1. Key Exchange We talk about symmetric keys here
The problem is almost circular:
To establish an encrypted session, you need an encrypted means to exchange keys.

2. Key Exchange Public Key cryptography can help ?! Then, suppose that
To see how, suppose S:(Sender) and R:(Receiver) want to derive a shared symmetric key, remember that S and R have their own keys and their each others public keys
S keys are (kPR-S, kPU-S) plus R’s public key
R keys are (kPR-R, kPU-R) plus S’s public key
Then, suppose that
S chooses any symmetric key K
S sends E(kPR-S,K) to R
R takes S’s public key, removes the encryption, and obtains K
OOPS, any eavesdropper who can get S’s public key can also obtain K
let S send E(kPU-R, K)to R. Then, only R can decrypt K
OOPS, R has no assurance that K came from S
The solution is for S to send to R:
E(kPU-R, E(kPR-S, K))

3. Key Exchange
E(kPU-R, E(kPR-S, Message))

4. Digital Signatures

5. Electronic Record Very easy to make copies Very fast distribution
Easy archiving and retrieval
Copies are as good as original
Easily modifiable
Environmental Friendly
Because of 4 & 5 together, these lack authenticity

6. Why Digital Signatures?
To provide Authenticity, Integrity and Non-repudiation to electronic Documents & Communicated Messages
To use the Internet as the safe and secure medium for e-Commerce and e-Governance
One cd rom=one tree

7. Digital Signatures
A digital signature is a protocol that produces the same effect as a real signature:
It is a mark that only the sender can make
but other people can easily recognize that it belongs to the sender
Two conditions
It must be unforgeable:
If person P signs message M with signature S(P,M), it is impossible for anyone else to produce the pair [M, S(P,M)]
It must be authentic:
If a person R receives the pair[M, S(P,M)]supposedly from P, then R can check/verify that the signature is really from P
Only P could have created this signature, and the signature is firmly attached to M

8. Digital Signatures Two more properties
It is not alterable: after being transmitted, M cannot be changed by S, R, or an interceptor.
It is not reusable: if a previous message presented again will be instantly detected by R.

9. Digital Signatures efcc61c1c03db8d8ea8569545c073c814a0ed755
I agree
efcc61c1c03db8d8ea c073c814a0ed755
I am an Engineer.
ea0ae29b3b2c20fc018aaca45c3746a057b893e7
I am a Engineer.
01f1d8abd9c2e d97d315dff1ea3
These are digital signatures of the same person on different documents
Any message irrespective of its length can be compressed or shortened uniquely into a smaller length message called the Digest or the Hash.
Digital Signatures are numbers
They are document content dependent

10. What is Digital Signature?
Hash value of a message:
when encrypted with the private key of a person is his digital signature on that e-Document/Message
Digital Signature of a person therefore varies from document to document
thus ensuring authenticity of each word of that document.
As the public key of the signer is known,
anyone can verify the message and the digital signature

11. Digital Signatures Private Key – Used for making digital signature
Each individual generates his own key pair
[Public key known to everyone & Private key only to the owner]
Private Key – Used for making digital signature
Public Key – Used to verify the digital signature

12. Public Key Cryptography Encryption Technologies
Confidentiality
Document
Document
Encrypted
Document
Encrypted
Document
Public Key of B
Private Key of B

13. [2048 bit Key Example (including Algorithm identifier)]
RSA Key pair
Lifetime of data
RSA key size
Up to 2010
1024 bits
Up to 2030
2048 bits
Up to 2031 onwards
3072 bits
Recommended RSA key sizes depending on lifetime of confidential data
[2048 bit Key Example (including Algorithm identifier)]
Private Key
a b1 d311 e ccb e2 0d83 463d e493 bab6 06d3 0d59 bd3e c1ce a 21a8 efbc ccd0 a2cc b da d854 0aa ed 6356 ff70 6ca3 a119 d278 be68 2a44 5e2f cfcc 185e 47bc 3ab1 463d 1ef0 b92c 345f 8c7c 4c08 299d 4055 eb3c 7d83 deb5 f0f7 8a83 0ea1 4cb4 3aa5 b35f 5a22 97ec 199b c105 68fd e6b7 a c e a25 193a eb95 9c39 0a8a cf42 b2f0 1cd5 5ffb 6bed b39 2c72 38b0 ee93 a9d3 7b77 3ceb 7103 a938 4a16 6c89 2aca da c255 8ced 9cbb f2cb 5b10 f82e 6135 c629 4c2a d02a 63d b4f8 cdf9 f400 84b d 32a8 f92a 54fb ff78 41bc bd71 28f4 bb90 bcff e3 459e a
RSA claims that 1024-bit keys are likely to become crackable some time between 2006 and 2010 and that 2048-bit keys are sufficient until 2030.
The NIST recommends 2048-bit keys for RSA. An RSA key length of 3072 bits should be used if security is required beyond 2030.
Currently (as of ) 2048-bit keys are most popular for use with RSA, and 2048 bit keys should also be used with classic Diffie-Hellman. These offer about the same security as a symmetric encryption algorithm with 112 bits of security.
Public Key
e4 f f61 dd12 e f08 4ccb e2 0d83 463d e493 bab d59 bf3e c1ce a 11a8 efbc ccd0 a2cc b da d8b4 0aa ed 6356 ff70 6ca3 a119 d278 be68 2a44 5e2f cfcc 185e 47bc 3ab1 463d 1df0 b92c 345f 8c7c 4c08 299d 4055 eb3c 7d83 deb5 f0f7 8a83 0ea1 4cb4 3aa5 b35f 5a22 97ec 199b c105 68fd e6b7 a c e a25 193a eb95 9c39 0a8a cf42 b250 1cd5 5ffb 6bed b39 2c72 38b0 ee93 a9d3 7b77 3ceb 7103 a938 4a16 6c89 2aca da c255 8ced 9cbb f2cb 5b10 f82e 6135 c629 4c2a d02a 63d b4f8 cdf9 f400 84b d 32a8 f92a 54fb ff78 41bc bd71 28f4 bb90 bcff de 45de af f1 0001

14. Signed Messages OK Sent thru’ Internet Sender Receiver Message if
Calculated
Hash
Message
Signed
Message
Sent thru’ Internet
Message +
signature
Message +
Signature if OK
Signatures
verified
COMPARE
Hash
Hash
SIGN hash
With Sender’s
Private key
Decrypt
Signature
With Sender’s
Public Key
Sender
Receiver

15. Paper signatures vs. Digital Signatures
Parameter
Paper
Electronic
Authenticity
May be forged
Can not be copied
Integrity
Signature independent of the document
Signature depends on the contents of the document
Non-repudiation
Handwriting expert needed
Error prone
Any computer user
Error free

16. Private Key Protection
The Private key generated is to be protected and kept secret.
The responsibility of the secrecy of the key lies with the owner.
The key is secured using
PIN Protected soft token
Smart Cards
Hardware Tokens

17. PIN protected soft tokens
The Private key is encrypted and kept on the Hard Disk in a file, this file is password protected.
This forms the lowest level of security in protecting the key, as
The key is highly reachable.
PIN can be easily known or cracked.
Soft tokens are also not preferred because
The key becomes static and machine dependent.
The key is in known file format.

18. Smart Cards
The Private key is generated in the crypto module residing in the smart card.
The key is kept in the memory of the smart card.
The key is highly secured as it doesn’t leave the card, the message digest is sent inside the card for signing, and the signatures leave the card.
The card gives mobility to the key and signing can be done on any system. (Having smart card reader)

19. Hardware Tokens They are similar to smart cards in functionality as
Key is generated inside the token.
Key is highly secured as it doesn’t leave the token.
Highly portable.
Machine Independent.
iKEY is one of the most commonly used token as it doesn’t need a special reader and can be connected to the system using USB port.

20. Hardware Tokens Smart Card iKey
Biometrics – adds another level of security to these tokens

21. Public Key Deception Impostor/Deceiver Claims to be a True Party
True party has a public and private key
Impostor/Deceiver also has a public and private key
Impostor sends impostor’s own public key to the verifier
Says, “This is the true party’s public key”
This is the critical step in the deception

22. Public Key Deception
If verifier accepts the impostor’s public key as the true party’s public key,
Impostor will be authenticated through any public key authentication method, because their private key will work
Impostor can also decrypt messages sent by the verifier if these messages are encrypted with the impostor’s public key

23. Public Key Deception Moral:
Public key encryption for privacy, confidentiality, authentication, and message integrity only works if
The verifier gets the true party’s public key independently of the applicant,
From a trusted third party

24. Digital Certificates Created by a Certificate Authority (CA)
Certificate Authority is the trusted third party
Certificate
Authority
Digital
Certificate
Authenticated
Party

25. Public Key Infrastructure (PKI)
Some Trusted Agency is required which certifies the association of an individual with the key pair.
Certifying Authority (CA)
This association is done by issuing a certificate to the user by the CA
Public Key Certificate (PKC)
All public key certificates are digitally signed by the CA

26. Digital Certificates
A public key and user's identity are bound together in a certificate, which is then signed by someone called a Certificate Authority (CA)
Certifying the accuracy of the binding.
The algorithms to generate a matched pair of public and private keys are publicly known, and software that does it is widely available.
So if Alice wanted to use a public key cipher, she could generate her own pair of public and private keys,
keep the private key hidden, and publicize the public key.
But how can she publicize her public key— assert that it belongs to her—in such a way that other participants can be sure it really belongs to her?

27. The University of Adelaide, School of Computer Science
8 May 2019
Digital Certificates
A complete scheme for certifying bindings between public keys and identities— what key belongs to who—is called a Public Key Infrastructure (PKI).
A PKI starts with the ability to verify identities and bind them to keys out of band. By “out of band,” we mean something outside the network and the computers that comprise it, such as in the following scenarios.
Himmm, if Alice and Bob are individuals who know each other, then they could get together in the same room and Alice could give her public key to Bob directly, perhaps on a business card.
If Bob is an organization, Alice the individual could present conventional identification, perhaps involving a photograph or fingerprints.
If Alice and Bob are computers owned by the same company, then a system administrator could configure Bob with Alice’s public key.
A digitally signed statement of a public key binding is called a public key certificate, or simply a Certificate
Chapter 2 — Instructions: Language of the Computer

28. The University of Adelaide, School of Computer Science
8 May 2019
Digital Certificates
One of the major standards for certificates is known as X.509. This standard leaves a lot of details open, but specifies a basic structure.
A certificate clearly must include:
the identity of the entity being certified
the public key of the entity being certified
the identity of the signer
the digital signature
a digital signature algorithm identifier
(which cryptographic hash and which cipher)
Chapter 2 — Instructions: Language of the Computer

29. Certificates: Paper vs. Electronic

30. Certificate Authorities
Unfortunately, certificate authorities are not regulated
You must only use certificate authorities you trust
Company can be its own certificate authority for internal authentication among its hardware and software systems

31. Certification Authorities
The University of Adelaide, School of Computer Science
8 May 2019
Certification Authorities
A certification authority or certificate authority (CA) is an entity claimed (by someone) to be trustworthy for verifying identities and issuing public key certificates.
There are commercial CAs, governmental CAs, and even free CAs.
To use a CA, you must know its own key. You can learn that CA’s key, however, if you can obtain a chain of CA-signed certificates that starts with a CA whose key you already know.
Then you can believe any certificate signed by that new CA
Chapter 2 — Instructions: Language of the Computer

32. Certifying Authority Must be widely known and trusted
Must have well defined Identification process before issuing the certificate
Provides online access to all the certificates issued
Provides online access to the list of certificates revoked
Displays online the license issued by the Controller
Displays online approved Certification Practice Statement (CPS)
Must adhere to IT Act/Rules/Regulations and Guidelines

33. Public-Key Certification
User Certificate
User Name
User’s
Public Key
CA’s Name
Validity
Digital
Signature
of CA
Certificate
Class
User’s
Address
Serial No.
Certificate
Database
User
Name &
other
credentials
Signed
by using
CA’s
private
key
Certificate
Request
License issued
by CCA
Publish
User’s
Public
key
User 1 certificate
User 2 certificate .
Public
Public
Private
Web site of CA
Key pair
Generation

34. Digital Certificates
Each digital certificate has its own digital signature, signed (encrypted) by the private key of the certificate authority
Provides message integrity so that an impostor cannot change the name field in the digital certificate to its own

35. Digital Certificates
Certificate authorities may revoke digital certificates before the expiration date listed in the digital certificate
Revoked certificate ID numbers are placed in a Certificate Revocation List (CRL)
Verifier must check with the certificate authority to determine if a digital certificate is on the CRL
Without the CRL check, digital certificates do not support authentication

36. Digital Certificates Recap
A digital signature gives the public key of a named party
This is needed for public key authentication, to prevent public key deception
However, a digital certificate alone does NOT provide authentication

37. Public Key Infrastructures (PKIs)
Private key creation and distribution
Digital certificate creation and distribution
Certificate Revocation List checking

38. PKIs
To use public key methods, an organization must establish a comprehensive Public Key Infrastructure (PKI)
A PKI automates most aspects of using public key encryption and authentication
Uses a PKI Server
PKI
Server

39. PKIs PKI Server Creates (Public Key , Private Key) Pairs
Distributes private keys to applicants securely
Often, private keys are embedded in delivered software
Private Key
PKI
Server

40. PKIs PKI Server Provides Certificate Revocation List (CRL) Checks
Distributes digital certificates to verifiers
Checks Certificate Revocation List before sending digital certificates
Digital Certificate
PKI
Server

41. PKIs CRL Checks If applicant gives verifier a digital certificate,
The verifier must check the certificate revocation list
CRL
PKI
Server
OK?
OK or Revoked

42. Role of controller
Controller of Certifying Authorities as the “Root” Authority certifies the technologies, infrastructure and practices of all the Certifying Authorities licensed to issue Digital Signature Certificates

43. Summary Each individual has a pair of keys
Public key of each individual is certified by a CA (Certifying Authority)
Public keys of CAs are certified by the Controller
Public key of the Controller is self certified
Public keys of everyone are known to all concerned and are also available on the web
Certification Practice Statement is displayed on the web site

44. Verification of Signatures
Key Generation
True Random Numbers
RSA Key Pair [Private/Public Key]
i.e. 128-bits for symmetric key algorithms
i.e. at least 2048-bits for public-key algorithms.
Digital Signature
Generate Message Digest [i.e. SHA1]
Encrypting Digest using Private Key [Signatures]
Attaching the Signatures to the message.
Verification of Signatures
Run the test for Authentication, Integrity and Non-repudiation.
Digital Signature Certificate
i.e. ITU X.509 v3
A digital certificate is necessary for a digital signature because it provides the public key that can be used to validate the private key that is associated with a digital signature.
Digital certificates make it possible for digital signatures to be used as a way to authenticate digital information.