Download presentation

Presentation is loading. Please wait.

Published byJames Hogan Modified over 4 years ago

2
PKI Introduction Ravi Sandhu

3
2 © Ravi Sandhu 2002 CRYPTOGRAPHIC TECHNOLOGY PROS AND CONS SECRET KEY SYMMETRIC KEY Faster Not scalable No digital signatures PUBLIC KEY ASSYMETRIC KEY Slower Scalable Digital signatures

4
3 © Ravi Sandhu 2002 CRYPTOGRAPHIC SERVICES confidentiality sometimes called privacy integrity and authentication often stated as two separate services inevitably occur together non-repudiation stronger form of integrity and authentication

5
4 © Ravi Sandhu 2002 SECRET KEY ENCRYPTION FOR CONFIDENTIALITY Encryption Algorithm E Decryption Algorithm D Plain- text Plain- text Ciphertext INSECURE CHANNEL K K Secret Key shared by A and B SECURE CHANNEL A A B B

6
5 © Ravi Sandhu 2002 SECRET KEY MESSAGE AUTHENTICATION CODES (MAC) FOR INTEGRITY AND AUTHENTICATION MAC Algorithm M Verification Algorithm V Plain- text Yes/No Plaintext + MAC INSECURE CHANNEL K A A B B K

7
6 © Ravi Sandhu 2002 MACs DO NOT PROVIDE NON-REPUDIATION LIMITED TO INTEGRITY AND AUTHENTICATION MAC Algorithm M Verification Algorithm V Plain- text Yes/No Plaintext + MAC INSECURE CHANNEL K A A B B K

8
7 © Ravi Sandhu 2002 KNOWN PLAINTEXT ATTACK 56 bit key requires 2 55 3.6 * 10 ^16 trials on average (DES-Data Encryption Standard) trials/secondtime required 110 9 years 10 3 10 6 years 10 6 10 3 years 10 9 1 year 10 12 10 hours

9
8 © Ravi Sandhu 2002 KNOWN PLAINTEXT ATTACK 128 bit key requires 2 127 2 * 10 38 trials on average trials/secondtime required 110 30 years 10 3 10 27 years 10 6 10 24 years 10 9 10 21 years 10 12 10 18 years

10
9 © Ravi Sandhu 2002 PASSWORD-BASED SECRET KEY CRYPTOSYSTEM Encryption Algorithm E Decryption Algorithm D Plain- text Plain- text Ciphertext INSECURE CHANNEL KK password shared by A and B SECURE CHANNEL A A B B password

11
10 © Ravi Sandhu 2002 DICTIONARY ATTACKS Try likely passwords from a dictionary, rather than all possible keys For a 20,000 word dictionary, 1 trial/second will crack a poor password in less than 3 hours 25% - 30% of passwords will be cracked by a dictionary attack

12
11 © Ravi Sandhu 2002 PUBLIC KEY ENCRYPTION Encryption Algorithm E Decryption Algorithm D Plain- text Plain- text Ciphertext INSECURE CHANNEL B's Public Key B's Private Key RELIABLE CHANNEL A A B B

13
12 © Ravi Sandhu 2002 DIGITAL SIGNATURES Signature Algorithm S Verification Algorithm V Plain- text Yes/No Plaintext + Signature INSECURE CHANNEL A's Private Key A's Public Key RELIABLE CHANNEL A A B B

14
13 © Ravi Sandhu 2002 MESSAGE DIGESTS (HASH FUNCTIONS) message digest algorithm original message no practical limit to size message digest 128 bit/160 bit easyhard

15
14 © Ravi Sandhu 2002 RSA RIVEST-SHAMIR-ADELMAN public key is (n,e) private key is d encrypt: C = M e mod n decrypt: M = C d mod n Same public key can be used for encryption and signature Unique property of RSA

16
15 © Ravi Sandhu 2002 X.509 CERTIFICATE VERSION SERIAL NUMBER SIGNATURE ALGORITHM ISSUER VALIDITY SUBJECT SUBJECT PUBLIC KEY INFO SIGNATURE

17
16 © Ravi Sandhu 2002 X.509 CERTIFICATE 0 1234567891011121314 RSA+MD5, 512 C=US, S=VA, O=GMU, OU=ISE 9/9/99-1/1/1 C=US, S=VA, O=GMU, OU=ISSE, CN=Ravi Sandhu RSA, 1024, xxxxxxxxxxxxxxxxxxxxxxxxx SIGNATURE

18
17 © Ravi Sandhu 2002 SECURE ELECTRONIC TRANSACTIONS (SET) CA HIERARCHY Root Brand Geo-Political BankAcquirer CustomerMerchant

19
18 © Ravi Sandhu 2002 MULTIPLE ROOT CAs AND CROSS-CERTIFICATION X Q A R ST CEGIKMO abcdefghijklmnop

20
19 © Ravi Sandhu 2002 CRL FORMAT SIGNATURE ALGORITHM ISSUER LAST UPDATE NEXT UPDATE REVOKED CERTIFICATES SIGNATURE SERIAL NUMBER REVOCATION DATE

21
20 © Ravi Sandhu 2002 OCSP ON-LINE CERTIFICATE STATUS PROTOCOL consult authoritative server the server in turn can look up CRLs

Similar presentations

OK

SSL Trust Pitfalls Prof. Ravi Sandhu. 2 © Ravi Sandhu 2002 THE CERTIFICATE TRIANGLE user attributepublic-key X.509 identity certificate X.509 attribute.

SSL Trust Pitfalls Prof. Ravi Sandhu. 2 © Ravi Sandhu 2002 THE CERTIFICATE TRIANGLE user attributepublic-key X.509 identity certificate X.509 attribute.

© 2018 SlidePlayer.com Inc.

All rights reserved.

To make this website work, we log user data and share it with processors. To use this website, you must agree to our Privacy Policy, including cookie policy.

Ads by Google