Documents

AsymmetricEncryption and PKI CA

Description
crypto notes
Categories
Published
of 4
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Transcript
    HOW CAN SUE BE SURE PUBLIC KEY IS JOE'S? Chadwick, the international hacker, is sniffing the communications over the internet between Joe and Sue. What mischief could Chadwick get up to? DIGITAL CERTIFICATE : Shows who is the owner of a public key:: We are rarely certain of the real identity of the sender, only that they have sent us a public key. If you want to buy over the web and to encrypt your credit card details you need to know the public key you are sent really belongs to who you think you are sending to. The authenticity of a public key can be  proved by a digital certificate . The certificate gives the public key of a particular party and verifies they own it through the digital signature of the Issuing Authority. . To Verify This Certificate the Receiver Must: Part A : Calculate message digest for part A using the Message Digest type specified: Part B: Decrypt the Issuing Authority’s   Digital Signature using what key? And, when decrypted, we now have what? What do we now compare ? Cyber Security : AIMS AND OBJECTIVES: PKI VERISIGN CLASS1 DIGITAL CERTIFICATE OWNER: Certified Details for : Fred Bloggs Email:  bf02@gre.ac.uk  Certificate Serial No: A2:EO:89:B1:E5 …  Public Key: 9D:4F:16:3D:1A:87:F1:A2:EO:7D:B9:B1:D5:83:B3:62  CERTIFICATE DETAILS Certificate Validity: 4/1/2012  –   3/1/2013 Certificate Type: Class 1 Checked: 20/12/2011 Issuing Certificate Authority: Verisign Class1 CA : 62 Axford Street, London Message Digest Type: MD5  Issuin Authorit’s Diital Sinature: BD:44:15:3D:2A:57:F1:72:EO:5D:89:B1:E5:8D:B3:ED   …     Joe sends his Public ke to Sue Sue sends encrypted message to Joe Sue sends a message to Joe asking for his Public Ke. Chadwick  pretends to  be Joe ) ) ) PartA  ) ) PartB     Chadwick  pretends to  be Sue  Certificate Authorities and Certificate Types Many Certificate Authorities (CA’s), most known are Verisign, Microsoft, Thawte. Some do exhaustive checks - others do few Verisign Class1: Individual subscriber  –   persona non-validated: first and last names, email Verisign Class2 : Individual subscriber  –   persona validated: name, spouses name, email, dob ,employer, drivers lic. no., soc. sec. no. Verisign Class3: Secure Server: thorough identity checks Certificate Issue from CA (Certificate Authority) There are TWO processes : registration and certification. Registration performs various checking operations on the owner of the key to verify their identity. Certification produces the certificate; on approval the CA creates an X.509 certificate for the user and signs it with its own private key. SUE VERISIGN . Here is our CA(Pu) key. Encrypt your details with this and send to us. I want a digital certificate Class2 to verify my public key For Class2 Please Send ID :  Name, address, email, dob, drivers license no, employer Check ID. Please give a ‘challenge phrase’ encrypted with our public key. Here is my Challenge phrase Encrypted with your Public Key CA(Pu) Here is your signed certificate containing: S(Pu) and your personal details authenticated and authorised with our digital Signature CA(Pu) Digital Certificate S(Pu) Here is my ID and S(Pu) encrypted with your public key CA(Pu)  CA CHAINING (ROOT) Verisign Class1 CA Verisign Class2 CA Verisign Class3 CA In XP t o see the university’s certificates go to Settings\Control Panel\Security Center\ Internet Options\Content\Certificates PUBLIC KEY INFRASTRUCTURE (PKI) A PKI can be internal to an organisation as well as national/international. Verisign Cert : Serial No: 34567 Digest: MD5 Class:1 Owner: John Mitchell Public key: A3:47:6F: … JOE J(Pr) JCert validate Sue's certificate encrypt message with Sue's pub key S(Pu) Encrypted Message SUE S(Pr) SCert Certificate Authority CA issues Digital Certifcates. Root issues Digital Certifcates for CA’s.   Verisign Class1 CA’s   Dig Sig: C4:5D:83:A7 …   ROOT’s Dig Sig: A4:5D:83:A7 …   Issue this certificate If John Mitchell sent this certificate to the university so we could use his Public Key, h ow would we know it wasn’t altered?  Intermediate Certification Authorities Trusted Root Certification Authority What does this arrow denote? What does this arrow denote? So, what does Sue do to read Joes messae? What do they exchange? Verisign Cert : Serial No: 00001 Digest: MD5 Class:3 Owner: Verisign Class1 CA   Public key: A7:B7:6F: … Validate John’s certificate using Public key from Verisign Class1 CA certificate Validate Verisign Class 1 certificate with ROOT public key   ROOT  COMPARISON OF SYMMETRIC AND ASYMMETRIC ENCRYPTION CRITERIA SYMMETRIC ( one key) ASYMMETRIC (2 keys) Speed Distributing key Authentication Secure MAKING CONFIDENTIAL , TRUSTABLE MESSAGES AVAILABLE SECURE SOCKETS LAYER (SSL) with ONE certificate exchange JOE AMAZON Send: Send: Send Amazon Certificate Amaz(Cert) 1.   I want to use DES symmetric encryption. 2.   I will send 128bit symmetric session key Joe(Sym). 3.   Here is session key Joe(Sym) encrypted. 1.   Decrypt 128bit symmetric session key Joe(Sym). 2.   Please send encrypted order+ credit card details. I have written my order and want to send order/credit card Here are my credit card details encrypted with the 128bit symmetric session key Joe(Sym).. 1.   Decrypt order/credit card details. 1.   Here is the message digest for the order/credit card details encrypted with Joe(Sym). 2.   Encrypted session over. Check out message digest. Send transaction over message. Joe is using a 128bit symmetric session key: how many choices of key does he have for one session? With what key does Joe encrypt the DES key for Amazon? With what key does Amazon decrypt the DES key from Joe? With what key does Amazon decrypt the order/credit card details from Joe?  Note that the symmetric key is only created for one transaction. Each transaction has a different symmetric key called a SESSION key.
Search
Tags
Related Search
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks