1 digital certificates one concern with the public key approach: must ensure that you are encrypting...
Post on 19-Dec-2015
216 views
TRANSCRIPT
![Page 1: 1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key Otherwise, you](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d2e5503460f94a056cf/html5/thumbnails/1.jpg)
1
Digital certificates
• One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key Otherwise, you can only encrypt/decrypt to
those key handed to you• A solution: digital certificates (or certs)• A form of credentials (like a physical
passport)• Included with a person’s public key to
verify that a key is valid
![Page 2: 1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key Otherwise, you](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d2e5503460f94a056cf/html5/thumbnails/2.jpg)
2
Components of a digital certificate• A digital certificate
A public key Certificate info (identifying information such as
name, ID) One (or more) digital signatures A stamp of approval from a trusted entity
• Certificates are used when it is necessary to exchange public keys with someone (when you cannot manually exchange via a diskette or USB drive)
![Page 3: 1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key Otherwise, you](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d2e5503460f94a056cf/html5/thumbnails/3.jpg)
3
Components of a digital certificate [2]
![Page 4: 1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key Otherwise, you](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d2e5503460f94a056cf/html5/thumbnails/4.jpg)
4
Digital certificate distribution
• Digital servers: a networked database that allows users to submit and receive digital certs Example: PGP Keyserver
• Public Key Infrastructures (PKIs) Storage facilities like the certificate servers More structured Provide additional key management services Issue revoke, store, and trust certificates Certificate authority: a group of human beings
authorized to issue certs (like a passport office)
![Page 5: 1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key Otherwise, you](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d2e5503460f94a056cf/html5/thumbnails/5.jpg)
5
Common certificate format
• The certificate holder’s public key: the public portion of key pair and key algorithm, e.g., RSA
• The certificate holder’s information: identity information about the user (e.g., name, user ID, email address, photograph, and so on)
• The digital signature of the certificate owner: the signature using the corresponding private key of the public key of the certificate
• The certificate’s validity period: the certificate’s start date/time and expiration date/time; The preferred symmetric encryption algorithm for the key: e.g., AES, Triple-DES, Twofish
![Page 6: 1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key Otherwise, you](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d2e5503460f94a056cf/html5/thumbnails/6.jpg)
6
Common certificate format [2]
![Page 7: 1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key Otherwise, you](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d2e5503460f94a056cf/html5/thumbnails/7.jpg)
7
Other substitution techniques
• Choose a keyword, e.g., Jayhawk, drop repeated letters, thus jayhwk
• The keyword defines the permutation of English letters:
ABCDEFGHIJKLMNOPQRSTUVWXYZ jayhwkbcdefgilmnopqrstuvxz
• Another keyword: Professional ABCDEFGHIJKLMNOPQRSTUVWXYZ
profesinalbcdghjkmqtuvwxyz
![Page 8: 1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key Otherwise, you](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d2e5503460f94a056cf/html5/thumbnails/8.jpg)
8
Other substitution techniques [2]• Use every third letter (apply mod 26)
adgjmpsvybehknqtwzcfilorux• Consider any possible permutation of the
English letters How many? 26! Even applying decryption at 1 microsecond, still
takes over 1,000 years The primary issue: the knowledge of letter
patterns in a text Solution: Avoid using the same substitution for a
letter
![Page 9: 1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key Otherwise, you](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d2e5503460f94a056cf/html5/thumbnails/9.jpg)
9
One-time pads (using Vigenere tableau)• Assume a set of large, non-repeating keys
written on sheets of paper, glued into a pad• Assume keys are 20 characters• Assume a text that is 300 characters• Sender tears off 15 pages from the pad• Sender writes the keys one at a time above the
text letters and enciphers in a prearranged chart• Receiver must have the same pad• Concerns: (1) key distribution, (2)
sender/receiver must synchronize (3) need unlimited keys
![Page 10: 1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key Otherwise, you](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d2e5503460f94a056cf/html5/thumbnails/10.jpg)
10
One-time pads [2]
• A toy example• Assume keys are 5 letters each; assume
these two keys XYSWD and DHJTU• Assume you have a text that is eight
characters, e.g., “fly today”• Need two keys XYSWDDHJTU flytoday• Ciphertext: XYSWDDHJ
![Page 11: 1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key Otherwise, you](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d2e5503460f94a056cf/html5/thumbnails/11.jpg)
11
One-time pads [3]
• Using computers, random numbers can be generated for the keys
• To send a 300-letter message Generate the next 300 random numbers Scale to be between 1-26 Use a number to decipher each letter
![Page 12: 1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key Otherwise, you](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d2e5503460f94a056cf/html5/thumbnails/12.jpg)
12
One-time pads [4]
• Pictorially
![Page 13: 1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key Otherwise, you](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d2e5503460f94a056cf/html5/thumbnails/13.jpg)
13
The Vernam cipher (a one-time pad)• Devised by Gilbert Vernam for AT&T• Non-repeating random numbers• How? Consider plaintext Vernam Cipher V E R N A M C I P H E Rord# 21 4 17 13 0 12 2 8 15 7 4 17+rnd 76 48 16 82 44 3 58 11 60 5 48 88= 97 52 33 95 44 15 60 19 75 12 52 105%26 19 0 7 17 18 15 8 19 23 12 0 1cipher T A H R S P I T X M A B
![Page 14: 1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key Otherwise, you](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d2e5503460f94a056cf/html5/thumbnails/14.jpg)
14
An example of combining substitution and transposition• The Soviet encryption during the WWII• Handout
![Page 15: 1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key Otherwise, you](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d2e5503460f94a056cf/html5/thumbnails/15.jpg)
15
How is a key used?
• Suppose we have a key, computer• How is it used to encrypt a plaintext?• A toy approach• The key, computer, in ASCII is
Dec: 097 111 109 112 117 116 101 114 Binary: 01100011 01101111 01101101 …
• A plaintext, “secretly” in binary: 01110011 01100101 01100011 …
• XOR the two!
![Page 16: 1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key Otherwise, you](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d2e5503460f94a056cf/html5/thumbnails/16.jpg)
16
How is a key used? [2]
• Much more complex in real algorithms
• F is a round function• Ki, for i in 2..16, are new
keys generated from the original key by a complex algorithm
• is the xor operation
![Page 17: 1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key Otherwise, you](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d2e5503460f94a056cf/html5/thumbnails/17.jpg)
17
The key application in DES
![Page 18: 1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key Otherwise, you](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d2e5503460f94a056cf/html5/thumbnails/18.jpg)
18
The key application in AES
![Page 19: 1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key Otherwise, you](https://reader030.vdocument.in/reader030/viewer/2022032703/56649d2e5503460f94a056cf/html5/thumbnails/19.jpg)
19
Key distribution revisited
• Five persons need to communicate securely• How many keys should the system maintain?• How many lines of communication? n * (n -1)/2
Two people: 1 line of communication Three people: 3 lines of communication Four people: 6 lines of communication Five people: 10 lines of communication
• Concerns: Maintaining the distributed the keys