E. Commerce, E. Banking, Secure Email, Secure Workflow (in schools, etc) Using a transaction protocol which makes use of cryptographic algorithms from a Cryptographic Library Use PKIX for subject (customers, etc) identity and encryption key management

15 Cryptographic Infrastructure

16 Strong Cryptographic Infrastructure Project (SCI) in HKUCSIS What does Strong mean? –Algorithms are “Strong” (e.g. RSA-1024) –“Strong” in implementation (e.g. Random No.) –New encryption paradigm (elliptic curves) supported by ISF available to users in HK Start with Strong Cryptographic Library (SCL) Beta version expected in March 1999

17 SCI project team Dr Lucas Hui (Chief Designer) Dr K.P. Chow (Project Manager) Dr W.W. Tsang, Prof Francis Chin, Prof G. Marsaglia Dr C.F. Chong, Dr H.W. Chan Ms Vivien Chan, Mr Marcus Lee, Mr K.M. Chan Mr Doug Kwan, Mr Luke Lam, Mr Henry Fung, Ms Taellus Lo

Download ppt "Strong Cryptographic Infrastructure and its Applications Dr Lucas Hui Center for Information Security & Cryptography Department of Computer Science & Information."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Cryptography and Network Security Chapter 14

Cryptography and Network Security Chapter 14
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.

An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

Similar presentations

Ads by Google