Download presentation

Presentation is loading. Please wait.

Published byJames Hogan Modified over 3 years ago

2
PKI Introduction Ravi Sandhu

3
2 © Ravi Sandhu 2002 CRYPTOGRAPHIC TECHNOLOGY PROS AND CONS SECRET KEY SYMMETRIC KEY Faster Not scalable No digital signatures PUBLIC KEY ASSYMETRIC KEY Slower Scalable Digital signatures

4
3 © Ravi Sandhu 2002 CRYPTOGRAPHIC SERVICES confidentiality sometimes called privacy integrity and authentication often stated as two separate services inevitably occur together non-repudiation stronger form of integrity and authentication

5
4 © Ravi Sandhu 2002 SECRET KEY ENCRYPTION FOR CONFIDENTIALITY Encryption Algorithm E Decryption Algorithm D Plain- text Plain- text Ciphertext INSECURE CHANNEL K K Secret Key shared by A and B SECURE CHANNEL A A B B

6
5 © Ravi Sandhu 2002 SECRET KEY MESSAGE AUTHENTICATION CODES (MAC) FOR INTEGRITY AND AUTHENTICATION MAC Algorithm M Verification Algorithm V Plain- text Yes/No Plaintext + MAC INSECURE CHANNEL K A A B B K

7
6 © Ravi Sandhu 2002 MACs DO NOT PROVIDE NON-REPUDIATION LIMITED TO INTEGRITY AND AUTHENTICATION MAC Algorithm M Verification Algorithm V Plain- text Yes/No Plaintext + MAC INSECURE CHANNEL K A A B B K

8
7 © Ravi Sandhu 2002 KNOWN PLAINTEXT ATTACK 56 bit key requires 2 55 3.6 * 10 ^16 trials on average (DES-Data Encryption Standard) trials/secondtime required 110 9 years 10 3 10 6 years 10 6 10 3 years 10 9 1 year 10 12 10 hours

9
8 © Ravi Sandhu 2002 KNOWN PLAINTEXT ATTACK 128 bit key requires 2 127 2 * 10 38 trials on average trials/secondtime required 110 30 years 10 3 10 27 years 10 6 10 24 years 10 9 10 21 years 10 12 10 18 years

10
9 © Ravi Sandhu 2002 PASSWORD-BASED SECRET KEY CRYPTOSYSTEM Encryption Algorithm E Decryption Algorithm D Plain- text Plain- text Ciphertext INSECURE CHANNEL KK password shared by A and B SECURE CHANNEL A A B B password

11
10 © Ravi Sandhu 2002 DICTIONARY ATTACKS Try likely passwords from a dictionary, rather than all possible keys For a 20,000 word dictionary, 1 trial/second will crack a poor password in less than 3 hours 25% - 30% of passwords will be cracked by a dictionary attack

12
11 © Ravi Sandhu 2002 PUBLIC KEY ENCRYPTION Encryption Algorithm E Decryption Algorithm D Plain- text Plain- text Ciphertext INSECURE CHANNEL B's Public Key B's Private Key RELIABLE CHANNEL A A B B

13
12 © Ravi Sandhu 2002 DIGITAL SIGNATURES Signature Algorithm S Verification Algorithm V Plain- text Yes/No Plaintext + Signature INSECURE CHANNEL A's Private Key A's Public Key RELIABLE CHANNEL A A B B

14
13 © Ravi Sandhu 2002 MESSAGE DIGESTS (HASH FUNCTIONS) message digest algorithm original message no practical limit to size message digest 128 bit/160 bit easyhard

15
14 © Ravi Sandhu 2002 RSA RIVEST-SHAMIR-ADELMAN public key is (n,e) private key is d encrypt: C = M e mod n decrypt: M = C d mod n Same public key can be used for encryption and signature Unique property of RSA

16
15 © Ravi Sandhu 2002 X.509 CERTIFICATE VERSION SERIAL NUMBER SIGNATURE ALGORITHM ISSUER VALIDITY SUBJECT SUBJECT PUBLIC KEY INFO SIGNATURE

17
16 © Ravi Sandhu 2002 X.509 CERTIFICATE 0 1234567891011121314 RSA+MD5, 512 C=US, S=VA, O=GMU, OU=ISE 9/9/99-1/1/1 C=US, S=VA, O=GMU, OU=ISSE, CN=Ravi Sandhu RSA, 1024, xxxxxxxxxxxxxxxxxxxxxxxxx SIGNATURE

18
17 © Ravi Sandhu 2002 SECURE ELECTRONIC TRANSACTIONS (SET) CA HIERARCHY Root Brand Geo-Political BankAcquirer CustomerMerchant

19
18 © Ravi Sandhu 2002 MULTIPLE ROOT CAs AND CROSS-CERTIFICATION X Q A R ST CEGIKMO abcdefghijklmnop

20
19 © Ravi Sandhu 2002 CRL FORMAT SIGNATURE ALGORITHM ISSUER LAST UPDATE NEXT UPDATE REVOKED CERTIFICATES SIGNATURE SERIAL NUMBER REVOCATION DATE

21
20 © Ravi Sandhu 2002 OCSP ON-LINE CERTIFICATE STATUS PROTOCOL consult authoritative server the server in turn can look up CRLs

Similar presentations

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google