Digital certificates
19
1 Digital certificates • One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key Otherwise, you can only encrypt/decrypt to those key handed to you • A solution: digital certificates (or certs) • A form of credentials (like a physical passport) • Included with a person’s public key to verify that a key is valid
-
Upload
galvin-lester -
Category
Documents
-
view
42 -
download
1
description
Digital certificates. One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key Otherwise, you can only encrypt/decrypt to those key handed to you A solution: digital certificates (or certs) A form of credentials (like a physical passport) - PowerPoint PPT Presentation
Transcript of Digital certificates
1
Digital certificates
• One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key Otherwise, you can only encrypt/decrypt to
those key handed to you• A solution: digital certificates (or certs)• A form of credentials (like a physical
passport)• Included with a person’s public key to
verify that a key is valid
2
Components of a digital certificate• A digital certificate
A public key Certificate info (identifying information such as
name, ID) One (or more) digital signatures A stamp of approval from a trusted entity
• Certificates are used when it is necessary to exchange public keys with someone (when you cannot manually exchange via a diskette or USB drive)
3
Components of a digital certificate [2]
4
Digital certificate distribution
• Digital servers: a networked database that allows users to submit and receive digital certs Example: PGP Keyserver
• Public Key Infrastructures (PKIs) Storage facilities like the certificate servers More structured Provide additional key management services Issue revoke, store, and trust certificates Certificate authority: a group of human beings
authorized to issue certs (like a passport office)
5
Common certificate format
• The certificate holder’s public key: the public portion of key pair and key algorithm, e.g., RSA
• The certificate holder’s information: identity information about the user (e.g., name, user ID, email address, photograph, and so on)
• The digital signature of the certificate owner: the signature using the corresponding private key of the public key of the certificate
• The certificate’s validity period: the certificate’s start date/time and expiration date/time; The preferred symmetric encryption algorithm for the key: e.g., AES, Triple-DES, Twofish
6
Common certificate format [2]
7
Other substitution techniques
• Choose a keyword, e.g., Jayhawk, drop repeated letters, thus jayhwk
• The keyword defines the permutation of English letters:
ABCDEFGHIJKLMNOPQRSTUVWXYZ jayhwkbcdefgilmnopqrstuvxz
• Another keyword: Professional ABCDEFGHIJKLMNOPQRSTUVWXYZ
profesinalbcdghjkmqtuvwxyz
8
Other substitution techniques [2]• Use every third letter (apply mod 26)
adgjmpsvybehknqtwzcfilorux• Consider any possible permutation of the
English letters How many? 26! Even applying decryption at 1 microsecond, still
takes over 1,000 years The primary issue: the knowledge of letter
patterns in a text Solution: Avoid using the same substitution for a
letter
9
One-time pads (using Vigenere tableau)• Assume a set of large, non-repeating keys
written on sheets of paper, glued into a pad• Assume keys are 20 characters• Assume a text that is 300 characters• Sender tears off 15 pages from the pad• Sender writes the keys one at a time above the
text letters and enciphers in a prearranged chart• Receiver must have the same pad• Concerns: (1) key distribution, (2)
sender/receiver must synchronize (3) need unlimited keys
10
One-time pads [2]
• A toy example• Assume keys are 5 letters each; assume
these two keys XYSWD and DHJTU• Assume you have a text that is eight
characters, e.g., “fly today”• Need two keys XYSWDDHJTU flytoday• Ciphertext: XYSWDDHJ
11
One-time pads [3]
• Using computers, random numbers can be generated for the keys
• To send a 300-letter message Generate the next 300 random numbers Scale to be between 1-26 Use a number to decipher each letter
12
One-time pads [4]
• Pictorially
13
The Vernam cipher (a one-time pad)• Devised by Gilbert Vernam for AT&T• Non-repeating random numbers• How? Consider plaintext Vernam Cipher V E R N A M C I P H E Rord# 21 4 17 13 0 12 2 8 15 7 4 17+rnd 76 48 16 82 44 3 58 11 60 5 48 88= 97 52 33 95 44 15 60 19 75 12 52 105%26 19 0 7 17 18 15 8 19 23 12 0 1cipher T A H R S P I T X M A B
14
An example of combining substitution and transposition• The Soviet encryption during the WWII• Handout
15
How is a key used?
• Suppose we have a key, computer• How is it used to encrypt a plaintext?• A toy approach• The key, computer, in ASCII is
Dec: 097 111 109 112 117 116 101 114 Binary: 01100011 01101111 01101101 …
• A plaintext, “secretly” in binary: 01110011 01100101 01100011 …
• XOR the two!
16
How is a key used? [2]
• Much more complex in real algorithms
• F is a round function• Ki, for i in 2..16, are new
keys generated from the original key by a complex algorithm
• is the xor operation
17
The key application in DES
18
The key application in AES
19
Key distribution revisited
• Five persons need to communicate securely• How many keys should the system maintain?• How many lines of communication? n * (n -1)/2
Two people: 1 line of communication Three people: 3 lines of communication Four people: 6 lines of communication Five people: 10 lines of communication
• Concerns: Maintaining the distributed the keys
