Presentation is loading. Please wait.

Presentation is loading. Please wait.

March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today Exam clarifications needed?Exam clarifications needed? A ‘minor’ homework.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today Exam clarifications needed?Exam clarifications needed? A ‘minor’ homework."— Presentation transcript:

1

2 March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today Exam clarifications needed?Exam clarifications needed? A ‘minor’ homework thingA ‘minor’ homework thing Microsoft’s RNGMicrosoft’s RNG “Real” PK applications“Real” PK applications CertificatesCertificates Homework/QuizHomework/Quiz

3 March 2005 2R. Smith - University of St Thomas - Minnesota Homeowork #1: Finish the exam by Friday noon#1: Finish the exam by Friday noon –Deliver it to me #2: See if PGP still works#2: See if PGP still works –You need to be able to encrypt files –Create a PK certificate, if you haven’t already –This is NOT on the web site so far...

4 March 2005 3R. Smith - University of St Thomas - Minnesota Microsoft’s random number generator Some guys in Israel just wrote a paperSome guys in Israel just wrote a paper Windows RNG is predictable in both directionsWindows RNG is predictable in both directions If you know the RNG’s current stateIf you know the RNG’s current state –Then you can figure out earlier states (crack older keys) –You can EASILY figure out later states (crack future keys) Paper illustrates several things:Paper illustrates several things: –It’s hard for an OS to do good random numbers –Security Through Obscurity doesn’t work –It’s annoying when people redefine terminology PRNG, “forward” and “backward”PRNG, “forward” and “backward”

5 March 2005 4R. Smith - University of St Thomas - Minnesota Using Public Key Diffie HellmanDiffie Hellman –I can share one secret with another D-H user I use the other user’s PUBLIC key with my PRIVATE keyI use the other user’s PUBLIC key with my PRIVATE key RSARSA –If I have a user’s PUBLIC key, I can send them a secret I encrypt the secret with THEIR public keyI encrypt the secret with THEIR public key They decrypt with their own private keyThey decrypt with their own private key –I can use my PRIVATE key to “sign” things I encrypt a hash (checksum) with my PRIVATE keyI encrypt a hash (checksum) with my PRIVATE key Others can check the result with my PUBLIC keyOthers can check the result with my PUBLIC key

6 March 2005 5R. Smith - University of St Thomas - Minnesota Real Public Key Applications I.e. places where it really does something valuableI.e. places where it really does something valuable Secrecy (sharing keys)Secrecy (sharing keys) –Secret file sharing (PGP) –SSL: browsers, Secure Shell Integrity (digital signatures)Integrity (digital signatures) –Verifying downloaded software –Verifying e-mail messages –Verifying public key “owners”

7 March 2005 6R. Smith - University of St Thomas - Minnesota Creating a Certificate People generally trust Honest AbePeople generally trust Honest Abe Abe attests that www.bank.com has the public key 3,5555Abe attests that www.bank.com has the public key 3,5555www.bank.com Abe digitally signs a certificate to say thisAbe digitally signs a certificate to say this Abe is a certificate authority (CA) since he certifies the owners of public keysAbe is a certificate authority (CA) since he certifies the owners of public keys www.bank.com Key: 3,5555 Honest Abe’s Private Key Signature Procedure www.bank.com Key: 3,5555

8 March 2005 7R. Smith - University of St Thomas - Minnesota Validating a Certificate The initial strategy in SSL-enabled BrowsersThe initial strategy in SSL-enabled Browsers Every Web server with SSL has a certificateEvery Web server with SSL has a certificate Only one Certificate Authority’s public keyOnly one Certificate Authority’s public key –RSA Security, later Verisign, serves as “Honest Abe” Problems with scalability, delegationProblems with scalability, delegation From Authentication © 2002. Used by permission

9 March 2005 8R. Smith - University of St Thomas - Minnesota Multiple CAs in the Browser Browsers maintain a list of “Honest Abes”Browsers maintain a list of “Honest Abes” Users can add a new CA when encounteredUsers can add a new CA when encountered –Security issue – is a new CA really honest, or not? From Authentication © 2002. Used by permission

10 March 2005 9R. Smith - University of St Thomas - Minnesota Public Key Infrastructure A catch-all term for the services required to support the widespread use of public keys Server and client software to support public keysServer and client software to support public keys Software to create and distribute certificatesSoftware to create and distribute certificates Trustworthy organizations to issue reliable certificatesTrustworthy organizations to issue reliable certificates Mechanisms so that organizations can recognize each other’s certificatesMechanisms so that organizations can recognize each other’s certificates

11 March 2005 10R. Smith - University of St Thomas - Minnesota Commercial PKI Commercial PKIs use a hierarchical strategy Certificates are created and signed by special certificate authority softwareCertificates are created and signed by special certificate authority software Each certificate authority belongs to an enterprise and carries a unique keyEach certificate authority belongs to an enterprise and carries a unique key The enterprise is responsible for ensuring the accuracy of certificatesThe enterprise is responsible for ensuring the accuracy of certificates –Commercial certifiers like Verisign, Inc., rely on stringent, published rules and procedures defined in their Certification Practices Statement and Certificate Policy –Private corporations may rely on internal controls and limits on certificate usage

12 March 2005 11R. Smith - University of St Thomas - Minnesota Alternative to the CA/PKI “Pretty Good Privacy” (PGP) uses web of trust strategy Traditional ‘Web of Trust’Traditional ‘Web of Trust’ –Anyone may sign a certificate –Certificates may carry multiple signatures –Individuals must personally decide on authenticity, based on the signatures –Pairwise trust relationships, extended based upon interpersonal transitive trust Current on-line key directoryCurrent on-line key directory –Directory itself “signs” its certificates –Authenticity based on an e-mail exchange (!?!)

13 March 2005 12R. Smith - University of St Thomas - Minnesota Issues with PKI StandardizationStandardization InteroperabilityInteroperability Poorly defined trust relationshipsPoorly defined trust relationships Confidentiality of Private/Secret signing keysConfidentiality of Private/Secret signing keys DeploymentDeployment –Infrastructure cost –Infrastructure complexity –Enrollment costs –Client deployment costs

14 March 2005 13R. Smith - University of St Thomas - Minnesota “Group quiz” How can I send an encrypted message to 2 other people without sharing a secret with all 3?How can I send an encrypted message to 2 other people without sharing a secret with all 3? Assume we’ve shared public keysAssume we’ve shared public keys Pull out a piece of paperPull out a piece of paper Draw the answer, put the group names on itDraw the answer, put the group names on it

15 March 2005 14R. Smith - University of St Thomas - Minnesota That’s it Questions?Questions? Creative Commons License This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA.

Download ppt "March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today Exam clarifications needed?Exam clarifications needed? A ‘minor’ homework."

Similar presentations

Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Digital Signatures. Anononymity and the Internet.

Digital Signatures. Anononymity and the Internet.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
Pretty Good Privacy (PGP). How PGP works PGP uses both public-key cryptography and symmetric key cryptography, and includes a system which binds the public.

Pretty Good Privacy (PGP). How PGP works PGP uses both public-key cryptography and symmetric key cryptography, and includes a system which binds the public.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today Handing back the examHanding back the exam ProjectsProjects Certificates.

March R. Smith - University of St Thomas - Minnesota QMCS Class Today Handing back the examHanding back the exam ProjectsProjects Certificates.
Online Security Tuesday April 8, 2003 Maxence Crossley.

Online Security Tuesday April 8, 2003 Maxence Crossley.

Similar presentations

Ads by Google