190 likes | 344 Views
Digital certificates. One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key Otherwise, you can only encrypt/decrypt to those key handed to you A solution: digital certificates (or certs) A form of credentials (like a physical passport)
E N D
Digital certificates • One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key • Otherwise, you can only encrypt/decrypt to those key handed to you • A solution: digital certificates (or certs) • A form of credentials (like a physical passport) • Included with a person’s public key to verify that a key is valid
Components of a digital certificate • A digital certificate • A public key • Certificate info (identifying information such as name, ID) • One (or more) digital signatures • A stamp of approval from a trusted entity • Certificates are used when it is necessary to exchange public keys with someone (when you cannot manually exchange via a diskette or USB drive)
Digital certificate distribution • Digital servers: a networked database that allows users to submit and receive digital certs • Example: PGP Keyserver • Public Key Infrastructures (PKIs) • Storage facilities like the certificate servers • More structured • Provide additional key management services • Issue revoke, store, and trust certificates • Certificate authority: a group of human beings authorized to issue certs (like a passport office)
Common certificate format • The certificate holder’s public key: the public portion of key pair and key algorithm, e.g., RSA • The certificate holder’s information: identity information about the user (e.g., name, user ID, email address, photograph, and so on) • The digital signature of the certificate owner: the signature using the corresponding private key of the public key of the certificate • The certificate’s validity period: the certificate’s start date/time and expiration date/time; The preferred symmetric encryption algorithm for the key: e.g., AES, Triple-DES, Twofish
Other substitution techniques • Choose a keyword, e.g., Jayhawk, drop repeated letters, thus jayhwk • The keyword defines the permutation of English letters: ABCDEFGHIJKLMNOPQRSTUVWXYZ jayhwkbcdefgilmnopqrstuvxz • Another keyword: Professional ABCDEFGHIJKLMNOPQRSTUVWXYZ profesinalbcdghjkmqtuvwxyz
Other substitution techniques [2] • Use every third letter (apply mod 26) adgjmpsvybehknqtwzcfilorux • Consider any possible permutation of the English letters • How many? 26! • Even applying decryption at 1 microsecond, still takes over 1,000 years • The primary issue: the knowledge of letter patterns in a text • Solution: Avoid using the same substitution for a letter
One-time pads (using Vigenere tableau) • Assume a set of large, non-repeating keys written on sheets of paper, glued into a pad • Assume keys are 20 characters • Assume a text that is 300 characters • Sender tears off 15 pages from the pad • Sender writes the keys one at a time above the text letters and enciphers in a prearranged chart • Receiver must have the same pad • Concerns: (1) key distribution, (2) sender/receiver must synchronize (3) need unlimited keys
One-time pads [2] • A toy example • Assume keys are 5 letters each; assume these two keys XYSWD and DHJTU • Assume you have a text that is eight characters, e.g., “fly today” • Need two keys XYSWDDHJTU flytoday • Ciphertext: XYSWDDHJ
One-time pads [3] • Using computers, random numbers can be generated for the keys • To send a 300-letter message • Generate the next 300 random numbers • Scale to be between 1-26 • Use a number to decipher each letter
One-time pads [4] • Pictorially
The Vernam cipher (a one-time pad) • Devised by Gilbert Vernam for AT&T • Non-repeating random numbers • How? Consider plaintext Vernam Cipher V E R N A M C I P H E R ord# 21 4 17 13 0 12 2 8 15 7 4 17 +rnd76 48 16 82 44 3 58 11 60 5 48 88 = 97 52 33 95 44 15 60 19 75 12 52 105 %26 19 0 7 17 18 15 8 19 23 12 0 1 cipherT A H R S P I T X M A B
An example of combining substitution and transposition • The Soviet encryption during the WWII • Handout
How is a key used? • Suppose we have a key, computer • How is it used to encrypt a plaintext? • A toy approach • The key, computer, in ASCII is • Dec: 097 111 109 112 117 116 101 114 • Binary: 01100011 01101111 01101101 … • A plaintext, “secretly” in binary: • 01110011 01100101 01100011 … • XOR the two!
How is a key used? [2] • Much more complex in real algorithms • F is a round function • Ki, for i in 2..16, are new keys generated from the original key by a complex algorithm • is the xor operation
Key distribution revisited • Five persons need to communicate securely • How many keys should the system maintain? • How many lines of communication? n * (n -1)/2 • Two people: 1 line of communication • Three people: 3 lines of communication • Four people: 6 lines of communication • Five people: 10 lines of communication • Concerns: Maintaining the distributed the keys