Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bronson Jastrow. Outline  What is cryptography?  Symmetric Key Cryptography  Public Key Cryptography  How Public Key Cryptography Works  Authenticating.

Published byDeborah Hutchinson Modified over 9 years ago

Similar presentations

Presentation on theme: "Bronson Jastrow. Outline  What is cryptography?  Symmetric Key Cryptography  Public Key Cryptography  How Public Key Cryptography Works  Authenticating."— Presentation transcript:

1 Bronson Jastrow

2 Outline  What is cryptography?  Symmetric Key Cryptography  Public Key Cryptography  How Public Key Cryptography Works  Authenticating sources  Hybrid Cryptosystems  Perfect Forward Secrecy  Attacks on Public Key Systems

3 What is Cryptography?  The securing of communications between parties.  Many ways to implement cryptography  Four basic goals of cryptography: Confidentiality Integrity Authentication Non-repudiation

4 Goals of Cryptography  Confidentiality: Ensure only intended recipients have the means to read data.  Integrity: Ensure intended recipients have received data unaltered by a third party.

5 Goals of Cryptography  Authentication: Ensure subsequent messages from a source can be verified as originating from that source.  Non-Repudiaton: Ensure messages are traceable back to only the originator for when disputes arise.

6 Symmetric Key Cryptography  The same key is used for both encrypting and decrypting data.  Shared Secret (One key shared by all).  Known as Private Key Cryptography.  Not ideal for exchange over unsecured networks.

7 Public Key Cryptography  Different keys are used for encryption and decryption.  Encrypt with public key.  Decrypt with private key.  Known as Asymmetric Key Cryptography.

8 Public Key Cryptography  Public keys may be shared.  Private keys must be kept secret.  Public keys may be exchanged over unsecured networks.  The keys are mathematically linked.  Computationally infeasible to compute the private key from the public key.  Disadvantage: Encryption and decryption are slow.

9 Trap Door Function  A function which is easy to compute in one direction, but difficult in the opposite direction. Integer Factorization Discrete Logarithm Elliptic Curve  Used for implementation of public key cryptography.  Example: RSA is based on Integer Factorization

10 Integer Factorization  Hard to decompose an integer into its prime factorized form.  Easy to compute an integer from its prime factorized form.  Ex: What is the prime factorization of 247? 13*19

11 Integer Factorization  No efficient way to determine prime factorization.  Even more difficult to determine a semiprime (a product of two primes).

12 RSA-768 Factorization  2009 – A 768 bit (232 decimal) semiprime generated by the RSA algorithm was factored.  Estimated 1,500 years of 2.2Ghz AMD Opteron processing.  RSA-1024 is considered 1,000 harder to crack

13 RSA-768 Perspective  RSA-768 = 123018668453011775513049495838496272077285356959533479 21973224521517264005 072636575187452021997864693899564749427740638459251925 57326303453731548268 507917026122142913461670429214311602221240479274737794 08066535141959745985 6902143413  RSA-768 = 334780716989568987860441698482126908177047949837137685 68912431388982883793 878002287614711652531743087737814467999489 * 367460436667995904282446337996279526322791581643430876 42676032283815739666 511279233373417143396810270092798736308917

14 Digital Signatures  Messages may be signed with the sender’s private key.  Signatures can be verified by the matching public key.  Verification means the message is from the owner of the private key  Verification also means the message has not been tampered with.  Signer cannot deny having signed message.

15 Public Key vs. Symmetric Key Cryptography  Public Key Cryptography Keys can be exchanged safely over the internet. Slow encryption and decryption times. Signatures to verify identity.  Symmetric Key Cryptography Key exchange over internet is insecure Fast encryption and decryption compared to public key cryptography.

16 Hybrid Cryptosystems  Combining of Symmetric Key and Public Key algorithms.  Exchange public keys.  Encrypt symmetric key to use for session.  Send encrypted symmetric key.  Exchange messages using symmetric key.

17 Hybrid Cryptosystems  SSL/TLS uses hybrid cryptosystems to secure internet transactions. Ex. Email, Banking  Problem: How to protect users from man-in-the-middle attacks

18 Key Exchange  How does a user know that the party they exchange keys with is legitimate?  Answer: Certificate Authorities.  Certificate Authority is a trusted third party.  Certificate from website is sent to user.  Certificate contains public key, and a copy signed by a certificate authority.

19 Key Revocation  Key Compromise  Affiliation Change  Key Superseded

20 Key Revocation  What happens when a key is compromised?  Certificate Revocation List (CRL)  Keep a list of revoked public keys  When revoked, list a new public key

21 Key Revocation  How to handle revocation requests?  Depends on setup Owner of private key Compound Principals

22 Notifying Users  Push from server to client Susceptible to DOS attack  Download by user from centralized server.  Set a short expiration date on updated list

23 Perfect Forward Secrecy  All past communication is safe even if a private key is compromised.  Session keys must not be derived if long term keys are lost.  Problem: Private keys decrypt symmetric keys and verify identity.  Solution: Use private keys only to verify identity.

24 Diffie-Hellman Key Exchange  D-H key exchange can be used to achieve perfect forward secrecy  Allows two hosts to create symmetric keys through an insecure network.  Works between hosts which have never communicated.

25 Diffie-Hellman Key Exchange AliceBob SecretPublicCalculateSendsCalculatePublicSecret ap,gp,g ->b ap,g,Ag a mod p = AA ->p,gb ap,g,A<- Bg b mod p = Bp,g,A,Bb a, sp,g,A,BB a mod p = sA b mod p = sp,g,A,Bb, s  p is prime  g is a primitive root mod p

26

27 Diffie-Hellman In Practice  Typically uses elliptic curve instead of discrete logarithm  Browser support is lacking Firefox Chrome  Performance issues for TLS handshakes

28 Attacks on Public Key Systems  Easiest way is to break people, not break encryption.  Broken algorithm: Messages can be decrypted without private key.  Totally broken algorithm: Private key can be recovered from public key.  Current systems are considered secure if key length is long.

29 Public Key Cryptography Conclusion  Secures communication over unsecured networks.  Allows authentication, integrity checks, and non-repudiation.  Used in conjunction with symmetric key encryption in TLS/SSL.

30 Sources  [1] Bernat, V. (2011). SSL/TLS & Perfect Forward Secrecy. Retrieved 10 2, 2013, from Vincent Bernat Blog: http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward- secrecy.html  [2] Cooper, A. D. (1998). A closer Look at Revocation and Key Compromise in Public Key Infrastructures. Gaithersburg: National Institute of Standards and Technology.  [3] Dev-NJITWILL. Crypto.  [4] Diffie, W., & Hellman, M. E. (1976). New Directions in Cryptography. IEEE.  [5] Göthberg, D. Public Key Encryption. Sweden, Sweden.  [6] Kleinjung, T. (2010). Factorization of a 768-bit RSA modulus.  [7] Menezes, A. J., van Oorschot, P. C., & Vanstone, S. A. (1996). Handbook of Applied Cryptography. CRC Press.  [8] Rescorla, E. (2006). Diffie-Hellman Key Exchange - A Non-Mathematician's Explanation. ISSA Journal, 7.  [9] Ristic, I. (2013, June 25). SSL Labs: Deploying Forward Secrecy. Retrieved 10 10, 2013, from Qualys Community: https://community.qualys.com/blogs/securitylabs/2013/06/25/ssl-labs-deploying- forward-secrecy  [10] Vinck, A. H. (2012, May 12). Introduction to Public Key Cryptography. Duisburg- Essen, Germany. Retrieved from http://www.exp-math.uni- essen.de/~vinck/crypto/script-crypto-pdf/add-to-3.pdf

Download ppt "Bronson Jastrow. Outline  What is cryptography?  Symmetric Key Cryptography  Public Key Cryptography  How Public Key Cryptography Works  Authenticating."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
The Diffie-Hellman Algorithm

The Diffie-Hellman Algorithm
Public Key Cryptography Nick Feamster CS 6262 Spring 2009.

Public Key Cryptography Nick Feamster CS 6262 Spring 2009.
Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
Cryptography Basic (cont)

Cryptography Basic (cont)
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.

Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Chapter 9 – Public Key Cryptography and RSA Private-Key Cryptography  traditional private/secret/single key cryptography uses one key  shared by both.

Chapter 9 – Public Key Cryptography and RSA Private-Key Cryptography  traditional private/secret/single key cryptography uses one key  shared by both.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

Similar presentations

Ads by Google