Strong Cryptographic Infrastructure and its Applications Dr Lucas Hui Center for Information Security & Cryptography Department of Computer Science & Information.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

Public Key Infrastructure and Applications
Cryptography and Network Security Chapter 14
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Public Key Management and X.509 Certificates
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Cryptographic Technologies
Software Infrastructure for Electronic Commerce All About Cryptography Professor Fred B. Schneider Dept. of Computer Science Cornell University.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Key Distribution CS 470 Introduction to Applied Cryptography
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
Cryptography 101 Frank Hecker
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
©Copyrights 2011 Eom, Hyeonsang All Rights Reserved Distributed Information Processing 20 th Lecture Eom, Hyeonsang ( 엄현상 ) Department of Computer Science.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Information Security Fundamentals Major Information Security Problems and Solutions Department of Computer Science Southern Illinois University Edwardsville.
Cryptography  Why Cryptography  Symmetric Encryption  Key exchange  Public-Key Cryptography  Key exchange  Certification.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Networks Management and Security Lecture 3.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Encryption. What is Encryption? Encryption is the process of converting plain text into cipher text, with the goal of making the text unreadable.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
What is Digital Signature Building confidentiality and trust into networked transactions. Kishankant Yadav
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
Cryptography and Network Security Chapter 14
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Chapt. 10 – Key Management Dr. Wayne Summers Department of Computer Science Columbus State University
1 Public Key Infrastructure Dr. Rocky K. C. Chang 25 February, 2002.
1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007.
6.033 Quiz3 Review Spring How can we achieve security? Authenticate agent’s identity Verify the integrity of the request Check the agent’s authorization.
Biometric Encryption Base RSA Algorithm Supervisor: Ass. Prof. Dr. Dang Tran Khanh Student: Dung Ngo Dinh.
2013Prof. Reuven Aviv, Mail Security1 Pretty Good Privacy (PGP) Prof. Reuven Aviv Dept. of Computer Science Tel Hai Academic College.
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.
Fundamentals of Network Security Ravi Mukkamala SCI 101 October 6, 2003.
CompTIA Security+ Study Guide (SY0-501)
Secure Electronic Transaction (SET) University of Windsor
Lecture 4 - Cryptography
The Secure Sockets Layer (SSL) Protocol
Presentation transcript:

Strong Cryptographic Infrastructure and its Applications Dr Lucas Hui Center for Information Security & Cryptography Department of Computer Science & Information Systems The University of Hong Kong Tel: Fax: Workshop on Strong Cryptographic Infrastructure December 17, 1998

Content 1. Use of Cryptography (in electronic commerce activities, Internet services) 2. Cryptographic Library 3. Public Key Infrastructure 4. Applications 5. Cryptographic Infrastructure 6. Relations of 2,3,4,5 7. The SCI project in HKUCSIS

Use of Cryptography (in E.C. etc) Hash functions (SHA, MD5) Symmetric key crypto-system (DES, DES3) Public Key Crypto-system –Digital signature –Data Encryption –Advanced usage : double hashing, group signature In real usage, techniques are combined

Public Key Crypto-system A has public key Apub, & private key Aprv From Apub, almost impossible to find Aprv Apub is known to all; Aprv is secret to A

Digital Signature using Public Key Crypto-systems A sends a signed message M to B –A sends Aprv(M) to B, B decrypts with Apub

Data Encryption using Public Key Crypto-systems A sends a confidential message M to B –A sends Bpub(M) to B, B decrypts with Bprv

Cryptographic Library Provide cryptographic algorithms such as RSA Provide interface to add new cryptographic algorithms easily Provide other functions Q : How to set up/manage the private/public keys? A : Using a Public Key Infrastructure

Problem with Pub Key distribution A talks to B, Hacker H attacks as follows: –To A, H pretends B. To B, H pretends A –H sees secrets between A and B, and can modify the messages

Solution to Pub Key distribution Need : when B gives Bpub to A, a trusted third party (Certification Authority, CA) is needed to endorse Bpub is correct

Certification Authority A wants to get B’s public key Bpub. How? Method 1 : use a repository Method 2 : B gives Bpub to A, which is endorsed by a trusted-third-party, the CA (Certification Authority). This is B’s public key certificate BCert, which is Bpub signed by CA’s private key CAprv CA’s public key, CApub, is known to all A use CApub to verify that BCert is correct

X.509 Public Key Infrastructure (PKIX) Set up, manage, and terminate usage of keys (private/public), & public key certificates –Registration & Initialization –Certification (signing of a certificate) –Key pair recovery –Key Generation, Update –Cross-certification –Key Revocation (managing CRLs) Note: Make use of Cryptographic functions

Cross Certification

Cross-Certification 2 CAs: CA1, CA2, & 2 persons: A, B. CA2 issues a public key Cert BCert to B (Bpub signed by CA2’s private key) CA1 issues a Cross-Cert, XCert, to CA2 (CA2’s public key signed by CA1’s private key) A trusts CA1 (A knows CA1’s public key) B sends BCert and XCert to A A can now verify B’s public key in 2 steps.

Applications Examples: E. Commerce, E. Banking, Secure , Secure Workflow (in schools, etc) Using a transaction protocol which makes use of cryptographic algorithms from a Cryptographic Library Use PKIX for subject (customers, etc) identity and encryption key management

Cryptographic Infrastructure

Strong Cryptographic Infrastructure Project (SCI) in HKUCSIS What does Strong mean? –Algorithms are “Strong” (e.g. RSA-1024) –“Strong” in implementation (e.g. Random No.) –New encryption paradigm (elliptic curves) supported by ISF available to users in HK Start with Strong Cryptographic Library (SCL) Beta version expected in March 1999

SCI project team Dr Lucas Hui (Chief Designer) Dr K.P. Chow (Project Manager) Dr W.W. Tsang, Prof Francis Chin, Prof G. Marsaglia Dr C.F. Chong, Dr H.W. Chan Ms Vivien Chan, Mr Marcus Lee, Mr K.M. Chan Mr Doug Kwan, Mr Luke Lam, Mr Henry Fung, Ms Taellus Lo

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.