1 / 19

Digital certificates

Digital certificates. One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key Otherwise, you can only encrypt/decrypt to those key handed to you A solution: digital certificates (or certs) A form of credentials (like a physical passport)

Download Presentation

Digital certificates

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Digital certificates • One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key • Otherwise, you can only encrypt/decrypt to those key handed to you • A solution: digital certificates (or certs) • A form of credentials (like a physical passport) • Included with a person’s public key to verify that a key is valid

  2. Components of a digital certificate • A digital certificate • A public key • Certificate info (identifying information such as name, ID) • One (or more) digital signatures • A stamp of approval from a trusted entity • Certificates are used when it is necessary to exchange public keys with someone (when you cannot manually exchange via a diskette or USB drive)

  3. Components of a digital certificate [2]

  4. Digital certificate distribution • Digital servers: a networked database that allows users to submit and receive digital certs • Example: PGP Keyserver • Public Key Infrastructures (PKIs) • Storage facilities like the certificate servers • More structured • Provide additional key management services • Issue revoke, store, and trust certificates • Certificate authority: a group of human beings authorized to issue certs (like a passport office)

  5. Common certificate format • The certificate holder’s public key: the public portion of key pair and key algorithm, e.g., RSA • The certificate holder’s information: identity information about the user (e.g., name, user ID, email address, photograph, and so on) • The digital signature of the certificate owner: the signature using the corresponding private key of the public key of the certificate • The certificate’s validity period: the certificate’s start date/time and expiration date/time; The preferred symmetric encryption algorithm for the key: e.g., AES, Triple-DES, Twofish

  6. Common certificate format [2]

  7. Other substitution techniques • Choose a keyword, e.g., Jayhawk, drop repeated letters, thus jayhwk • The keyword defines the permutation of English letters: ABCDEFGHIJKLMNOPQRSTUVWXYZ jayhwkbcdefgilmnopqrstuvxz • Another keyword: Professional ABCDEFGHIJKLMNOPQRSTUVWXYZ profesinalbcdghjkmqtuvwxyz

  8. Other substitution techniques [2] • Use every third letter (apply mod 26) adgjmpsvybehknqtwzcfilorux • Consider any possible permutation of the English letters • How many? 26! • Even applying decryption at 1 microsecond, still takes over 1,000 years • The primary issue: the knowledge of letter patterns in a text • Solution: Avoid using the same substitution for a letter

  9. One-time pads (using Vigenere tableau) • Assume a set of large, non-repeating keys written on sheets of paper, glued into a pad • Assume keys are 20 characters • Assume a text that is 300 characters • Sender tears off 15 pages from the pad • Sender writes the keys one at a time above the text letters and enciphers in a prearranged chart • Receiver must have the same pad • Concerns: (1) key distribution, (2) sender/receiver must synchronize (3) need unlimited keys

  10. One-time pads [2] • A toy example • Assume keys are 5 letters each; assume these two keys XYSWD and DHJTU • Assume you have a text that is eight characters, e.g., “fly today” • Need two keys XYSWDDHJTU flytoday • Ciphertext: XYSWDDHJ

  11. One-time pads [3] • Using computers, random numbers can be generated for the keys • To send a 300-letter message • Generate the next 300 random numbers • Scale to be between 1-26 • Use a number to decipher each letter

  12. One-time pads [4] • Pictorially

  13. The Vernam cipher (a one-time pad) • Devised by Gilbert Vernam for AT&T • Non-repeating random numbers • How? Consider plaintext Vernam Cipher V E R N A M C I P H E R ord# 21 4 17 13 0 12 2 8 15 7 4 17 +rnd76 48 16 82 44 3 58 11 60 5 48 88 = 97 52 33 95 44 15 60 19 75 12 52 105 %26 19 0 7 17 18 15 8 19 23 12 0 1 cipherT A H R S P I T X M A B

  14. An example of combining substitution and transposition • The Soviet encryption during the WWII • Handout

  15. How is a key used? • Suppose we have a key, computer • How is it used to encrypt a plaintext? • A toy approach • The key, computer, in ASCII is • Dec: 097 111 109 112 117 116 101 114 • Binary: 01100011 01101111 01101101 … • A plaintext, “secretly” in binary: • 01110011 01100101 01100011 … • XOR the two!

  16. How is a key used? [2] • Much more complex in real algorithms • F is a round function • Ki, for i in 2..16, are new keys generated from the original key by a complex algorithm •  is the xor operation

  17. The key application in DES

  18. The key application in AES

  19. Key distribution revisited • Five persons need to communicate securely • How many keys should the system maintain? • How many lines of communication? n * (n -1)/2 • Two people: 1 line of communication • Three people: 3 lines of communication • Four people: 6 lines of communication • Five people: 10 lines of communication • Concerns: Maintaining the distributed the keys

More Related