Public Key Infrastructures
|
|
- Lauren May
- 6 years ago
- Views:
Transcription
1 Public Key Infrastructures Trust Models Cryptography and Computer Algebra Prof. Johannes Buchmann Dr. Johannes Braun
2 We trust certificates because we trust the system(s). Direct trust Web of trust Hierarchical trust 2
3 Example: Secured website 3
4 View the website's certificate 4
5 In the browser The browser is shipped with trusted authorities 5
6 Direct trust 6
7 Direct trust User receives public key directly from owner OR User verifies public key directly with owner 7
8 Most common: Fingerprint comparison Fingerprint = hash value of the certificate (incl. signature) in DER format 8
9 Face to face verification 9
10 Phone verification file://../certificates/hrz/dt-root-ca-2.der (bin) 10
11 Phone verification 11
12 Web page verification 12
13 Printed media verification BNetzA publishes the public key 13
14 and more e.g. public keys on software CD/DVD apt-key --keyring /etc/apt/trusted.gpg.d list /etc/apt/trusted.gpg.d//debian-archive-jessie-automatic.gpg pub 4096R/2B90D [expires: ] uid Debian Archive Automatic Signing Key (8/jessie) 14
15 Example: Certificate installation Step 1: Get certificate 15
16 Example: Certificate installation Step 2: View certificate 16
17 Example: Certificate installation Step 3: View fingerprint 17
18 Example: Certificate installation Step 3: Compare fingerprint 18
19 Example: Certificate installation Step 4: Decide certificate purposes 19
20 Example: Certificate installation Result: Locally installed certificate 20
21 Example: Software signing Step 1: Get software and public key Original CD/DVD Customer obtains genuine CD/DVD containing the public key. The medium offers protection against manipulation. Key compromise as well as CD/DVD forgery can become known through the media. Trust in key = Trust in genuine CD/DVD 21
22 Example: Software signing Step 2: Check signature on updates Signed RPMs RedHat Package Manager Software installation in Linux Source: miscellaneous URLs Is a URL trusted? (e.g. is ftp://ftp.suse.com/.../openssl-1.0.2d.rpm one malicious version of OpenSSL?) Solution: The Linux-Distributor signs the RPM-Packet with GPG (GNU Privacy Guard) Public Key inside the original-cd for verification ~# rpm --checksig./openssl-1.0.2d.rpm openssl-1.0.2d.rpm: sha256 gpg in Ordnung ~# 22
23 Key validation problem Internet: 3,731,973,423 users 13,927,625,626,246,363,506 validations n*(n-1) validations = O(n 2 ) Even worse than symmetric key exchange [From: April 08, 2015] 25
24 Direct Trust: Summary Establishes Which keys are authentic Why they are considered authentic Bad scalability n * (n-1) = O(n 2 ) verifications Worse complexity than secret key exchange! Basis for all other trust models To be seen 26
25 Web of trust 27
26 Web of trust [From PGP-Pretty Good Privacy by Simon Garfinkel] 28
27 Web of trust A decentralized trust model To establish the authenticity of the binding public key user Used in PGP, GnuPG, and other OpenPGP-compatible systems Each party = end-user & certification authority at the same time All users distribute their own public keys, and certify those of other users From: Encyclopedia of Cryptography and Security, page
28 Key validity Alice computes key validity using Bob s signatures Carl Alice Bob Dave 30
29 Key validity Alice computes key validity using Bob s signatures Carl Alice Dave 31
30 Chaining key validity Alice computes key validity using Bob s and Carl s signatures Dave Alice Bob Carl Elena 32
31 Chaining key validity Alice computes key validity using Bob s and Carl s signatures Dave Alice Elena 33
32 Public keyring 34
33 Public keyring Alice s public keyring 35
34 Key validity vs. owner trust Key validity: Is the key owner who he claims to be? Levels: unknown; marginal; complete; ultimate Owner trust: Is the key owner reliable? (in respect to signing keys of others) Levels: unknown; none; marginal; complete; ultimate 36
35 Key validity levels unknown Nothing is known about this key. marginal The key probably belongs to the name. complete The key definitely belongs to the name. (ultimate) (Own keys). 37
36 Owner trust levels unknown Nothing can be said about the owner's judgment in key signing. none The owner is known to improperly sign keys. marginal The owner is known to properly sign keys. complete The owner is known to put great care in key signing. ultimate The owner is known to put great care in key signing, and is allowed to make trust decisions for you. 38
37 Assigning key validity and owner trust Key validity: Manually set (Key signing) OR computed from the trust in the corresponding signers, only considering signers with key validity complete. Owner trust: Manually set (Trust setting) 39
38 Key signing: Direct trust Bob s key validity is complete for Alice because she decided it when signing the key after verifying the fingerprint. 40
39 Key validity computation: complete (1) If the key is signed by at least one user with owner trust complete. 41
40 Key validity computation: complete (2) If the key is signed by at least x (here x=2) names with owner trust marginal. 42
41 Trust anchor: Owner trust Alice assigns owner trust to users. 45
42 Trusted introducers Alice signs Bob s key (level 1) and trusts him. Bob signs Carl s key (level 0) and trusts him. Alice uses Carl s signatures on Dave s and Elena s keys. Bob = Trusted introducer Dave Alice Bob Carl By allowing more intermediate signers (level >1), Bob becomes a Meta introducer Elena 46
43 Trusted introducers Alice signs Bob s key (level 1) and trusts him. Bob signs Carl s key (level 0) and trusts him. Alice uses Carl s signatures on Dave s and Elena s keys. Bob = Trusted introducer Dave Alice By allowing more intermediate signers (level >1), Bob becomes a Meta introducer Elena 47
44 Example: Thunderbird file://../thunderbirdportable/thunderbirdportable.exe 48
45 Sign and encrypt message 49
46 Decrypt and verify message 50
47 Example: OpenPGP C:\Users\[Benutzername]\AppData\Roaming\gnupg (prune) 51
48 Some OpenPGP commands Command gpg --gen-key gpg --output revoke.asc -- gen-revoke keyid gpg --output alice.gpg -- export keyid gpg -e -r keyid <filename> gpg -d <filename> gpg -s <filename> Description Generate key Revoke key Export key Encrypt Decrypt Sign... 52
49 PGP: Disadvantages PGP lacks forward secrecy (Forward secrecy: Exposure of long-term keys, used to negotiate session keys, does not compromise the secrecy of session keys established before the exposure.) From: Encyclopedia_of_cryptography_and_security, page 921 No supervision in regard to upgrading algorithms and parameters (e.g., use of old ciphers) Bad scalability for global use 53
50 Hierarchical trust 54
51 Hierarchical trust Certification Authority (CA) issues certificates trust anchor Alice Bob Carl 55
52 Hierarchical trust Why does Alice trust in Doris key? DFN PCA root CA TUD CA Uni Gießen TUD Student CA TUD Employee CA Alice Bob Carl Doris Emil 56
53 Hierarchical trust Why does Alice trust in Doris key? DFN PCA root CA TUD CA Uni Gießen TUD Student CA TUD Employee CA Alice Bob Carl Doris Emil 57
54 Hierarchical trust Emil to Alice DFN PCA TUD CA Uni Gießen TUD Student CA TUD Employee CA Alice Bob Carl Doris Emil 58
55 Hierarchical trust Emil to Alice DFN PCA TUD CA Uni Gießen TUD Student CA TUD Employee CA Alice Bob Carl Doris Emil 59
56 Hierarchical trust Emil to Alice DFN PCA TUD CA Uni Gießen TUD Student CA TUD Employee CA Alice Bob Carl Doris Emil 60
57 Hierarchical trust Emil to Alice DFN PCA TUD CA Uni Gießen TUD Student CA TUD Employee CA Alice Bob Carl Doris Emil 61
58 Trust models in multiple hierarchies When does Alice accept the certificate of Fred? TC 2 TC 3 TC 4 TC 5 TC 6 TC 7 Alice Bob Carl Doris Emil Fred Gerd Hans 62
59 Method 1: Trusted list Every participant has a list of trusted CAs Alice trusts TC2 and TC3 Every user maintains an own list (like in the Web of trust) Used in Web browsers (preinstalled + user defined) TC 2 TC 3 TC 4 TC 5 TC 6 TC 7 Alice Bob Carl Doris Emil Fred Gerd Hans 63
60 Trusted list: Certification path Alice to Fred TC 2 TC 3 TC 4 TC 5 TC 6 TC 7 Alice Bob Carl Doris Emil Fred Gerd Hans 64
61 Example Trusted list 65
62 Method 2: Common root Every user who trusts TC1, accepts every other end-user certificate. TC 1 TC 2 TC 3 TC 4 TC 5 TC 6 TC 7 Alice Bob Carl Doris Emil Fred Gerd Hans 66
63 Common root: Certification path Alice to Fred TC 1 TC 2 TC 3 TC 4 TC 5 TC 6 TC 7 Alice Bob Carl Doris Emil Fred Gerd Hans 67
64 Example Two hierarchies 68
65 Example Common root 69
66 Method 3: Cross-certification TC 2 TC 3 TC 4 TC 5 TC 6 TC 7 Alice Bob Carl Doris Emil Fred Gerd Hans TC 2 issues a CA-certificate for TC 3. TC 3 issues a CA-certificate for TC 2. Not always bilateral Every user who trusts TC 3, accepts every certificate, that was issued by TC 2 (or a subordinate CA). Every user who trusts TC 2, accepts every certificate, that was issued by TC 3 (or a subordinate CA). 70
67 Cross-certification: Certification path Alice to Fred TC 2 TC 3 TC 4 TC 5 TC 6 TC 7 Alice Bob Carl Doris Emil Fred Gerd Hans 71
68 Cross-certification: Other possibility (1) TC 2 issues one CA-certificate to TC 7 and vice versa. Hans accepts the certificate of Emil and vice versa. Emil does not accept the certificate of Fred. TC 2 TC 3 TC 4 TC 5 TC 6 TC 7 Alice Bob Carl Doris Emil Fred Gerd Hans 72
69 Cross-certification: Other possibility (2) TC 4 issues one CA-certificate to TC 6 and vice versa. Alice accepts the certificate of Fred and vice versa. Fred does not accept the certificate of Emil. TC 2 TC 3 TC 4 TC 5 TC 6 TC 7 Alice Bob Carl Doris Emil Fred Gerd Hans 73
70 Example 1R root 74
71 Example 2R root 75
72 Example 1R-to-2R 2R-to-1R 76
73 Example 2R as trust anchor 77
74 Cross-certification problem n*(n-1) cross-certificats = O(n 2 ) 78
75 Method 4: Bridge Idea: Bridge TC has cross-certifications with TC 2 and TC 3. Alice accepts all certificates beneath TC 3. Fred accepts all certificates beneath TC 2. TC 2 Bridge TC TC 3 TC 4 TC 5 TC 6 TC 7 Alice Bob Carl Doris Emil Fred Gerd Hans 79
76 Bridge: Certification path Alice to Fred Bridge enforces minimal policy TC 2 Bridge TC TC 3 TC 4 TC 5 TC 6 TC 7 Alice Bob Carl Doris Emil Fred Gerd Hans 80
77 Bridge trust center The bridge TC acts as a connector This TC is not subordinate to a third CA Interesting for corporate CAs that: want to enable secure communication for their users outside the organisation s borders do not want to be subordinate to a third CA 81
78 Example European Bridge CA (EBCA) 82
79 X.509 certificate extension Basic Constraints Identifies whether the subject of the certificate is a CA the maximum number of non-self-issued intermediate certificates that may follow this certificate in a valid certification path. It is marked critical If pathlength is not present => no limit ASN.1: BasicConstraints ::= SEQUENCE { ca BOOLEAN DEFAULT FALSE, pathlenconstraint INTEGER (0..MAX) OPTIONAL } file://../certificates/text/csca_basicconstraints.cxt (text) file://../certificates/country_signing_ca.cer (bin) 83
80 X.509 certificate extension Basic Constraints: Example Root CA Subordinate CA Subordinate CA ca:true pathlength: ca:true pathlength: ca:false Alice 84
81 X.509 certificate extension Basic Constraints: Example Root CA Subordinate CA Subordinate CA Alice ca:true pathlength: 1 ca:true pathlength: 0 ca:false minimum values 85
82 Criticism regarding the power of CAs Honest Achmed Achmed-bittet-um-Vertrauen html 86
Public Key Infrastructures. Andreas Hülsing
Public Key Infrastructures Andreas Hülsing How to share Keys with PGP Attach to mail Use Key Server Still need to verify key validity! 28-5-2014 PAGE 1 PGP Keyserver Synchronization Graph http://www.rediris.es/keyserver/graph.html
More informationPublic Key Cryptography, OpenPGP, and Enigmail. 31/5/ Geek Girls Carrffots GVA
Public Key Cryptography, OpenPGP, and Enigmail Cryptography is the art and science of transforming (encrypting) a message so only the intended recipient can read it Symmetric Cryptography shared secret
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More information6 Public Key Infrastructure 6.1 Certificates Structure of an X.509 certificate X.500 Distinguished Name and X.509v3 subjectalternativename
6 Public Key Infrastructure 6.1 Certificates Structure of an X.509 certificate X.500 Distinguished Name and X.509v3 subjectalternativename Certificate formats (DER, PEM, PKCS #12) 6.2 Certificate Authorities
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 11: Public Key Infrastructure Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Public key infrastructure Certificates Trust
More informationSecurity PGP / Pretty Good Privacy. SANOGXXX July, 2017 Gurgaon, Haryana, India
Email Security PGP / Pretty Good Privacy SANOGXXX 10-18 July, 2017 Gurgaon, Haryana, India Issue Date: [31-12-2015] Revision: [V.1] Security issues for E-mail Confidentiality Network admin can read your
More informationLecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005
Lecture 30 Security April 11, 2005 Cryptography K A ciphertext Figure 7.3 goes here K B symmetric-key crypto: sender, receiver keys identical public-key crypto: encrypt key public, decrypt key secret Symmetric
More informationChapter 9: Key Management
Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #9-1 Overview Key exchange Session vs. interchange
More informationL8: Public Key Infrastructure. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806
L8: Public Key Infrastructure Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806 9/21/2015 CSCI 451 - Fall 2015 1 Acknowledgement Many slides are from
More informationUsing Cryptography CMSC 414. October 16, 2017
Using Cryptography CMSC 414 October 16, 2017 Digital Certificates Recall: K pub = (n, e) This is an RSA public key How do we know who this is for? Need to bind identity to a public key We can do this using
More informationTopics. Dramatis Personae Cathy, the Computer, trusted 3 rd party. Cryptographic Protocols
Cryptographic Protocols Topics 1. Dramatis Personae and Notation 2. Session and Interchange Keys 3. Key Exchange 4. Key Generation 5. Cryptographic Key Infrastructure 6. Storing and Revoking Keys 7. Digital
More informationCSC 5930/9010 Modern Cryptography: Public-Key Infrastructure
CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure Professor Henry Carter Fall 2018 Recap Digital signatures provide message authenticity and integrity in the public-key setting As well as public
More informationBut where'd that extra "s" come from, and what does it mean?
SSL/TLS While browsing Internet, some URLs start with "http://" while others start with "https://"? Perhaps the extra "s" when browsing websites that require giving over sensitive information, like paying
More informationOverview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation
Overview Key exchange Session vs. interchange keys Classical, public key methods Key generation Cryptographic key infrastructure Certificates Key storage Key escrow Key revocation Digital signatures May
More informationTen Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier
Presented by Joshua Schiffman & Archana Viswanath Ten Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier Trust Models Rooted Trust Model! In a
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 8: Protocols for public-key management Ion Petre Department of IT, Åbo Akademi University 1 Key management two problems
More informationWhat is a Digital Certificate? Basic Problem. Digital Certificates, Certification Authorities, and Public Key Infrastructure. Sections
Digital Certificates, Certification Authorities, and Public Key Infrastructure Sections 14.3-14.5 Basic Problem What does a public-key signature verification tell you? Verification parameters include public
More informationDigital Certificates, Certification Authorities, and Public Key Infrastructure. Sections
Digital Certificates, Certification Authorities, and Public Key Infrastructure Sections 14.3-14.5 Basic Problem What does a public-key signature verification tell you? Verification parameters include public
More informationAn Introduction to How PGP Works
An Introduction to How PGP Works Revision: 0.01 Author: Kenneth Robert Ballou Date 2005-07-21 Document Change History Change Description/Reason Changed By Date Revision Initial Creation of Document Kenneth
More informationCT30A8800 Secured communications
CT30A8800 Secured communications Pekka Jäppinen October 31, 2007 Pekka Jäppinen, Lappeenranta University of Technology: October 31, 2007 Secured Communications: Key exchange Schneier, Applied Cryptography:
More informationCryptography (Overview)
Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography
More informationPublic Key Infrastructures
Public Key Infrastructures Certcoin Cryptography and Computer Algebra Prof. Johannes Buchmann Dr. Johannes Braun Background Blockchain Distributed database, consisting of a list of blocks Decentralized
More informationOutline Key Management CS 239 Computer Security February 9, 2004
Outline Key Management CS 239 Computer Security February 9, 2004 Properties of keys Key management Key servers Certificates Page 1 Page 2 Introduction Properties of Keys It doesn t matter how strong your
More informationPublic Key Infrastructure
Public Key Infrastructure Ed Crowley Summer 11 1 Topics Public Key Infrastructure Defined PKI Overview PKI Architecture Trust Models Components X.509 Certificates X.500 LDAP 2 Public Key Infrastructure
More informationLearn PGP. SIPB Cluedump, 19 October Anish Athalye (aathalye), Merry Mou (mmou), Adam Suhl (asuhl) 1 / 22
Learn PGP SIPB Cluedump, 19 October 2016 Anish Athalye (aathalye), Merry Mou (mmou), Adam Suhl (asuhl) 1 / 22 2 / 22 Overview 1. Theore cal PGP / Intro to Security 2. Prac cal PGP Installa on, Usage, Demo
More informationCertificateless Public Key Cryptography
Certificateless Public Key Cryptography Mohsen Toorani Department of Informatics University of Bergen Norsk Kryptoseminar November 9, 2011 1 Public Key Cryptography (PKC) Also known as asymmetric cryptography.
More informationChapter 10: Key Management
Chapter 10: Key Management Session and Interchange Keys Key Exchange Key Generation Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #10-1 Overview Key exchange Session
More informationINF3510 Information Security University of Oslo Spring Lecture 3 Key Management and PKI. Audun Jøsang
INF3510 Information Security University of Oslo Spring 2010 Lecture 3 Key Management and PKI Audun Jøsang Outline Key management Key establishment Public key infrastructure Digital certificates PKI trust
More informationKey Management and PKI
INF350 Information Security University of Oslo Spring 204 Lecture 6 Key Management and PKI Audun Jøsang Key Usage A single key should be used for only one purpose e.g., encryption, authentication, key
More informationPKI Services. Text PKI Definition. PKI Definition #1. Public Key Infrastructure. What Does A PKI Do? Public Key Infrastructures
Public Key Infrastructures Public Key Infrastructure Definition and Description Functions Components Certificates 1 2 PKI Services Security Between Strangers Encryption Integrity Non-repudiation Key establishment
More informationSharing Secrets using Encryption Facility - Handson
Sharing Secrets using Encryption Facility - Handson Lab Steven R. Hart IBM March 12, 2014 Session Number 14963 Encryption Facility for z/os Encryption Facility for z/os is a host based software solution
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More informationCryptography and Network Security Chapter 14
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture
More informationBackground. Network Security - Certificates, Keys and Signatures - Digital Signatures. Digital Signatures. Dr. John Keeney 3BA33
Background Network Security - Certificates, Keys and Signatures - Dr. John Keeney 3BA33 Slides Sources: Karl Quinn, Donal O Mahoney, Henric Johnson, Charlie Kaufman, Wikipedia, Google, Brian Raiter. Recommended
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 1: Overview What is Cryptography? Cryptography is the study of
More informationInvestigating the OpenPGP Web of Trust
Investigating the OpenPGP Web of Trust Alexander Ulrich, Ralph Holz, Peter Hauck, Georg Carle Diskrete Mathematik Universität Tübingen Netzarchitekturen und Netzdienste Technische Universität München ESORICS
More informationCS Computer Networks 1: Authentication
CS 3251- Computer Networks 1: Authentication Professor Patrick Traynor 4/14/11 Lecture 25 Announcements Homework 3 is due next class. Submit via T-Square or in person. Project 3 has been graded. Scores
More informationCryptography. Cryptography is everywhere. German Lorenz cipher machine
Crypto 101 Cryptography Cryptography is everywhere German Lorenz cipher machine 2 Cryptography Cryptography deals with creating documents that can be shared secretly over public communication channels
More informationSpring 2010: CS419 Computer Security
Spring 2010: CS419 Computer Security Vinod Ganapathy Lecture 7 Topic: Key exchange protocols Material: Class handout (lecture7_handout.pdf) Chapter 2 in Anderson's book. Today s agenda Key exchange basics
More informationCSC 482/582: Computer Security. Security Protocols
Security Protocols Topics 1. Basic Concepts of Cryptography 2. Security Protocols 3. Authentication Protocols 4. Key Exchange Protocols 5. Kerberos 6. Public Key Infrastructure Encryption and Decryption
More informationCryptography: Practice JMU Cyber Defense Boot Camp
Cryptography: Practice 2013 JMU Cyber Defense Boot Camp Prerequisites This unit assumes that you have already known Symmetric-key encryption Public-key encryption Digital signature Digital certificates
More informationINF3510 Information Security University of Oslo Spring Lecture 6 Key Management and PKI. Audun Jøsang
INF3510 Information Security University of Oslo Spring 2016 Lecture 6 Key Management and PKI Audun Jøsang Key Management The strength of cryptographic security depends on: 1. The size of the keys 2. The
More informationInformation Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1
Information Security message M one-way hash fingerprint f = H(M) 4/19/2006 Information Security 1 Outline and Reading Digital signatures Definition RSA signature and verification One-way hash functions
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationECE646 Fall Lab 1: Pretty Good Privacy. Instruction
ECE646 Fall 2012 Lab 1: Pretty Good Privacy Instruction PLEASE READ THE FOLLOWING INSTRUCTIONS CAREFULLY: 1. You are expected to address all questions listed in this document in your final report. 2. All
More informationInformation Security CS 526
Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric
More informationECE646 Fall Lab 1: Pretty Good Privacy. Instruction
ECE646 Fall 2015 Lab 1: Pretty Good Privacy Instruction PLEASE READ THE FOLLOWING INSTRUCTIONS CAREFULLY: 1. You are expected to address all questions listed in this document in your final report. 2. All
More informationIssues. Separation of. Distributed system security. Security services. Security policies. Security mechanism
Module 9 - Security Issues Separation of Security policies Precise definition of which entities in the system can take what actions Security mechanism Means of enforcing that policy Distributed system
More informationPretty Good Privacy (PGP)
Pretty Good Privacy (PGP) -- PGP services -- PGP key management (c) Levente Buttyán (buttyan@crysys.hu) What is PGP? general purpose application to protect (encrypt and/or sign) files can be used to protect
More informationUNIT - IV Cryptographic Hash Function 31.1
UNIT - IV Cryptographic Hash Function 31.1 31-11 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service
More informationDigital Signatures. Cole Watson
Digital Signatures Cole Watson Opening Activity Dr. Cusack owns a lockbox, padlock, and keys. The padlock is private and unique to him. The keys are public and they can only open Dr. Cusack s lockbox.
More informationPublic Key Algorithms
CSE597B: Special Topics in Network and Systems Security Public Key Cryptography Instructor: Sencun Zhu The Pennsylvania State University Public Key Algorithms Public key algorithms RSA: encryption and
More informationKey Management and Distribution
Key Management and Distribution Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationCryptographic Protocols 1
Cryptographic Protocols 1 Luke Anderson luke@lukeanderson.com.au 5 th May 2017 University Of Sydney Overview 1. Crypto-Bulletin 2. Problem with Diffie-Hellman 2.1 Session Hijacking 2.2 Encrypted Key Exchange
More informationLab: Securing with PGP
Objectives Understand the concept of public keys, signing, and encrypting email with PGP. Background GNUPG (or GNU Privacy guard) is a free implementation of the OpenPGP standard (RFC 4880) as a tool for
More information9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis
More informationPutting Taiwan on the Kernel.org Keysigning Map. Tsai, Chen-Yu
Putting Taiwan on the Kernel.org Keysigning Map Tsai, Chen-Yu Tsai, Chen-Yu Embedded Linux hobbyist since 2011 Mainly focused on Allwinner SoC support Kernel support co-maintainer since
More informationPGP Key Verification. Version 1.1, 08/26/2002. Stephen Gill Published: 08/26/2002
PGP Key Verification Version 1.1, 08/26/2002 Stephen Gill E-mail: gillsr@cymru.com Published: 08/26/2002 Contents Credits Introduction... 2 Instructions... 2 Step 1: Retrieve... 3 Step 2: Fingerprint...
More informationCryptographic Checksums
Cryptographic Checksums Mathematical function to generate a set of k bits from a set of n bits (where k n). k is smaller then n except in unusual circumstances Example: ASCII parity bit ASCII has 7 bits;
More informationFall 2010/Lecture 32 1
CS 426 (Fall 2010) Key Distribution & Agreement Fall 2010/Lecture 32 1 Outline Key agreement without t using public keys Distribution of public keys, with public key certificates Diffie-Hellman Protocol
More informationLecture 15 PKI & Authenticated Key Exchange. COSC-260 Codes and Ciphers Adam O Neill Adapted from
Lecture 15 PKI & Authenticated Key Exchange COSC-260 Codes and Ciphers Adam O Neill Adapted from http://cseweb.ucsd.edu/~mihir/cse107/ Today We will see how signatures are used to create public-key infrastructures
More informationECE 646 Lecture 4A. Pretty Good Privacy PGP. Short History of PGP based on the book Crypto by Steven Levy. Required Reading
ECE 646 Lecture 4A Pretty Good Privacy PGP Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E Chapter 18.1 or 19.1 Pretty Good Privacy (PGP) On-line Chapters
More informationCryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption
More informationPretty Good Privacy PGP. Required Reading. Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E
ECE 646 Lecture 4 Pretty Good Privacy PGP Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E Chapter 18.1 or 19.1 Pretty Good Privacy (PGP) On-line Chapters
More informationOverview of Authentication Systems
Overview of Authentication Systems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-07/
More informationPKI Contacts PKI for Fraunhofer Contacts
Fraunhofer Competence Center PKI PKI Contacts PKI for Fraunhofer Contacts User manual for communication partners of the Fraunhofer-Gesellschaft Author[s]: Uwe Bendisch, Maximilian Gottwald As at: 03.02.2017
More informationECE 646 Lecture 4. Pretty Good Privacy PGP
ECE 646 Lecture 4 Pretty Good Privacy PGP Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 6/E or 7/E Chapter 19.1 Pretty Good Privacy (PGP) On-line Chapters (available
More informationKerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos
Kerberos and Public-Key Infrastructure Key Points Kerberos is an authentication service designed for use in a distributed environment. Kerberos makes use of a thrusted third-part authentication service
More informationManaging Certificates
CHAPTER 12 The Cisco Identity Services Engine (Cisco ISE) relies on public key infrastructure (PKI) to provide secure communication for the following: Client and server authentication for Transport Layer
More informationEncryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls Overview Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationCS 425 / ECE 428 Distributed Systems Fall 2017
CS 425 / ECE 428 Distributed Systems Fall 2017 Indranil Gupta (Indy) Dec 5, 2017 Lecture 27: Security All slides IG Security Threats Leakage Unauthorized access to service or data E.g., Someone knows your
More informationLecture Notes 14 : Public-Key Infrastructure
6.857 Computer and Network Security October 24, 2002 Lecture Notes 14 : Public-Key Infrastructure Lecturer: Ron Rivest Scribe: Armour/Johann-Berkel/Owsley/Quealy [These notes come from Fall 2001. These
More informationPublic Key Infrastructure. What can it do for you?
Public Key Infrastructure What can it do for you? What is PKI? Centrally-managed cryptography, for: Encryption Authentication Automatic negotiation Native support in most modern Operating Systems Allows
More informationCryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea
Cryptography SSL/TLS Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1 History Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent
More informationECE 646 Fall Lab 1: Pretty Good Privacy Setup
ECE 646 Fall 2017 Lab 1: Pretty Good Privacy Setup This setup should be completed before the lecture on Tuesday, October 3. Please read the general information about GNU Privacy Guard from Wikipedia available
More information14. Internet Security (J. Kurose)
14. Internet Security (J. Kurose) 1 Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer:
More informationPROVING WHO YOU ARE TLS & THE PKI
PROVING WHO YOU ARE TLS & THE PKI CMSC 414 MAR 29 2018 RECALL OUR PROBLEM WITH DIFFIE-HELLMAN The two communicating parties thought, but did not confirm, that they were talking to one another. Therefore,
More informationElements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy
Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy Homework 3 Due: Monday, 11/28/2016 at 11:55pm PT Solution: Will be posted
More informationMost Common Security Threats (cont.)
Most Common Security Threats (cont.) Denial of service (DoS) attack Distributed denial of service (DDoS) attack Insider attacks. Any examples? Poorly designed software What is a zero-day vulnerability?
More informationCertificates, Certification Authorities and Public-Key Infrastructures
(Digital) Certificates Certificates, Certification Authorities and Public-Key Infrastructures We need to be sure that the public key used to encrypt a message indeed belongs to the destination of the message
More informationThe PGP Trust Model. Alfarez Abdul-Rahman
The PGP Trust Model Alfarez Abdul-Rahman {F.AbdulRahman@cs.ucl.ac.uk} Department of ComputerScience, University College London Gower Street, London WC1E 6BT, United Kingdom In relation to the cryptographic
More informationRalph Durkee Independent Consultant Security Consulting, Security Training, Systems Administration, and Software Development
Ralph Durkee Independent Consultant www.rd1.net Security Consulting, Security Training, Systems Administration, and Software Development PGP and GnuPG Rochester OWASP Agenda: Generic Public Key Encryption
More informationICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification
ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification Hossen Asiful Mustafa Introduction Entity Authentication is a technique designed to let one party prove the identity of another
More informationKey Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature
Key Management Digital signatures: classical and public key Classic and Public Key exchange 1 Handwritten Signature Used everyday in a letter, on a check, sign a contract A signature on a signed paper
More informationT Cryptography and Data Security
T-79.4501 Cryptography and Data Security Lecture 10: 10.1 Random number generation 10.2 Key management - Distribution of symmetric keys - Management of public keys Stallings: Ch 7.4; 7.3; 10.1 1 The Use
More informationModule: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Authentication Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Kerberos History: from UNIX to Networks (late
More informationConfiguring Certificate Authorities and Digital Certificates
CHAPTER 43 Configuring Certificate Authorities and Digital Certificates Public Key Infrastructure (PKI) support provides the means for the Cisco MDS 9000 Family switches to obtain and use digital certificates
More informationPublic-Key Infrastructure NETS E2008
Public-Key Infrastructure NETS E2008 Many slides from Vitaly Shmatikov, UT Austin slide 1 Authenticity of Public Keys? private key Alice Bob public key Problem: How does Alice know that the public key
More informationThe most common type of certificates are public key certificates. Such server has a certificate is a common shorthand for: there exists a certificate
1 2 The most common type of certificates are public key certificates. Such server has a certificate is a common shorthand for: there exists a certificate signed by some certification authority, which certifies
More informationDidiSoft OpenPGP Library for Java version 3.1
DidiSoft OpenPGP Library for Java version 3.1 1 / 10 Table of contents Introduction... 3 Setup... 4 JAR files... 4 Switching from Trial/Evaluation/ version to Production... 4 Javadoc in Eclipse... 4 Migration
More informationModule: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Authentication Professor Trent Jaeger 1 Kerberos History: from UNIX to Networks (late 80s) Solves: password eavesdropping Also mutual authentication
More informationPublic Key Infrastructures Chapter 11 Trust Center (Certification Authority)
Public Key Infrastructures Chapter 11 Trust Center (Certification Authority) Cryptography and Computer Algebra Prof. Dr. Johannes Buchmann Dr. Alexander Wiesmaier Trust center (TC) Trusted third party
More informationCSC/ECE 774 Advanced Network Security
Computer Science CSC/ECE 774 Advanced Network Security Topic 2. Network Security Primitives CSC/ECE 774 Dr. Peng Ning 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange;
More informationSend documentation comments to
CHAPTER 6 Configuring Certificate Authorities and Digital Certificates This chapter includes the following topics: Information About Certificate Authorities and Digital Certificates, page 6-1 Default Settings,
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationDigital Certificates Demystified
Digital Certificates Demystified Ross Cooper, CISSP IBM Corporation RACF/PKI Development Poughkeepsie, NY Email: rdc@us.ibm.com August 9 th, 2012 Session 11622 Agenda Cryptography What are Digital Certificates
More informationEEC-682/782 Computer Networks I
EEC-682/782 Computer Networks I Lecture 24 Wenbing Zhao wenbingz@gmail.com http://academic.csuohio.edu/zhao_w/teaching/eec682.htm (Lecture nodes are based on materials supplied by Dr. Louise Moser at UCSB
More informationLecture 9a: Secure Sockets Layer (SSL) March, 2004
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by
More information