Hervey Allen Phil Regnauld 15 June 2009 Papeete, French Polynesia DNSSEC Tutorial: Public / Private.

Slides:

Advertisements

Similar presentations

Lecture 5: Cryptographic Hashes

Advertisements

DNSSEC Cryptography Review DNSSEC Tutorial February 21, 2011 Hong Kong Will.i.am Hervey Allen.

Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

NSRC Workshop Some fundamental security concerns... Confidentiality - could someone else read my data? Integrity - has my data been changed? Authentication.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.

Services and Security through Cryptography ccTLD Workshop November 27, 2007 Amman, Jordan Hervey Allen.

Security through Cryptography PacNOG 6 Hervey Allen.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Cryptographic Technologies

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Encryption Methods By: Michael A. Scott

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.

CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.

Public Key Cryptography July Topics  Symmetric and Asymmetric Cryptography  Public Key Cryptography  Digital Signatures  Digital Certificates.

DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.

1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.

Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.

.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.

Cryptography, Authentication and Digital Signatures

Review of basic cryptographically algorithm Asymmetric encoding (Private and Public Keys), Hash Function, Digital Signatures and Certification.

CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.

4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.

Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.

Bit Cipher 1. Example of bit Cipher 2 Practical Stream Cipher 3.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 50 Cryptography, Privacy, and Digital Certificates.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.

11-Basic Cryptography Dr. John P. Abraham Professor UTPA.

Public / Private Keys was a big year… DES: Adopted as an encryption standard by the US government. It was an open standard. The NSA calls it “One.

Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

Privacy versus Authentication Confidentiality (Privacy) –Interceptors cannot read messages Authentication: proving the sender’s identity –The Problem of.

Encryption No. 1  Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin Bolding Electrical Engineering Seattle Pacific University.

MD5 ALGORITHM past and present. History Initial checking of integrity – checksums, then CRC These are only good at detecting lost information due to hardware.

Lecture 2: Introduction to Cryptography

Security fundamentals Topic 4 Encryption. Agenda Using encryption Cryptography Symmetric encryption Hash functions Public key encryption Applying cryptography.

Encryption Basics Module 7 Section 2. History of Encryption Secret - NSA National Security Agency –has powerful computers - break codes –monitors all.

Intro to Cryptography Lesson Introduction

Network Security Celia Li Computer Science and Engineering York University.

Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems1.

Lecture 9 Overview. RSA Invented by Cocks (GCHQ), independently, by Rivest, Shamir and Adleman (MIT) Two keys e and d used for Encryption and Decryption.

Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.

ENGR 101 Compression and Encryption. Todays Lecture  Encryption  Symmetric Ciphers  Public Key Cryptography  Hashing.

CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.

Security through Cryptography SA-E Workshop May 13, 2009 Cairo, Egypt Hervey Allen.

Web Applications Security Cryptography 1

Symmetric Cryptography

IT443 – Network Security Administration Instructor: Bo Sheng

Cryptography Why Cryptography Symmetric Encryption

Cryptographic Hash Function

Encryption. Encryption Basics • Plaintext - the original message ABCDEFG • Ciphertext - the coded message DFDFSDFSD • Cipher - algorithm for.

Presented by: Dr. Munam Ali Shah

NET 311 Information Security

Cryptography Basics and Symmetric Cryptography

ICS 454 Principles of Cryptography

Introduction to Symmetric-key and Public-key Cryptography

ICS 454 Principles of Cryptography

Outline Using cryptography in networks IPSec SSL and TLS.

Chapter -7 CRYPTOGRAPHIC HASH FUNCTIONS

DISSERTATION ON CRYPTOGRAPHY.

Hashing Hash are the auxiliary values that are used in cryptography.

10/7/2019 Created by Omeed Mustafa 1 st Semester M.Sc (Computer Science department) Cyber-Security.

Presentation transcript:

Hervey Allen Phil Regnauld 15 June 2009 Papeete, French Polynesia DNSSEC Tutorial: Public / Private Key Refresher

DNSSec and Cryptography Three Key Concepts Public / Private keys Message digests, checksums, hashes Digital signatures Are at the core of DNSSEC. If these do not make sense, then DNSSEC will not make sense.

Ciphertext We start with plaintext. Something you can read. We apply a mathematical algorithm to the plaintext. The algorithm is the cipher. The plaintext is turned in to ciphertext. Almost all ciphers were secret until recently. Creating a secure cipher is HARD.

Keys To create ciphertext and turn it back to plaintext we apply a key to the cipher on both ends. The security of the ciphertext rests with the key. This is a critical point. If someone obtains your key, your data is compromised. This type of single key use is part of a symmetric cipher.

Symmetric Cipher The quick brown fox jumped over the... Single Key/Symmetric Ciphers The quick brown fox jumped over the... clear text clear text ciphertext KK The same key is used to encrypt the document before sending and to decrypt it once it is received - )~sddaX2 3Dqpir

The Big Question... How do you distribute the keys securely?

Public / Private Keys We generate a cipher key pair. One key is the private key, the other is the public key. The private key remains secret and should be protected. The public key is freely distributable. It is related mathematically to the private key, but you cannot (easily) reverse engineer the private key from the public key. Use the public key to encrypt data. Only someone with the private key can decrypt the encrypted data.

Example Public / Private Key Pair The quick brown fox jumped over the... clear text k 1 (public key) k 2 (private key) One key is used to encrypt the document, a different key is used to decrypt it. This is a big deal! The quick brown fox jumped over the... - )~sddaX2 3Dqpir clear text clear text ciphertext

Issues For larger data transmissions than used in DNSSEC we use hybrid systems. Symmetric ciphers (single key) are much more efficient than public key algorithms for data transmission! Attack on the public key is possible via chosen-plaintext attacks. Thus, the public/private key pair need to be large (2048 bits).

One-Way Hashing Functions A mathematical function that generates a fixed length result regardless of the amount of data you pass through it. Generally very fast. You cannot generate the original data from the fixed- length result, thus the term “one-way”. Hopefully you cannot find two sets of data that produce the same fixed-length result. If you do, this is called a collision. (Example, md5). The fixed length result is known as a Message Digest or a checksum or a hash.

One-Way Hashing Functions cont. Applying a hashing function to plaintext is called munging a document. The fixed-length result is referred to as a checksum, message digest or hash. Some popular hashing functions include:  md5: Outputs 128 bit result. Fast. Collisions found.  sha-1: Outputs 160 bits. Slower. Collisions in  sha-2: Outputs bits. Slower. Collisions expected (2 80 attack).  sha-3: TBA: Currently in development via a new NIST Hash Function Competition.

Hashing another example Note the significant change in the hash sum for minor changes in the input. Note that the hash sum is the same length for varying input sizes. This is extremely useful. *Image courtesy Wikipedia.org.

What use is this? There are several: Create passphrases for private keys. Passwords (in Linux, Unix and Windows). You can run many megabytes of data through a hashing function, but only have to check a fixed number of bits of information ( bits). This can be used to create a digital signature.

Digital Signatures Reverse the role of public and private keys. To create a digital signature on a document do: 1. Munge a document. 2. Encrypt the message digest with your private key. 3. Send the document plus the encrypted message digest. 4. On the other end munge the document and decrypt the encrypted message digest with the person's public key. 5. If they match, the document is authenticated. 6. This process creates a digital signature. (ta da!)

When Authenticating: Take a hash of the document and encrypt only that. An encrypted hash is called a "digital signature" The quick brown fox jumped over the... k2k2 k1k1 digital signature COMPARE hash (public) (private)

Conclusion Public / Private keys Message digests, checksums, hashes Digital signatures Are at the core of DNSSEC. If these do not make sense, then DNSSEC will not make sense. Well, maybe not... ;-)