We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byJames Hogan
Modified over 2 years ago
PKI Introduction Ravi Sandhu
2 © Ravi Sandhu 2002 CRYPTOGRAPHIC TECHNOLOGY PROS AND CONS SECRET KEY SYMMETRIC KEY Faster Not scalable No digital signatures PUBLIC KEY ASSYMETRIC KEY Slower Scalable Digital signatures
3 © Ravi Sandhu 2002 CRYPTOGRAPHIC SERVICES confidentiality sometimes called privacy integrity and authentication often stated as two separate services inevitably occur together non-repudiation stronger form of integrity and authentication
4 © Ravi Sandhu 2002 SECRET KEY ENCRYPTION FOR CONFIDENTIALITY Encryption Algorithm E Decryption Algorithm D Plain- text Plain- text Ciphertext INSECURE CHANNEL K K Secret Key shared by A and B SECURE CHANNEL A A B B
5 © Ravi Sandhu 2002 SECRET KEY MESSAGE AUTHENTICATION CODES (MAC) FOR INTEGRITY AND AUTHENTICATION MAC Algorithm M Verification Algorithm V Plain- text Yes/No Plaintext + MAC INSECURE CHANNEL K A A B B K
6 © Ravi Sandhu 2002 MACs DO NOT PROVIDE NON-REPUDIATION LIMITED TO INTEGRITY AND AUTHENTICATION MAC Algorithm M Verification Algorithm V Plain- text Yes/No Plaintext + MAC INSECURE CHANNEL K A A B B K
7 © Ravi Sandhu 2002 KNOWN PLAINTEXT ATTACK 56 bit key requires * 10 ^16 trials on average (DES-Data Encryption Standard) trials/secondtime required years years years year hours
8 © Ravi Sandhu 2002 KNOWN PLAINTEXT ATTACK 128 bit key requires * trials on average trials/secondtime required years years years years years
9 © Ravi Sandhu 2002 PASSWORD-BASED SECRET KEY CRYPTOSYSTEM Encryption Algorithm E Decryption Algorithm D Plain- text Plain- text Ciphertext INSECURE CHANNEL KK password shared by A and B SECURE CHANNEL A A B B password
10 © Ravi Sandhu 2002 DICTIONARY ATTACKS Try likely passwords from a dictionary, rather than all possible keys For a 20,000 word dictionary, 1 trial/second will crack a poor password in less than 3 hours 25% - 30% of passwords will be cracked by a dictionary attack
11 © Ravi Sandhu 2002 PUBLIC KEY ENCRYPTION Encryption Algorithm E Decryption Algorithm D Plain- text Plain- text Ciphertext INSECURE CHANNEL B's Public Key B's Private Key RELIABLE CHANNEL A A B B
12 © Ravi Sandhu 2002 DIGITAL SIGNATURES Signature Algorithm S Verification Algorithm V Plain- text Yes/No Plaintext + Signature INSECURE CHANNEL A's Private Key A's Public Key RELIABLE CHANNEL A A B B
13 © Ravi Sandhu 2002 MESSAGE DIGESTS (HASH FUNCTIONS) message digest algorithm original message no practical limit to size message digest 128 bit/160 bit easyhard
14 © Ravi Sandhu 2002 RSA RIVEST-SHAMIR-ADELMAN public key is (n,e) private key is d encrypt: C = M e mod n decrypt: M = C d mod n Same public key can be used for encryption and signature Unique property of RSA
15 © Ravi Sandhu 2002 X.509 CERTIFICATE VERSION SERIAL NUMBER SIGNATURE ALGORITHM ISSUER VALIDITY SUBJECT SUBJECT PUBLIC KEY INFO SIGNATURE
16 © Ravi Sandhu 2002 X.509 CERTIFICATE RSA+MD5, 512 C=US, S=VA, O=GMU, OU=ISE 9/9/99-1/1/1 C=US, S=VA, O=GMU, OU=ISSE, CN=Ravi Sandhu RSA, 1024, xxxxxxxxxxxxxxxxxxxxxxxxx SIGNATURE
17 © Ravi Sandhu 2002 SECURE ELECTRONIC TRANSACTIONS (SET) CA HIERARCHY Root Brand Geo-Political BankAcquirer CustomerMerchant
18 © Ravi Sandhu 2002 MULTIPLE ROOT CAs AND CROSS-CERTIFICATION X Q A R ST CEGIKMO abcdefghijklmnop
19 © Ravi Sandhu 2002 CRL FORMAT SIGNATURE ALGORITHM ISSUER LAST UPDATE NEXT UPDATE REVOKED CERTIFICATES SIGNATURE SERIAL NUMBER REVOCATION DATE
20 © Ravi Sandhu 2002 OCSP ON-LINE CERTIFICATE STATUS PROTOCOL consult authoritative server the server in turn can look up CRLs
DIGITAL CERTIFICATES Prof. Ravi Sandhu. 2 © Ravi Sandhu PUBLIC-KEY CERTIFICATES reliable distribution of public-keys public-key encryption sender needs.
Symmetric Encryption Prof. Ravi Sandhu. 2 © Ravi Sandhu SECRET KEY CRYPTOSYSTEM Encryption Algorithm E Decryption Algorithm D Plain- text Plain- text.
Asymmetric Digital Signatures And Key Exchange Prof. Ravi Sandhu.
A. Steffen, , KSy_Auth.ppt 1 Zürcher Hochschule Winterthur Kommunikationssysteme (KSy) - Block 9 Secure Network Communication Part III Authentication.
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Peer-to-peer and agent-based computing Security in Distributed Systems.
Symmetric Message Authentication Codes Prof. Ravi Sandhu.
Asymmetric Encryption Prof. Ravi Sandhu. 2 © Ravi Sandhu PUBLIC KEY ENCRYPTION Encryption Algorithm E Decryption Algorithm D Plain- text Plain- text Ciphertext.
PUBLIC KEY CRYPTOSYSTEMS Symmetric Cryptosystems 6/05/2014 | pag. 2.
Security – Keys, Digital Signatures and Certificates I CS3517 Distributed Systems and Security Lecture 19.
Introduction to Protocols: Entity Authentication, Key Establishment, Integrity/Message Authentication, Confidentiality INFSCI 1075: Network Security –
© Rosti/DSI NPS - 02/22/01 1 A Performance Evaluation Study of an X.509 Compliant Public Key Infrastructure Emilia Rosti Joint work with Danilo Bruschi.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Cryptography (One Day Cryptography Tutorial) By Dr. Mohsen M. Tantawy.
SSL Trust Pitfalls Prof. Ravi Sandhu. 2 © Ravi Sandhu 2002 THE CERTIFICATE TRIANGLE user attributepublic-key X.509 identity certificate X.509 attribute.
1 El Gamel Public Key Cryptosystem. 2 The Discrete Log Problem The El Gamel public key cryptosystem is based upon the difficulty of solving the discrete.
Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
Authentication Nick Feamster CS 6262 Spring 2009.
1 A Tutorial on Web Security for E-Commerce. 2 Web Concepts for E-Commerce Client/Server Applications Communication Channels TCP/IP.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
ISA 662 Internet Security Protocols Kerberos Prof. Ravi Sandhu.
An Introduction to Distributed Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
ISA 662 SSL Prof. Ravi Sandhu. 2 © Ravi Sandhu SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later.
Chapter 8 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
SECURING CYBERSPACE: THE OM-AM, RBAC AND PKI ROADMAP Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #10-1 Chapter 10: Key Management Session and Interchange Keys Key Exchange.
© 2016 SlidePlayer.com Inc. All rights reserved.