We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byJames Hogan
Modified over 3 years ago
PKI Introduction Ravi Sandhu
2 © Ravi Sandhu 2002 CRYPTOGRAPHIC TECHNOLOGY PROS AND CONS SECRET KEY SYMMETRIC KEY Faster Not scalable No digital signatures PUBLIC KEY ASSYMETRIC KEY Slower Scalable Digital signatures
3 © Ravi Sandhu 2002 CRYPTOGRAPHIC SERVICES confidentiality sometimes called privacy integrity and authentication often stated as two separate services inevitably occur together non-repudiation stronger form of integrity and authentication
4 © Ravi Sandhu 2002 SECRET KEY ENCRYPTION FOR CONFIDENTIALITY Encryption Algorithm E Decryption Algorithm D Plain- text Plain- text Ciphertext INSECURE CHANNEL K K Secret Key shared by A and B SECURE CHANNEL A A B B
5 © Ravi Sandhu 2002 SECRET KEY MESSAGE AUTHENTICATION CODES (MAC) FOR INTEGRITY AND AUTHENTICATION MAC Algorithm M Verification Algorithm V Plain- text Yes/No Plaintext + MAC INSECURE CHANNEL K A A B B K
6 © Ravi Sandhu 2002 MACs DO NOT PROVIDE NON-REPUDIATION LIMITED TO INTEGRITY AND AUTHENTICATION MAC Algorithm M Verification Algorithm V Plain- text Yes/No Plaintext + MAC INSECURE CHANNEL K A A B B K
7 © Ravi Sandhu 2002 KNOWN PLAINTEXT ATTACK 56 bit key requires 2 55 3.6 * 10 ^16 trials on average (DES-Data Encryption Standard) trials/secondtime required 110 9 years 10 3 10 6 years 10 6 10 3 years 10 9 1 year 10 12 10 hours
8 © Ravi Sandhu 2002 KNOWN PLAINTEXT ATTACK 128 bit key requires 2 127 2 * 10 38 trials on average trials/secondtime required 110 30 years 10 3 10 27 years 10 6 10 24 years 10 9 10 21 years 10 12 10 18 years
9 © Ravi Sandhu 2002 PASSWORD-BASED SECRET KEY CRYPTOSYSTEM Encryption Algorithm E Decryption Algorithm D Plain- text Plain- text Ciphertext INSECURE CHANNEL KK password shared by A and B SECURE CHANNEL A A B B password
10 © Ravi Sandhu 2002 DICTIONARY ATTACKS Try likely passwords from a dictionary, rather than all possible keys For a 20,000 word dictionary, 1 trial/second will crack a poor password in less than 3 hours 25% - 30% of passwords will be cracked by a dictionary attack
11 © Ravi Sandhu 2002 PUBLIC KEY ENCRYPTION Encryption Algorithm E Decryption Algorithm D Plain- text Plain- text Ciphertext INSECURE CHANNEL B's Public Key B's Private Key RELIABLE CHANNEL A A B B
12 © Ravi Sandhu 2002 DIGITAL SIGNATURES Signature Algorithm S Verification Algorithm V Plain- text Yes/No Plaintext + Signature INSECURE CHANNEL A's Private Key A's Public Key RELIABLE CHANNEL A A B B
13 © Ravi Sandhu 2002 MESSAGE DIGESTS (HASH FUNCTIONS) message digest algorithm original message no practical limit to size message digest 128 bit/160 bit easyhard
14 © Ravi Sandhu 2002 RSA RIVEST-SHAMIR-ADELMAN public key is (n,e) private key is d encrypt: C = M e mod n decrypt: M = C d mod n Same public key can be used for encryption and signature Unique property of RSA
15 © Ravi Sandhu 2002 X.509 CERTIFICATE VERSION SERIAL NUMBER SIGNATURE ALGORITHM ISSUER VALIDITY SUBJECT SUBJECT PUBLIC KEY INFO SIGNATURE
16 © Ravi Sandhu 2002 X.509 CERTIFICATE 0 1234567891011121314 RSA+MD5, 512 C=US, S=VA, O=GMU, OU=ISE 9/9/99-1/1/1 C=US, S=VA, O=GMU, OU=ISSE, CN=Ravi Sandhu RSA, 1024, xxxxxxxxxxxxxxxxxxxxxxxxx SIGNATURE
17 © Ravi Sandhu 2002 SECURE ELECTRONIC TRANSACTIONS (SET) CA HIERARCHY Root Brand Geo-Political BankAcquirer CustomerMerchant
18 © Ravi Sandhu 2002 MULTIPLE ROOT CAs AND CROSS-CERTIFICATION X Q A R ST CEGIKMO abcdefghijklmnop
19 © Ravi Sandhu 2002 CRL FORMAT SIGNATURE ALGORITHM ISSUER LAST UPDATE NEXT UPDATE REVOKED CERTIFICATES SIGNATURE SERIAL NUMBER REVOCATION DATE
20 © Ravi Sandhu 2002 OCSP ON-LINE CERTIFICATE STATUS PROTOCOL consult authoritative server the server in turn can look up CRLs
DIGITAL CERTIFICATES Prof. Ravi Sandhu. 2 © Ravi Sandhu PUBLIC-KEY CERTIFICATES reliable distribution of public-keys public-key encryption sender needs.
Symmetric Encryption Prof. Ravi Sandhu. 2 © Ravi Sandhu SECRET KEY CRYPTOSYSTEM Encryption Algorithm E Decryption Algorithm D Plain- text Plain- text.
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Asymmetric Digital Signatures And Key Exchange Prof. Ravi Sandhu.
SSL Trust Pitfalls Prof. Ravi Sandhu. 2 © Ravi Sandhu 2002 THE CERTIFICATE TRIANGLE user attributepublic-key X.509 identity certificate X.509 attribute.
A. Steffen, , KSy_Auth.ppt 1 Zürcher Hochschule Winterthur Kommunikationssysteme (KSy) - Block 9 Secure Network Communication Part III Authentication.
Symmetric Message Authentication Codes Prof. Ravi Sandhu.
PUBLIC KEY CRYPTOSYSTEMS Symmetric Cryptosystems 6/05/2014 | pag. 2.
1 Kerberos and X.509 Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Changed by Somesh Jha)
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
25 seconds left….. 24 seconds left….. 23 seconds left…..
Asymmetric Encryption Prof. Ravi Sandhu. 2 © Ravi Sandhu PUBLIC KEY ENCRYPTION Encryption Algorithm E Decryption Algorithm D Plain- text Plain- text Ciphertext.
CLASSICAL ENCRYPTION TECHNIQUES
WEEK 1 You have 10 seconds to name…
Addition 1’s to
CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.
Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
ISA 662 Internet Security Protocols Kerberos Prof. Ravi Sandhu.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Technical Presentation AIAC Group 11. System Rationale System Architecture Secure Channel Establishment Username/Password Cartão Cidadão Digital.
Addition Facts = = =
Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
1 Pretty Good Privacy (PGP) Security for Electronic .
SSL Trust Pitfalls Prof. Ravi Sandhu. 2 © Ravi Sandhu SERVER-SIDE SSL (OR 1-WAY) HANDSHAKE WITH RSA Record Protocol Handshake Protocol.
Jeopardy Topic 1Topic Q 1Q 6Q 11Q 16Q 21 Q 2Q 7Q 12Q 17Q 22 Q 3Q 8Q 13Q 18Q 23 Q 4Q 9Q 14Q 19Q 24 Q 5Q 10Q 15Q 20Q 25 Final Jeopardy.
CS5204 – Operating Systems 1 Authentication. CS 5204 – Operating Systems2 Authentication Digital signature validation proves: message was not altered.
Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.
L8. Reviews Rocky K. C. Chang, May Foci of this course 2 Rocky K. C. Chang Understand the 3 fundamental cryptographic functions and how they are.
1 Cryptography encryption authentication digital signatures one-way functions hash algorithms key generation, exchange and management.
We will resume in: 25 Minutes We will resume in: 24 Minutes.
What is Digital Signature Building confidentiality and trust into networked transactions. Kishankant Yadav
1 El Gamel Public Key Cryptosystem. 2 The Discrete Log Problem The El Gamel public key cryptosystem is based upon the difficulty of solving the discrete.
Cryptographic Technologies Chapter 5. Goals of Cryptography Four primary goals Many applications provide multiple cryptographic benefits simultaneously.
SSL Prof. Ravi Sandhu. 2 © Ravi Sandhu CONTEXT Mid to late 90’s SSL 1.0 never released SSL 2.0 flawed SSL 3.0 complete redesign TLS from Netscape.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
1 Authentication Applications Ola Flygt Växjö University, Sweden
SEC835 Cryptography Basic (cont). Asymmetric encryption – Public Key Uses a pair of keys – public and private A sender and a receiver possesses their.
EEC-484/584 Computer Networks Lecture 16 Wenbing Zhao
Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.
ECE509 Cyber Security : Concept, Theory, and Practice Cryptography Spring 2014.
1 ISA 562 Information Systems Theory and Practice 10. Digital Certificates.
Information Security Fundamentals Major Information Security Problems and Solutions Department of Computer Science Southern Illinois University Edwardsville.
PKI Future Directions 29 November 2001 Russ Housley RSA Laboratories CS – Class of 1981.
© 2017 SlidePlayer.com Inc. All rights reserved.