BY: Charu Gupta B.Tech CS 3rd yr Roll no.

0821510020
1

Key Cipher text

Key

Plaintext

Encryption

Decryption

Plaintext

3 cryptographic algorithms: Message-digest algorithm Map variable-length plaintext to fixed-length cipher text. Secret-key algorithm Use one single key to encrypt and decrypt Public-key algorithm Use 2 different keys public key and private key.

Use a secret key to encrypt a message into cipher text. Use the same key to decrypt the cipher text to the original message. Also called Symmetric cryptography.
Secret Key Cipher text Secret Key

Plaintext

Encryption

Decryption

Plaintext

Secret-Key Problem?

All keys need to be replaced, if one key is compromised. Not practical for the Internet environment. On the other hand, the encryption speed is fast. Suitable to encrypt your personal data.

Public-key Encryption

Involves 2 distinct keys public, private. The private key is kept secret and never be divulged, and it is password protected (Pass phase). The public key is not secret and can be freely distributed, shared with anyone. It is also called asymmetric cryptography. Two keys are mathematically related, it is infeasible to derive the private key from the public key. 100 to 1000 times slower than secret-key algorithms.
Public Key Cipher text Private Key

Plaintext

Encryption

Decryption

Plaintext

How to use 2 different keys?

Just

an example:

Public Key = 4, Private Key = 1/4, message M =

5 Encryption:
Cipher text C = M * Public Key 5 * 4 = 20

Decryption: Plaintext M = C * Private Key 20 * = 5

Public-Private Encryption
Public key

Public Key Directory

Private key

User A Using public key Encrypted Text Insecure Channel

User B Using Private Key decrypted Text

Digital Signature
Suppose message

encrypted with public key is tampered by some1 in b/w then u receive a corrupted message when decrypted using private key..solution is digital signature..reverse of assymetric process..

Digital Signature Generation and Verification

Message Sender Message Hash function Digest Private Key Encryption Signature Message Receiver Message Hash function

Public Key

Decryption Expected Digest Digest

It is an electronic stamp or seal that append to the document.

Ensure the document being unchanged during transmission. Also ensures non repudiation since the sender only had the private key, cannot deny he send message

Logs in for o/l banking

USER

Public key sent for encrypting messages

BANK

Fake pubic key send

message encrypted with public key sent

Data encrypted with fake public key

Bank decrypts message with private key

FAKE BANK

fake website decrypyts message with private key NEED OF AUTHENTICATION

This is where digital certificates come in.

A digital certificate is like a license or PAN that contains information about its holder(in this case public key) verified by an official authority which gives assurance to the other party that yes this is person who he claims to be.

The main function of a digital certificate is to ensure that a user sending a file or message is who or she claims to be. In addition ,digital IDs provide a higher degree of security by encrypting messages so only the specified recipients can access the contents.

A digital certificate is an electronic ID" issued by a certification authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Digital certificates can be kept in registries so that authenticating users can look up other users' public keys.

Digital Certificates

When a Web browser like Firefox, Netscape or Internet Explorer makes a secure connection, the digital certificate is automatically turned over for review. The browser checks it for anomalies or problems, and pops up an alert if any are found. When digital certificates are in order, the browser completes secure connections without interrupt.

Creating a Digital Certificate and its component

Version of Certificate Standard

Certificate Serial Number Signature Algorithm Identifier

Hashing Algorithm

Issuer
Period of Validity

Message Digest

Subject
C=US ST=NY L=Albany O=OFT CN=John Doe

Subjects Public Key

Algorithm Identifier + Key Value

Signature of Issuer

Issuers Private Key

Raman generates key pair

Certificate Request

WORKING OF DIGITAL CERTIFICATES

User Certificate Signed by using CAs private key Serial No. User Name Users Email Address
License issued by CCA

Certificate Database

CA

Raman

Signed Certificate

M E S S A G E

verifies requester credentials and binds his public key in the certificate

User 1 certificate User 2 certificate .

Users Public Key

CAs Name

Raman provide geeta with DC &certifies his key Verifies sender msg using senders public key

Certificate Class Validity Digital Signature of CA

Web site of CA

Geeta

geeta verifies CA signature using CA public key (already known)

Public key of CA

Certificate Authorities
A CA is responsible for verifying the identity of a requesting entity before issuing a certificate. The CA then signs the certificate using its private key, which is used to verify the certificate. A CA's public keys are distributed in software packages such as Web browsers and operating systems, or they can also be added manually by the user.

Each organization may have a CA that issues certificates for its employees Public CAs - e.g., Verisign -- issue certificates for anyone Banks etc may issue certificates for customers How do people with certificates from different CAs talk to each other?

CERTIFICATES IN OUR WEB BROWSER TOOLS->OPTIONS->SECURITY->CERTIFICATES

Certificate Authorities
MCI RSA AT&T Thawte Verizon

Certificate types
Personal certificate Server certificate Software publisher certificate CA certificate

Certificate revocation /cancellation

Sometimes the issuer need to revocate certificate The subject attribute changed The subject misused the certificate There are forged certificate Published in a certificate revocation list , this revocation list is checked by the browser before establishing connection

Security Issues Privacy

Issues & Solutions

Security Solutions Encryption/decryption

two communication parties scramble/unscramble information via special keys only they possess

ensure that only the sender and the intended recipient can read the contents of the message

Authentication
ensure that all parties are who they claim to be such that there is no spoofing (pretending to be someone else) and misrepresentation (misleading purpose)

Digital Certificates ( PKI)

the process of confidently confirming the identity of one party by another party

Integrity
ensure that information is not tampered with in transit to the recipient

Digital signature ( PKI)

using an encrypted one-way hash algorithm, the change of a single character can be detected

Non-repudiation
ensure that a party to a genuine transaction cannot falsely deny its participation

Digital Certif./Signatures ( PKI)

Password based or certificate based acts of proof that the transaction was commissioned by a designated party

Greater customer satisfaction/confidence.peace of mind that CA guarantees your Clients FULL authentication when issuing DC.SAFER business environment for your customer as well as yourself Certificate encrypted with cas private key .receiver s/w has public key s of most CA's.So receiver can check if cas really created the certificate

Disadvantages
The certifying authorities structure is incredibly Complex and must be changed in some way before it could be easily applied to Internet users, but will be essential to a large scale evolution in e-commerce Financial Disadvantages Certification authorities typically require a subscription to their service, which requires monthly payments to continue the relationship. In addition, multiple certificates for different sites or purposes can become a costly endeavor. Technological Disadvantages Creating a platform that accepts all digital certificates is a difficult undertaking, and human carelessness may compromise the safety of login credentials.

Trusted authorities may make mistake Most user m/c which store private key r vulnerable to misuse n theft When u are installing or downloading a file your computer warns you when the files has no digital certificate. However, even if the file is digitally signed, the certificate does not guarantee that the software will function correctly this is limitation of digital certificate. Furthermore, a digital certificate has a validity period usually 1 to 2 yrs- that sets up when the certificate is valid and when it will be revoked.

Applications
part of many security protocols implemented by software publishers Online Businesses, For secure e commerce e-libraries most browsers store digital certificates of trusted authorities so that you are visiting the right website And warns you when the certificate presented is invalid. government transactions, legally binding situations. interaction with a lack of prior knowledge about the involved parties For the authentication of e-mails, files, web servers, executables, copyright protection and virtually all computer based application that require authentication

 A digital certificate is an electronic "passport" that establishes your credentials when doing business or other transactions on the Web. It is issued by a certification authority (CA). It is probable that in the near future organizations and individuals will have several digital certificates (IDs) for a range of different activities in which they are required to validate their identities. For example, a person working within a government department may use one digital ID to access confidential information within an intranet while using another separate ID to make on line purchases. The government or department can be the authority that issues digital certificates. Can be used for verifying ,identifying instead of revealing.

Q/A

Thank You