SlideShare a Scribd company logo

Public key cryptography

R
rinnocente

The document discusses public key cryptography, digital certificates, and Transport Layer Security (TLS). It provides an overview of symmetric and asymmetric key cryptography, algorithms like RSA and ElGamal, the use of digital signatures and certificates, and how TLS uses public key encryption to securely transmit data over the internet, such as for email.

Software
1 of 50
Downloaded 17 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
2001/03/26 r.innocente 1 Public Key Cryptography, Digital Certificates, Transport Layer Security and Internet encrypted services Roberto Innocente inno@sissa.it
2001/03/26 r.innocente 2 Summary • PKC (Public Key Cryptography) Introduction • Digital Certificates • SSL/TLS • Use of SSL/TLS over Internet • Encrypted services: pop, imap, smtp
2001/03/26 r.innocente 3 Cryptographic systems taxonomy • Symmetric key cryptography • same key for encryption and decryption • relatively fast • RC2, RC4, DES, triple DES • Asymmetric key cryptography • different keys for encryption/decryption • slow • RSA, ElGamal, Elliptic curves
2001/03/26 r.innocente 4 Symmetric Key Cryptography Encryption Decryption Plain text Cipher text Plain text m c=K(m) m=K(c) m message c cipher text K key key K K.K=1
2001/03/26 r.innocente 5 Asymmetric Key Cryptography Encryption Decryption Plain text Cipher text Plain text Encryption key E Decryption key D m c=E(m) m=D(c) m message c cipher text E encryption key D decryption key D.E=1
2001/03/26 r.innocente 6 Another classification • Secret Key Cryptography • the key is kept secret • it requires a secure channel to be transmitted • Public Key Crytpography • one key (the deciphering key) is kept secret • the other key is made public
2001/03/26 r.innocente 7 Public-Key Cryptography Diffie – Hellmann (1976) • Each user generates a pair of inverse transformation E and D. • The deciphering key D must be kept secret but need never be communicated on a channel • The enciphering key E can be made public by placing it in a public directory (Public File) The original idea here is that keys can be produced in pairs and that it can be very hard to generate a key from the other
2001/03/26 r.innocente 8 PKC algorithms Since DH idea in 1976 many algorithms have been proposed, most were discovered insecure, of the remaining many are not feasible. Some of the algorithms are: • Knapsack algorithms (later shown insecure) • RSA (still considered secure) • El Gamal (still considered secure)
2001/03/26 r.innocente 9 Knapsack algorithms/1 (!!! insecure !!!) First PKC algorithm proposed by Merckle and Hellmann in 1978. • Given n integers M1,M2,M3,..., and a sum S, find a binary sequence b1,b2,b3... such that • S=b1*M1+ b2*M2+b3*M3+ .... • where: • M1,M2,M3,... is the public key • b1,b2,b3,... are the bits of the plain message • S is the ciphertext In general it is an hard problem, but ...
2001/03/26 r.innocente 10 Knapsack algorithms/2 (!!! insecure !!!) A subclass of the general problem can be easily solved and mapped onto a more general one. • A superincreasing knapsack is a knapsack in which every number in the ordered sequence is greater than the sum of the preceeding numbers e.g.{ 2,3,6,13,27} • Solving the problem for a superincreasing knapsack is quite easy. Starting from the greatest number, that will be an addend if it is less than the sum S, and so on ... • Now, choosing a number m (=55) greater than the sum of all numbers in the sequence, and a number n (=29) prime with m, and taking the remainder module m of the numbers in the sequence multiplied by n e.g. {2*29=58mod 55 =3, 3*29=87mod 55=32,...} we obtain a knapsack that is not superincreasing... if we take this sequence as the public key, and the underlaying superincreasing sequence as the private key ...
2001/03/26 r.innocente 11 RSA/1 (Rivest,Shamir,Adleman 1978) • Choose primes p,q n=p*q • Choose encryption key e prime with (p-1)*(q-1) • Compute the inverse d such that • now for each message m : • n,e is the public key • d is the private key e*d = 1 mod n c = me mod n m = cd mod n
2001/03/26 r.innocente 12 RSA/2 • Fermat’s little theorem (p prime,(p|a)=1): • Euler Totient function: • Euler’s generalization of Fermat’s theorem: ap-1 ≅ 1 (mod p) φ(n)= # of integers less than n primes with n For p,q primes : φ(p) = p-1 φ(p*q) = (p-1)*(q-1) aφ(n) ≅1 mod n aφ(n) –1 ≅ a-1 mod n therefore : e-1 ≅ e(p-1)(q-1)-1 mod n
2001/03/26 r.innocente 13 RSA/3 • Software speedups: • RSA goes faster if you choose e carefully • 3 (PEM), 65537 (X.509), 17 (PKCS#1) are good choices having only 2 bits set • in particular 65537 requires only 17 multiplications to exponentiate • Hardware chips: • it’s about 1000 times slower than DES • 1 Mb/s using a 512 bits modulus (GEC Marconi)
2001/03/26 r.innocente 14 RSA/4 The RSA patent was valid only for the US because it was requested after publication. In any case the patent expired on September,20 2000 and from then on RSA it’s now free everywhere
2001/03/26 r.innocente 15 El Gamal (T.ElGamal 1984) • Choose a prime p and two random numbers g(<p),x (<p)and compute y = g**x mod p • public key is y,g,p • private key is x • To encrypt a message M choose a random k, (p-1|k)=1 and compute • a= g**k mod p • b = (y**k)* M mod p • a,b is the ciphertext, to decrypt : • M = b/a**x mod p
2001/03/26 r.innocente 16 Message digests or Hash or fingerprints • One way function that maps a file on a fixed length key. As with real fingerprints one hopes that no 2 msgs have the same fingerprint. • collision free • un-reversible • e.g : • Unix sum is a bad example (16 bits) (Unix sum,cksum) • MD5(128 bits) invented by RSA (Unix md5sum) • SHA1(160 bits) Secure Hash Algorithm-1
2001/03/26 r.innocente 17 Uses of PKC Pics from M.Branchaud Pic from M.Branchaud
2001/03/26 r.innocente 18 Digital Signature Message Message Digest MD5 Signature RSA with private key
2001/03/26 r.innocente 19 Pitney-Bowes Veritas system • Uses digital signatures to authenticate info stored on physical documents (including the digital encoding of photographs) • It’s been used successfully at the Olympic World Games in New Haven in 1995 • On the back of a badge a high density bar code encoded a photograph, biographical data and medical data of the athletes • A Veritas reader can scan the bar code, verify the digital signature and then display a copy of the photograph
2001/03/26 r.innocente 20 Digital Certificates L.Kohnfelder (1978) In an effort to overcome performance problems related to the use of a single Public File, Kohnfelder proposed a digitally signed data record containing a name and a public key called a CERTIFICATE.
2001/03/26 r.innocente 21 Digital Certificates/2 Name Public key Digital signature
2001/03/26 r.innocente 22 Certificates/3 • Binary format of certificates is defined using ASN.1 (x.208) • Binary encoding is defined using DER(Distinguished Encoding Rules) which is based on BER (Basic Encoding Rules) • Binary format can be translated into ASCII using Base64 encoding, this form is called PEM encoding
2001/03/26 r.innocente 23 ASN.1 (X.208 1988) Certificate ::=SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING } TBSCertificate ::=SEQUENCE { version [0] EXPLICIT Version DEFAULT v1, serialNumber CertificateSerialNumber, signatureAlgorithmIdentifier, issuer Name, validity Validity, subject Name, subjectPucliKeyInfo, issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, subjectUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, extensions [3] EXPLICIT Extensions OPTIONAL } UniqueIdentifier::= BITSTRING Extensions::=SEQUENCE OF Extension
2001/03/26 r.innocente 24 ASN.1/2Private-Key: (1024 bit) modulus: 00:a0:11:a6:01:c6:d6:55:23:06:12:af:76:04:94: 5d:6a:94:67:f7:02:6e:4c:1b:90:39:b8:6d:a6:02: 01:57:87:0b:57:ed:c9:ad:89:28:bf:71:62:7d:26: 9a:de:2d:d8:15:ed:82:07:cf:07:a5:4d:9c:83:b3: 11:19:1a:f4:c9:68:ac:39:c9:98:be:69:5c:dd:da: f1:44:7e:80:9e:53:c9:7c:ca:3c:60:20:99:ce:b3: 53:be:67:7f:31:06:91:b2:c5:76:04:53:0d:5a:42: b9:26:b1:fe:93:15:f0:04:75:03:1c:e7:a9:3a:cf: 9d:5e:01:01:93:81:23:09:45 publicExponent: 65537 (0x10001) privateExponent: 5a:db:a9:af:38:7e:50:b5:20:ad:5a:8b:52:ee:24: 58:6b:04:d8:60:b8:da:da:8a:73:39:0c:84:3e:7f: 24:7f:b3:20:a6:08:e4:48:06:a9:24:63:13:46:e6: 81:56:e4:61:0d:ff:d1:0e:e2:f8:21:a5:c5:db:ce: c8:c1:54:50:58:f4:d5:4c:53:ba:f7:dd:25:9d:a4: 55:25:a1:4b:07:25:38:14:20:0c:a6:c2:07:1d:a6: cd:b0:f0:5b:cc:58:f6:fd:1d:0a:93:01:58:83:79: 46:e4:fc:67:91:f9:36:9c:07:c5:9c:26:12:bd:ab: 1e:86:4c:63:a4:0b:31:c1 prime1: 00:d1:d7:69:c9:c5:b0:50:37:9f:2e:2d:21:b5:9f: 96:7e:e8:c1:05:29:b1:62:da:e4:b5:cd:04:03:b1: 27:c7:3e:ca:27:a1:bd:69:4f:33:e2:97:5a:03:d0: 33:6f:41:c8:e0:f9:94:e2:0d:c1:a6:85:e1:09:ac: 31:f5:97:7f:77 prime2: 00:c3:47:72:4a:31:ea:e4:e6:0f:79:7f:68:da:c8: 40:7a:96:86:be:69:1c:94:e7:ab:1f:03:66:e0:05: 00:92:4f:e9:ac:ff:0e:51:45:9c:ed:9b:9e:01:ba: e5:00:a2:0f:d4:59:e6:06:d9:24:21:ba:b1:96:79: 51:5b:37:44:23 exponent1: 64:1e:98:6d:d9:f1:be:c4:5b:21:a8:0c:ee:60:5f: 68:db:da:c4:80:d9:0e:e6:8b:bb:26:3f:65:17:90: 78:23:40:46:da:87:ca:08:2d:24:4e:bc:77:17:4e: 83:25:eb:17:54:5d:b1:e1:88:64:d0:79:c7:a8:ae: 09:94:a8:0f exponent2: 65:64:77:67:26:bb:fb:d5:a8:3b:41:78:44:00:ad: d9:f8:c6:45:9f:76:03:aa:b6:23:08:35:26:23:f2: c4:05:52:23:4c:db:36:3f:9a:d7:94:71:5a:1c:9c: 42:d3:e2:bc:33:61:48:34:fe:99:b4:c1:f8:8b:4d: 3e:bb:57:59 coefficient: 24:c5:7d:c3:22:1b:cf:ae:15:20:97:9c:73:78:4a: d5:98:39:da:be:12:7e:94:1d:81:fa:0e:08:2a:dc: 3d:18:9e:b3:f8:cf:29:66:76:16:22:11:8f:d1:c1: a3:ec:6f:50:d5:e1:0f:66:ba:6a:43:ec:86:20:08: 39:0c:20:9e -----BEGIN RSA PRIVATE KEY----- MIICWwIBAAKBgQCgEaYBxtZVIwYSr3YElF1qlGf3Am5MG5A5uG2mAgFXhwtX7cmt iSi/cWJ9JpreLdgV7YIHzwelTZyDsxEZGvTJaKw5yZi+aVzd2vFEfoCeU8l8yjxg IJnOs1O+Z38xBpGyxXYEUw1aQrkmsf6TFfAEdQMc56k6z51eAQGTgSMJRQIDAQAB AoGAWtuprzh+ULUgrVqLUu4kWGsE2GC42tqKczkMhD5/JH+zIKYI5EgGqSRjE0bm gVbkYQ3/0Q7i+CGlxdvOyMFUUFj01UxTuvfdJZ2kVSWhSwclOBQgDKbCBx2mzbDw W8xY9v0dCpMBWIN5RuT8Z5H5NpwHxZwmEr2rHoZMY6QLMcECQQDR12nJxbBQN58u LSG1n5Z+6MEFKbFi2uS1zQQDsSfHPsonob1pTzPil1oD0DNvQcjg+ZTiDcGmheEJ rDH1l393AkEAw0dySjHq5OYPeX9o2shAepaGvmkclOerHwNm4AUAkk/prP8OUUWc 7ZueAbrlAKIP1FnmBtkkIbqxlnlRWzdEIwJAZB6YbdnxvsRbIagM7mBfaNvaxIDZ DuaLuyY/ZReQeCNARtqHyggtJE68dxdOgyXrF1RdseGIZNB5x6iuCZSoDwJAZWR3
2001/03/26 r.innocente 25 ASN.1/3 0:d=0 hl=4 l= 603 cons: SEQUENCE 4:d=1 hl=2 l= 1 prim: INTEGER :00 7:d=1 hl=3 l= 129 prim: INTEGER :A011A601C6D655230612AF7604945D6A9467F7026E4C1B9039B86DA6020157870B57EDC9AD8928B F71627D269ADE2DD815ED8207CF07A54D9C83B311191AF4C968AC39C998BE695CDDDAF1447E809E5 3C97CCA3C602099CEB353BE677F310691B2C57604530D5A42B926B1FE9315F00475031CE7A93ACF9 D5E01019381230945 139:d=1 hl=2 l= 3 prim: INTEGER :010001 144:d=1 hl=3 l= 128 prim: INTEGER : 5ADBA9AF387E50B520AD5A8B52EE24586B04D860B8DADA8A73390C843E7F247FB320A608E44806A9 24631346E68156E4610DFFD10EE2F821A5C5DBCEC8C1545058F4D54C53BAF7DD259DA45525A14B07 253814200CA6C2071DA6CDB0F05BCC58F6FD1D0A930158837946E4FC6791F9369C07C59C2612BDAB 1E864C63A40B31C1 275:d=1 hl=2 l= 65 prim: INTEGER :D1D769C9C5B050379F2E2D21B59F967EE8C10529B162DAE4B5CD0403B127C73ECA27A1BD694F33E 2975A03D0336F41C8E0F994E20DC1A685E109AC31F5977F77 342:d=1 hl=2 l= 65 prim: INTEGER :C347724A31EAE4E60F797F68DAC8407A9686BE691C94E7AB1F0366E00500924FE9ACFF0E51459CE D9B9E01BAE500A20FD459E606D92421BAB19679515B374423 409:d=1 hl=2 l= 64 prim: INTEGER : 641E986DD9F1BEC45B21A80CEE605F68DBDAC480D90EE68BBB263F65179078234046DA87CA082D24 4EBC77174E8325EB17545DB1E18864D079C7A8AE0994A80F 475:d=1 hl=2 l= 64 prim: INTEGER : 6564776726BBFBD5A83B41784400ADD9F8C6459F7603AAB62308352623F2C40552234CDB363F9AD7 94715A1C9C42D3E2BC33614834FE99B4C1F88B4D3EBB5759 541:d=1 hl=2 l= 64 prim: INTEGER : 24C57DC3221BCFAE1520979C73784AD59839DABE127E941D81FA0E082ADC3D189EB3F8CF29667616 22118FD1C1A3EC6F50D5E10F66BA6A43EC862008390C209E
2001/03/26 r.innocente 26 OID (object identifiers) • Object identifiers are unique numbers assigned to objects. They identify a node in a global tree. • e.g. 1.2.840.113549.1.7.2 is an OID, it means SignedData which is defined by RSADSI 0 ITU-T 1 ISO 2 joint ISO/ITU
2001/03/26 r.innocente 27 OID global tree Pic from M.Branchaud
2001/03/26 r.innocente 28 RSA keys according to PKCS#.. Private-Key: (1024 bit) modulus: 00:a0:11:a6:01:c6:d6:55:23:06:12:af:76:04:94: 5d:6a:94:67:f7:02:6e:4c:1b:90:39:b8:6d:a6:02: 01:57:87:0b:57:ed:c9:ad:89:28:bf:71:62:7d:26: 9a:de:2d:d8:15:ed:82:07:cf:07:a5:4d:9c:83:b3: 11:19:1a:f4:c9:68:ac:39:c9:98:be:69:5c:dd:da: f1:44:7e:80:9e:53:c9:7c:ca:3c:60:20:99:ce:b3: 53:be:67:7f:31:06:91:b2:c5:76:04:53:0d:5a:42: b9:26:b1:fe:93:15:f0:04:75:03:1c:e7:a9:3a:cf: 9d:5e:01:01:93:81:23:09:45 publicExponent: 65537 (0x10001) privateExponent: 5a:db:a9:af:38:7e:50:b5:20:ad:5a:8b:52:ee:24: 58:6b:04:d8:60:b8:da:da:8a:73:39:0c:84:3e:7f: 24:7f:b3:20:a6:08:e4:48:06:a9:24:63:13:46:e6: 81:56:e4:61:0d:ff:d1:0e:e2:f8:21:a5:c5:db:ce: c8:c1:54:50:58:f4:d5:4c:53:ba:f7:dd:25:9d:a4: 55:25:a1:4b:07:25:38:14:20:0c:a6:c2:07:1d:a6: cd:b0:f0:5b:cc:58:f6:fd:1d:0a:93:01:58:83:79: 46:e4:fc:67:91:f9:36:9c:07:c5:9c:26:12:bd:ab:
2001/03/26 r.innocente 29 X.500 Directory Services
2001/03/26 r.innocente 30 X.500 Pic from M.Branchaud
2001/03/26 r.innocente 31 Distinguished Names (DN) fields • Common name CN e.g. CN=Joe Wells • Organizational unit OU e.g OU=Sales • Organization O e.g. O=Heaven,Inc. • City/Locality L e.g. L=Tampa • State/Province ST e.g. ST=Florida • Country C e.g. C=US • / C=US/ST=Florida/L=Tampa/O=Heaven,Inc./OU=Sale s/CN=Joe Wells
2001/03/26 r.innocente 32 Digital Certificates/3
2001/03/26 r.innocente 33 X.509 cert v1-2 Pic from M.Branchaud
2001/03/26 r.innocente 34 CRL(CertificateRevocationList)
2001/03/26 r.innocente 35 CRLv2 Pic from M.Branchaud
2001/03/26 r.innocente 36 SSL/1 The SSL (Secure Socket Layer) protocol was designed by Netscape to be used with its browser. • SSL v.1 was used only internally. • SSL v.2 was incorporated in Navigator v1 and v2. • Microsoft created a similar protocol called PCT which overcame some problems of SSL • SSL v.3 incorporated PCT enhancements
2001/03/26 r.innocente 37 SSL/2 • The first implementation of SSL was available only in Netscape browsers and servers • SSLRef is a reference implementation in C that Netscape made available in source code (does’nt include RC2 or RC4 encryption algorithms) • SSLeay is an indipendent implementation of SSLv.3 made by Eric A. Young a programmer in Australia • OpenSSL is based on SSLeay
2001/03/26 r.innocente 38 TLS/SSL Layers e.g. TCP TLS Record protocol TLS Handshake prot TLS layers Transport protocol
2001/03/26 r.innocente 39 SSL record protocol • Each SSL record contains: • content type • proto version • length • payload • Message auhentication ( Changed in TLS to HMAC), it contains a sequence number to be hashed together with data
2001/03/26 r.innocente 40 SSL/TLS handshake • ClientHello (version,random,session,ciperhs) – Server hello(version,random,session,cipher) – [server may send its certificate] – [server may send a KeyExchange] – [server may send a CertReq] • [Client sends its certificate] • client sends a KeyExchange • [client sends a cert verify] • both send a Change CIpher
2001/03/26 r.innocente 41 SSL cert accept Pic From netscape
2001/03/26 r.innocente 42 Key Exchange • SSL v.2 uses RSA key exchange only • SSL v.3 supports: • RSA key exchange when certificates are used • DH (Diffie-Hellmann) for exchanging keys w/o certificates or prior communication
2001/03/26 r.innocente 43 Diffie-Hellmann Key Exchange • Given a large prime n and a primitive g • A chooses a random x and sends to B • X = g^x mod n • B choses a random y and sends to A • Y = g^y mod n • A and B can compute • k = Y^x mod n = g^(y*x) mod n = X^y mod n • The patent held by PKP expired in 1997
2001/03/26 r.innocente 44 PKI (Public Key Infrastructure) • It is a practical and viable way of publishing public keys on the Internet • PGP,PEM,PKIX ,SPKI and SDSI are different proposals
2001/03/26 r.innocente 45 PEM CA model Pic from M.Branchaud
2001/03/26 r.innocente 46 PKI Pic from M.Branchaud
2001/03/26 r.innocente 47 STARTTLS (RFC 2487) • a server announce its support of TLS • ehlo heaven.org • 250 inferno.org • 250 starttls • the client then can switch to TLS • starttls • 220 ready to start tls • STARTTLS is supported in sendmail 8.11
2001/03/26 r.innocente 48 Microsoft Authenticode • Announced in 1996 by Microsoft as part of IE3.0 and ActiveX (A system for downloading programs from web pages) • It describes some file formats to sign Microsoft 32bit EXEs, DLLs and OCXs • The signed file contains: • original file • digital signature • an X.509 certificate for the public key needed to verify the authenticode signature • The tools needed are in the ActiveX software developer’s Kit (CSW Code Signing Wizard)
2001/03/26 r.innocente 49 Java signed applets • Java too can use X.509 certificates to sign the code in a jar file (keytool and jarsign utilities) • The idea is similar to that of Microsoft, the code signed can obtain better trust according to user chosen confidence in signing publishers
2001/03/26 r.innocente 50 Encrypted services Note that recently the name of crypted services has changed from an initial s to a final s (simap to imaps) • https 443/tcp #http over ssl • telnets 992/tcp #telnet over ssl • pop3s 995/tcp • imaps 993/tcp • smtps 465/tcp • sshell 614/tcp #SSLshell • nsiiops 261/tcp #IIOP name service over ssl

More Related Content

PPT
Public key cryptography and RSA
Shafaan Khaliq Bhatti
 
PPT
Public Key Cryptography
anusachu .
 
PDF
Elliptic curve cryptography
Cysinfo Cyber Security Community
 
PPT
PGP S/MIME
Sou Jana
 
PPTX
Kerberos
RafatSamreen
 
PPTX
Cryptography and Information Security
Dr Naim R Kidwai
 
PPTX
Kerberos
Sutanu Paul
 
PPTX
Cryptography
Rutuja Solkar
 
Public key cryptography and RSA
Shafaan Khaliq Bhatti
 
Public Key Cryptography
anusachu .
 
Elliptic curve cryptography
Cysinfo Cyber Security Community
 
PGP S/MIME
Sou Jana
 
Kerberos
RafatSamreen
 
Cryptography and Information Security
Dr Naim R Kidwai
 
Kerberos
Sutanu Paul
 
Cryptography
Rutuja Solkar
 

What's hot (20)

PPTX
Secret key cryptography
Prabhat Goel
 
PPTX
Rsa Crptosystem
Amlan Patel
 
PPTX
Cryptography
Jens Patel
 
PDF
Introduction to Cryptography
Popescu Petre
 
PPTX
Symmetric and asymmetric key
Triad Square InfoSec
 
PPT
Classical Encryption Techniques
university of education,Lahore
 
PPT
Cryptography
IGZ Software house
 
PDF
CNIT 141: 12. Elliptic Curves
Sam Bowne
 
PPTX
cryptography
Abhijeet Singh
 
PPTX
Steganography
Mayank Saxena
 
PPTX
Encryption & Decryption
JayantBhatt6
 
PPT
Digital signature schemes
ravik09783
 
PPT
Polyalphabetic Substitution Cipher
SHUBHA CHATURVEDI
 
PPT
Cryptography
gueste4c97e
 
PPT
Data encryption standard
Vasuki Ramasamy
 
PPTX
Mathematics of Asymmetric cryptography
Sou Jana
 
PPT
Digital Certificate
Sumant Diwakar
 
PPTX
Cryptography
jayashri kolekar
 
PPTX
Introduction to Cryptography
Md. Afif Al Mamun
 
PDF
CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
Secret key cryptography
Prabhat Goel
 
Rsa Crptosystem
Amlan Patel
 
Cryptography
Jens Patel
 
Introduction to Cryptography
Popescu Petre
 
Symmetric and asymmetric key
Triad Square InfoSec
 
Classical Encryption Techniques
university of education,Lahore
 
Cryptography
IGZ Software house
 
CNIT 141: 12. Elliptic Curves
Sam Bowne
 
cryptography
Abhijeet Singh
 
Steganography
Mayank Saxena
 
Encryption & Decryption
JayantBhatt6
 
Digital signature schemes
ravik09783
 
Polyalphabetic Substitution Cipher
SHUBHA CHATURVEDI
 
Cryptography
gueste4c97e
 
Data encryption standard
Vasuki Ramasamy
 
Mathematics of Asymmetric cryptography
Sou Jana
 
Digital Certificate
Sumant Diwakar
 
Cryptography
jayashri kolekar
 
Introduction to Cryptography
Md. Afif Al Mamun
 
CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
Ad

Viewers also liked (17)

PPT
Cryptography
sharmili priyadarsini
 
PDF
IDRBT Project: Application Development in Java for public key cryptography
Shivashish Kumar
 
PPTX
Kerberos using public key cryptography
ishmecse13
 
PPTX
Cryptography - key sharing - RSA
John Paul Prassanna
 
PDF
Public Key Cryptography
Israel Herraiz
 
PPT
Ch09
Joe Christensen
 
PPTX
Public key Cryptography & RSA
Amit Debnath
 
PPTX
Cryptography & Network Security By, Er. Swapnil Kaware
Prof. Swapnil V. Kaware
 
PPT
public-key cryptography Shamir
Information Security Awareness Group
 
PPTX
RSA - ALGORITHM by Muthugomathy and Meenakshi Shetti of GIT COLLEGE
Qualcomm
 
KEY
Alice & bob public key cryptography 101
Joshua Thijssen
 
PPTX
3 public key cryptography
Rutvik Mehta
 
PPT
Public Key Cryptography and RSA algorithm
Indra97065
 
PPTX
Public Key Cryptography
Gopal Sakarkar
 
PPT
PUBLIC KEY ENCRYPTION
raf_slide
 
PPT
Cryptography and Message Authentication NS3
koolkampus
 
PPTX
Cryptography
Shivanand Arur
 
Cryptography
sharmili priyadarsini
 
IDRBT Project: Application Development in Java for public key cryptography
Shivashish Kumar
 
Kerberos using public key cryptography
ishmecse13
 
Cryptography - key sharing - RSA
John Paul Prassanna
 
Public Key Cryptography
Israel Herraiz
 
Ch09
Joe Christensen
 
Public key Cryptography & RSA
Amit Debnath
 
Cryptography & Network Security By, Er. Swapnil Kaware
Prof. Swapnil V. Kaware
 
public-key cryptography Shamir
Information Security Awareness Group
 
RSA - ALGORITHM by Muthugomathy and Meenakshi Shetti of GIT COLLEGE
Qualcomm
 
Alice & bob public key cryptography 101
Joshua Thijssen
 
3 public key cryptography
Rutvik Mehta
 
Public Key Cryptography and RSA algorithm
Indra97065
 
Public Key Cryptography
Gopal Sakarkar
 
PUBLIC KEY ENCRYPTION
raf_slide
 
Cryptography and Message Authentication NS3
koolkampus
 
Cryptography
Shivanand Arur
 
Ad

Similar to Public key cryptography (20)

PPT
RSA
bansidhar11
 
PPT
New ppt.ppt
ssuser4030a8
 
PPTX
Security
Saqib Shehzad
 
PPT
Rsa
magentie
 
PPT
BCS_PKI_part1.ppt
UskuMusku1
 
PPT
Pki by Steve Lamb
Information Security Awareness Group
 
PDF
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
PPTX
Ch9
Mahender Kumar
 
PDF
AllBits presentation - Security in Theory
AllBits BVBA (freelancer)
 
PPT
ch09-Critt.Asimettrica.notes has good info in security
AbdullahOmar704132
 
PDF
international security system data threats
gacop74666
 
PDF
PRINCIPLES OF INFORMATION SYSTEM SECURITY
gacop74666
 
PPT
6. cryptography
7wounders
 
PPTX
Crypto academy
Paul Gillingwater, MBA
 
PDF
computer-security-and-cryptography-a-simple-presentation
Alex Punnen
 
PPTX
Ch9_Cryptokkkllllllllllllllllllllk6e.pptx
LaxmanBhandari22
 
PDF
Simple Overview of PKI and Digital signature by Tarek_Gaber
Tarek Gaber
 
PPT
ch09_rsa_nemo.ppt
ChandraB15
 
PDF
Ch 12: Cryptography
Sam Bowne
 
PPTX
Security - ch3.pptx
HabtamuHaileMichael2
 
RSA
bansidhar11
 
New ppt.ppt
ssuser4030a8
 
Security
Saqib Shehzad
 
Rsa
magentie
 
BCS_PKI_part1.ppt
UskuMusku1
 
Pki by Steve Lamb
Information Security Awareness Group
 
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
Ch9
Mahender Kumar
 
AllBits presentation - Security in Theory
AllBits BVBA (freelancer)
 
ch09-Critt.Asimettrica.notes has good info in security
AbdullahOmar704132
 
international security system data threats
gacop74666
 
PRINCIPLES OF INFORMATION SYSTEM SECURITY
gacop74666
 
6. cryptography
7wounders
 
Crypto academy
Paul Gillingwater, MBA
 
computer-security-and-cryptography-a-simple-presentation
Alex Punnen
 
Ch9_Cryptokkkllllllllllllllllllllk6e.pptx
LaxmanBhandari22
 
Simple Overview of PKI and Digital signature by Tarek_Gaber
Tarek Gaber
 
ch09_rsa_nemo.ppt
ChandraB15
 
Ch 12: Cryptography
Sam Bowne
 
Security - ch3.pptx
HabtamuHaileMichael2
 

More from rinnocente (16)

PDF
Random Number Generators 2018
rinnocente
 
PDF
Docker containers : introduction
rinnocente
 
PDF
An FPGA for high end Open Networking
rinnocente
 
PDF
WiFi placement, can we use Maxwell ?
rinnocente
 
PDF
TLS, SPF, DKIM, DMARC, authenticated email
rinnocente
 
PDF
Fpga computing
rinnocente
 
PDF
Refreshing computer-skills: markdown, mathjax, jupyter, docker, microkernels
rinnocente
 
PDF
Nodes and Networks for HPC computing
rinnocente
 
PDF
features of tcp important for the web
rinnocente
 
PDF
End nodes in the Multigigabit era
rinnocente
 
PDF
Mosix : automatic load balancing and migration
rinnocente
 
PDF
Comp architecture : branch prediction
rinnocente
 
PDF
Data mining : rule mining algorithms
rinnocente
 
PDF
Ipv6 course
rinnocente
 
PDF
FPGA/Reconfigurable computing (HPRC)
rinnocente
 
PDF
radius dhcp dot1.x (802.1x)
rinnocente
 
Random Number Generators 2018
rinnocente
 
Docker containers : introduction
rinnocente
 
An FPGA for high end Open Networking
rinnocente
 
WiFi placement, can we use Maxwell ?
rinnocente
 
TLS, SPF, DKIM, DMARC, authenticated email
rinnocente
 
Fpga computing
rinnocente
 
Refreshing computer-skills: markdown, mathjax, jupyter, docker, microkernels
rinnocente
 
Nodes and Networks for HPC computing
rinnocente
 
features of tcp important for the web
rinnocente
 
End nodes in the Multigigabit era
rinnocente
 
Mosix : automatic load balancing and migration
rinnocente
 
Comp architecture : branch prediction
rinnocente
 
Data mining : rule mining algorithms
rinnocente
 
Ipv6 course
rinnocente
 
FPGA/Reconfigurable computing (HPRC)
rinnocente
 
radius dhcp dot1.x (802.1x)
rinnocente
 

Recently uploaded (20)

PDF
An Experience-Based Look at AI Lead Generation Pricing, Features & B2B Results
Thomas albart
 
PPTX
slidesgo-unlocking-the-code-the-dynamic-dance-of-variables-and-constants-2024...
kr2589474
 
PPT
Why Reliable Server Maintenance Service in New York is Crucial for Your Business
Sam Vohra
 
PPTX
ConcordeApp: Engineering Global Impact & Unlocking Billions in Event ROI with AI
chastechaste14
 
PPTX
TRAVEL APIs | WHITE LABEL TRAVEL API | TOP TRAVEL APIs
philipnathen82
 
PPTX
Web Testing.pptx528278vshbuqffqhhqiwnwuq
studylike474
 
PPTX
Explanation about Structures in C language.pptx
Veeral Rathod
 
PDF
What to consider before purchasing Microsoft 365 Business Premium_PDF.pdf
Q-Advise
 
PPTX
The-Dawn-of-AI-Reshaping-Our-World.pptxx
parthbhanushali307
 
PPTX
Presentation about Database and Database Administrator
abhishekchauhan86963
 
PPTX
Presentation about variables and constant.pptx
safalsingh810
 
PDF
Using licensed Data Loss Prevention (DLP) as a strategic proactive data secur...
Q-Advise
 
PDF
Summary Of Odoo 18.1 to 18.4 : The Way For Odoo 19
CandidRoot Solutions Private Limited
 
PDF
10 posting ideas for community engagement with AI prompts
Pankaj Taneja
 
PPTX
Maximizing Revenue with Marketo Measure: A Deep Dive into Multi-Touch Attribu...
bbedford2
 
PDF
49785682629390197565_LRN3014_Migrating_the_Beast.pdf
Abilash868456
 
PDF
WatchTraderHub - Watch Dealer software with inventory management and multi-ch...
WatchDealer Pavel
 
PPT
Activate_Methodology_Summary presentatio
annapureddyn
 
PDF
MiniTool Power Data Recovery Crack New Pre Activated Version Latest 2025
imang66g
 
PDF
New Download MiniTool Partition Wizard Crack Latest Version 2025
imang66g
 
An Experience-Based Look at AI Lead Generation Pricing, Features & B2B Results
Thomas albart
 
slidesgo-unlocking-the-code-the-dynamic-dance-of-variables-and-constants-2024...
kr2589474
 
Why Reliable Server Maintenance Service in New York is Crucial for Your Business
Sam Vohra
 
ConcordeApp: Engineering Global Impact & Unlocking Billions in Event ROI with AI
chastechaste14
 
TRAVEL APIs | WHITE LABEL TRAVEL API | TOP TRAVEL APIs
philipnathen82
 
Web Testing.pptx528278vshbuqffqhhqiwnwuq
studylike474
 
Explanation about Structures in C language.pptx
Veeral Rathod
 
What to consider before purchasing Microsoft 365 Business Premium_PDF.pdf
Q-Advise
 
The-Dawn-of-AI-Reshaping-Our-World.pptxx
parthbhanushali307
 
Presentation about Database and Database Administrator
abhishekchauhan86963
 
Presentation about variables and constant.pptx
safalsingh810
 
Using licensed Data Loss Prevention (DLP) as a strategic proactive data secur...
Q-Advise
 
Summary Of Odoo 18.1 to 18.4 : The Way For Odoo 19
CandidRoot Solutions Private Limited
 
10 posting ideas for community engagement with AI prompts
Pankaj Taneja
 
Maximizing Revenue with Marketo Measure: A Deep Dive into Multi-Touch Attribu...
bbedford2
 
49785682629390197565_LRN3014_Migrating_the_Beast.pdf
Abilash868456
 
WatchTraderHub - Watch Dealer software with inventory management and multi-ch...
WatchDealer Pavel
 
Activate_Methodology_Summary presentatio
annapureddyn
 
MiniTool Power Data Recovery Crack New Pre Activated Version Latest 2025
imang66g
 
New Download MiniTool Partition Wizard Crack Latest Version 2025
imang66g
 

Public key cryptography

  • 1. 2001/03/26 r.innocente 1 Public Key Cryptography, Digital Certificates, Transport Layer Security and Internet encrypted services Roberto Innocente [email protected]
  • 2. 2001/03/26 r.innocente 2 Summary • PKC (Public Key Cryptography) Introduction • Digital Certificates • SSL/TLS • Use of SSL/TLS over Internet • Encrypted services: pop, imap, smtp
  • 3. 2001/03/26 r.innocente 3 Cryptographic systems taxonomy • Symmetric key cryptography • same key for encryption and decryption • relatively fast • RC2, RC4, DES, triple DES • Asymmetric key cryptography • different keys for encryption/decryption • slow • RSA, ElGamal, Elliptic curves
  • 4. 2001/03/26 r.innocente 4 Symmetric Key Cryptography Encryption Decryption Plain text Cipher text Plain text m c=K(m) m=K(c) m message c cipher text K key key K K.K=1
  • 5. 2001/03/26 r.innocente 5 Asymmetric Key Cryptography Encryption Decryption Plain text Cipher text Plain text Encryption key E Decryption key D m c=E(m) m=D(c) m message c cipher text E encryption key D decryption key D.E=1
  • 6. 2001/03/26 r.innocente 6 Another classification • Secret Key Cryptography • the key is kept secret • it requires a secure channel to be transmitted • Public Key Crytpography • one key (the deciphering key) is kept secret • the other key is made public
  • 7. 2001/03/26 r.innocente 7 Public-Key Cryptography Diffie – Hellmann (1976) • Each user generates a pair of inverse transformation E and D. • The deciphering key D must be kept secret but need never be communicated on a channel • The enciphering key E can be made public by placing it in a public directory (Public File) The original idea here is that keys can be produced in pairs and that it can be very hard to generate a key from the other
  • 8. 2001/03/26 r.innocente 8 PKC algorithms Since DH idea in 1976 many algorithms have been proposed, most were discovered insecure, of the remaining many are not feasible. Some of the algorithms are: • Knapsack algorithms (later shown insecure) • RSA (still considered secure) • El Gamal (still considered secure)
  • 9. 2001/03/26 r.innocente 9 Knapsack algorithms/1 (!!! insecure !!!) First PKC algorithm proposed by Merckle and Hellmann in 1978. • Given n integers M1,M2,M3,..., and a sum S, find a binary sequence b1,b2,b3... such that • S=b1*M1+ b2*M2+b3*M3+ .... • where: • M1,M2,M3,... is the public key • b1,b2,b3,... are the bits of the plain message • S is the ciphertext In general it is an hard problem, but ...
  • 10. 2001/03/26 r.innocente 10 Knapsack algorithms/2 (!!! insecure !!!) A subclass of the general problem can be easily solved and mapped onto a more general one. • A superincreasing knapsack is a knapsack in which every number in the ordered sequence is greater than the sum of the preceeding numbers e.g.{ 2,3,6,13,27} • Solving the problem for a superincreasing knapsack is quite easy. Starting from the greatest number, that will be an addend if it is less than the sum S, and so on ... • Now, choosing a number m (=55) greater than the sum of all numbers in the sequence, and a number n (=29) prime with m, and taking the remainder module m of the numbers in the sequence multiplied by n e.g. {2*29=58mod 55 =3, 3*29=87mod 55=32,...} we obtain a knapsack that is not superincreasing... if we take this sequence as the public key, and the underlaying superincreasing sequence as the private key ...
  • 11. 2001/03/26 r.innocente 11 RSA/1 (Rivest,Shamir,Adleman 1978) • Choose primes p,q n=p*q • Choose encryption key e prime with (p-1)*(q-1) • Compute the inverse d such that • now for each message m : • n,e is the public key • d is the private key e*d = 1 mod n c = me mod n m = cd mod n
  • 12. 2001/03/26 r.innocente 12 RSA/2 • Fermat’s little theorem (p prime,(p|a)=1): • Euler Totient function: • Euler’s generalization of Fermat’s theorem: ap-1 ≅ 1 (mod p) φ(n)= # of integers less than n primes with n For p,q primes : φ(p) = p-1 φ(p*q) = (p-1)*(q-1) aφ(n) ≅1 mod n aφ(n) –1 ≅ a-1 mod n therefore : e-1 ≅ e(p-1)(q-1)-1 mod n
  • 13. 2001/03/26 r.innocente 13 RSA/3 • Software speedups: • RSA goes faster if you choose e carefully • 3 (PEM), 65537 (X.509), 17 (PKCS#1) are good choices having only 2 bits set • in particular 65537 requires only 17 multiplications to exponentiate • Hardware chips: • it’s about 1000 times slower than DES • 1 Mb/s using a 512 bits modulus (GEC Marconi)
  • 14. 2001/03/26 r.innocente 14 RSA/4 The RSA patent was valid only for the US because it was requested after publication. In any case the patent expired on September,20 2000 and from then on RSA it’s now free everywhere
  • 15. 2001/03/26 r.innocente 15 El Gamal (T.ElGamal 1984) • Choose a prime p and two random numbers g(<p),x (<p)and compute y = g**x mod p • public key is y,g,p • private key is x • To encrypt a message M choose a random k, (p-1|k)=1 and compute • a= g**k mod p • b = (y**k)* M mod p • a,b is the ciphertext, to decrypt : • M = b/a**x mod p
  • 16. 2001/03/26 r.innocente 16 Message digests or Hash or fingerprints • One way function that maps a file on a fixed length key. As with real fingerprints one hopes that no 2 msgs have the same fingerprint. • collision free • un-reversible • e.g : • Unix sum is a bad example (16 bits) (Unix sum,cksum) • MD5(128 bits) invented by RSA (Unix md5sum) • SHA1(160 bits) Secure Hash Algorithm-1
  • 17. 2001/03/26 r.innocente 17 Uses of PKC Pics from M.Branchaud Pic from M.Branchaud
  • 18. 2001/03/26 r.innocente 18 Digital Signature Message Message Digest MD5 Signature RSA with private key
  • 19. 2001/03/26 r.innocente 19 Pitney-Bowes Veritas system • Uses digital signatures to authenticate info stored on physical documents (including the digital encoding of photographs) • It’s been used successfully at the Olympic World Games in New Haven in 1995 • On the back of a badge a high density bar code encoded a photograph, biographical data and medical data of the athletes • A Veritas reader can scan the bar code, verify the digital signature and then display a copy of the photograph
  • 20. 2001/03/26 r.innocente 20 Digital Certificates L.Kohnfelder (1978) In an effort to overcome performance problems related to the use of a single Public File, Kohnfelder proposed a digitally signed data record containing a name and a public key called a CERTIFICATE.
  • 21. 2001/03/26 r.innocente 21 Digital Certificates/2 Name Public key Digital signature
  • 22. 2001/03/26 r.innocente 22 Certificates/3 • Binary format of certificates is defined using ASN.1 (x.208) • Binary encoding is defined using DER(Distinguished Encoding Rules) which is based on BER (Basic Encoding Rules) • Binary format can be translated into ASCII using Base64 encoding, this form is called PEM encoding
  • 23. 2001/03/26 r.innocente 23 ASN.1 (X.208 1988) Certificate ::=SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING } TBSCertificate ::=SEQUENCE { version [0] EXPLICIT Version DEFAULT v1, serialNumber CertificateSerialNumber, signatureAlgorithmIdentifier, issuer Name, validity Validity, subject Name, subjectPucliKeyInfo, issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, subjectUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, extensions [3] EXPLICIT Extensions OPTIONAL } UniqueIdentifier::= BITSTRING Extensions::=SEQUENCE OF Extension
  • 24. 2001/03/26 r.innocente 24 ASN.1/2Private-Key: (1024 bit) modulus: 00:a0:11:a6:01:c6:d6:55:23:06:12:af:76:04:94: 5d:6a:94:67:f7:02:6e:4c:1b:90:39:b8:6d:a6:02: 01:57:87:0b:57:ed:c9:ad:89:28:bf:71:62:7d:26: 9a:de:2d:d8:15:ed:82:07:cf:07:a5:4d:9c:83:b3: 11:19:1a:f4:c9:68:ac:39:c9:98:be:69:5c:dd:da: f1:44:7e:80:9e:53:c9:7c:ca:3c:60:20:99:ce:b3: 53:be:67:7f:31:06:91:b2:c5:76:04:53:0d:5a:42: b9:26:b1:fe:93:15:f0:04:75:03:1c:e7:a9:3a:cf: 9d:5e:01:01:93:81:23:09:45 publicExponent: 65537 (0x10001) privateExponent: 5a:db:a9:af:38:7e:50:b5:20:ad:5a:8b:52:ee:24: 58:6b:04:d8:60:b8:da:da:8a:73:39:0c:84:3e:7f: 24:7f:b3:20:a6:08:e4:48:06:a9:24:63:13:46:e6: 81:56:e4:61:0d:ff:d1:0e:e2:f8:21:a5:c5:db:ce: c8:c1:54:50:58:f4:d5:4c:53:ba:f7:dd:25:9d:a4: 55:25:a1:4b:07:25:38:14:20:0c:a6:c2:07:1d:a6: cd:b0:f0:5b:cc:58:f6:fd:1d:0a:93:01:58:83:79: 46:e4:fc:67:91:f9:36:9c:07:c5:9c:26:12:bd:ab: 1e:86:4c:63:a4:0b:31:c1 prime1: 00:d1:d7:69:c9:c5:b0:50:37:9f:2e:2d:21:b5:9f: 96:7e:e8:c1:05:29:b1:62:da:e4:b5:cd:04:03:b1: 27:c7:3e:ca:27:a1:bd:69:4f:33:e2:97:5a:03:d0: 33:6f:41:c8:e0:f9:94:e2:0d:c1:a6:85:e1:09:ac: 31:f5:97:7f:77 prime2: 00:c3:47:72:4a:31:ea:e4:e6:0f:79:7f:68:da:c8: 40:7a:96:86:be:69:1c:94:e7:ab:1f:03:66:e0:05: 00:92:4f:e9:ac:ff:0e:51:45:9c:ed:9b:9e:01:ba: e5:00:a2:0f:d4:59:e6:06:d9:24:21:ba:b1:96:79: 51:5b:37:44:23 exponent1: 64:1e:98:6d:d9:f1:be:c4:5b:21:a8:0c:ee:60:5f: 68:db:da:c4:80:d9:0e:e6:8b:bb:26:3f:65:17:90: 78:23:40:46:da:87:ca:08:2d:24:4e:bc:77:17:4e: 83:25:eb:17:54:5d:b1:e1:88:64:d0:79:c7:a8:ae: 09:94:a8:0f exponent2: 65:64:77:67:26:bb:fb:d5:a8:3b:41:78:44:00:ad: d9:f8:c6:45:9f:76:03:aa:b6:23:08:35:26:23:f2: c4:05:52:23:4c:db:36:3f:9a:d7:94:71:5a:1c:9c: 42:d3:e2:bc:33:61:48:34:fe:99:b4:c1:f8:8b:4d: 3e:bb:57:59 coefficient: 24:c5:7d:c3:22:1b:cf:ae:15:20:97:9c:73:78:4a: d5:98:39:da:be:12:7e:94:1d:81:fa:0e:08:2a:dc: 3d:18:9e:b3:f8:cf:29:66:76:16:22:11:8f:d1:c1: a3:ec:6f:50:d5:e1:0f:66:ba:6a:43:ec:86:20:08: 39:0c:20:9e -----BEGIN RSA PRIVATE KEY----- MIICWwIBAAKBgQCgEaYBxtZVIwYSr3YElF1qlGf3Am5MG5A5uG2mAgFXhwtX7cmt iSi/cWJ9JpreLdgV7YIHzwelTZyDsxEZGvTJaKw5yZi+aVzd2vFEfoCeU8l8yjxg IJnOs1O+Z38xBpGyxXYEUw1aQrkmsf6TFfAEdQMc56k6z51eAQGTgSMJRQIDAQAB AoGAWtuprzh+ULUgrVqLUu4kWGsE2GC42tqKczkMhD5/JH+zIKYI5EgGqSRjE0bm gVbkYQ3/0Q7i+CGlxdvOyMFUUFj01UxTuvfdJZ2kVSWhSwclOBQgDKbCBx2mzbDw W8xY9v0dCpMBWIN5RuT8Z5H5NpwHxZwmEr2rHoZMY6QLMcECQQDR12nJxbBQN58u LSG1n5Z+6MEFKbFi2uS1zQQDsSfHPsonob1pTzPil1oD0DNvQcjg+ZTiDcGmheEJ rDH1l393AkEAw0dySjHq5OYPeX9o2shAepaGvmkclOerHwNm4AUAkk/prP8OUUWc 7ZueAbrlAKIP1FnmBtkkIbqxlnlRWzdEIwJAZB6YbdnxvsRbIagM7mBfaNvaxIDZ DuaLuyY/ZReQeCNARtqHyggtJE68dxdOgyXrF1RdseGIZNB5x6iuCZSoDwJAZWR3
  • 25. 2001/03/26 r.innocente 25 ASN.1/3 0:d=0 hl=4 l= 603 cons: SEQUENCE 4:d=1 hl=2 l= 1 prim: INTEGER :00 7:d=1 hl=3 l= 129 prim: INTEGER :A011A601C6D655230612AF7604945D6A9467F7026E4C1B9039B86DA6020157870B57EDC9AD8928B F71627D269ADE2DD815ED8207CF07A54D9C83B311191AF4C968AC39C998BE695CDDDAF1447E809E5 3C97CCA3C602099CEB353BE677F310691B2C57604530D5A42B926B1FE9315F00475031CE7A93ACF9 D5E01019381230945 139:d=1 hl=2 l= 3 prim: INTEGER :010001 144:d=1 hl=3 l= 128 prim: INTEGER : 5ADBA9AF387E50B520AD5A8B52EE24586B04D860B8DADA8A73390C843E7F247FB320A608E44806A9 24631346E68156E4610DFFD10EE2F821A5C5DBCEC8C1545058F4D54C53BAF7DD259DA45525A14B07 253814200CA6C2071DA6CDB0F05BCC58F6FD1D0A930158837946E4FC6791F9369C07C59C2612BDAB 1E864C63A40B31C1 275:d=1 hl=2 l= 65 prim: INTEGER :D1D769C9C5B050379F2E2D21B59F967EE8C10529B162DAE4B5CD0403B127C73ECA27A1BD694F33E 2975A03D0336F41C8E0F994E20DC1A685E109AC31F5977F77 342:d=1 hl=2 l= 65 prim: INTEGER :C347724A31EAE4E60F797F68DAC8407A9686BE691C94E7AB1F0366E00500924FE9ACFF0E51459CE D9B9E01BAE500A20FD459E606D92421BAB19679515B374423 409:d=1 hl=2 l= 64 prim: INTEGER : 641E986DD9F1BEC45B21A80CEE605F68DBDAC480D90EE68BBB263F65179078234046DA87CA082D24 4EBC77174E8325EB17545DB1E18864D079C7A8AE0994A80F 475:d=1 hl=2 l= 64 prim: INTEGER : 6564776726BBFBD5A83B41784400ADD9F8C6459F7603AAB62308352623F2C40552234CDB363F9AD7 94715A1C9C42D3E2BC33614834FE99B4C1F88B4D3EBB5759 541:d=1 hl=2 l= 64 prim: INTEGER : 24C57DC3221BCFAE1520979C73784AD59839DABE127E941D81FA0E082ADC3D189EB3F8CF29667616 22118FD1C1A3EC6F50D5E10F66BA6A43EC862008390C209E
  • 26. 2001/03/26 r.innocente 26 OID (object identifiers) • Object identifiers are unique numbers assigned to objects. They identify a node in a global tree. • e.g. 1.2.840.113549.1.7.2 is an OID, it means SignedData which is defined by RSADSI 0 ITU-T 1 ISO 2 joint ISO/ITU
  • 27. 2001/03/26 r.innocente 27 OID global tree Pic from M.Branchaud
  • 28. 2001/03/26 r.innocente 28 RSA keys according to PKCS#.. Private-Key: (1024 bit) modulus: 00:a0:11:a6:01:c6:d6:55:23:06:12:af:76:04:94: 5d:6a:94:67:f7:02:6e:4c:1b:90:39:b8:6d:a6:02: 01:57:87:0b:57:ed:c9:ad:89:28:bf:71:62:7d:26: 9a:de:2d:d8:15:ed:82:07:cf:07:a5:4d:9c:83:b3: 11:19:1a:f4:c9:68:ac:39:c9:98:be:69:5c:dd:da: f1:44:7e:80:9e:53:c9:7c:ca:3c:60:20:99:ce:b3: 53:be:67:7f:31:06:91:b2:c5:76:04:53:0d:5a:42: b9:26:b1:fe:93:15:f0:04:75:03:1c:e7:a9:3a:cf: 9d:5e:01:01:93:81:23:09:45 publicExponent: 65537 (0x10001) privateExponent: 5a:db:a9:af:38:7e:50:b5:20:ad:5a:8b:52:ee:24: 58:6b:04:d8:60:b8:da:da:8a:73:39:0c:84:3e:7f: 24:7f:b3:20:a6:08:e4:48:06:a9:24:63:13:46:e6: 81:56:e4:61:0d:ff:d1:0e:e2:f8:21:a5:c5:db:ce: c8:c1:54:50:58:f4:d5:4c:53:ba:f7:dd:25:9d:a4: 55:25:a1:4b:07:25:38:14:20:0c:a6:c2:07:1d:a6: cd:b0:f0:5b:cc:58:f6:fd:1d:0a:93:01:58:83:79: 46:e4:fc:67:91:f9:36:9c:07:c5:9c:26:12:bd:ab:
  • 29. 2001/03/26 r.innocente 29 X.500 Directory Services
  • 31. 2001/03/26 r.innocente 31 Distinguished Names (DN) fields • Common name CN e.g. CN=Joe Wells • Organizational unit OU e.g OU=Sales • Organization O e.g. O=Heaven,Inc. • City/Locality L e.g. L=Tampa • State/Province ST e.g. ST=Florida • Country C e.g. C=US • / C=US/ST=Florida/L=Tampa/O=Heaven,Inc./OU=Sale s/CN=Joe Wells
  • 33. 2001/03/26 r.innocente 33 X.509 cert v1-2 Pic from M.Branchaud
  • 36. 2001/03/26 r.innocente 36 SSL/1 The SSL (Secure Socket Layer) protocol was designed by Netscape to be used with its browser. • SSL v.1 was used only internally. • SSL v.2 was incorporated in Navigator v1 and v2. • Microsoft created a similar protocol called PCT which overcame some problems of SSL • SSL v.3 incorporated PCT enhancements
  • 37. 2001/03/26 r.innocente 37 SSL/2 • The first implementation of SSL was available only in Netscape browsers and servers • SSLRef is a reference implementation in C that Netscape made available in source code (does’nt include RC2 or RC4 encryption algorithms) • SSLeay is an indipendent implementation of SSLv.3 made by Eric A. Young a programmer in Australia • OpenSSL is based on SSLeay
  • 38. 2001/03/26 r.innocente 38 TLS/SSL Layers e.g. TCP TLS Record protocol TLS Handshake prot TLS layers Transport protocol
  • 39. 2001/03/26 r.innocente 39 SSL record protocol • Each SSL record contains: • content type • proto version • length • payload • Message auhentication ( Changed in TLS to HMAC), it contains a sequence number to be hashed together with data
  • 40. 2001/03/26 r.innocente 40 SSL/TLS handshake • ClientHello (version,random,session,ciperhs) – Server hello(version,random,session,cipher) – [server may send its certificate] – [server may send a KeyExchange] – [server may send a CertReq] • [Client sends its certificate] • client sends a KeyExchange • [client sends a cert verify] • both send a Change CIpher
  • 41. 2001/03/26 r.innocente 41 SSL cert accept Pic From netscape
  • 42. 2001/03/26 r.innocente 42 Key Exchange • SSL v.2 uses RSA key exchange only • SSL v.3 supports: • RSA key exchange when certificates are used • DH (Diffie-Hellmann) for exchanging keys w/o certificates or prior communication
  • 43. 2001/03/26 r.innocente 43 Diffie-Hellmann Key Exchange • Given a large prime n and a primitive g • A chooses a random x and sends to B • X = g^x mod n • B choses a random y and sends to A • Y = g^y mod n • A and B can compute • k = Y^x mod n = g^(y*x) mod n = X^y mod n • The patent held by PKP expired in 1997
  • 44. 2001/03/26 r.innocente 44 PKI (Public Key Infrastructure) • It is a practical and viable way of publishing public keys on the Internet • PGP,PEM,PKIX ,SPKI and SDSI are different proposals
  • 45. 2001/03/26 r.innocente 45 PEM CA model Pic from M.Branchaud
  • 47. 2001/03/26 r.innocente 47 STARTTLS (RFC 2487) • a server announce its support of TLS • ehlo heaven.org • 250 inferno.org • 250 starttls • the client then can switch to TLS • starttls • 220 ready to start tls • STARTTLS is supported in sendmail 8.11
  • 48. 2001/03/26 r.innocente 48 Microsoft Authenticode • Announced in 1996 by Microsoft as part of IE3.0 and ActiveX (A system for downloading programs from web pages) • It describes some file formats to sign Microsoft 32bit EXEs, DLLs and OCXs • The signed file contains: • original file • digital signature • an X.509 certificate for the public key needed to verify the authenticode signature • The tools needed are in the ActiveX software developer’s Kit (CSW Code Signing Wizard)
  • 49. 2001/03/26 r.innocente 49 Java signed applets • Java too can use X.509 certificates to sign the code in a jar file (keytool and jarsign utilities) • The idea is similar to that of Microsoft, the code signed can obtain better trust according to user chosen confidence in signing publishers
  • 50. 2001/03/26 r.innocente 50 Encrypted services Note that recently the name of crypted services has changed from an initial s to a final s (simap to imaps) • https 443/tcp #http over ssl • telnets 992/tcp #telnet over ssl • pop3s 995/tcp • imaps 993/tcp • smtps 465/tcp • sshell 614/tcp #SSLshell • nsiiops 261/tcp #IIOP name service over ssl