Security Keys, Signatures, Encryption. Slides by Jyrki Nummenmaa ‘

Slides:

Advertisements

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Advertisements

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

CSCI 530L Public Key Infrastructure. Who are we talking to? Problem: We receive an . How do we know who it’s from? address Can be spoofed.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

Cryptographic Technologies

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Tony BrettOUCS Course Code ZAB 9 February Security – Encryption and Digital Signatures Tony Brett Oxford University Computing Services February.

03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Cryptography 101 Frank Hecker

1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.

Enhancing Security with S/MIME Chuck Connell,

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

Masud Hasan Secue VS Hushmail Project 2.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Cryptography  Why Cryptography  Symmetric Encryption  Key exchange  Public-Key Cryptography  Key exchange  Certification.

E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.

Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 50 Cryptography, Privacy, and Digital Certificates.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)

NDSU Lunchbytes "Are They Really Who They Say They Are?" Digital or Electronic Signature Information Rick Johnson, Theresa Semmens, Lorna Olsen April 24,

Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.

1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.

1 Information Security Practice I Lab 5. 2 Cryptography and security Cryptography is the science of using mathematics to encrypt and decrypt data.

Encryption / Security Victor Norman IS333 / CS332 Spring 2014.

Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Encryption. What is Encryption? Encryption is the process of converting plain text into cipher text, with the goal of making the text unreadable.

Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

Chapter 8 – Network Security Two main topics Cryptographic algorithms and mechanisms Firewalls Chapter may be hard to understand if you don’t have some.

Network Security – Special Topic on Skype Security.

NETWORK SECURITY.

Digital Signatures, Message Digest and Authentication Week-9.

Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.

1 Normal executable Infected executable Sequence of program instructions Entry Original program Entry Jump Replication and payload Viruses.

Public Key Infrastructure (PKI) Chien-Chung Shen

Security Using PGP - Prajakta Bahekar. Importance of Security is one of the most widely used network service on Computer Currently .

Security & Privacy. Learning Objectives Explain the importance of varying the access allowed to database elements at different times and for different.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.

Digital Signatures and Digital Certificates Monil Adhikari.

Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.

Copyright 2004 MayneStay Consulting Group Ltd. - All Rights Reserved Jan-041 Security using Encryption Security Features Message Origin Authentication.

Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.

Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.

Security is one of the most widely used and regarded network services

Security Outline Encryption Algorithms Authentication Protocols

Keys Campbell R. Harvey Duke University, NBER and

Campbell R. Harvey Duke University and NBER

Pooja programmer,cse department

Campbell R. Harvey Duke University and NBER

Advanced Computer Networks

Presentation transcript:

Security Keys, Signatures, Encryption

Slides by Jyrki Nummenmaa ‘

Keys n Keys are the basis for encryption. n They can be used for - identification, - encryption, - signatures, - and certificates. n We will skip the mathematics and only explain how the keys can be used.

Using a secret key - General n Messages are encrypted using a secret key known for both parties. n Usually faster algorithms than with public/private key pairs. n Problem: How can both parties get to know the secret key whilst keeping it secret?

Using a secret key - Encryption n The sender encrypts the message using an algorithm (which may be publicly well know) and the secret key (which is secret, as the name implies) n The recipient decrypts the message using a well-known algorithm and the secret key (of course, the algorithms must be matching).

Using a private/public key pair - General n Each communicating agent has a private key, only known to herself, and a public key, known to all. n Principle: both keys are needed for certain operations (next slides will explain more). n Slower algorithms than with the single secret key.

Using a private/public key pair - Generating a key pair n The key pair is generated using a random number algorithm in such a way that the keys match. n The private key can be protected with a passphrase, which you must know to be able to use the private key (to create the “real” private key from the passphrase and the permanently stored private key.

Using a private/public key pair - Encryption n A sender encrypts a document using the recipient’s public key (known to everyone) and a well-known algorithm. n Decryption is in practice only possible with the recipients private key (known to the recipient only) - no-one else can read the encrypted document.

Encryption in practice for communicating secure processes n As secret key algorithms are faster, it is practical to use the public keys to agree on a one-time session secret key. n For this, both parties can create one- time session key pairs (private and public). n The secret session key is used for communication. n This is what e.g. SSL does.

Using a private/public key pair - Message integrity/1 n Message integrity = the message has not been changed or corrupted n Tentative solution: calculate a code from the document and send it along. On receipt, a new code is being calculated and compared with the code that was sent. If they match, the message has not changed.

Using a private/public key pair - Message integrity/2 n The tentative solution works against corruption (a checksum). n However, if someone wants to change the message, then she could also change the code (checksum).

Using a private/public key pair - Message integrity/3 n Improved solution: compute the code using the senders private key and the message. (Encrypt the code using the private key.) = Create a signature or electronically sign the document. n The recipient can use sender’s public key to decrypt the code. Then it is possible to check message integrity.

Using a private/public key pair - Message integrity/4 n Q: What’s the difference between this and encryption? n A: The information the sender is giving out can be public and non-encrypted. It is only if you want to verify that the message has not been changed that you use the sender’s public key to check this.

Authentication/1 n Suppose you receive mail from and you also get Elvis’ public key. n You receive messages which open with the public key -> you conclude that they have been sent using a matching private key. n How can you be sure who the sender is?

Authentication/2 n Several possibilities: It is Elvis himself, it is really his address, it is really his public key.It is Elvis himself, it is really his address, it is really his public key. It is Elvis’s address, but someone is misusing it somehow, and he has generated a public/private key pair and sent you the public key (public part).It is Elvis’s address, but someone is misusing it somehow, and he has generated a public/private key pair and sent you the public key (public part). It is not even Elvis’ address.It is not even Elvis’ address.

Authentication/3 n The real question is: How can you be sure of a sender’s identity in the Internet world? n Quite often, you are convinced that such a person or company exists. n Then, you need to know if the and the identity match.

Authentication/4 Certificates n A certificate is a document where someone states that a public key really belongs to the right person/company. n A certificate must be digitally signed by someone. n That someone may be a person, but more generally, it is a Certificate Authority (CA).

Authentication/5 Certificate Authorities n A Certificate Authority (CA) is generally- trusted generally-known enterprise. n The CA makes it’s public key (or a message digest of it) publicly available so widely that it is not practical for anyone else to claim to be that CA. n The CA (like VeriSign, see usually charges money for its services.

Authentication/6 Certification n The CA digitally signs public keys. (Or gives digital identities with private keys and matching digitally signed public keys.) n Anyone can check the certificate against the CA’s public key, thus making sure that the CA certifies the public key.

Authentication/7 Levels of certification n There are different levels of certification, on the following lines Certifying that a public key and an address belong together.Certifying that a public key and an address belong together. Certifying that a public key and a person’s identity belong together (for this you need to visit the CA in person).Certifying that a public key and a person’s identity belong together (for this you need to visit the CA in person). Certifying that a company’s name and a public key belong together…Certifying that a company’s name and a public key belong together… Read more from VeriSign.Read more from VeriSign.

Authentication/8 Certification chains n A certified person or company can give a certificate to another. n For example, if a CA (A) gives a certificate to Netscape (B), and Netscape gives a certificate to some Java applet programming company (C), then you can verify B’s public key using A’s and C’s public key using B’s.

Authentication/9 Certification risks n It all comes back to a CA, either directly or via a certificate chain. n In fact, it all comes back to the CA’s private key. n If someone guesses or steals or is able to compute (shouldn’t be possible) the CA’s private key, everything collapses.

Available implementations n Java offers a java.security package which comes with Java2 (jdk1.2.2) and a java.cryptix package, which is only available in the US, however, there are other implementations, like the one on n SSL can be used through shttp. n However, we will start with PGP, which does not require programming.

PGP (Pretty Good Privacy) n PGP is a public/private key pair system. n PGP is publicly available on e.g. kielo.uta.fi - start with pgp -h n PGP can be used for encryption and signatures. n You will need to create yourself a key pair, after which you can start operating with it.