1. Data Security 101 Part 1: PKI and SSL

2. Reading First, read the VeriSign case, –page 294-297 Second, read section 5.3 –pages 268-279 Finally, briefly skim (don’t study) all of chapter 7 –pages 248-294.

3. Public Key Cryptography (Simple Case)

4. Advantages Confidentiality – no one but Bob can read Alice’s message.

5. Advantages Integrity – If someone intercepts Alice’s message, they can’t alter it in a meaningful way.

6. Problem Igor could pretend to be Bob and send Alice Igor’s public key. Then Igor can decrypt Alice’s message.

7. Problem Authenticity – Alice really has no way to be sure that she’s really talking to Bob

8. Problem Non-repudiation: If something goes wrong, Bob can always deny it and blame it on an imposter (Igor)

9. Signatures (also called Session Keys) How to send a private message How to send a signature.

10. Signatures Alice can send Bob a signature. No one else can create this signature unless they have Alice’s private key.

11. Signatures If Alice signs all of her messages, then Bob can detect if an imposter (Igor) is pretending to be Alice.

12. Signatures If the signature suddenly changes, the Bob knows the message is NOT from Alice.

13. Problem Initial Authentication – Again, what if Igor pretends to be Alice from the start?

14. Certificates Here I’m glossy over many details. The big picture is what’s important: Rather then get the Signature directly from each other, Bob and Alice agree to get the signatures from a 3 rd Party (VeriSign for example).

15. Certificates Rather than get the Signature directly from each other, Bob and Alice agree to get the signatures from a 3 rd Party (VeriSign for example). VeriSign holds a certificate and “private key” for Alice. The only way Igor can pretend to be Alice is to compromise VeriSign. How exactly is this more secure?