Public Key Cryptography
Upcoming SlideShare
Loading in...5
×
 

Public Key Cryptography

on

  • 467 views

Updated version of my slides about Public Key Cryptography, with some additions about the legal status of PKC in the world

Updated version of my slides about Public Key Cryptography, with some additions about the legal status of PKC in the world

Statistics

Views

Total Views
467
Views on SlideShare
467
Embed Views
0

Actions

Likes
0
Downloads
16
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Public Key Cryptography Public Key Cryptography Presentation Transcript

  • Public key cryptography: a practical approach Israel Herraiz <isra@herraiz.org> <israel.herraiz@upm.es> KeyID FE0A7AF3 Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF3 Slides and additional info at http://mat.caminos.upm.es/~iht/pkc/ 1http://herraiz.org
  • Privacy in electronic communicatios Can we ensure privacy in electronic communications? 2http://herraiz.org
  • Reaching Google 1 10.8.0.1 (10.8.0.1) 2 192.168.1.1 (192.168.1.1) 3 62.81.125.179.static.user.ono.com (62.81.125.179) 4 10.115.49.217 (10.115.49.217) 5 10.127.151.49 (10.127.151.49) 6 10.127.10.137 (10.127.10.137) 7 10.127.10.133 (10.127.10.133) 8 10.127.3.82 (10.127.3.82) 9 213.242.71.21 (213.242.71.21) 10 ae-5-5.ebr1.Paris1.Level3.net (4.69.141.42) 11 ae-45-45.ebr1.London1.Level3.net (4.69.143.101) 12 ae-1-51.edge3.London1.Level3.net (4.69.139.73) 13 unknown.Level3.net (212.113.15.186) 14 209.85.255.78 (209.85.255.78) 15 66.249.95.173 (66.249.95.173) 16 216.239.49.45 (216.239.49.45) 17 * * * 18 ww-in-f147.1e100.net (209.85.229.147) 3http://herraiz.org
  • Reaching Google 1 10.8.0.1 (10.8.0.1) 2 192.168.1.1 (192.168.1.1) Getafe 3 62.81.125.179.static.user.ono.com (62.81.125.179) 4 10.115.49.217 (10.115.49.217) 5 10.127.151.49 (10.127.151.49) Barcelona 6 10.127.10.137 (10.127.10.137) 7 10.127.10.133 (10.127.10.133) 8 10.127.3.82 (10.127.3.82) 9 213.242.71.21 (213.242.71.21) Minneapolis 10 ae-5-5.ebr1.Paris1.Level3.net (4.69.141.42) Paris 11 ae-45-45.ebr1.London1.Level3.net (4.69.143.101) 12 ae-1-51.edge3.London1.Level3.net (4.69.139.73) London 13 unknown.Level3.net (212.113.15.186) 14 209.85.255.78 (209.85.255.78) Atlanta 15 66.249.95.173 (66.249.95.173) New York 16 216.239.49.45 (216.239.49.45) Los Angeles 17 * * * 18 ww-in-f147.1e100.net (209.85.229.147) Atlanta 4http://herraiz.org
  • Hops while attempting to reach Google 5http://herraiz.org
  • Is it that bad? What kind of private Information can be captured? 6http://herraiz.org
  • Non-cyphered information ● Geolocalization ● Using your IP address ● Web browser and operating system ● Any info written in a form ● Including passwords ● Cookies ● Have a look and take care – http://www.youtube.com/watch?v=yyLdxO6xvh8 – http://www.youtube.com/watch?v=1FgKL2ywrX0 7http://herraiz.org
  • Is it important? ● Strong PK crypto illegal in France up to 2004 ● PK implementations in software considered weapons in the US ● Software export restrictions in EU and US http://en.wikipedia.org/wiki/Cryptography_law http://en.wikipedia.org/wiki/Key_disclosure_law http://en.wikipedia.org/wiki/Phil_Zimmermann http://en.wikipedia.org/wiki/Export_of_cryptography_in_the_United_States#History 8http://herraiz.org
  • Solution Enforce cyphering using public key cryptography 9http://herraiz.org
  • Cryptography ● Traditionally, cyphering was done using a password and an algorithm ● Symmetric approach ● Password shared by both peers ● Public key cryptography ● Insecure channel ● Private and secure communication without any previous physical contact 10http://herraiz.org
  • Public key cryptography (PKP) Pub Pri Pub Pri 11http://herraiz.org
  • Public key cryptography Pub Pri Pub Pri Keyserver Pub Pub 12http://herraiz.org
  • Criptografía de clave pública Hi there! Pub Pri Pub Pri Keyserver Pub Pub 13http://herraiz.org
  • Public key cryptography Pub 0F231A5 Pub Pri Pub Pri Keyserver Pub Pub 14http://herraiz.org
  • Public key cryptography Pub 0F231A5 Pub Pri Pub Pri Keyserver Pub Pub 15http://herraiz.org
  • Public key cryptography Hi there! Pub Pri Pub Pri Keyserver Pub Pub 16http://herraiz.org
  • How does it work? ● PKP Algorithms ● Prime number factorization ● From a mathematical point of view, all messages can be decrypted ● From a computational point of view, decrypting a message without the private key takes too long – Key length is a crucial property 17http://herraiz.org
  • Public key sample-----BEGIN PGP PUBLIC KEY BLOCK-----Version: GnuPG v2.0.19 (GNU/Linux)JeP5F/eRS9G8EE1fObRRW6mRf+bGSeluFEMiOi3UB/5P0GBx8iM0QIjezR0R+2n8bMjuJmWHTjvEeplnx9iual4J4BT/9FznFs7o4tFVVfYBacFrhWjQyAf2xoP3gyn35OlV55VHVB+oidXUVNSNHZbXwrd1sH42x7x8o17PDFJrWjiq4kAb2EfSOIuSS6naK9Y06bqh3yRbVtRdZOuCLcY8QJwt/mx//uQqG6NuSvYhx1QyC6g==XuDESOIuSSamQINBEtUTeQBEACejdGQhscmsDXM7xG2/ZYFpMQg/GmPlJ85uJJUkLr2T+5Rw8XvVfZjNZkMwsq94BGFrBxu477tKhQ5wiUBBz/jJ01a39Wrazgp21fvEon2T0Vay45t2BYbU4AF815UL6o74YlW5SLdAofwylZS8pX4CKjGAB0T+fDiwkAepQl45nzX0ulv-----END PGP PUBLIC KEY BLOCK----- 18http://herraiz.org
  • Private key sample-----BEGIN PGP PRIVATE KEY BLOCK-----Version: GnuPG v2.0.19 (GNU/Linux)mQINBEtUTeQBEACejdGQhscmsDXM7xG2/ZYFpMQg/GmPlJ85uJJUkLr2T+5Rw8XvJeP5F/eRS9G8EE1fObRRW6mRf+bGSeluFEMiOi3UB/5P0GBx8iM0QIjezR0R+2n8VfZjNZkMwsq94BGFrBxu477tKhQ5wiUBBz/jJ01a39Wrazgp21fvEon2T0Vay45t2BYbU4AF815UL6o74YlW5SLdAofwylZS8pX4CKjGAB0T+fDiwkAepQl45nzX0ulvbMjuJmWHTjvEeplnx9iual4J4BT/9FznFs7o4tFVVfYBacFrhWjQyAf2xoP3gyn35OlV55VHVB+oidXUVNSNHZbXwrd1sH42x7x8o17PDFJrWjiq4kAb2EfSOIuSS6naK9Y06bqh3yRbVtRdZOuCLcY8QJwt/mx//uQqG6NuSvYhx1QyC6g==XuDESOIuSSa-----END PGP PRIVATE KEY BLOCK----- 19http://herraiz.org
  • Keyservers ● Internet hosts that contain public keys ● Federated services ● All servers contain all the public keys in the world ● Public keyserver in Spain thanks to RedIRIS ● URL: pgp.rediris.es 20http://herraiz.org
  • Message signing Hi there! Pub Pri Pub Pri Keyserver Pub Pub 21http://herraiz.org
  • Message signing Created with the private key Hi there! Pub Pri Pub Pri Keyserver Pub Pub 22http://herraiz.org
  • Message signing Hi there! Pub Pri Pub Pri Keyserver Pub Pub 23http://herraiz.org
  • Signing and encrypting Hi there! Pub Pri Pub Pri Keyserver Pub Pub 24http://herraiz.org
  • Signing and encrypting Pub FAD43A Pub Pri Pub Pri Keyserver Pub Pub 25http://herraiz.org
  • Signing and encrypting Pub FAD43A Pub Pri Pub Pri Keyserver Pub Pub 26http://herraiz.org
  • Signing and encrypting Hi there! Pub Pri Pub Pri Keyserver Pub Pub 27http://herraiz.org
  • Signing and encrypting Hi there! Pub Pri Pub Pri Keyserver Pub Pub 28http://herraiz.org
  • Identity certification How do you know that public keys belong to their legitimate owners? Public key Can we ensure that the Barack Obama key does belong to Barack Obama? 29http://herraiz.org
  • Identity certification Certificate Authorities Trust chain 30http://herraiz.org
  • Public key signing ● Public keys are plain text documents that can be cryptographically signed ● Mutual public signing adds identity certification to PKP schemes 31http://herraiz.org
  • Public key signing Barack Obama Pub Pri Pub Pri Keyserver Pub Pub 32http://herraiz.org
  • Public key signing Barack Obama Key FE0A7AF2 Name Barack Obama Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2 Pub Pri Pub Pri Keyserver Pub Pub 33http://herraiz.org
  • Public key signing Barack Obama Key FE0A7AF2 Name Barack Obama Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2 Pub Pri Pub Pri Keyserver Pub Pub 34http://herraiz.org
  • Public key signing Show me your passport Barack Obama Key FE0A7AF2 Name Barack Obama Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2 Pub Pri Pub Pri Keyserver Pub Pub 35http://herraiz.org
  • Public key signing Show me your passport Barack Obama Key FE0A7AF2 Name Barack Obama Fingerprint Passport D0DA E915 BFDD E5CD 8BA0 Barack B159 7E97 2ACB FE0A 7AF2 Obama Pub Pri Pub Pri Keyserver Pub Pub 36http://herraiz.org
  • Public key signing Pub Key FE0A7AF2 Barack Obama Name Barack Obama D0DA E915 BFDD E5CD 8BA0 Fingerprint B159 7E97 2ACB FE0A 7AF2 D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2 Download key FE0A7AF2 Pub Pri Keyserver Pub Pub 37http://herraiz.org
  • Public key signing Pub Key FE0A7AF2 Barack Obama Name Barack Obama D0DA E915 BFDD E5CD 8BA0 Fingerprint B159 7E97 2ACB FE0A 7AF2 D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2 Pub Pri Keyserver Pub Pub 38http://herraiz.org
  • Public key signing Pub Key FE0A7AF2 Barack Obama Name Barack Obama D0DA E915 BFDD E5CD 8BA0 Fingerprint B159 7E97 2ACB FE0A 7AF2 D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2 Pub Pri Keyserver Pub Pub 39http://herraiz.org
  • Public key signing Barack Obama Key signing is often mutual Pub Pri Pub Pri Keyserver Pub Pub 40http://herraiz.org
  • Public key signing Barack Obama Trust chain Pub Pub Is he Barack Pub Obama? 41http://herraiz.org
  • Signing party 42http://herraiz.org
  • Take away PK Cryptog. Each user creates Secure comms. a public-private through key pair insec. channels Trust chain Keyservers Identity cert. contain every through key in the world public key signing 43http://herraiz.org