Cryptography and PKI - CIT Portal, ICAI

Cryptography and PKI Task Statements 1.3 Recognise function of Telecommunications and Network security… Cryptography etc. Knowledge Statements...

6 downloads 545 Views 4MB Size
Cryptography and PKI

Securing Networks Chapter 3 Part 3 of 4 CA M S Mehta, FCA

1

WKH TXLFN EURZQ IRA MXPSV RYHU WKH ODCB GRJ THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG Caesar’s Cipher

2

Cryptography and PKI Learning Objectives Task Statements 1.3

Recognise function of Telecommunications and Network security… Cryptography etc.

Knowledge Statements 1.4

1.5

Telecommunications and Network security…..Cryptography etc. Concepts related to applied cryptography, including plain-text, cipher-text, symmetric cryptography, asymmetric cryptography, digital signature, message authentication code, hash functions, and modes of encryption operations. 3

Cryptography and PKI Topics Covered

Cryptography Need for Cryptography

Digital Signatures Public Key Infrastructure (PKI) Cryptanalysis 4

Cryptography Theory and practice of secure communication

Plain Text- readable intelligible Cipher Text-readable not intelligible Plain to Cipher Encryption

Cipher to Plain- Decryption

Enigma

5

Elements of a Secured Electronic Transmissions Authentication Privacy or Confidentiality

Integrity Non-repudiation Cryptography can be used to ensure these 6

Encryption-Requirements Algorithm

• Mathematical function used for encryption and decryption

Key

• Sequence that controls the operation and behavior of the cryptographic algorithm

7

Cryptography-Types Symmetric Key Encryption Public Key Encryption

Message Digest

8

Symmetric Key Encryption

The quick brown fox jumps over the lazy dog

Cleartext Message

DES

sdfklj98 a475$5 6jhgv98 456vjnf 84576F GHH78l fkghj506#6l kjg4#$ 5;lkn;t7 ;lsk%0

Cipher Text

The quick brown fox jumps over the lazy dog

DES

Cleartext Message

DES- key 56 Bits- Possible keys 256 Keys AES- Key 128-256 Bits

9

Public Key Encryption One half of a key pair is used to encrypt, the other half is used to decrypt. Encryption

Recipient’s Public Key A

Decryption

Recipient’s Private Key B

RSA- key 2048 Bits- Possible keys 22048 Keys

10

Symmetric Vs Asymmetric Encryption Symmetric Key / Private Key

Asymmetric Key / Public Key

Key Size is generally small

Key size is generally large

Works fast

Slow compared to symmetric key

Consumes less computer resources

Uses more computer resources

Less secured

Increased security because Private key is never revealed

Authentication is a cumbersome process and not reliable

Provides facilities for authentication through Digital Signatures

Efficient for encryption

Provides facilities signatures.

for

efficient

digital

11

Message Hash or Message Digest The quick brown fox jumps over the lazy dog With just an addition of dot, Hash Changes

The quick brown fox jumps over the lazy dog. Message Digest, for a particular technique, is of same size irrespective of the size of the message 12

Trust Elements of establishing trust in business transactions

Confidentiality Integrity Authentication Non-repudiation Access Control

13

Public Key Infrastructure (abbr. PKI) a comprehensive system that provides public-key encryption and digital signature services to ensure confidentiality, access control, data integrity, authentication and nonrepudiation. 14

Need for PKI Internet enabled E-commerce is also facilitated through PKI

Authentication

• identify users accessing sensitive information

Access Control

• Control who accesses information

Privacy Confidentiality

• Be sure communication is private but carried over the Internet

Integrity

Non-repudiation

• Ensure data has not been tampered with • Mechanism to ensure that signatory cannot deny his signatures

15

Digital Signatures Data string dependent on secret known to the signer and content of the message. Based on public-key encryption and Message Hash

Digital signatures must be verifiable. Serves three purposes. • Authentication • Integrity • Non-repudiation

16

Digital Signature RAHIM Receiver’s Side

RAM Sender’s Side

Plain Text Plain Text

Receiver

Hashing Process

Hashing Process

Same Accept. Else Reject

Message Digest

Message Digest

Comparison Process Encryption (Digital Signature) Sender’s Private Key

Message Digest Sender’s Public Key Digitally Signed Document

Decryption

Working of the Digital Signature by Using Hashing

17

Digital Certificates Digitally signed document that associates a public key with a user. Certificate ties a participant to public key ID Number & Name Validity Period

Public Key: Name: Amar Akbar Anthony NRIC Number: 1234567A

private

Expires: 31 December 2015

Signed: CA’s Signature

The authenticity of the certificate is guaranteed by the digital signature generated using the 18 CA’s private key.

How does PKI work? Apply Hash Algorithm

Hash Code

Sender’s Private Key

Digital Signature

Original Message Recipient’s Public Key

Encrypted Symmetric Key Sender

Original Message

Symmetric Key

Encrypted & Signed 19

How does PKI work? Recipient

Recipient’s Private Key

Encrypted Symmetric Key

Symmetric Key Hash Algorithm

Message verified

Original Message

Encrypted & Signed

Digital Sender’s Hash Code Signature Public Key 20

General PKI Requirements Cross-certification

Certification Authority

Support for non-repudiation

Key Histories

Key Backup & Recovery

Timestamping

Certificate Repository

Certificate Revocation

Application software

Automatic Key Update 21

PKI Ensures Confidentiality through encryption

Access control Digital Certificates

Digital Signatures

• Symmetric Encryption • Public Key Encryption • Only give the keys to those authorized to use. • Authentication

• Integrity • Non-repudiation 22

Certification Authority Trusted Third Parties (TTP) to verify & vouch for the identities of entities in the electronic environment Establish Certificate Practise Statement (CPS) and Certificate Policies Verification of registration, suspension & revocation request 23

Registration Authority (RA) Registration process begins with RA, who authenticates identity of a person based on which CA will issue Digital Certificate

24

Digital Certificates- Process User Certificate User Name & other credentials Certificate Request User’s Public key

User Name Signed by using CA’s private key

User’s Public Key CA’s Name

Certificate Database

Publish User 1 certificate User 2 certificate .

Validation period Signature of CA 25

Certificate Repositories

Store certificates and publicly required information To be retrieved by applications on behalf of users.

26

Certificate Revocation List(CRL) CRL is a list of certificates that have been revoked, and therefore entities presenting those certificates should no longer be trusted.

27

Cryptanalysis Methods of recovering the plaintext from ciphertext without the use of a key.

E.g. Known-plaintext attack : If cryptanalyst has access not only to the ciphertext of several messages, but also to the plaintext of those messages, he could deduce the key used for encryption 28

References • http://www.garykessler.net/library/crypto.html

• http://en.wikibooks.org/wiki/Cryptography • http://resources.infosecinstitute.com/role-of-cryptography/ • http://www.di-mgt.com.au/rsa_alg.html#simpleexample

• http://whatis.com • http://howstuffworks.com • http://youtube.com

29

Cryptography and PKI We have learnt about

Cryptography Need for Cryptography

Digital Signatures Public Key Infrastructure (PKI) Cryptanalysis 30

Cryptography and PKI

Thank You

31