Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography 1 Three methods: Symmetric key Asymmetric key Hashing.

Published byCarmella Tyler Modified over 9 years ago

Similar presentations

Presentation on theme: "Cryptography 1 Three methods: Symmetric key Asymmetric key Hashing."— Presentation transcript:

1 Cryptography 1 Three methods: Symmetric key Asymmetric key Hashing

2 Symmetric Key Encryption Encryption of almost everything Data at rest: disk encryption, files, data bases Data in motion: SSL/TLS, IPsec Today’s standards Advanced Encryption Standard: AES-128 and AES-256 Processor hardware acceleration for Galois/Counter Mode (GCM) < 1% performance impact SDP/PA use AES-256 for Single Packet Authorization TLS communication Shared key encryption The same key used to encrypt, also decrypts Must be kept secret !!! Very difficult to transmit a secret across an untrusted network 2

3 Asymmetric Key (a.k.a. Public Key) Cryptography Purpose Exchange secrets over an untrusted network Secretly (encrypted) and with integrity (signed) Only encrypts small pieces of data Message must be smaller than the asymmetric key Only used for 2 things Encrypt symmetric keys (common for data at rest) Encrypt hashes (together known as a “signature”) Today’s standards Diffie-Hellman, RSA (PKCS#1), Digital Signature Standard (DSS) SDP/PA use asymmetric key encryption for: Encrypting keys on disk Exchanging symmetric keys & creating signatures for the TLS handshake Generating and validating X.509 certificates 3

4 Hash (a.k.a. Message Authentication Code or MAC) Converts an arbitrarily long message into a single number The number is “Unique”– typical values are 2 256, 2 384, 2 512 2 256 = 1157920892373160000000000000000000000000000000000000000000000000000000000000000 Approx. # atoms in observable universe Cannot be reversed Once converted to a hash, cannot be convert back into the message Re-hash the message and compare hashes Same hash means same message Today’s standards Secure Hash Algorithm 1 (SHA-1) – widely used, considered insecure SHA-2 family of hashes, typical use: 256, 384, 512-bit SHA-3 released Aug 5, 2015 Message Digest 5 (MD5) – considered cryptographically broken SDP/PA use hashing for: One Time Password (OTP) and GMAC of Single Packet Authorization (SPA) Integrity of TLS handshake X.509 certificates (prior to being encrypted with asymmetric keys) Derivation of TLS symmetric keys and Initialization Vectors (IV) 4 Key Derivation Function (KDF) K m = create master key K 1 = H[K m ] K 2 = H[K 1 ] K 3 = H[K 2 ] K 4 = H[K 3 ]

5 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Cryptography Only 3 methods Symmetric key encryption Asymmetric key encryption Hashing (MAC) Almost always used in combination Example Method for SSL/TLS connection 5 TLS suite cypher suite TLS suite cypher suite Generate asymmetric keys Generate asymmetric keys Exchange asymmetric keys Authentication via asymmetric & hashing Symmetric key encryption Symmetric key & hashing Hash

6 Symmetric Key Encryption with Message Authentication 6

7 7 Symmetric Key Encryption EkEk EkEk PT Untrusted Network Untrusted Network DkDk DkDk PT Cypher Text (CT)

8 6 6 3 3 5 5 6 6 8 Symmetric Key Encryption & Block Cyphers EkEk EkEk PT Untrusted Network Untrusted Network DkDk DkDk PT Cypher Text (CT) 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 1 0 0 0 0 1 1 1 1 PT 0 0 1 1 2 2 3 3 1 1 1 1 0 0 0 0 1 1 1 1 1 1 0 0 1 1 1 1 1 1 0 0 CT 1 1 1 1 0 0 0 0 1 1 0 0 1 1 1 1 1 1 1 1 0 0 1 1 XOR

9 1 1 1 1 0 0 0 0 1 1 1 1 1 1 0 0 1 1 1 1 1 1 0 0 CT 6 6 3 3 5 5 6 6 9 Symmetric Key Encryption & Block Cyphers EkEk EkEk PT Untrusted Network Untrusted Network DkDk DkDk PT Cypher Text (CT) 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 1 0 0 0 0 1 1 1 1 PT 0 0 1 1 2 2 3 3 1 1 1 1 0 0 0 0 1 1 0 0 1 1 1 1 1 1 1 1 0 0 1 1 XOR 1 1 1 1 0 0 0 0 1 1 1 1 1 1 0 0 1 1 1 1 1 1 0 0 CT 6 6 3 3 5 5 6 6 1 1 1 1 0 0 0 0 1 1 0 0 1 1 1 1 1 1 1 1 0 0 1 1 XOR 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 1 0 0 0 0 1 1 1 1 PT 0 0 1 1 2 2 3 3 1 1 1 1 0 0 0 0 1 1 1 1 0 0 1 1 1 1 1 1 0 0 1 1 CT

10 10 Symmetric Key Encryption & Message Authentication 6 6 3 3 5 5 6 6 EkEk EkEk PT Untrusted Network Untrusted Network DkDk DkDk PT Cypher Text (CT) 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 1 0 0 0 0 1 1 1 1 PT 0 0 1 1 2 2 3 3 1 1 1 1 0 0 0 0 1 1 0 0 1 1 1 1 1 1 1 1 0 0 1 1 XOR 1 1 1 1 0 0 0 0 1 1 1 1 1 1 0 0 1 1 1 1 1 1 0 0 CT 6 6 3 3 5 5 6 6 1 1 1 1 0 0 0 0 1 1 0 0 1 1 1 1 1 1 1 1 0 0 1 1 XOR 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 1 0 0 0 0 1 1 1 1 PT 0 0 1 1 2 2 3 3 1 1 1 1 0 0 0 0 1 1 1 1 0 0 1 1 1 1 1 1 0 0 1 1 CT EkEk EkEk PT Untrusted Network Untrusted Network DkDk DkDk PT Cypher Text (CT)

11 02 15 26 34 43 51 67 70 1 1 1 1 0 0 0 0 1 1 1 1 1 1 0 0 1 1 0 0 1 1 1 1 CT 11 Symmetric Key Encryption & Message Authentication EkEk EkEk PT Untrusted Network Untrusted Network DkDk DkDk PT Cypher Text (CT) Function HiHi HiHi H i-1 Func 6 6 3 3 5 5 6 6 Input XOR out Hash 6 6 6 6 7 7 3 3 4 4 3 3 5 5 6 6 7 7 6 6 1 1 5 5 6 6 5 5 1 1 1 1 0 0 0 0 1 1 1 1 1 1 0 0 1 1 0 0 1 1 1 1 CT 6 6 6 6 3 3 5 5 6 6 Input XOR Hash 6 6 6 6 7 7 3 3 4 4 3 3 5 5 6 6 7 7 6 6 1 1 5 5 XOR 6 6 0 0 6 6 7 7

12 Galois/Counter Mode (GCM) and GMAC 12

13 13 Galois/Counter Mode (GCM) and GMAC EkEk EkEk PT 1 CT 1 GHASH m+1 GHASH m+n EkEk EkEk PT n CT n len(PT) GHASH EkEk EkEk IV || 0 32 TAG E k is the encryption algorithm and key, which is AES 256 PT is Plain Text that gets encrypted into Cypher Text (CT) All blocks are 128 bits in length IV is a 96-bit Initialization Vector, which is a nonce 1 st counter block is the IV followed by the 32-bit number “1” The output is the Cypher Text and the Tag AD is Additional Data (that does not get encrypted) EkEk EkEk 0 128 GHASH 0 AD m GHASH m AD 1 GHASH 1 1 1 n n IV || 1 IV || n len(AD) || len(PT)

14 Asymmetric Key Cryptography (Public Key) 14

15 Algorithms generate 2 keys Private key is kept private, public key is shared Elliptic curve keys are hundreds of bits RSA keys are thousand bits Message smaller than the key 2 uses Encrypt a symmetric key Alice encrypt the symmetric key with Bob’s public key So Bob can decrypt with his private key Encrypt a hash (MAC) Alice encrypt the hash with Alice’s private key So Bob can decrypt it with Alice’s public key Untrusted Network Untrusted Network Asymmetric Key Cryptography 15 m m Message For example: Symmetric key m e mod n Encryption “e” is Bob’s public key c c Cypher Text c d mod n Decryption “d” is Bob’s Private key m m Message Math Example (RSA) AliceBob Concerns: 1. How does Alice know it’s Bob’s key? Answer: Public Key Infrastructure 2.If the conversation is recorded And if Bob’s private key is compromised Then attacker can decrypt message Solution: Perfect Forward Secrecy (m e ) d ≡ m e*d ≡ m 1 ≡ m (mod n)

16 Perfect Forward Secrecy Compromise of long term key Does not compromise past keys Thought exercise/analogy Diffie-Hellman Ephemeral (DHE) But with buckets of paint* Thought exercise/small numbers Also from Wikipedia Remember this is not RSA math Perfect Forward Secrecy Not encrypted key sent to another Random keys, neither knows both 16 AliceBob Both agree on a common color Both choose a secret color Each separately blends their secret color with the common color + = + = + = Each separately blends their secret color with the other’s blended color Both arrive at the same common blended color (a common secret) + = Exchange Blends Each now has the other’s blended color * Wikipedia “Diffie–Hellman key exchange” https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange g = common # = 5 p = modulus = 23 a = 6b = 15 A = 5^6 mod 23 = 8B = 5^15 mod 23 = 19 819 19^6 mod 23 = 28^15 mod 23 = 2

17 Asymmetric Key Summary 2 uses of asymmetric key Encrypt symmetric key (using receiver’s public) Encrypt hashes (using sender’s private) RSA math (m e ) d ≡ m e*d ≡ m 1 ≡ m (mod n) Crypto of symmetric keys and hashes Diffie-Hellman analogy Paint buckets (g a ) b (mod n) ≡ (g b ) a (mod n) Perfect Forward Secrecy Becomes basis for pre-master key 17

18 Public Key Infrastructure (PKI) 18

19 Public Key Infrastructure (PKI) What is it used for? Create and distribute digital certificates Acts as a trusted 3 rd party Enables authentication over an untrusted network SDP/PA use it for Mutual Authentication of: Clients to Controllers Clients to Gateways Gateways to Controllers Basically, all trust Mutual trust, not just single-ended How does it work? 19 Untrusted Network Untrusted Network 1.Private Key 2.Public key / Certificate 3.Trusted Root certificate Mutual Authentication Certificate Authority (Trusted 3 rd Party) Certificate Authority (Trusted 3 rd Party) 1.Private Key 2.Public key / Certificate 3.Trusted Root certificate

20 Root Cert CA 20 Initialization of PKI Certificate Authority (CA) subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Hash subj: Vidder issuer: Vidder ---------------- Signature Vidder Public OCSP CRL subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Root Cert

21 Server Cert 21 Server Gets a Private Key and Certificate subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Root Cert CA subj: Server issuer: Vidder ---------------- Signature Server Public Hash subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Root Cert OCSP CRL subj: Server issuer: Vidder ---------------- Signature Server Public Server Cert subj: Server issuer: Vidder ---------------- Signature Server Public Server Cert

22 22 PKI Part of TLS CAOCSP CRL subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Root Cert subj: Server issuer: Vidder ---------------- Signature Server Public Server Cert Serial # Validity Time ---------------- Signature Good Hash Serial # Validity Time ---------------- Signature Good OCSP Response Hash Original Hash Equal ? Hash Original Hash Equal ? Valid certifacate Not expired Not revoked Cert is trusted !!! subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Root Cert

23 23 Client Certificate Client Universal ID Client Universal ID Subject Issuer Serial # Public Key Rest of Cert Hash for Signature Signature (not Hashed) Signature (not Hashed) Key Usage see RFC 5280 pg. 29 Key Usage see RFC 5280 pg. 29 Pinned to SDP

24 Is PKI Broken? Is it broken? No The technology is sound Is it broken in some other way? Yes The hundreds of certificate authorities should not be trusted DigiNotar compromised – Google’s email service was compromised in Iran Root cert injection creates additional trusted websites Sophisticated attack that undermines trust Certificate subject is a name, not an IP address DNS spoofing can fool PKI Requires revocation checking Enables DoS attack of the infrastructure Does Vidder fix it? Yes Dedicated PKI means only the SDP’s certificate authority is trusted Additional root certs cannot be injected – the one and only root is encrypted on disk Certificate subject is an IP address, not a name – spoofing is not possible OCSP responses are “stapled” – defeating DoS attacks 24 Untrusted Network Untrusted Network 1.Private Key 2.Public key / Certificate 3.Trusted Root certificate Mutual Authentication Certificate Authority (Trusted 3 rd Party) Certificate Authority (Trusted 3 rd Party) 1.Private Key 2.Public key / Certificate 3.Trusted Root certificate

25 PKI Summary PKI’s purpose is to Create and distribute digital certificates Act as a trusted 3 rd party Enables authentication over an untrusted network PKI consists of a root cert and certs derived from it Everyone inherently trusts the root Certificates can be cryptographically proven Signing proves the certificated hasn’t been altered Signature: encrypts the hash with issuer’s private key Creates a chain of trust that must be validated The public implementation of PKI is “broken” But the technology is not SDP’s implementation fixes the breakage 25 Untrusted Network Untrusted Network 1.Private Key 2.Public key / Certificate 3.Trusted Root certificate Mutual Authentication Certificate Authority (Trusted 3 rd Party) Certificate Authority (Trusted 3 rd Party) 1.Private Key 2.Public key / Certificate 3.Trusted Root certificate

26 SDP Device Authentication 26 1.SPA 2.Mutual TLS 3.Fingerprint

27 SDP Device Authentication 27 Single Packet Authorization (SPA)

28 28 Attacks on SSL/TLS NameDateAttackUnauthorizedAuthorized Users SSLstripFeb 2009http to httpsSPANo http DigiNotarSept 2011MitM forged certsSPAPinned certs THC-SSL-DOSOct 2011DoS attack on SSLSPADevice deleted BEASTApr 2012Java Applet oracleSPAClient-based CRIMESept 2012MitM SPDY compressing oracleSPANo compression Lucky 13Feb 2013MitM CBC padding oracleSPAGCM TIMEMar 2013Browser JavaScript timing oracleSPAClient-based RC4 biasesMar 2013MitM RC4 oracleSPANo cypher negotiation BREACHAug 2013Website redirect, compressionSPANo redirect or compression goto failFeb 2014MitM counterfeit key via coding errorSPAPinned dedicated cert Triple HandshakeMar 2014Server MitM on client certSPAPinned dedicated cert HeartbleedApr 2014OpenSSL bugSPANot single-ended SSL BERserkSept 2014MitM PKCS#1.5 paddingSPANot Mozilla NSS PoodleOct 2014MitM SSLv3 oracleSPANo cypher negotiation Poodle++Dec 2014MitM JavaScript timing oracleSPAClient-based FREAKMar 2015MitM negotiation 512 bit keySPANo key negotiation Bar-mitzvahMar 2015View RC4SPANo RC4 logjamMay 2015MitM downgrade to 512 bit keySPANo suite negotiation PrecisionAccess defeats all recent attacks on SSL/TLS by both Unauthorized and Authorized users

29 Single Packet Authorization (SPA) History: Invented >10 years ago Commonly used for super user ssh access to servers Mitigates attacks by unauthorized users SPA in the Software Defined Perimeter Spec Based on RFC 4226, "HOTP” HMAC-based One-Time Password Used for hardware/software one time password tokens SPA occurs before TLS (SSL) connection Mitigates DoS & other TLS attacks by unauthorized users 29 SPA = UID, CTR, OTP, GMAC Each client has a UID, Seed, CTR, and E K UID = Universal ID of SDP Client CTR = hashed with seed to create OTP OTP = One-Time Password GMAC = signature of UID, CTR, and OTP for data authentication Seed = shared secret for OTP E K = shared key for GMAC AES-256 OTP = HMAC[seed || CTR] GMAC = E K [UID || OTP || CTR] UID, OTP, CTR, & GMAC are sent as clear text. Counter is increment to mitigate playback attacks Highly efficient rejection Defeats DoS & other attacks on SSL UID OTP Counter GMAC 32-bit64-bit32-bit128-bit

30 SDP Device Authentication 30 mutual TLS

31 Cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 EC: Elliptic Curve cryptography Smaller keys / faster math than RSA cryptography DHE: Diffie-Hellman key exchange algorithm Generates the pre-master keys of GCM Ephemeral keys per session for Perfect Forward Secrecy But not client or server authentication RSA: Public/private key pair with an X.509 certificate Client and server authentication Vidder’s implementation: Certificates “pinned” to a trusted root certificate Not the hundreds of (possibly compromised) roots browsers trust Employs OCSP stapling (RFC 6066) Forwards the OCSP response with TLS Server hello Reduces the load on the OCSP responder Mitigates a DoS attack of the OCSP responder Mutual TLS Authentication of the client to server & server to client 31 AES256-GCM: Advanced Encryption Standard (NIST FIPS 197) Symmetric key encryption 256-bit key, 128-bit cipher block size Galois/Counter Mode Encryption with simultaneously data authentication PC’s and servers implement GCM in hardware Negligible performance impact SHA384: Secure Hash Algorithm (member of SHA-2) Generates a 384 bit hash Key Derivation Function (KDF) for generating keys from master

32 SDP Device Authentication 32 mutual TLS Handshake Deep Dive for: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

33 Root Cert CA 33 Controller’s PKI Certificate Authority (CA) Initialization subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Hash subj: Vidder issuer: Vidder ---------------- Signature Vidder Public OCSP CRL subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Root Cert

34 Controller Cert 34 Controller Initialization subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Root Cert CA subj: Ctrl issuer: Vidder ---------------- Signature Ctrl Public Hash subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Root Cert OCSP CRL subj: Ctrl issuer: Vidder ---------------- Signature Ctrl Public Controller Cert subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Root Cert subj: Ctrl issuer: Vidder ---------------- Signature Ctrl Public Controller Cert

35 35 Mutual TLS: Client Initialization subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Root Cert CA subj: Client issuer: Vidder ---------------- Signature Client Public Hash subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Root Cert OCSP CRL subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Root Cert subj: Client issuer: Vidder ---------------- Signature Client Public Client Cert subj: Client issuer: Vidder ---------------- Signature Client Public Client Cert subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Root Cert subj: Ctrl issuer: Vidder ---------------- Signature Ctrl Public Controller Cert Private key put in Certificate Store as Non-Exportable

36 subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Root Cert 36 Mutual TLS: Client Hello subj: Ctrl issuer: Vidder ---------------- Signature Ctrl Public Controller Cert CAOCSP CRL subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Root Cert subj: Client issuer: Vidder ---------------- Signature Client Public Client Cert subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Root Cert subj: Ctrl issuer: Vidder ---------------- Signature Ctrl Public Controller Cert Client Hello Highest SSL version, Ciphers supported, Session Id = 0, Client RND OCSP status

37 subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Root Cert 37 Mutual TLS: Server Hello subj: Ctrl issuer: Vidder ---------------- Signature Ctrl Public Controller Cert CAOCSP CRL subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Root Cert subj: Client issuer: Vidder ---------------- Signature Client Public Client Cert subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Root Cert subj: Ctrl issuer: Vidder ---------------- Signature Ctrl Public Controller Cert Serial # Validity Time ---------------- Signature Good Hash Server Hello Selected SSL version, Selected Cipher, Session Id = RND, Server RND Serial # Validity Time ---------------- Signature Good OCSP Response Certificate request (Vidder root only) Server Done Certificate request (Vidder root only) Server Done Server Key Exchange βG --------------- Cr, Sr, βG βG --------------- Cr, Sr, βG Hash Random starting point “β” Calculate βG Server Key Exchange βG --------------- Cr, Sr, βG βG --------------- Cr, Sr, βG Signature

38 subj: Ctrl issuer: Vidder ---------------- Signature Ctrl Public Controller Cert Hash Original Hash Server Key Exchange βG --------------- Cr, Sr, βG βG --------------- Cr, Sr, βG Signature subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Root Cert 38 Mutual TLS: Client Verifies Server Cert subj: Ctrl issuer: Vidder ---------------- Signature Ctrl Public Controller Cert CAOCSP CRL subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Root Cert subj: Client issuer: Vidder ---------------- Signature Client Public Client Cert subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Root Cert subj: Ctrl issuer: Vidder ---------------- Signature Ctrl Public Controller Cert Equal ? Server Hello Selected SSL version, Selected Cipher, Session Id = RND, Server RND Serial # Validity Time ---------------- Signature Good OCSP Response Hash Original Hash Equal ? Certificate request (Vidder root only) Server Done Certificate request (Vidder root only) Server Done Hash Cr, Sr, βG Hash Equal ? Valid cert chain Not expired Not revoked βGβG Controller’s cert is trusted !!!

39 subj: Client issuer: Vidder ---------------- Signature Client Public Client Cert 39 Mutual TLS: Client Key, Client Cert, Verify Client subj: Ctrl issuer: Vidder ---------------- Signature Ctrl Public Controller Cert CAOCSP CRL subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Root Cert subj: Client issuer: Vidder ---------------- Signature Client Public Client Cert subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Root Cert subj: Client issuer: Vidder ---------------- Signature Client Public Client Cert Hash Original Hash Equal ? Serial # Validity Time ---------------- Signature Good Hash Serial # Validity Time ---------------- Signature Good OCSP Response Serial # Validity Time ---------------- Signature Good OCSP Response Hash Original Hash Equal ? Certificate Verify All text Hash Signature Hash Signature Certificate Verify All text Hash Equal ? Valid cert chain Not expired Not revoked αG Client’s cert is trusted !!! Random starting point “α” Calculate αG αG Client is trusted !!! Serial #

40 40 Mutual TLS: Calculate Final ECDH Key, Derive Session Keys Created β Received αG ECDH = β(αG) Created α Received βG ECDH = α(βG) Find point ECDH on the elliptic curve Premaster key (Kpm) = x coord of ECDH Master Key (Km) = PRF(Kpm, "master secret", Cr, Sr) Iterate PRF(Km, "key expansion", Sr, Cr) for AES keys: Client Key, Server Key, Client IV, Server IV CAOCSP CRL subj: Ctrl issuer: Vidder ---------------- Signature Ctrl Public Controller Cert subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Root Cert subj: Client issuer: Vidder ---------------- Signature Client Public Client Cert subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Root Cert

41 subj: Client issuer: Vidder ---------------- Signature Client Public Client Cert CAOCSP CRL subj: Ctrl issuer: Vidder ---------------- Signature Ctrl Public Controller Cert subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Root Cert subj: Client issuer: Vidder ---------------- Signature Client Public Client Cert subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Root Cert 41 Mutual TLS: Client Change Cipher Spec, Server Integrity Check Equal ? Change Cypher Spec Certificate Verify All text Hash Signature Hash Signature Certificate Verify All text Hash Equal ?

42 42 Mutual TLS: Server Change Cipher Spec, Client Integrity Check subj: Client issuer: Vidder ---------------- Signature Client Public Client Cert CAOCSP CRL subj: Ctrl issuer: Vidder ---------------- Signature Ctrl Public Controller Cert subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Root Cert subj: Client issuer: Vidder ---------------- Signature Client Public Client Cert subj: Vidder issuer: Vidder ---------------- Signature Vidder Public Root Cert PA Certificate Verify All text Hash Signature Hash Signature Certificate Verify All text Hash Equal ? Change Cypher Spec subj: Ctrl issuer: Vidder ---------------- Signature Ctrl Public Controller Cert

Download ppt "Cryptography 1 Three methods: Symmetric key Asymmetric key Hashing."

Similar presentations

Web security: SSL and TLS

Web security: SSL and TLS
CP3397 ECommerce.

CP3397 ECommerce.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?

COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Introduction to Cryptography

Introduction to Cryptography
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Similar presentations

Ads by Google