Download presentation
Presentation is loading. Please wait.
1
Cryptography Lecture 27
2
Public-key infrastructure (PKI)
3
Use signatures for secure key distribution!
Alice asks the CA to sign the binding (Alice, pk) certCAAlice = SignskCA(Alice, pk) (CA must verify Alice’s identity out of band)
4
PKI models We saw two models last time: Roots of trust Web of trust
5
Public repository Store certificates in a central repository
E.g., MIT PGP keyserver To find Alice’s public key Get all public keys for “Alice,” along with certificates on those keys Look for a certificate signed by someone you trust whose public key you already have
6
PKI in practice… Does not work quite as well as in theory…
Proliferation of root CAs Compromises of CAs Revocation Users/browsers may not verify certificates
7
SSL/TLS How can you securely send your credit card number to Amazon?
Secure Socket Layer (Netscape, mid-’90s) Transport Layer Security TLS 1.0 (1999) TLS 1.2 (2008) TLS 1.3 (2018) Used by every web browser for https connections
8
SSL/TLS Goals Not goals
Understand (at a high level) a real-world crypto protocol Pull together everything learned in this course Not goals Understanding low-level details/implementation Defining or proving security
9
SSL/TLS Two phases Handshake protocol Record-layer protocol
Establish a shared key between two entities Record-layer protocol Use the shared key for secure communication
10
Handshake protocol https://bank.com, NC pk, cert, NB Verify!
c =Encpk(pmk) pkCA sk, pk, certCABank mk = H(pmk, NC, NB) kC, k’C, kS, k’S = G(mk) Macmk(transcript) pmk = Decsk(c) mk = H(pmk, NC, NB) kC, k’C, kS, k’S = G(mk) Verify! Macmk(transcript’) Verify!
11
Record-layer protocol
Parties now share kC, k’C, kS, k’S Client uses kC, k’C to encrypt/authenticate all messages it sends Server uses kS, k’S to encrypt/authenticate all messages it sends Prevents reflection attacks Sequence numbers prevent replay attacks
12
Final review
13
Exam details Open book/notes Covers material from the entire semester
No electronic devices Covers material from the entire semester Focus will be on material since the midterm Practice exam posted
14
Topics we covered Defining security
E.g., for private-key encryption: perfect secrecy, EAV-security, CPA-security, CCA-security Security definitions will be tested Must be able to write pseudocode and give analysis showing that some scheme is insecure because it does not satisfy a given definition Assumptions Primitives (PRGs, stream ciphers, PRFs, block ciphers, hash functions) and instantiations (AES, SHA-256, …) Number-theoretic assumptions Proofs
15
Topics we covered Private-key encryption Message authentication codes
Hash functions and applications Constructions of: Stream ciphers (LFSRs) Block ciphers (SPNs, Feistel networks) Hash functions (Davies-Meyer, Merkle-Damgard) Generic attacks on hash functions, block ciphers, etc.
16
Topics we covered Number theory/group theory
RSA assumption, dlog assumption, DH assumptions Diffie-Hellman key exchange Public-key encryption Digital signatures
17
Goals Understand real-world crypto
Almost everything we have covered in class is used in practice, or is the basis for something used in practice Know when to use different schemes Understand the formal guarantees that different schemes provide To make sure you understand a scheme, ask yourself if you could implement it
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.