Cryptography and PKI
Securing Networks Chapter 3 Part 3 of 4 CA M S Mehta, FCA
1
WKH TXLFN EURZQ IRA MXPSV RYHU WKH ODCB GRJ THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG Caesar’s Cipher
2
Cryptography and PKI Learning Objectives Task Statements 1.3
Recognise function of Telecommunications and Network security… Cryptography etc.
Knowledge Statements 1.4
1.5
Telecommunications and Network security…..Cryptography etc. Concepts related to applied cryptography, including plain-text, cipher-text, symmetric cryptography, asymmetric cryptography, digital signature, message authentication code, hash functions, and modes of encryption operations. 3
Cryptography and PKI Topics Covered
Cryptography Need for Cryptography
Digital Signatures Public Key Infrastructure (PKI) Cryptanalysis 4
Cryptography Theory and practice of secure communication
Plain Text- readable intelligible Cipher Text-readable not intelligible Plain to Cipher Encryption
Cipher to Plain- Decryption
Enigma
5
Elements of a Secured Electronic Transmissions Authentication Privacy or Confidentiality
Integrity Non-repudiation Cryptography can be used to ensure these 6
Encryption-Requirements Algorithm
• Mathematical function used for encryption and decryption
Key
• Sequence that controls the operation and behavior of the cryptographic algorithm
7
Cryptography-Types Symmetric Key Encryption Public Key Encryption
Message Digest
8
Symmetric Key Encryption
The quick brown fox jumps over the lazy dog
Cleartext Message
DES
sdfklj98 a475$5 6jhgv98 456vjnf 84576F GHH78l fkghj506#6l kjg4#$ 5;lkn;t7 ;lsk%0
Cipher Text
The quick brown fox jumps over the lazy dog
DES
Cleartext Message
DES- key 56 Bits- Possible keys 256 Keys AES- Key 128-256 Bits
9
Public Key Encryption One half of a key pair is used to encrypt, the other half is used to decrypt. Encryption
Recipient’s Public Key A
Decryption
Recipient’s Private Key B
RSA- key 2048 Bits- Possible keys 22048 Keys
10
Symmetric Vs Asymmetric Encryption Symmetric Key / Private Key
Asymmetric Key / Public Key
Key Size is generally small
Key size is generally large
Works fast
Slow compared to symmetric key
Consumes less computer resources
Uses more computer resources
Less secured
Increased security because Private key is never revealed
Authentication is a cumbersome process and not reliable
Provides facilities for authentication through Digital Signatures
Efficient for encryption
Provides facilities signatures.
for
efficient
digital
11
Message Hash or Message Digest The quick brown fox jumps over the lazy dog With just an addition of dot, Hash Changes
The quick brown fox jumps over the lazy dog. Message Digest, for a particular technique, is of same size irrespective of the size of the message 12
Trust Elements of establishing trust in business transactions
Confidentiality Integrity Authentication Non-repudiation Access Control
13
Public Key Infrastructure (abbr. PKI) a comprehensive system that provides public-key encryption and digital signature services to ensure confidentiality, access control, data integrity, authentication and nonrepudiation. 14
Need for PKI Internet enabled E-commerce is also facilitated through PKI
Authentication
• identify users accessing sensitive information
Access Control
• Control who accesses information
Privacy Confidentiality
• Be sure communication is private but carried over the Internet
Integrity
Non-repudiation
• Ensure data has not been tampered with • Mechanism to ensure that signatory cannot deny his signatures
15
Digital Signatures Data string dependent on secret known to the signer and content of the message. Based on public-key encryption and Message Hash
Digital signatures must be verifiable. Serves three purposes. • Authentication • Integrity • Non-repudiation
16
Digital Signature RAHIM Receiver’s Side
RAM Sender’s Side
Plain Text Plain Text
Receiver
Hashing Process
Hashing Process
Same Accept. Else Reject
Message Digest
Message Digest
Comparison Process Encryption (Digital Signature) Sender’s Private Key
Message Digest Sender’s Public Key Digitally Signed Document
Decryption
Working of the Digital Signature by Using Hashing
17
Digital Certificates Digitally signed document that associates a public key with a user. Certificate ties a participant to public key ID Number & Name Validity Period
Public Key: Name: Amar Akbar Anthony NRIC Number: 1234567A
private
Expires: 31 December 2015
Signed: CA’s Signature
The authenticity of the certificate is guaranteed by the digital signature generated using the 18 CA’s private key.
How does PKI work? Apply Hash Algorithm
Hash Code
Sender’s Private Key
Digital Signature
Original Message Recipient’s Public Key
Encrypted Symmetric Key Sender
Original Message
Symmetric Key
Encrypted & Signed 19
How does PKI work? Recipient
Recipient’s Private Key
Encrypted Symmetric Key
Symmetric Key Hash Algorithm
Message verified
Original Message
Encrypted & Signed
Digital Sender’s Hash Code Signature Public Key 20
General PKI Requirements Cross-certification
Certification Authority
Support for non-repudiation
Key Histories
Key Backup & Recovery
Timestamping
Certificate Repository
Certificate Revocation
Application software
Automatic Key Update 21
PKI Ensures Confidentiality through encryption
Access control Digital Certificates
Digital Signatures
• Symmetric Encryption • Public Key Encryption • Only give the keys to those authorized to use. • Authentication
• Integrity • Non-repudiation 22
Certification Authority Trusted Third Parties (TTP) to verify & vouch for the identities of entities in the electronic environment Establish Certificate Practise Statement (CPS) and Certificate Policies Verification of registration, suspension & revocation request 23
Registration Authority (RA) Registration process begins with RA, who authenticates identity of a person based on which CA will issue Digital Certificate
24
Digital Certificates- Process User Certificate User Name & other credentials Certificate Request User’s Public key
User Name Signed by using CA’s private key
User’s Public Key CA’s Name
Certificate Database
Publish User 1 certificate User 2 certificate .
Validation period Signature of CA 25
Certificate Repositories
Store certificates and publicly required information To be retrieved by applications on behalf of users.
26
Certificate Revocation List(CRL) CRL is a list of certificates that have been revoked, and therefore entities presenting those certificates should no longer be trusted.
27
Cryptanalysis Methods of recovering the plaintext from ciphertext without the use of a key.
E.g. Known-plaintext attack : If cryptanalyst has access not only to the ciphertext of several messages, but also to the plaintext of those messages, he could deduce the key used for encryption 28
References • http://www.garykessler.net/library/crypto.html
• http://en.wikibooks.org/wiki/Cryptography • http://resources.infosecinstitute.com/role-of-cryptography/ • http://www.di-mgt.com.au/rsa_alg.html#simpleexample
• http://whatis.com • http://howstuffworks.com • http://youtube.com
29
Cryptography and PKI We have learnt about
Cryptography Need for Cryptography
Digital Signatures Public Key Infrastructure (PKI) Cryptanalysis 30
Cryptography and PKI
Thank You
31
