1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key Otherwise, you.

1

Digital certificates

• One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key Otherwise, you can only encrypt/decrypt to

those key handed to you• A solution: digital certificates (or certs)• A form of credentials (like a physical

passport)• Included with a person’s public key to

verify that a key is valid

2

Components of a digital certificate• A digital certificate

A public key Certificate info (identifying information such as

name, ID) One (or more) digital signatures A stamp of approval from a trusted entity

• Certificates are used when it is necessary to exchange public keys with someone (when you cannot manually exchange via a diskette or USB drive)

3

Components of a digital certificate [2]

4

Digital certificate distribution

• Digital servers: a networked database that allows users to submit and receive digital certs Example: PGP Keyserver

• Public Key Infrastructures (PKIs) Storage facilities like the certificate servers More structured Provide additional key management services Issue revoke, store, and trust certificates Certificate authority: a group of human beings

authorized to issue certs (like a passport office)

5

Common certificate format

• The certificate holder’s public key: the public portion of key pair and key algorithm, e.g., RSA

• The certificate holder’s information: identity information about the user (e.g., name, user ID, email address, photograph, and so on)

• The digital signature of the certificate owner: the signature using the corresponding private key of the public key of the certificate

• The certificate’s validity period: the certificate’s start date/time and expiration date/time; The preferred symmetric encryption algorithm for the key: e.g., AES, Triple-DES, Twofish

6

Common certificate format [2]

7

Other substitution techniques

• Choose a keyword, e.g., Jayhawk, drop repeated letters, thus jayhwk

• The keyword defines the permutation of English letters:

ABCDEFGHIJKLMNOPQRSTUVWXYZ jayhwkbcdefgilmnopqrstuvxz

• Another keyword: Professional ABCDEFGHIJKLMNOPQRSTUVWXYZ

profesinalbcdghjkmqtuvwxyz

8

Other substitution techniques [2]• Use every third letter (apply mod 26)

adgjmpsvybehknqtwzcfilorux• Consider any possible permutation of the

English letters How many? 26! Even applying decryption at 1 microsecond, still

takes over 1,000 years The primary issue: the knowledge of letter

patterns in a text Solution: Avoid using the same substitution for a

letter

9

One-time pads (using Vigenere tableau)• Assume a set of large, non-repeating keys

written on sheets of paper, glued into a pad• Assume keys are 20 characters• Assume a text that is 300 characters• Sender tears off 15 pages from the pad• Sender writes the keys one at a time above the

text letters and enciphers in a prearranged chart• Receiver must have the same pad• Concerns: (1) key distribution, (2)

sender/receiver must synchronize (3) need unlimited keys

10

One-time pads [2]

• A toy example• Assume keys are 5 letters each; assume

these two keys XYSWD and DHJTU• Assume you have a text that is eight

characters, e.g., “fly today”• Need two keys XYSWDDHJTU flytoday• Ciphertext: XYSWDDHJ

11

One-time pads [3]

• Using computers, random numbers can be generated for the keys

• To send a 300-letter message Generate the next 300 random numbers Scale to be between 1-26 Use a number to decipher each letter

12

One-time pads [4]

• Pictorially

13

The Vernam cipher (a one-time pad)• Devised by Gilbert Vernam for AT&T• Non-repeating random numbers• How? Consider plaintext Vernam Cipher V E R N A M C I P H E Rord# 21 4 17 13 0 12 2 8 15 7 4 17+rnd 76 48 16 82 44 3 58 11 60 5 48 88= 97 52 33 95 44 15 60 19 75 12 52 105%26 19 0 7 17 18 15 8 19 23 12 0 1cipher T A H R S P I T X M A B

14

An example of combining substitution and transposition• The Soviet encryption during the WWII• Handout

15

How is a key used?

• Suppose we have a key, computer• How is it used to encrypt a plaintext?• A toy approach• The key, computer, in ASCII is

Dec: 097 111 109 112 117 116 101 114 Binary: 01100011 01101111 01101101 …

• A plaintext, “secretly” in binary: 01110011 01100101 01100011 …

• XOR the two!

16

How is a key used? [2]

• Much more complex in real algorithms

• F is a round function• Ki, for i in 2..16, are new

keys generated from the original key by a complex algorithm

• is the xor operation

17

The key application in DES

18

The key application in AES

19

Key distribution revisited

• Five persons need to communicate securely• How many keys should the system maintain?• How many lines of communication? n * (n -1)/2

Two people: 1 line of communication Three people: 3 lines of communication Four people: 6 lines of communication Five people: 10 lines of communication

• Concerns: Maintaining the distributed the keys