PKI Introduction Ravi Sandhu 2 © Ravi Sandhu 2002 CRYPTOGRAPHIC TECHNOLOGY PROS AND CONS SECRET KEY SYMMETRIC KEY Faster Not scalable No digital signatures.

Slides:



Advertisements
Similar presentations
CLASSICAL ENCRYPTION TECHNIQUES
Advertisements

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
ISA 662 Internet Security Protocols Kerberos Prof. Ravi Sandhu.
ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu.
Symmetric Message Authentication Codes Prof. Ravi Sandhu.
Symmetric Encryption Prof. Ravi Sandhu.
DIGITAL CERTIFICATES Prof. Ravi Sandhu. 2 © Ravi Sandhu PUBLIC-KEY CERTIFICATES reliable distribution of public-keys public-key encryption sender needs.
SSL Trust Pitfalls Prof. Ravi Sandhu.
Asymmetric Digital Signatures And Key Exchange Prof. Ravi Sandhu.
Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
Asymmetric Encryption Prof. Ravi Sandhu. 2 © Ravi Sandhu PUBLIC KEY ENCRYPTION Encryption Algorithm E Decryption Algorithm D Plain- text Plain- text Ciphertext.
SSL Trust Pitfalls Prof. Ravi Sandhu. 2 © Ravi Sandhu 2002 THE CERTIFICATE TRIANGLE user attributepublic-key X.509 identity certificate X.509 attribute.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.
0 - 0.
Addition Facts
Cryptography encryption authentication digital signatures
1 Pretty Good Privacy (PGP) Security for Electronic .
Public Key Cryptosystem
PUBLIC KEY CRYPTOSYSTEMS Symmetric Cryptosystems 6/05/2014 | pag. 2.
Technical Presentation AIAC Group 11. System Rationale System Architecture Secure Channel Establishment Username/Password Cartão Cidadão Digital.
A. Steffen, , KSy_Auth.ppt 1 Zürcher Hochschule Winterthur Kommunikationssysteme (KSy) - Block 9 Secure Network Communication Part III Authentication.
ECE454/CS594 Computer and Network Security
1 Authentication Applications Ola Flygt Växjö University, Sweden
Chapter 14 – Authentication Applications
Kerberos and X.509 Fourth Edition by William Stallings
CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,
Addition 1’s to 20.
25 seconds left…...
Week 1.
We will resume in: 25 Minutes.
L8. Reviews Rocky K. C. Chang, May Foci of this course 2 Rocky K. C. Chang  Understand the 3 fundamental cryptographic functions and how they are.
VPN AND REMOTE ACCESS Mohammad S. Hasan 1 VPN and Remote Access.
CS5204 – Operating Systems 1 Authentication. CS 5204 – Operating Systems2 Authentication Digital signature validation proves:  message was not altered.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
SSL Prof. Ravi Sandhu. 2 © Ravi Sandhu CONTEXT  Mid to late 90’s  SSL 1.0 never released  SSL 2.0 flawed  SSL 3.0 complete redesign  TLS from Netscape.
Cryptographic Security Presented by: Josh Baker October 9 th, CS5204 – Operating Systems.
1 ISA 562 Information Systems Theory and Practice 10. Digital Certificates.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Cryptography Basic (cont)
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Technologies
EEC-484/584 Computer Networks Lecture 16 Wenbing Zhao
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
ECE509 Cyber Security : Concept, Theory, and Practice Cryptography Spring 2014.
Information Security Fundamentals Major Information Security Problems and Solutions Department of Computer Science Southern Illinois University Edwardsville.
Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.
Internet Security. Four Issues of Internet Security Authenticity: Is the sender of a message who they claim to be? Privacy: Are the contents of a message.
What is Digital Signature Building confidentiality and trust into networked transactions. Kishankant Yadav
PKI Future Directions 29 November 2001 Russ Housley RSA Laboratories CS – Class of 1981.
Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.
Symmetric Cryptography
Asymmetric Cryptography
Cryptography Basics and Symmetric Cryptography
Security in ebXML Messaging
Asymmetric Cryptography
Public-Key Certificates
Network Security - A Lecture 1 - NETW4006 NETW4006-Lecture01 1.
Presentation transcript:

PKI Introduction Ravi Sandhu

2 © Ravi Sandhu 2002 CRYPTOGRAPHIC TECHNOLOGY PROS AND CONS SECRET KEY SYMMETRIC KEY Faster Not scalable No digital signatures PUBLIC KEY ASSYMETRIC KEY Slower Scalable Digital signatures

3 © Ravi Sandhu 2002 CRYPTOGRAPHIC SERVICES confidentiality sometimes called privacy integrity and authentication often stated as two separate services inevitably occur together non-repudiation stronger form of integrity and authentication

4 © Ravi Sandhu 2002 SECRET KEY ENCRYPTION FOR CONFIDENTIALITY Encryption Algorithm E Decryption Algorithm D Plain- text Plain- text Ciphertext INSECURE CHANNEL K K Secret Key shared by A and B SECURE CHANNEL A A B B

5 © Ravi Sandhu 2002 SECRET KEY MESSAGE AUTHENTICATION CODES (MAC) FOR INTEGRITY AND AUTHENTICATION MAC Algorithm M Verification Algorithm V Plain- text Yes/No Plaintext + MAC INSECURE CHANNEL K A A B B K

6 © Ravi Sandhu 2002 MACs DO NOT PROVIDE NON-REPUDIATION LIMITED TO INTEGRITY AND AUTHENTICATION MAC Algorithm M Verification Algorithm V Plain- text Yes/No Plaintext + MAC INSECURE CHANNEL K A A B B K

7 © Ravi Sandhu 2002 KNOWN PLAINTEXT ATTACK 56 bit key requires * 10 ^16 trials on average (DES-Data Encryption Standard) trials/secondtime required years years years year hours

8 © Ravi Sandhu 2002 KNOWN PLAINTEXT ATTACK 128 bit key requires * trials on average trials/secondtime required years years years years years

9 © Ravi Sandhu 2002 PASSWORD-BASED SECRET KEY CRYPTOSYSTEM Encryption Algorithm E Decryption Algorithm D Plain- text Plain- text Ciphertext INSECURE CHANNEL KK password shared by A and B SECURE CHANNEL A A B B password

10 © Ravi Sandhu 2002 DICTIONARY ATTACKS Try likely passwords from a dictionary, rather than all possible keys For a 20,000 word dictionary, 1 trial/second will crack a poor password in less than 3 hours 25% - 30% of passwords will be cracked by a dictionary attack

11 © Ravi Sandhu 2002 PUBLIC KEY ENCRYPTION Encryption Algorithm E Decryption Algorithm D Plain- text Plain- text Ciphertext INSECURE CHANNEL B's Public Key B's Private Key RELIABLE CHANNEL A A B B

12 © Ravi Sandhu 2002 DIGITAL SIGNATURES Signature Algorithm S Verification Algorithm V Plain- text Yes/No Plaintext + Signature INSECURE CHANNEL A's Private Key A's Public Key RELIABLE CHANNEL A A B B

13 © Ravi Sandhu 2002 MESSAGE DIGESTS (HASH FUNCTIONS) message digest algorithm original message no practical limit to size message digest 128 bit/160 bit easyhard

14 © Ravi Sandhu 2002 RSA RIVEST-SHAMIR-ADELMAN public key is (n,e) private key is d encrypt: C = M e mod n decrypt: M = C d mod n Same public key can be used for encryption and signature Unique property of RSA

15 © Ravi Sandhu 2002 X.509 CERTIFICATE VERSION SERIAL NUMBER SIGNATURE ALGORITHM ISSUER VALIDITY SUBJECT SUBJECT PUBLIC KEY INFO SIGNATURE

16 © Ravi Sandhu 2002 X.509 CERTIFICATE RSA+MD5, 512 C=US, S=VA, O=GMU, OU=ISE 9/9/99-1/1/1 C=US, S=VA, O=GMU, OU=ISSE, CN=Ravi Sandhu RSA, 1024, xxxxxxxxxxxxxxxxxxxxxxxxx SIGNATURE

17 © Ravi Sandhu 2002 SECURE ELECTRONIC TRANSACTIONS (SET) CA HIERARCHY Root Brand Geo-Political BankAcquirer CustomerMerchant

18 © Ravi Sandhu 2002 MULTIPLE ROOT CAs AND CROSS-CERTIFICATION X Q A R ST CEGIKMO abcdefghijklmnop

19 © Ravi Sandhu 2002 CRL FORMAT SIGNATURE ALGORITHM ISSUER LAST UPDATE NEXT UPDATE REVOKED CERTIFICATES SIGNATURE SERIAL NUMBER REVOCATION DATE

20 © Ravi Sandhu 2002 OCSP ON-LINE CERTIFICATE STATUS PROTOCOL consult authoritative server the server in turn can look up CRLs

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.