Public Key Cryptography

770 views

Published on

Updated version of my slides about Public Key Cryptography, with some additions about the legal status of PKC in the world

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
770
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
22
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Public Key Cryptography

  1. 1. Public key cryptography: a practical approach Israel Herraiz <isra@herraiz.org> <israel.herraiz@upm.es> KeyID FE0A7AF3 Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF3 Slides and additional info at http://mat.caminos.upm.es/~iht/pkc/ 1http://herraiz.org
  2. 2. Privacy in electronic communicatios Can we ensure privacy in electronic communications? 2http://herraiz.org
  3. 3. Reaching Google 1 10.8.0.1 (10.8.0.1) 2 192.168.1.1 (192.168.1.1) 3 62.81.125.179.static.user.ono.com (62.81.125.179) 4 10.115.49.217 (10.115.49.217) 5 10.127.151.49 (10.127.151.49) 6 10.127.10.137 (10.127.10.137) 7 10.127.10.133 (10.127.10.133) 8 10.127.3.82 (10.127.3.82) 9 213.242.71.21 (213.242.71.21) 10 ae-5-5.ebr1.Paris1.Level3.net (4.69.141.42) 11 ae-45-45.ebr1.London1.Level3.net (4.69.143.101) 12 ae-1-51.edge3.London1.Level3.net (4.69.139.73) 13 unknown.Level3.net (212.113.15.186) 14 209.85.255.78 (209.85.255.78) 15 66.249.95.173 (66.249.95.173) 16 216.239.49.45 (216.239.49.45) 17 * * * 18 ww-in-f147.1e100.net (209.85.229.147) 3http://herraiz.org
  4. 4. Reaching Google 1 10.8.0.1 (10.8.0.1) 2 192.168.1.1 (192.168.1.1) Getafe 3 62.81.125.179.static.user.ono.com (62.81.125.179) 4 10.115.49.217 (10.115.49.217) 5 10.127.151.49 (10.127.151.49) Barcelona 6 10.127.10.137 (10.127.10.137) 7 10.127.10.133 (10.127.10.133) 8 10.127.3.82 (10.127.3.82) 9 213.242.71.21 (213.242.71.21) Minneapolis 10 ae-5-5.ebr1.Paris1.Level3.net (4.69.141.42) Paris 11 ae-45-45.ebr1.London1.Level3.net (4.69.143.101) 12 ae-1-51.edge3.London1.Level3.net (4.69.139.73) London 13 unknown.Level3.net (212.113.15.186) 14 209.85.255.78 (209.85.255.78) Atlanta 15 66.249.95.173 (66.249.95.173) New York 16 216.239.49.45 (216.239.49.45) Los Angeles 17 * * * 18 ww-in-f147.1e100.net (209.85.229.147) Atlanta 4http://herraiz.org
  5. 5. Hops while attempting to reach Google 5http://herraiz.org
  6. 6. Is it that bad? What kind of private Information can be captured? 6http://herraiz.org
  7. 7. Non-cyphered information ● Geolocalization ● Using your IP address ● Web browser and operating system ● Any info written in a form ● Including passwords ● Cookies ● Have a look and take care – http://www.youtube.com/watch?v=yyLdxO6xvh8 – http://www.youtube.com/watch?v=1FgKL2ywrX0 7http://herraiz.org
  8. 8. Is it important? ● Strong PK crypto illegal in France up to 2004 ● PK implementations in software considered weapons in the US ● Software export restrictions in EU and US http://en.wikipedia.org/wiki/Cryptography_law http://en.wikipedia.org/wiki/Key_disclosure_law http://en.wikipedia.org/wiki/Phil_Zimmermann http://en.wikipedia.org/wiki/Export_of_cryptography_in_the_United_States#History 8http://herraiz.org
  9. 9. Solution Enforce cyphering using public key cryptography 9http://herraiz.org
  10. 10. Cryptography ● Traditionally, cyphering was done using a password and an algorithm ● Symmetric approach ● Password shared by both peers ● Public key cryptography ● Insecure channel ● Private and secure communication without any previous physical contact 10http://herraiz.org
  11. 11. Public key cryptography (PKP) Pub Pri Pub Pri 11http://herraiz.org
  12. 12. Public key cryptography Pub Pri Pub Pri Keyserver Pub Pub 12http://herraiz.org
  13. 13. Criptografía de clave pública Hi there! Pub Pri Pub Pri Keyserver Pub Pub 13http://herraiz.org
  14. 14. Public key cryptography Pub 0F231A5 Pub Pri Pub Pri Keyserver Pub Pub 14http://herraiz.org
  15. 15. Public key cryptography Pub 0F231A5 Pub Pri Pub Pri Keyserver Pub Pub 15http://herraiz.org
  16. 16. Public key cryptography Hi there! Pub Pri Pub Pri Keyserver Pub Pub 16http://herraiz.org
  17. 17. How does it work? ● PKP Algorithms ● Prime number factorization ● From a mathematical point of view, all messages can be decrypted ● From a computational point of view, decrypting a message without the private key takes too long – Key length is a crucial property 17http://herraiz.org
  18. 18. Public key sample-----BEGIN PGP PUBLIC KEY BLOCK-----Version: GnuPG v2.0.19 (GNU/Linux)JeP5F/eRS9G8EE1fObRRW6mRf+bGSeluFEMiOi3UB/5P0GBx8iM0QIjezR0R+2n8bMjuJmWHTjvEeplnx9iual4J4BT/9FznFs7o4tFVVfYBacFrhWjQyAf2xoP3gyn35OlV55VHVB+oidXUVNSNHZbXwrd1sH42x7x8o17PDFJrWjiq4kAb2EfSOIuSS6naK9Y06bqh3yRbVtRdZOuCLcY8QJwt/mx//uQqG6NuSvYhx1QyC6g==XuDESOIuSSamQINBEtUTeQBEACejdGQhscmsDXM7xG2/ZYFpMQg/GmPlJ85uJJUkLr2T+5Rw8XvVfZjNZkMwsq94BGFrBxu477tKhQ5wiUBBz/jJ01a39Wrazgp21fvEon2T0Vay45t2BYbU4AF815UL6o74YlW5SLdAofwylZS8pX4CKjGAB0T+fDiwkAepQl45nzX0ulv-----END PGP PUBLIC KEY BLOCK----- 18http://herraiz.org
  19. 19. Private key sample-----BEGIN PGP PRIVATE KEY BLOCK-----Version: GnuPG v2.0.19 (GNU/Linux)mQINBEtUTeQBEACejdGQhscmsDXM7xG2/ZYFpMQg/GmPlJ85uJJUkLr2T+5Rw8XvJeP5F/eRS9G8EE1fObRRW6mRf+bGSeluFEMiOi3UB/5P0GBx8iM0QIjezR0R+2n8VfZjNZkMwsq94BGFrBxu477tKhQ5wiUBBz/jJ01a39Wrazgp21fvEon2T0Vay45t2BYbU4AF815UL6o74YlW5SLdAofwylZS8pX4CKjGAB0T+fDiwkAepQl45nzX0ulvbMjuJmWHTjvEeplnx9iual4J4BT/9FznFs7o4tFVVfYBacFrhWjQyAf2xoP3gyn35OlV55VHVB+oidXUVNSNHZbXwrd1sH42x7x8o17PDFJrWjiq4kAb2EfSOIuSS6naK9Y06bqh3yRbVtRdZOuCLcY8QJwt/mx//uQqG6NuSvYhx1QyC6g==XuDESOIuSSa-----END PGP PRIVATE KEY BLOCK----- 19http://herraiz.org
  20. 20. Keyservers ● Internet hosts that contain public keys ● Federated services ● All servers contain all the public keys in the world ● Public keyserver in Spain thanks to RedIRIS ● URL: pgp.rediris.es 20http://herraiz.org
  21. 21. Message signing Hi there! Pub Pri Pub Pri Keyserver Pub Pub 21http://herraiz.org
  22. 22. Message signing Created with the private key Hi there! Pub Pri Pub Pri Keyserver Pub Pub 22http://herraiz.org
  23. 23. Message signing Hi there! Pub Pri Pub Pri Keyserver Pub Pub 23http://herraiz.org
  24. 24. Signing and encrypting Hi there! Pub Pri Pub Pri Keyserver Pub Pub 24http://herraiz.org
  25. 25. Signing and encrypting Pub FAD43A Pub Pri Pub Pri Keyserver Pub Pub 25http://herraiz.org
  26. 26. Signing and encrypting Pub FAD43A Pub Pri Pub Pri Keyserver Pub Pub 26http://herraiz.org
  27. 27. Signing and encrypting Hi there! Pub Pri Pub Pri Keyserver Pub Pub 27http://herraiz.org
  28. 28. Signing and encrypting Hi there! Pub Pri Pub Pri Keyserver Pub Pub 28http://herraiz.org
  29. 29. Identity certification How do you know that public keys belong to their legitimate owners? Public key Can we ensure that the Barack Obama key does belong to Barack Obama? 29http://herraiz.org
  30. 30. Identity certification Certificate Authorities Trust chain 30http://herraiz.org
  31. 31. Public key signing ● Public keys are plain text documents that can be cryptographically signed ● Mutual public signing adds identity certification to PKP schemes 31http://herraiz.org
  32. 32. Public key signing Barack Obama Pub Pri Pub Pri Keyserver Pub Pub 32http://herraiz.org
  33. 33. Public key signing Barack Obama Key FE0A7AF2 Name Barack Obama Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2 Pub Pri Pub Pri Keyserver Pub Pub 33http://herraiz.org
  34. 34. Public key signing Barack Obama Key FE0A7AF2 Name Barack Obama Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2 Pub Pri Pub Pri Keyserver Pub Pub 34http://herraiz.org
  35. 35. Public key signing Show me your passport Barack Obama Key FE0A7AF2 Name Barack Obama Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2 Pub Pri Pub Pri Keyserver Pub Pub 35http://herraiz.org
  36. 36. Public key signing Show me your passport Barack Obama Key FE0A7AF2 Name Barack Obama Fingerprint Passport D0DA E915 BFDD E5CD 8BA0 Barack B159 7E97 2ACB FE0A 7AF2 Obama Pub Pri Pub Pri Keyserver Pub Pub 36http://herraiz.org
  37. 37. Public key signing Pub Key FE0A7AF2 Barack Obama Name Barack Obama D0DA E915 BFDD E5CD 8BA0 Fingerprint B159 7E97 2ACB FE0A 7AF2 D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2 Download key FE0A7AF2 Pub Pri Keyserver Pub Pub 37http://herraiz.org
  38. 38. Public key signing Pub Key FE0A7AF2 Barack Obama Name Barack Obama D0DA E915 BFDD E5CD 8BA0 Fingerprint B159 7E97 2ACB FE0A 7AF2 D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2 Pub Pri Keyserver Pub Pub 38http://herraiz.org
  39. 39. Public key signing Pub Key FE0A7AF2 Barack Obama Name Barack Obama D0DA E915 BFDD E5CD 8BA0 Fingerprint B159 7E97 2ACB FE0A 7AF2 D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2 Pub Pri Keyserver Pub Pub 39http://herraiz.org
  40. 40. Public key signing Barack Obama Key signing is often mutual Pub Pri Pub Pri Keyserver Pub Pub 40http://herraiz.org
  41. 41. Public key signing Barack Obama Trust chain Pub Pub Is he Barack Pub Obama? 41http://herraiz.org
  42. 42. Signing party 42http://herraiz.org
  43. 43. Take away PK Cryptog. Each user creates Secure comms. a public-private through key pair insec. channels Trust chain Keyservers Identity cert. contain every through key in the world public key signing 43http://herraiz.org

×