Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Keys, Signatures, Encryption. Slides by Jyrki Nummenmaa ‘

Published byMadeline Barber Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Keys, Signatures, Encryption. Slides by Jyrki Nummenmaa ‘"— Presentation transcript:

1 Security Keys, Signatures, Encryption

2 Slides by Jyrki Nummenmaa ‘

3 Keys n Keys are the basis for encryption. n They can be used for - identification, - encryption, - signatures, - and certificates. n We will skip the mathematics and only explain how the keys can be used.

4 Using a secret key - General n Messages are encrypted using a secret key known for both parties. n Usually faster algorithms than with public/private key pairs. n Problem: How can both parties get to know the secret key whilst keeping it secret?

5 Using a secret key - Encryption n The sender encrypts the message using an algorithm (which may be publicly well know) and the secret key (which is secret, as the name implies) n The recipient decrypts the message using a well-known algorithm and the secret key (of course, the algorithms must be matching).

6 Using a private/public key pair - General n Each communicating agent has a private key, only known to herself, and a public key, known to all. n Principle: both keys are needed for certain operations (next slides will explain more). n Slower algorithms than with the single secret key.

7 Using a private/public key pair - Generating a key pair n The key pair is generated using a random number algorithm in such a way that the keys match. n The private key can be protected with a passphrase, which you must know to be able to use the private key (to create the “real” private key from the passphrase and the permanently stored private key.

8 Using a private/public key pair - Encryption n A sender encrypts a document using the recipient’s public key (known to everyone) and a well-known algorithm. n Decryption is in practice only possible with the recipients private key (known to the recipient only) - no-one else can read the encrypted document.

9 Encryption in practice for communicating secure processes n As secret key algorithms are faster, it is practical to use the public keys to agree on a one-time session secret key. n For this, both parties can create one- time session key pairs (private and public). n The secret session key is used for communication. n This is what e.g. SSL does.

10 Using a private/public key pair - Message integrity/1 n Message integrity = the message has not been changed or corrupted n Tentative solution: calculate a code from the document and send it along. On receipt, a new code is being calculated and compared with the code that was sent. If they match, the message has not changed.

11 Using a private/public key pair - Message integrity/2 n The tentative solution works against corruption (a checksum). n However, if someone wants to change the message, then she could also change the code (checksum).

12 Using a private/public key pair - Message integrity/3 n Improved solution: compute the code using the senders private key and the message. (Encrypt the code using the private key.) = Create a signature or electronically sign the document. n The recipient can use sender’s public key to decrypt the code. Then it is possible to check message integrity.

13 Using a private/public key pair - Message integrity/4 n Q: What’s the difference between this and encryption? n A: The information the sender is giving out can be public and non-encrypted. It is only if you want to verify that the message has not been changed that you use the sender’s public key to check this.

14 Authentication/1 n Suppose you receive mail from Elvis.Presley@heaven.com and you also get Elvis’ public key. n You receive messages which open with the public key -> you conclude that they have been sent using a matching private key. n How can you be sure who the sender is?

15 Authentication/2 n Several possibilities: It is Elvis himself, it is really his e-mail address, it is really his public key.It is Elvis himself, it is really his e-mail address, it is really his public key. It is Elvis’s e-mail address, but someone is misusing it somehow, and he has generated a public/private key pair and sent you the public key (public part).It is Elvis’s e-mail address, but someone is misusing it somehow, and he has generated a public/private key pair and sent you the public key (public part). It is not even Elvis’ e-mail address.It is not even Elvis’ e-mail address.

16 Authentication/3 n The real question is: How can you be sure of a sender’s identity in the Internet world? n Quite often, you are convinced that such a person or company exists. n Then, you need to know if the e-mail and the identity match.

17 Authentication/4 Certificates n A certificate is a document where someone states that a public key really belongs to the right person/company. n A certificate must be digitally signed by someone. n That someone may be a person, but more generally, it is a Certificate Authority (CA).

18 Authentication/5 Certificate Authorities n A Certificate Authority (CA) is generally- trusted generally-known enterprise. n The CA makes it’s public key (or a message digest of it) publicly available so widely that it is not practical for anyone else to claim to be that CA. n The CA (like VeriSign, see www.verisign.com) usually charges money for its services.

19 Authentication/6 Certification n The CA digitally signs public keys. (Or gives digital identities with private keys and matching digitally signed public keys.) n Anyone can check the certificate against the CA’s public key, thus making sure that the CA certifies the public key.

20 Authentication/7 Levels of certification n There are different levels of certification, on the following lines Certifying that a public key and an e-mail address belong together.Certifying that a public key and an e-mail address belong together. Certifying that a public key and a person’s identity belong together (for this you need to visit the CA in person).Certifying that a public key and a person’s identity belong together (for this you need to visit the CA in person). Certifying that a company’s name and a public key belong together…Certifying that a company’s name and a public key belong together… Read more from VeriSign.Read more from VeriSign.

21 Authentication/8 Certification chains n A certified person or company can give a certificate to another. n For example, if a CA (A) gives a certificate to Netscape (B), and Netscape gives a certificate to some Java applet programming company (C), then you can verify B’s public key using A’s and C’s public key using B’s.

22 Authentication/9 Certification risks n It all comes back to a CA, either directly or via a certificate chain. n In fact, it all comes back to the CA’s private key. n If someone guesses or steals or is able to compute (shouldn’t be possible) the CA’s private key, everything collapses.

23 Available implementations n Java offers a java.security package which comes with Java2 (jdk1.2.2) and a java.cryptix package, which is only available in the US, however, there are other implementations, like the one on www.cryptix.org. n SSL can be used through shttp. n However, we will start with PGP, which does not require programming.

24 PGP (Pretty Good Privacy) n PGP is a public/private key pair system. n PGP is publicly available on e.g. kielo.uta.fi - start with pgp -h n PGP can be used for encryption and signatures. n You will need to create yourself a key pair, after which you can start operating with it.

Download ppt "Security Keys, Signatures, Encryption. Slides by Jyrki Nummenmaa ‘"

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
CSCI 530L Public Key Infrastructure. Who are we talking to? Problem: We receive an e-mail. How do we know who it’s from? E-Mail address Can be spoofed.

CSCI 530L Public Key Infrastructure. Who are we talking to? Problem: We receive an . How do we know who it’s from? address Can be spoofed.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Cryptographic Technologies

Cryptographic Technologies
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Tony BrettOUCS Course Code ZAB 9 February 2004 E-Mail Security – Encryption and Digital Signatures Tony Brett Oxford University Computing Services February.

Tony BrettOUCS Course Code ZAB 9 February Security – Encryption and Digital Signatures Tony Brett Oxford University Computing Services February.
03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.

03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
E-mail Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.

Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.
Lecture 9: Email Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Similar presentations

Ads by Google