public key distribution- cryptography and network security
Upcoming SlideShare
Loading in...5

public key distribution- cryptography and network security



Fast and authenticated - vertical handovers in heterogeneous networks by 802.11r

Fast and authenticated - vertical handovers in heterogeneous networks by 802.11r



Total Views
Views on SlideShare
Embed Views



1 Embed 1 1


Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

public key distribution- cryptography and network security public key distribution- cryptography and network security Presentation Transcript

  • Public Key Distribution
  • INTRODUCTIONIf BOB wants to send message to ALICE, Bob needs only Alice public key .Public key is freely available to every oneAny one can have access to anybody’s key.In public key Cryptography , every one shields private key and advertise public key.In other words, every one has access to everyone’s public key; public keys are available to public.
  • Public AnnouncementBy this approach announcement of public key is made publicly.BOB can put public key on website or announce it on local newspaper.When ALICE needs to communicate with BOB then Alice needs to obtain BOBs key from site/newspaper or send message to ask for key.
  • Drawback of AnnouncementThis approach is not secure, it is subject to forgery.Example- Eve could make such public announcement and before Bob can react, Eve would hack Bob’s file.Eve can fool Alice into sending her message that is intended for BobEve could sign a document with a corresponding forged private key and make every one believe that it was signed by Bob.Approach is vulnerable when Alice directly requests Bob’s public key, Eve can intercept Bob’s response and substitute his own forged public key instead of Bob’s.
  • Use of Trusted Center In this approach, there is trusted center that retains directory of public keys. Directory like telephone system, is dynamically updated. Each user can select a private and public . . . . key, keep private key and deliver the public Alice Ka key for insertion into the directory. . . . . BOb Kb The center have condition that each user . . register in the center and proves his/her . . identity. The directory can publicly advertise by the trusted center. The center can also respond to any inquiry about public key.
  • Controlled Trusted CenterA higher level of security can be achieved if there are added controls on the distribution of public key.The public key announcement includes timestamp and be signed by authority to prevent interception and modifications of response.Example-Alice need Bobs public key, she requests to center including bobs name and timestamp. Center respond with Bobs public key and timestamp signed with private key of center. Alice use public key of center, known by all, to verify timestamp. If timestamp is verified , Alice extract bobs public key.
  • Controlled Trusted Center . . . . Directory Alice Ka . . . . Bob KbAlice . . . . Trusted center Bobs public key T: timestamp Needs Bob’s key, Needs Bobs key, T
  • Drawback of controlled trusted centerControlled trusted center approach create heavy load on the center if number of requests are large.To over come this – creation of certificates was done(public key certificates).
  • Certificate Authority (CA) Bob wants two things- he wants people to know his public key and wants no one to accept a forged key as his. Bob would go to certificate authority/ federal/state organisation that binds public key and issue an certificate. The CA has well known public key itself that cannot be forged. The CA checks Bobs identification(proof), then ask for public key and write it on the certificate. To prevent certificate for being forged , the CA signs the certificate with its private key. Now Bob can upload the signed certificate and anyone can download the cerifiacte and use the centers public key to extract Bobs public key.
  • Certificate Authority (CA) . . . . Alice KaDirectory . . . . <---- --------- BOb Kb Recording . . . . Bob’s ----- CA Applying Bobs public key Issuing Bob’s Certificate Signed with CA’s Distributing to public Private key
  • Drawback of certificate Authority Although the use of CA has solved the problem of public key fraud, it has created a side effect . Each certificate may have different format. If Alice wants to use a program to automatically download different certificates and digest belonging to different people, tha program may not be able to do this. One certificate may have the public key in one format and other in different format. The public key may be on the first line or third line on different certificate. Anything that needs to be used universally must have a universal format. To remove this side effect , ITU designed X.59. Accepted by the internet changes and use protocol called ASN.1(abstract syntax notation 1) X.509 is a way to describe the certificate in a structured way.
  • X.509 certificate formatVersion numberSerial NumberSignatureAlgorithm IDIssuer name Hash Signature SignedValidity period Digest algorithm Algorithm DigestSubject name Signed with CA’sSubject public private keykeyIssuer uniqueidentifierExtensions Hash algorithm ID+ Cipher ID + ParametersSignature
  • Revoked
  • Certificate Renewal and RevocationEach Certificate has a period of validity. If there is no problem with the certificate, the CA issues a new certificate before the old one expires. The process like the renewal of credit cards by a credit card company.Revocation means deleting & remaking. The user private key might have been comprised. The CA is no longer willing to certify the user. CA private key, which can verify certificates, may have been compromised. Such cases CA revokes all certificates.  Revocation is done periodically issuing a certificate revocation list(CRL). List is checked when certificate is
  • Certificate Renewal andRevocation Signature Algorithm ID Issuer name This Update Date Next Update Date Hash Signature Signed Algorithm Digest Revoked Algorithm Digest Certificate Signed with CA’s private key : : Revoked Certificate Hash algorithm ID+ Cipher ID + Parameters Signature
  • Public key infrastructuresIt is model for creating, distributing and revoking certificates based on X.509
  • Thank You