Presentation is loading. Please wait.

Presentation is loading. Please wait.

Symmetric Encryption Mom’sSecretApplePieRecipe Mom’sSecretApplePieRecipe The same key is used to encrypt and decrypt the data. DES is one example. Pie.

Published byAnnabelle Fowler Modified over 9 years ago

Similar presentations

Presentation on theme: "Symmetric Encryption Mom’sSecretApplePieRecipe Mom’sSecretApplePieRecipe The same key is used to encrypt and decrypt the data. DES is one example. Pie."— Presentation transcript:

1 Symmetric Encryption Mom’sSecretApplePieRecipe Mom’sSecretApplePieRecipe The same key is used to encrypt and decrypt the data. DES is one example. Pie Key Important Concepts

2 Symmetric Encryption The Advantages ° Secure ° Widely Used ° The encrypted text is compact ° Fast The Disadvantages ° Complex Administration ° Requires Secret Key Sharing ° Large Number of Keys ° No non-repudiation ° Keys are Subject to interception Important Concepts

3 Asymmetric Encryption One half of a key pair is used to encrypt, the other half is used to decrypt. RSA is one example. Mom’sSecretApplePieRecipe Mom’sSecretApplePieRecipe PublicKeyRecipient’sPublicKeyRecipient’sPrivateKeyPrivateKey Important Concepts

4 Asymmetric Encryption The Advantages ° Secure ° No secret sharing ° No prior relationship ° Easier Administration ° Far fewer keys ° Supports non- repudiation The Disadvantages ° Slower than symmetric key ° The encrypted text is larger than a symmetric version ° point to multi-point does not scale Important Concepts

5 The Combination Mom’sSecretApplePieRecipe RandomSymmetricKey Bill’sPublicKey Mom’s Secret Apple Pie Recipe Encrypted To:Bill “Digital Envelope” “Key Wrapping” Important Concepts

6 The Combination You get the best of both worlds ° The benefits of Symmetric Key Speed Compact Encrypted Text ° The benefits of Public Key Simpler Key management Digital Signature Non-Repudiation

7 Mom’sSecretApplePieRecipe Digest Certifying Authority’s Digital Signature Digital Certificates Encrypted Certificate Name, Address, OrganizationOwner’s Public Key Certificate Validity Dates All you need is the CA’s public key to verify the certificate and extract the certified public key Important Concepts

8 What is a Certificate? A signed packet of identifying attributes Identifying Attributes: ° Subject Name (the user being identified) ° Public Key ° Issuer Name (trusted source identifying user) ° Validity Period ° Signature Specified in: ° RFC 2459 ° x.509 v 1-3 Serial Number : 6cb0dad0137a5fa79888f Validity : Nov.08,1997 - Nov.08,1998 Subject / Name / Organization Locality = Internet Organization = VeriSign, Inc. Organizational Unit = VeriSign Class 2 CA - Individual Subscriber Organizational Unit = www.verisign.com/repository/CPS Incorp. by Ref.,LIAB.LTD(c)96 Organizational Unit = Digital ID Class 2 - Netscape Common Name = Mom Email Address = mom@ne.mediaone.net Unstructured Address = RR2, Pieland, USA Status: Valid Public Key: ie86502hhd009dkias736ed55ewfgk98dszbcvcq m85k309nviidywtoofkkr2834kl Signed By : VeriSign, Inc.: kdiowurei495729hshsg0925h309afhwe09721h481 903207akndnxnzkjoaioeru10591328y5 Important Concepts

9 Digital Signatures Clear Text “Hash” Digest 564553 Clear Text Encrypted Digest *@!$^& Hi level Functionality Non-Repudiation

10 Digital Signatures Mom’sSecretApplePieRecipe “Hash Function” Digest Mom’sSecretApplePieRecipe DigestEncrypted Digest ‘ DigestEncrypted “match?” Signer’sPublicKey Hi level Functionality Non-Repudiation

11 Key Generation Standards ° RFC 2510 Key may be generated by End Entity, RA, or CA – ANSI x.9.57 - not specified but commonly used ° PKCS #11 Key may be generated by End Entity, RA, or CA – RSA (512 - 2048) – DSA (512 - 2048) – ECDSA Certificate Issuance

12 Certificate Creation Standards ° PKCS #1 ° RFC 2459 Certificate and CRL Profile Specifies the the type and format of a certificate – essentially x.509 with some modification Uses PKCS #1 specifiers – MD5 with RSA for signature – SHA-1 with RSA for signature Certificate Issuance

13 How do you assure that you get a real (and valid) public key? X.509 Digital Certificate “I officially notarize the association “I officially notarize the association between this particular User, and between this particular User, and this particular Public Key” this particular Public Key”

14 How do I validate a certificate? For a certificate to be valid, the following checks must normally succeed: ° today’s date must fall between the starting and ending validity dates for the certificate ° the signature must be valid ° the contents of the certificate must not have changed ° the certificate issuer must be one we trust ° the certificate must not have been revoked

Download ppt "Symmetric Encryption Mom’sSecretApplePieRecipe Mom’sSecretApplePieRecipe The same key is used to encrypt and decrypt the data. DES is one example. Pie."

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.

Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.
Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.

Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.
Cryptographic Technologies

Cryptographic Technologies
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Similar presentations

Ads by Google