Top Banner

of 27

dc.charu

Apr 07, 2018

Download

Documents

Charu Gupta
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript

  • 8/3/2019 dc.charu

    1/27

    1

    BY:

    Charu Gupta

    B.Tech CS 3rd yrRoll no.

    0821510020

  • 8/3/2019 dc.charu

    2/27

    3 cryptographic algorithms:

    Message-digest algorithm

    Map variable-length plaintext to fixed-length cipher text.

    Secret-key algorithmUse one single key to encrypt and decrypt

    Public-key algorithm

    Use 2 different keys public key and private key.

    Encryption DecryptionPlaintext PlaintextCipher text

    Key Key

  • 8/3/2019 dc.charu

    3/27

    Use a secret key to encrypt a

    message into cipher text.

    Use the same key to decrypt

    the cipher text to the original

    message.Also called Symmetric

    cryptography.

    Encryption DecryptionPlaintext PlaintextCipher text

    Secret Key Secret Key

  • 8/3/2019 dc.charu

    4/27

    Secret-Key Problem?

    All keys need to bereplaced, if one keyis compromised.

    Not practical for theInternetenvironment.

    On the other hand,the encryption

    speed is fast. Suitable to encrypt

    your personal data.

    4

  • 8/3/2019 dc.charu

    5/27

    Public-key Encryption

    Involves 2 distinct keys public, private.

    The private key is kept secret and never be divulged, and it is

    password protected (Pass phase).

    The public key is not secret and can be freely distributed, sharedwith anyone.

    It is also called asymmetric cryptography.

    Two keys are mathematically related, it is infeasible to derive the

    private key from the public key.

    100 to 1000 times slower than secret-key algorithms.

    Encryption DecryptionPlaintext Plaintext

    Cipher text

    Public Key Private Key

  • 8/3/2019 dc.charu

    6/27

    How to use 2 different keys?

    Just an example: Public Key = 4, Private Key = 1/4, message M =

    5 Encryption:

    Cipher text C = M * Public Key

    5 * 4 = 20

    Decryption: Plaintext M = C * Private Key

    20 * = 5

  • 8/3/2019 dc.charu

    7/27

    User A

    decryptedText

    Encrypted

    Text

    Insecure Channel

    User B

    Using

    public

    key

    Using

    Private

    Key

    Public Key Directory

    Public key

    Private key

    Public-Private Encryption

  • 8/3/2019 dc.charu

    8/27

    Digital Signature

    Suppose message encrypted with public

    key is tampered by some1 in b/w then u

    receive a corrupted message whendecrypted using private key..solution is

    digital signature..reverse of assymetric

    process..

  • 8/3/2019 dc.charu

    9/27

    Digital Signature Generation and

    Verification

    Message Sender Message Receiver

    Message Message

    Hash function

    Digest

    Encryption

    Signature

    Hash function

    Digest

    Decryption

    Expected Digest

    PrivateKey

    Public

    Key

  • 8/3/2019 dc.charu

    10/27

    It is an electronic stamp or sealthat append to the document.

    Ensure the document being

    unchanged during

    transmission.Also ensures non repudiation since the sender only had the

    private key, cannot deny he send message

  • 8/3/2019 dc.charu

    11/27

    BANKUSER

    Logs in for o/l banking

    Public key sent for encrypting messages

    message encrypted with public key sent

    Bank decrypts

    message with

    private key

    FAKE BANK

    Fake

    pubic

    key send

    Data encrypted with fake public key

    fake website decrypyts message with private key

    NEED OF AUTHENTICATION

  • 8/3/2019 dc.charu

    12/27

    This is where digital certificates come in.A digital certificate is like a license or PAN that contains information

    about its holder(in this case public key) verified by an official authority

    which gives assurance to the other party that yes this is person who he

    claims to be.

    The main function of a digital certificate is to ensure that a user sending a file or

    message is who or she claims to be.

    In addition ,digital IDs provide a higher degree of security by encrypting messages so

    only the specified recipients can access the contents.

  • 8/3/2019 dc.charu

    13/27

    Digital CertificatesA digital certificate is an electronic ID" issued by a certification authority (CA). It

    contains your name, a serial number, expiration dates, a copy of the certificateholder's public key (used for encrypting messages and digital signatures), and the

    digital signature of the certificate-issuing authority so that a recipient can verify

    that the certificate is real.

    Digital certificates can be kept in registries so that authenticating users can look

    up other users' public keys.

    When a Web browser like Firefox, Netscape or Internet Explorer makes a secure

    connection, the digital certificate is automatically turned over for review. The

    browser checks it for anomalies or problems, and pops up an alert if any are

    found. When digital certificates are in order, the browser completes secure

    connections without interrupt.

    http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci213831,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci212845,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211953,00.htmlhttp://www.wisegeek.com/what-is-a-web-browser.htmhttp://www.wisegeek.com/what-is-firefox.htmhttp://www.wisegeek.com/what-is-firefox.htmhttp://www.wisegeek.com/what-is-a-web-browser.htmhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211953,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci212845,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci213831,00.html

  • 8/3/2019 dc.charu

    14/27

    Creating a Digital Certificate and its component

    Certificate Serial Number

    Signature Algorithm Identifier

    Issuer

    Period of Validity

    SubjectC=US ST=NY L=Albany O=OFT CN=John Doe

    Subjects Public KeyAlgorithm Identifier + Key Value

    MessageDigest

    Hashing

    Algorithm

    Issuers

    Private

    KeySignature of Issuer

    Version of Certificate Standard

  • 8/3/2019 dc.charu

    15/27

    Raman

    Raman generates key pair

    Certificate

    RequestCA

    Signed

    by usingCAs

    privatekey

    User Certificate

    User Name

    Users

    Public Key

    CAs Name

    Validity

    DigitalSignature

    of CA

    Certificate

    Class

    Users Email

    Address

    Serial No.

    CertificateDatabase

    User 1 certificate

    User 2 certificate.

    License issued

    by CCA

    Web site of CA

    Geeta

    SignedCertificate

    verifies requester credentials and

    binds his public key in the

    certificateME

    S

    S

    A

    G

    E

    Raman provide geeta with

    DC &certifies his key

    geeta verifies CA signature using CA public key

    (already known)

    Verifies sender msg using senders public key

    Public key of CA

    WORKING OF DIGITAL CERTIFICATES

  • 8/3/2019 dc.charu

    16/27

    Certificate Authorities

    Each organization may have a CA that issues certificates for its

    employees

    Public CAs - e.g., Verisign -- issue certificates for anyone

    Banks etc may issue certificates for customers

    How do people with certificates from different CAs talk to each

    other?

    A CA is responsible for verifying the identity of a requesting

    entity before issuing a certificate. The CA then signs thecertificate using its private key, which is used to verify the

    certificate. A CA's public keys are distributed in software

    packages such as Web browsers and operating systems, or they

    can also be added manually by the user.

  • 8/3/2019 dc.charu

    17/27

    CERTIFICATES IN OUR WEB BROWSER

    TOOLS->OPTIONS->SECURITY->CERTIFICATES

  • 8/3/2019 dc.charu

    18/27

  • 8/3/2019 dc.charu

    19/27

    Certificate Authorities

    MCI

    RSAAT&T

    Thawte

    Verizon

  • 8/3/2019 dc.charu

    20/27

    Certificate typesPersonal certificate

    Server certificateSoftware publisher certificate

    CA certificate

    Certificate revocation /cancellationSometimes the issuer need to revocate certificate

    The subject attribute changed

    The subject misused the certificate

    There are forged certificatePublished in a certificate revocation list , this revocation list

    is checked by the browser before establishing connection

  • 8/3/2019 dc.charu

    21/27

    Issues & Solutions

    Privacyensure that only the sender and the

    intended recipient can read the contents of

    the message

    Encryption/decryptiontwo communication parties

    scramble/unscramble information via

    special keys only they possess

    Integrityensure that information is not tampered

    with in transit to the recipient

    Digital signature ( PKI)using an encrypted one-way hash

    algorithm, the change of a single character

    can be detected

    Authenticationensure that all parties are who they claim

    to be such that there is no spoofing

    (pretending to be someone else) andmisrepresentation (misleading purpose)

    Digital Certificates ( PKI)the process of confidently confirming the

    identity of one party by another party

    Non-repudiationensure that a party to a genuine

    transaction cannot falsely deny its

    participation

    Digital Certif./Signatures ( PKI)Password based or certificate based acts of

    proof that the transaction was

    commissioned by a designated party

    Security Issues Security Solutions

    Greater customer satisfaction/confidence.peace of mind that CA guarantees your Clients FULL authentication when issuing DC.SAFER business environment for

    your customer as well as yourself

    Certificate encrypted with cas private key .receiver s/w has public key s of most

    CA's.So receiver can check if cas really created the certificate

  • 8/3/2019 dc.charu

    22/27

    Financial Disadvantages

    Certification authorities typically require a subscription to their

    service, which requires monthly payments to continue the

    relationship. In addition, multiple certificates for different sites or

    purposes can become a costly endeavor.

    Technological DisadvantagesCreating a platform that accepts all digital certificates is a difficult

    undertaking, and human carelessness may compromise the safety

    of login credentials.

    Disadvantages

    The certifying authorities structure is incredibly Complex

    and must be changed in some way before it could be easily

    applied to Internet users, but will be essential to a large scale

    evolution in e-commerce

  • 8/3/2019 dc.charu

    23/27

    Trusted authorities may make mistake

    Most user m/c which store private key r vulnerable to

    misuse n theftWhen u are installing or downloading a file your computer

    warns you when the files has no digital certificate.

    However, even if the file is digitally signed, the certificate

    does not guarantee that the software will function correctly this is limitation of digital certificate.

    Furthermore, a digital certificate has a validity period

    usually 1 to 2 yrs- that sets up when the certificate is valid

    and when it will be revoked.

  • 8/3/2019 dc.charu

    24/27

    Applications

    part of many security protocols implemented by software

    publishersOnline Businesses, For secure e commerce

    e-libraries

    most browsers store digital certificates of trusted authorities so

    that you are visiting the right websiteAnd warns you when the certificate presented is invalid.

    government transactions, legally binding situations.

    interaction with a lack of prior knowledge about the involved

    parties

    For the authentication of e-mails, files, web servers, executables,copyright protection

    and virtually all computer based application that require

    authentication

  • 8/3/2019 dc.charu

    25/27

    A digital certificate is an electronic "passport" that

    establishes your credentials when doing business or other

    transactions on the Web. It is issued by a certification authority

    (CA).

    It is probable that in the near future organizations andindividuals will have several digital certificates (IDs) for a range

    of different activities in which they are required to validate their

    identities.

    For example, a person working within a government

    department may use one digital ID to access confidentialinformation within an intranet while using another separate ID

    to make on line purchases. The government or department can

    be the authority that issues digital certificates.

    Can be used for verifying ,identifying instead of revealing.

  • 8/3/2019 dc.charu

    26/27

    Q/A

  • 8/3/2019 dc.charu

    27/27

    Thank You