8/3/2019 dc.charu
1/27
1
BY:
Charu Gupta
B.Tech CS 3rd yrRoll no.
0821510020
8/3/2019 dc.charu
2/27
3 cryptographic algorithms:
Message-digest algorithm
Map variable-length plaintext to fixed-length cipher text.
Secret-key algorithmUse one single key to encrypt and decrypt
Public-key algorithm
Use 2 different keys public key and private key.
Encryption DecryptionPlaintext PlaintextCipher text
Key Key
8/3/2019 dc.charu
3/27
Use a secret key to encrypt a
message into cipher text.
Use the same key to decrypt
the cipher text to the original
message.Also called Symmetric
cryptography.
Encryption DecryptionPlaintext PlaintextCipher text
Secret Key Secret Key
8/3/2019 dc.charu
4/27
Secret-Key Problem?
All keys need to bereplaced, if one keyis compromised.
Not practical for theInternetenvironment.
On the other hand,the encryption
speed is fast. Suitable to encrypt
your personal data.
4
8/3/2019 dc.charu
5/27
Public-key Encryption
Involves 2 distinct keys public, private.
The private key is kept secret and never be divulged, and it is
password protected (Pass phase).
The public key is not secret and can be freely distributed, sharedwith anyone.
It is also called asymmetric cryptography.
Two keys are mathematically related, it is infeasible to derive the
private key from the public key.
100 to 1000 times slower than secret-key algorithms.
Encryption DecryptionPlaintext Plaintext
Cipher text
Public Key Private Key
8/3/2019 dc.charu
6/27
How to use 2 different keys?
Just an example: Public Key = 4, Private Key = 1/4, message M =
5 Encryption:
Cipher text C = M * Public Key
5 * 4 = 20
Decryption: Plaintext M = C * Private Key
20 * = 5
8/3/2019 dc.charu
7/27
User A
decryptedText
Encrypted
Text
Insecure Channel
User B
Using
public
key
Using
Private
Key
Public Key Directory
Public key
Private key
Public-Private Encryption
8/3/2019 dc.charu
8/27
Digital Signature
Suppose message encrypted with public
key is tampered by some1 in b/w then u
receive a corrupted message whendecrypted using private key..solution is
digital signature..reverse of assymetric
process..
8/3/2019 dc.charu
9/27
Digital Signature Generation and
Verification
Message Sender Message Receiver
Message Message
Hash function
Digest
Encryption
Signature
Hash function
Digest
Decryption
Expected Digest
PrivateKey
Public
Key
8/3/2019 dc.charu
10/27
It is an electronic stamp or sealthat append to the document.
Ensure the document being
unchanged during
transmission.Also ensures non repudiation since the sender only had the
private key, cannot deny he send message
8/3/2019 dc.charu
11/27
BANKUSER
Logs in for o/l banking
Public key sent for encrypting messages
message encrypted with public key sent
Bank decrypts
message with
private key
FAKE BANK
Fake
pubic
key send
Data encrypted with fake public key
fake website decrypyts message with private key
NEED OF AUTHENTICATION
8/3/2019 dc.charu
12/27
This is where digital certificates come in.A digital certificate is like a license or PAN that contains information
about its holder(in this case public key) verified by an official authority
which gives assurance to the other party that yes this is person who he
claims to be.
The main function of a digital certificate is to ensure that a user sending a file or
message is who or she claims to be.
In addition ,digital IDs provide a higher degree of security by encrypting messages so
only the specified recipients can access the contents.
8/3/2019 dc.charu
13/27
Digital CertificatesA digital certificate is an electronic ID" issued by a certification authority (CA). It
contains your name, a serial number, expiration dates, a copy of the certificateholder's public key (used for encrypting messages and digital signatures), and the
digital signature of the certificate-issuing authority so that a recipient can verify
that the certificate is real.
Digital certificates can be kept in registries so that authenticating users can look
up other users' public keys.
When a Web browser like Firefox, Netscape or Internet Explorer makes a secure
connection, the digital certificate is automatically turned over for review. The
browser checks it for anomalies or problems, and pops up an alert if any are
found. When digital certificates are in order, the browser completes secure
connections without interrupt.
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci213831,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci212845,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211953,00.htmlhttp://www.wisegeek.com/what-is-a-web-browser.htmhttp://www.wisegeek.com/what-is-firefox.htmhttp://www.wisegeek.com/what-is-firefox.htmhttp://www.wisegeek.com/what-is-a-web-browser.htmhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211953,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci212845,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci213831,00.html8/3/2019 dc.charu
14/27
Creating a Digital Certificate and its component
Certificate Serial Number
Signature Algorithm Identifier
Issuer
Period of Validity
SubjectC=US ST=NY L=Albany O=OFT CN=John Doe
Subjects Public KeyAlgorithm Identifier + Key Value
MessageDigest
Hashing
Algorithm
Issuers
Private
KeySignature of Issuer
Version of Certificate Standard
8/3/2019 dc.charu
15/27
Raman
Raman generates key pair
Certificate
RequestCA
Signed
by usingCAs
privatekey
User Certificate
User Name
Users
Public Key
CAs Name
Validity
DigitalSignature
of CA
Certificate
Class
Users Email
Address
Serial No.
CertificateDatabase
User 1 certificate
User 2 certificate.
License issued
by CCA
Web site of CA
Geeta
SignedCertificate
verifies requester credentials and
binds his public key in the
certificateME
S
S
A
G
E
Raman provide geeta with
DC &certifies his key
geeta verifies CA signature using CA public key
(already known)
Verifies sender msg using senders public key
Public key of CA
WORKING OF DIGITAL CERTIFICATES
8/3/2019 dc.charu
16/27
Certificate Authorities
Each organization may have a CA that issues certificates for its
employees
Public CAs - e.g., Verisign -- issue certificates for anyone
Banks etc may issue certificates for customers
How do people with certificates from different CAs talk to each
other?
A CA is responsible for verifying the identity of a requesting
entity before issuing a certificate. The CA then signs thecertificate using its private key, which is used to verify the
certificate. A CA's public keys are distributed in software
packages such as Web browsers and operating systems, or they
can also be added manually by the user.
8/3/2019 dc.charu
17/27
CERTIFICATES IN OUR WEB BROWSER
TOOLS->OPTIONS->SECURITY->CERTIFICATES
8/3/2019 dc.charu
18/27
8/3/2019 dc.charu
19/27
Certificate Authorities
MCI
RSAAT&T
Thawte
Verizon
8/3/2019 dc.charu
20/27
Certificate typesPersonal certificate
Server certificateSoftware publisher certificate
CA certificate
Certificate revocation /cancellationSometimes the issuer need to revocate certificate
The subject attribute changed
The subject misused the certificate
There are forged certificatePublished in a certificate revocation list , this revocation list
is checked by the browser before establishing connection
8/3/2019 dc.charu
21/27
Issues & Solutions
Privacyensure that only the sender and the
intended recipient can read the contents of
the message
Encryption/decryptiontwo communication parties
scramble/unscramble information via
special keys only they possess
Integrityensure that information is not tampered
with in transit to the recipient
Digital signature ( PKI)using an encrypted one-way hash
algorithm, the change of a single character
can be detected
Authenticationensure that all parties are who they claim
to be such that there is no spoofing
(pretending to be someone else) andmisrepresentation (misleading purpose)
Digital Certificates ( PKI)the process of confidently confirming the
identity of one party by another party
Non-repudiationensure that a party to a genuine
transaction cannot falsely deny its
participation
Digital Certif./Signatures ( PKI)Password based or certificate based acts of
proof that the transaction was
commissioned by a designated party
Security Issues Security Solutions
Greater customer satisfaction/confidence.peace of mind that CA guarantees your Clients FULL authentication when issuing DC.SAFER business environment for
your customer as well as yourself
Certificate encrypted with cas private key .receiver s/w has public key s of most
CA's.So receiver can check if cas really created the certificate
8/3/2019 dc.charu
22/27
Financial Disadvantages
Certification authorities typically require a subscription to their
service, which requires monthly payments to continue the
relationship. In addition, multiple certificates for different sites or
purposes can become a costly endeavor.
Technological DisadvantagesCreating a platform that accepts all digital certificates is a difficult
undertaking, and human carelessness may compromise the safety
of login credentials.
Disadvantages
The certifying authorities structure is incredibly Complex
and must be changed in some way before it could be easily
applied to Internet users, but will be essential to a large scale
evolution in e-commerce
8/3/2019 dc.charu
23/27
Trusted authorities may make mistake
Most user m/c which store private key r vulnerable to
misuse n theftWhen u are installing or downloading a file your computer
warns you when the files has no digital certificate.
However, even if the file is digitally signed, the certificate
does not guarantee that the software will function correctly this is limitation of digital certificate.
Furthermore, a digital certificate has a validity period
usually 1 to 2 yrs- that sets up when the certificate is valid
and when it will be revoked.
8/3/2019 dc.charu
24/27
Applications
part of many security protocols implemented by software
publishersOnline Businesses, For secure e commerce
e-libraries
most browsers store digital certificates of trusted authorities so
that you are visiting the right websiteAnd warns you when the certificate presented is invalid.
government transactions, legally binding situations.
interaction with a lack of prior knowledge about the involved
parties
For the authentication of e-mails, files, web servers, executables,copyright protection
and virtually all computer based application that require
authentication
8/3/2019 dc.charu
25/27
A digital certificate is an electronic "passport" that
establishes your credentials when doing business or other
transactions on the Web. It is issued by a certification authority
(CA).
It is probable that in the near future organizations andindividuals will have several digital certificates (IDs) for a range
of different activities in which they are required to validate their
identities.
For example, a person working within a government
department may use one digital ID to access confidentialinformation within an intranet while using another separate ID
to make on line purchases. The government or department can
be the authority that issues digital certificates.
Can be used for verifying ,identifying instead of revealing.
8/3/2019 dc.charu
26/27
Q/A
8/3/2019 dc.charu
27/27
Thank You