Beruflich Dokumente
Kultur Dokumente
Digital Certificate
CSC1720 Introduction to
Internet
Essential Materials
Outline
Introduction
Cryptography
Secret-key algorithms
Public-key algorithms
Message-Digest algorithms
Digital Signature
Digital Certificate
Public Key Infrastructure (PKI)
Secure Electronic Transaction (SET)
Summary
CSC1720
Introduction
Cryptography
3 cryptographic algorithms:
Message-digest algorithms
Secret-key algorithms
Public-key algorithms
CSC1720
Keys
Plaintext
Encryption
CSC1720
Key
Ciphertext
Decryption
Plaintext
Key length
Secret-key Encryption
Plaintext
Encryption
CSC1720
Secret Key
Ciphertext
Decryption
Plaintext
Encrypted Text
Secret key
=
Encryption
Encrypted Text
Secret key
Original Text
=
+
Decryption
CSC1720
Secret-Key Problem?
CSC1720
Secret-Key algorithms
Algorithm
Name
Blowfish
DES
IDEA
RC2
RC4
RC5
Triple DES
CSC1720
Key Length
(bits)
Up to 448
56
128
Up to 2048
Up to 2048
Up to 2048
192
10
References:
Blowfish
DES
IDEA
RC2
RC4
RC5
DES-3
Public-key Encryption
Plaintext
Encryption
CSC1720
Private Key
Ciphertext
11
Plaintext
Decryption
All copyrights reserved by
Just an example:
Public Key = 4, Private Key = 1/4,
message M = 5
Encryption:
Ciphertext C = M * Public Key
5 * 4 = 20
Decryption:
Plaintext M = C * Private Key
20 * = 5
CSC1720
12
Public-Private
Encryption
Public key
First, create public
and private key
Private key
Public Key
Private key
Private key stored in
your personal computer
CSC1720
13
Message Encryption
(User A sends message to User
B)
Public Key Directory
User Bs Public Key
Encrypted
Text
Text
Encryption
User A
CSC1720
14
Message Encryption
Original Message
CSC1720
Encrypted Message
15
Transfer Encrypted
Data
User A
User B
Encrypted
Text
Encrypted
Text
Insecure Channel
CSC1720
16
Encrypted
Text
User B
User Bs
Private key
Decryption
Original Text
CSC1720
17
Asymmetric algorithms
Algorithm
Name
DSA
El Gamal
RSA
Diffie-Hellman
CSC1720
Key Length
(bits)
Up to 448
56
128
Up to 2048
18
References:
DSA
El Gamal
RSA
Diffie-Hellman
Computer Resources
Keys / Second
Individual attacker
2^17 2^24
Small group
2^21 2^24
Academic Network
2^25 2^28
Large company
2^43
2^55
Key
Lengt
h
Individu
al
Attacker
Small
Group
Academic
Network
Large
Company
Military
Inteligence
Agency
40
Weeks
Days
Hours
Milliseconds
Microseconds
56
Centurie Decades
s
Years
Hours
Seconds
64
Millenni
a
Decades
Days
Minutes
Infeasible
Centuries
Centuries
80
Centurie
s
Infeasibl Infeasibl
e
CSC1720
e
19
Distributed.net connect
100,000 PCs on the Net
to get a record-breaking
22 hr 15 min to crack
the DES algorithm.
CSC1720
20
Message-Digest
Algorithms
21
Message-Digest How
to
A hash function is a
math equation that
create a message
digest from message.
A message digest is
used to create a
unique digital
signature from a
particular document.
MD5 example
CSC1720
22
Original Message
(Document, E-mail)
Hash Function
Digest
CSC1720
23
Message-Digest
Message-Digest
Algorithm
MD2
Digest Length
(bits)
128
MD4
128
MD5
128
Secure Hash
Algorithm (SHA)
160
CSC1720
24
References:
MD2
MD4
MD5
SHA
Break Time 15
minutes
CSC1720
25
Digital Signature
26
User A
User B received
the document wit
signature attache
User B
CSC1720
27
Digital Signature
Generation and
Verification
Message Sender
Message
Message
Hash function
Hash function
Digest
Private
Key
Message Receiver
Public
Key
Encryption
Decryption
Signature
Expected Digest
CSC1720
28
Digest
Digital Signature
CSC1720
29
Reference
Key Management
30
Digital Certificates
CSC1720
31
Digital Certificate
CSC1720
32
Reference
Elements of Digital
Cert.
CSC1720
33
Certification Authority
(CA)
CSC1720
34
CA model (Trust
model)
Root Certificate
CA Certificate
CA Certificate
Browser Cert.
CSC1720
Server Cert.
35
Alice
Bob
D
C
CSC1720
36
Public Key
Infrastructure (PKI)
CSC1720
37
Reference:
An official homepage
which provides lot of
PKI, e-commerce
information
CSC1720
38
PKI Structure
Certification Authority
Directory services
Public/Private Keys
User
CSC1720
39
Services,
Banks,
Webserver
4 key services
Confidentiality - Encryption
To make the transaction secure, no one else is able to
read/retrieve the ongoing transaction unless the
communicating parties.
Integrity - Encryption
To ensure the information has not been tampered during
transmission.
CSC1720
40
Certificate Signers
CSC1720
41
Certificate Enrollment
and Distribution
CSC1720
42
Secure Web
Communication
43
Strong encryption
Encryption methods that cannot be cracked by
brute-force (in a reasonable period of time).
The world fastest computer needs thousands
of years to compute a key.
Weak encryption
A code that can be broken in a practical time
frame.
56-bit encryption was cracked in 1999.
64-bit will be cracked in 2011.
128-bit will be cracked in 2107.
CSC1720
44
45
CSC1720
46
PGP encryption
CSC1720
Reference
47
PGP decryption
CSC1720
Reference
48
CSC1720
49
Provide an
encrypted
secure channel
between client
and server.
Replacement for
telnet and ftp.
Reference: SSH
Secure FTP
CSC1720
50
Secure Electronic
Transaction (SET)
51
Secure Electronic
Transaction (SET)
SET FAQs
CSC1720
52
SET
CSC1720
53
Privacy-Enhanced Email
Encrypted
Signed
CSC1720
54
Summary
Encryption
Digital Signature
Digital Certificate
Certificate Authority
55
References
56