Chapter-Three - Part Two (2) Security
Chapter-Three - Part Two (2) Security
1
Public Key Cryptography
2
Cont.…
3
Cont.…
4
Cont.…
5
Cont.…
BOB
6
Cont.…
7
Cont.…
8
Cont.…
9
Cont.…
10
Application of Public Key Cryptography
11
Cont.…
12
Cont.…
13
Cont.…
There are two types of algorithm for public key Cryptography these are :-
1. Diffie-Hellman Key Exchange Algorithm.
2. RSA Algorithm.
14
Diffie-Hellman key Exchange Algorithm
15
Cont.…
16
Cont.…
17
Cont.…
18
Cont.…
19
Cont.…
20
RSA Algorithm
21
Cont.…
22
Cont.…
23
Cont.…
24
Digital Signature
25
Cont.…
26
Cont.…
27
Cont.…
28
Cont.…
29
Cont.…
30
Cont.…
31
Cont.…
32
Cont.…
33
Cont.…
34
Cont.…
35
Cont.…
36
Cont.…
37
Public key Infrastructure (PKI)
Bob wants to send a secure email message to Alice. This can be
accomplished in the following manner:-
1. Both Bob and Alice have their own key pairs. They have kept
their private keys securely to themselves and have sent their
public keys directly to each other.
2. Bob uses Alice's public key to encrypt the message and sends
it to Alice.
3. Alice uses her private key to decrypt the message.
38
Cont.…
However, there is one obvious concern Bob must have Alice’s
public key to encrypt the message.
But what if he didn’t know certainty public key he used for
encryption actually belonged to Alice ? since another party
monitoring the communication channel between Bob and Alice
substituted a different key.
The public key infrastructure concept has evolved to help address
this problem and others. A public key infrastructure (PKI) consists
of software and hardware elements that a trusted third party can
use to establish the integrity and ownership of a public key.
39
Cont.…
These trusted party is called a certification authority (CA),
typically accomplishes this by issuing signed (encrypted) binary
certificates that confirm the identity of the certificate subject and
bind that identity to the public key contained in the certificate.
The CA signs the certificate by using its private key. It issues the
corresponding public key to all interested parties in a self-signed
CA certificate.
When a CA is used, the preceding example can be modified in the
following manner:-
40
Cont.…
1. Assume that the CA has issued a signed digital certificate that
contains its public key. The CA self-signs this certificate by using
the private key that corresponds to the public key in the
certificate.
2. Alice and Bob agree to use the CA to verify their identities.
3. Alice requests a public key certificate from the CA.
4. The CA verifies her identity, computes a hash of the content that
will make up her certificate, signs the hash by using the private
key that corresponds to the public key in the published CA
certificate, creates a new certificate by concatenating the
41
Cont.…
Bob retrieves the certificate, decrypts the signed hash by using the
public key of the CA, computes a new hash of the certificate
content, and compares the two hashes.
If the hashes match, the signature is verified and Bob can assume
that the public key in the certificate does indeed belong to Alice.
Bob uses Alice's verified public key to encrypt a message to her.
Alice uses her private key to decrypt the message from Bob.
42
Cont.…
In summary, the certificate signing process enables Bob to verify
that the public key was not tampered with or corrupted during
transit.
Before issuing a certificate, the CA hashes the contents, signs
(encrypts) the hash by using its own private key, and includes the
encrypted hash in the issued certificate.
Bob verifies the certificate contents by decrypting the hash with
the CA public key, performing a separate hash of the certificate
contents, and comparing the two hashes.
If they match, Bob can be reasonably certain that the certificate
43
Cont.…
44
Cont.…
A certificate is a signed data structure that binds a public key to a
person, computer, or organization. Certificates are issued by
certification authorities (CAs).
All who are party to secure communications that make use of a
public key rely on the CA to adequately verify the identities of the
individuals, systems, or entities to which it issues certificates.
The level of verification typically depends on the level of security
required for the transaction. If the CA can suitably verify the
identity of the requester, it signs (encrypts), encodes, and issues
the certificate.
45
Key Distribution
In symmetric key cryptography, both parties must possess a secret key
which they must exchange prior to using any encryption and key must
be protected from access by others.
Distribution of secret keys can be achieved in a number of ways for two
parties A and B.
Key could be selected by A and physically delivered to B.
A third party could select the key and physically deliver it to A and B.
If A and B have previously and recently used a key, one party could
transmit the new key to the other, encrypted using the old key.
If A and B each have an encrypted connection to a third-party C, and
C could deliver. A key on the encrypted links to A and B.
46
Cont.…
47
Cont.…
48
Cont.…
This configuration consists of the following elements:-
Key distribution center (KDC):- The KDC determines which
systems are allowed to communicate with each other. When the
permission is granted for two systems to establish a connection,
the key distribution center provides a one-time session key for that
connection.
Security service module (SSM):- The module which may
consists of functionality at one protocol layer, performs end-to-end
encryption and obtains session keys on behalf of users.
49
Cont.…
The steps involved in the connection establishment are:-
Step 1:- When one host wishes to set up a connection to another host, it
transmits a connection request packet.
Step 2:- The SSM saves that packet and applies to the KDC for
permission to establish the connection.
Step 3:- The communication between SSM and KDC is encrypted using a
master key shared by only this SSM and KDC. If KDC approves the
connection request, it generates the session key and delivers it to the
two appropriate SSMs using unique permanent key for each MMS.
Step 4: Connection release.
50
Cont.…
Advantages with automatic key distribution approach:-
Provides the flexibility and dynamic characteristics needed by
the terminals to exchange data.
51
End.
52