Presentation is loading. Please wait.

Presentation is loading. Please wait.

©Copyrights 2011 Eom, Hyeonsang All Rights Reserved Distributed Information Processing 20 th Lecture Eom, Hyeonsang ( 엄현상 ) Department of Computer Science.

Published byMildred Hawkins Modified over 9 years ago

Similar presentations

Presentation on theme: "©Copyrights 2011 Eom, Hyeonsang All Rights Reserved Distributed Information Processing 20 th Lecture Eom, Hyeonsang ( 엄현상 ) Department of Computer Science."— Presentation transcript:

1 ©Copyrights 2011 Eom, Hyeonsang All Rights Reserved Distributed Information Processing 20 th Lecture Eom, Hyeonsang ( 엄현상 ) Department of Computer Science & Engineering Seoul National University

2 Outline DRM (Digital Rights Management)  Introduction  PKI and Certificate Chain  DRM for Content Distribution  OMA (Open Mobile Alliance) DRM Q&A

3 Secure Information Transfer How Can User A Send Information Securely to User B?  What does this mean?

4 Basic Security Concepts Identification (Against All Entities)  Process of Recognizing a Particular Individual Using Presented Information Authentication (Against a Previously Identified Entity)  Process of Verifying Certain Information Authorization  Process of Determining What You Are Allowed to Do

5 Basic Security Concepts (Cont’d) Integrity  Process of Ensuring That Information Is Unchanged Confidentiality  Keeping Information Secret Non-Repudiation  Not Being Able to Deny Something

6 Cryptography Basics Definition  Science of Applying Mathematics to Increase Security Symmetric Cryptographic Algorithms  Taking Clear Text as Input Outputting the Cipher Text Using a Symmetric Key, and Reversing This Process DES (Data Encryption Standard) 3-DES RC2, RC5, RC6 Rijndael(or AES, Advanced Encryption Standard)

7 Cryptography Basics (Cont’d) Asymmetric Cryptographic Algorithms  Taking Clear Text as Input Outputting the Cipher Text Using a Public/Private Key, and Reversing this Process Using the Matching Private/Public (Respectively) Key DH (Diffie-Hellman) RSA (Rivest, Shamir, and Adleman at MIT) ECC (Elliptic Curve Cryptography) PKI (Public Key Infrastructure): the Public/Private Key-Based Encryption Framework That Permits Deploying Security Services

8 Cryptography Basics (Cont’d) Illustrations: Asymmetric Cryptography

9 Cryptography Basics (Cont’d) Symmetric vs Asymmetric Cryptographic Algorithms  Advantages of Asymmetric Algorithms Superior key management and scaling Unnecessary prior relationship Private-key-holder only operations (as a basis for digital signatures)  Disadvantages of Asymmetric Algorithms Possibly 10 to 100 times slower execution Expansion of the cipertext

10 Cryptography Basics (Cont’d) Hash Algorithms  Definition Taking a chunk of data and compressing it into a digest (or fingerprint) of the data  Examples MD2 (128-bit digest; best for 8-bit processors) MD5 (128-bit digest; best for 32-bit processors) SHA-1 (160-bit digest; best for high-end processors)  Properties No backward recovery No information about the initial clear text No backward creation/discovery

11 Digital Signatures Data Encrypted with a Private Key  Technique for Authentication and Non-Repudiation If a public key properly decrypts data, then it must have been encrypted with the private key Verifying Integrity, too

12 Certificate Notarized Association between the Particular User with the Particular Public Key Do We Need Time?

13 Illustration: Public Key Infrastructure Request Certificate - Download Program to Generate Key Pair - Input Reference No. & License Code - Create (Private Key, Public Key) Pair - Send Certificate Request Information (Public Key Included) Verify Identification Issue Certificate - Signed w/ CA’s Private Key Generate Digital Signature Send Digital Document + Digital Signature + Certificate Request Certificate of CA / CRL Verify CRL Verify Certificate of User A Verify Digital Signature of User A Send Certificate of CA / CRL Save Certificate on the Storage (HDD, USB, etc) Encrypt / Save Private Key Using Password Registration Authority Submit Request Form / ID Verify Identification Send Identification Information to CA Send Reference No. & License Code Convey Reference No. & License Code Directory Exchange Certificate and CRL (Certificate Revocation List)

14 X.509 Certificate X.509 Specification  Information Contained in a Certificate, and Its Format Components  Version Indicator of Version 1,2, or 3  Serial Number Unique Identifying Number for This Certificate  Signature Algorithm Identifier of the Digital Signature Algorithm  Issuer X.500 Name of the Issuing CA  Validity Start and Expiration Dates and Times of the Certificate  Subject X.500 Name of the Holder of the Private Key (Subscriber)  Subject Public-Key Information Value of the Public-Key for the Subject Together with an Identifier of the Algorithm with Which This Public-Key to Be Used

15 Security Holes in PKI Fabricated Identification Card Illegal Copy of Certificate Hacking Program  E.g. Key Logger Program Hacker can get id/password, account no, security card no, and password for encrypting private key Hacker can disguise himself/herself as a user The Main Reasons for These Security Holes Are Unsafe Storage, Operating System, and Character-Based Protection Mechanism. ☞ Security-Enabled Storage Medium, OS Security Patch, and Biometrics

16 Certificate Chain X.509 Standard Model for Setting Up a Hierarchy of CAs  In Large Organizations, It May Be Appropriate to Delegate the Responsibility for Issuing Certificates to Several Different Certificate Authorities Ordered List of Certificates Containing an End-User or Subscriber Certificate and Its Certificate Authority Certificates  Each Certificate Is Followed by the Certificate of Its Issuer  Each Certificate Contains the Name (DN) of That Certificate's Issuer Same as the subject name of the next certificate in the chain  Each Certificate Is Signed with the Private Key of Its Issuer Signature verifiable with the public key in the issuer's certificate, which is the next certificate in the chain

17 Certificate Chain Example Korea - Check Validity Period - Verify That This Is Signed by Engineering CA - Since Engineering CA Is Not Trusted, Check the Next Certificate

18 Applying DRM to Protect Content Distributing DRM Protected Content  Content Issuer’s Encrypting the Content and Packaging in DRM Content Format  Rights Issuer’s Assigning Permissions and Constraints for Content  User’s Receiving Content and Rights  User’s Sending the Protected Content to a Friend with OMA DRM Enabled Devices  Friend’s Purchasing the Permission to Consume the Content

19 Example of OMA DRM Deployment Content Issuer Rights Issuer 2. Transfer Content Encryption Key 1. Browse to Website and Download Protected Content 4. Deliver Protected Rights Object Your Device Share Content within Your Domain 5. Super-Distribute Content to a Friend Your Friend’s Phone 3. Purchase “Rights” and Establish Trust 6. Establish Trust; Purchase and Deliver Rights Object

20 References [Burnett01] S. Burnett and S. Paine, RSA Security’s Official Guide to Cryptography, Osborne/McGraw-Hill, March 2001 [Nash01] A. Nash, et al., PKI: Implementing and Managing E-Security, Osborne/McGraw-Hill, March2001 [OMA] Open Mobile Alliance, www.openmobilealliance.org

Download ppt "©Copyrights 2011 Eom, Hyeonsang All Rights Reserved Distributed Information Processing 20 th Lecture Eom, Hyeonsang ( 엄현상 ) Department of Computer Science."

Similar presentations

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
Introduction to PKI, Certificates & Public Key Cryptography Erwan Lemonnier.

Introduction to PKI, Certificates & Public Key Cryptography Erwan Lemonnier.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography Basic (cont)

Cryptography Basic (cont)
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

Similar presentations

Ads by Google