• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Alice & bob  public key cryptography 101
 

Alice & bob public key cryptography 101

on

  • 5,660 views

 

Statistics

Views

Total Views
5,660
Views on SlideShare
5,606
Embed Views
54

Actions

Likes
3
Downloads
113
Comments
1

2 Embeds 54

https://bb.csueastbay.edu 53
https://twitter.com 1

Accessibility

Categories

Upload Details

Uploaded via as Apple Keynote

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

11 of 1 previous next

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • Very useful for me
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • 1. Easy to guess, brute force, note I’m saying KEY is too simple, not the Algorithm\n2. everybody can know the key\n3. Same input = same output\n\n
  • 1. Easy to guess, brute force, note I’m saying KEY is too simple, not the Algorithm\n2. everybody can know the key\n3. Same input = same output\n\n
  • 1. Easy to guess, brute force, note I’m saying KEY is too simple, not the Algorithm\n2. everybody can know the key\n3. Same input = same output\n\n
  • 1. Easy to guess, brute force, note I’m saying KEY is too simple, not the Algorithm\n2. everybody can know the key\n3. Same input = same output\n\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • This is not only true for single letters, but can also be used for complete text sentences.\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • greatest common divisor\ne to the power of minus one\n
  • greatest common divisor\ne to the power of minus one\n
  • greatest common divisor\ne to the power of minus one\n
  • greatest common divisor\ne to the power of minus one\n
  • greatest common divisor\ne to the power of minus one\n
  • greatest common divisor\ne to the power of minus one\n
  • greatest common divisor\ne to the power of minus one\n
  • greatest common divisor\ne to the power of minus one\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n

Alice & bob  public key cryptography 101 Alice & bob public key cryptography 101 Presentation Transcript

  • Alice & Bob Public key cryptography 101 Loadays - 16 & 17 april 2011 Antwerp - Belgiumhttp://joind.in/3305
  • Who am I?Joshua Thijssen (32)Senior Software Engineer @ EnriseDevelopment in PHP, Python, Perl,C, Java....Blogs: http://www.adayinthelifeof.nl http://www.enrise.com/blogEmail: joshua@enrise.comTwitter: @jaytaphIdenti.ca: jaytaph
  • What are we discussing?‣ An introduction into public key encryption‣ But first of all...‣ Who are Alice and Bob???
  • Terminology (1)
  • Terminology (1) Meet Alice, and Bob.
  • Terminology (2) Fictional characters who are representing either side of the (communication) line. Person A(lice) is sending a message to person B(ob).
  • Terminology (3)http://labs.google.com/sets?hl=en&q1=plaintext&q2=ciphertext&q3=cipher&q4=deterministic&q5=rsa&btn=Large+Sethttp://www.wordle.net/create
  • Encryption history Before we look at good encryptions, let’s take a look at some bad ones...http://www.flickr.com/photos/wwworks/4612188594/sizes/m/in/photostream/
  • Encryption history (1) “algorithm”: A = 1, B = 2, C = 3, ...., Z = 26‣ SUBSTITUTION SCHEME
  • Encryption history (1) “algorithm”: A = 1, B = 2, C = 3, ...., Z = 26 Encrypted message: 12,1,13,5‣ SUBSTITUTION SCHEME
  • Encryption history (1) “algorithm”: A = 1, B = 2, C = 3, ...., Z = 26 Encrypted message: 12,1,13,5 = L,A,M,E‣ SUBSTITUTION SCHEME
  • Encryption history (2) “algorithm”: A = (A + key) mod 26, B = (B + key) mod 26 .... Z = (Z + key) mod 26 or: m = m + k mod 26‣ CAESAREAN CIPHER
  • Encryption history (2) “algorithm”: A = (A + key) mod 26, B = (B + key) mod 26 .... Z = (Z + key) mod 26 or: Message: L A M E m = m + k mod 26‣ CAESAREAN CIPHER
  • Encryption history (2) “algorithm”: A = (A + key) mod 26, B = (B + key) mod 26 .... Z = (Z + key) mod 26 or: Message: L A M E m = m + k mod 26 Ciphertext (key=1): M B N F‣ CAESAREAN CIPHER
  • Encryption history (2) “algorithm”: A = (A + key) mod 26, B = (B + key) mod 26 .... Z = (Z + key) mod 26 or: Message: L A M E m = m + k mod 26 Ciphertext (key=1): M B N F Ciphertext (key=-1): K Z L D‣ CAESAREAN CIPHER
  • Encryption history (2) “algorithm”: A = (A + key) mod 26, B = (B + key) mod 26 .... Z = (Z + key) mod 26 or: Message: L A M E m = m + k mod 26 Ciphertext (key=1): M B N F Ciphertext (key=-1): K Z L D Ciphertext (key=26): L A M E‣ CAESAREAN CIPHER
  • Encryption history (2) “algorithm”: A = (A + key) mod 26, B = (B + key) mod 26 .... Z = (Z + key) mod 26 or: Message: L A M E m = m + k mod 26 Ciphertext (key=1): M B N F Ciphertext (key=-1): K Z L D Ciphertext (key=26): L A M E Ciphertext (key=0): L A M E‣ CAESAREAN CIPHER
  • Encryption history (2) “algorithm”: A = (A + key) mod 26, B = (B + key) mod 26 .... Z = (Z + key) mod 26 or: Message: L A M E m = m + k mod 26 Ciphertext (key=1): M B N F Ciphertext (key=-1): K Z L D Ciphertext (key=26): L A M E Ciphertext (key=0): L A M E Ciphertext (key=13):Y N Z R (ROT13)‣ CAESAREAN CIPHER
  • Encryption history (3)‣ FLAWS ON THESE CIPHERS
  • Encryption history (3) ‣ Key is too easy to guess.‣ FLAWS ON THESE CIPHERS
  • Encryption history (3) ‣ Key is too easy to guess. ‣ Key has to be send to Bob.‣ FLAWS ON THESE CIPHERS
  • Encryption history (3) ‣ Key is too easy to guess. ‣ Key has to be send to Bob. ‣ Deterministic.‣ FLAWS ON THESE CIPHERS
  • Encryption history (3) ‣ Key is too easy to guess. ‣ Key has to be send to Bob. ‣ Deterministic. ‣ Prone to frequency analysis.‣ FLAWS ON THESE CIPHERS
  • Frequency Analysis (1)
  • Frequency Analysis (1) ‣ The usage of every letter in the English (or any other language) can be represented by a percentage.
  • Frequency Analysis (1) ‣ The usage of every letter in the English (or any other language) can be represented by a percentage. ‣ ‘E’ is used 12.7% of the times in english texts, the ‘Z’ only 0.074%.
  • Frequency Analysis (2) Once upon a midnight dreary, while I pondered, weak and weary, Over many a quaint and curious volume of forgotten lore— While I nodded, nearly napping, suddenly there came a tapping, As of some one gently rapping—rapping at my chamber door. "Tis some visitor," I muttered, "tapping at my chamber door— Only this and nothing more." Ah, distinctly I remember, it was in the bleak December, And each separate dying ember wrought its ghost upon the floor. Eagerly I wished the morrow;—vainly I had sought to borrow From my books surcease of sorrow—sorrow for the lost Lenore— For the rare and radiant maiden whom the angels name Lenore— Nameless here for evermore. And the silken sad uncertain rustling of each purple curtain Thrilled me—filled me with fantastic terrors never felt before; So that now, to still the beating of my heart, I stood repeating "Tis some visitor entreating entrance at my chamber door— Some late visitor entreating entrance at my chamber door;— This it is and nothing more." ‣ EDGAR ALLAN POE: THE RAVENhttp://www.gutenberg.org/cache/epub/14082/pg14082.txt
  • Frequency Analysis (3)A small bit of text can result in differences, but still there are some letters we can deduce.. ‣ “THE RAVEN”, FIRST PARAGRAPH
  • Frequency Analysis (3)A small bit of text can result in differences, but still there are some letters we can deduce.. ‣ “THE RAVEN”, FIRST PARAGRAPH
  • Frequency Analysis (4) We can deduce almost all letters just without even CARING about the crypto algorithm used.‣ “THE RAVEN”, ALL PARAGRAPHS
  • Encryption algorithms‣ WHAT IS A GOOD ENCRYPTION ALGORITHM?
  • Encryption algorithms ‣ Have an “open” algorithm.‣ WHAT IS A GOOD ENCRYPTION ALGORITHM?
  • Encryption algorithms ‣ Have an “open” algorithm. ‣ Have strong mathematical proof.‣ WHAT IS A GOOD ENCRYPTION ALGORITHM?
  • Encryption algorithms ‣ Have an “open” algorithm. ‣ Have strong mathematical proof. ‣ Knowing the algorithm cannot let you encrypt or decrypt without the key.‣ WHAT IS A GOOD ENCRYPTION ALGORITHM?
  • Encryption algorithms (1)‣ SYMMETRICAL ALGORITHMS
  • Encryption algorithms (1)‣ Previous examples were symmetrical encryptions.‣ SYMMETRICAL ALGORITHMS
  • Encryption algorithms (1)‣ Previous examples were symmetrical encryptions.‣ Same key is used for both encryption and decryption.‣ SYMMETRICAL ALGORITHMS
  • Encryption algorithms (1)‣ Previous examples were symmetrical encryptions.‣ Same key is used for both encryption and decryption.‣ Good symmetrical encryptions: AES, Blowfish, (3)DES‣ SYMMETRICAL ALGORITHMS
  • Encryption algorithms (2)‣ THE PROBLEM WITH SYMMETRICAL ALGORITHMS
  • Encryption algorithms (2) ‣ How do we send over the key securely?‣ THE PROBLEM WITH SYMMETRICAL ALGORITHMS
  • Encryption algorithms (2) ‣ How do we send over the key securely? ‣ O hai egg, meet chicken.‣ THE PROBLEM WITH SYMMETRICAL ALGORITHMS
  • Public key encryption Another encryption method: asymmetrical encryption or public key encryption.‣ FINALLY, WE HAVE ARRIVED...
  • Public key encryption (1) ‣ USES 2 KEYS INSTEAD OF ONE: A KEYPAIRhttp://upload.wikimedia.org/wikipedia/commons/f/f9/Public_key_encryption.svg
  • Public key encryption (2) It is NOT possible to decrypt the message with same key that is used to encrypt We can encrypt with either key.
  • Public key encryption (3)‣ MULTIPLE APPLICATIONS FOR PUBLIC KEY ENCRYPTION
  • Public key encryption (3) ‣ Can be used for encrypting data.‣ MULTIPLE APPLICATIONS FOR PUBLIC KEY ENCRYPTION
  • Public key encryption (3) ‣ Can be used for encrypting data. ‣ Can be used for data validation and authentication (signing).‣ MULTIPLE APPLICATIONS FOR PUBLIC KEY ENCRYPTION
  • Symmetrical vs Asymmetrical (1) Symmetrical Asymmetrical ✓ quick. ✓ no need to send over the ✓ not resource intensive. (whole) key. ✓useful for small and large ✓ can be used for encryption messages. and validation (signing). ✗ need to send over the key ✗ very resource intensive. to the other side. ✗ only useful for small messages.
  • Symmetrical vs Asymmetrical (2) Use symmetrical encryption for the (large) message and encrypt the key used with an asymmetrical encryption method.
  • Symmetrical vs Asymmetrical (3)Hybrid✓ quick✓ not resource intensive✓ useful for small and large messages✓ safely exchange key data
  • Symmetrical vs Asymmetrical (3)Hybrid✓ quick✓ not resource intensive✓ useful for small and large messages✓ safely exchange key data +
  • Symmetrical vs Asymmetrical (3) Hybrid ✓ quick ✓ not resource intensive ✓ useful for small and large messages ✓ safely exchange key data + =http://www.zastavki.com/pictures/1152x864/2008/Animals_Cats_Small_cat_005241_.jpg
  • How does it work? We will focus on the popular RSA, but there are other algorithms as well: DH, DSS(DSA) etc...
  • How does it work? (1) Public key encryption works on the premise that it is practically impossible to refactor a large number back into 2 separate prime numbers.
  • How does it work? (1) Public key encryption works on the premise that it is practically impossible to refactor a large number back into 2 separate prime numbers. Prime number is only divisible by 1 and itself: 2, 3, 5, 7, 11, 13, 17, 19 etc...
  • How does it work? (2)
  • How does it work? (2) ‣ There is no proof that it’s impossible to refactor quickly (all tough it doesn’t look plausible)
  • How does it work? (2) ‣ There is no proof that it’s impossible to refactor quickly (all tough it doesn’t look plausible) ‣ Brute-force decrypting is always lurking around (quicker machines, better algorithms).
  • How does it work? (2) ‣ There is no proof that it’s impossible to refactor quickly (all tough it doesn’t look plausible) ‣ Brute-force decrypting is always lurking around (quicker machines, better algorithms). ‣ Good enough today != good enough tomorrow.
  • How does it work? (3)
  • How does it work? (3) “large” number: 221
  • How does it work? (3) “large” number: 221 but we cannot “calculate” its prime factors without brute force (it’s 13 and 17 btw)
  • Math example‣ LET’S DO SOME MATH
  • Math example This is mathness!
  • Math example No, this is RSAAAAAAAA
  • Math example
  • Math example ‣ p = (large) prime number ‣ q = (large) prime number (but not too close to p) ‣ n = p . q (= bit length of the rsa-key) ‣ φ = (p-1) . (q-1) (the φ thingie is called phi) ‣ e = gcd(e, φ) = 1 ‣ d = e^-1 mod φ ‣ public key = tuple (n, e) ‣ private key = tuple (n, d)
  • Math example
  • Math exampleStep 1: select primes P and Q ‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ?
  • Math exampleStep 1: select primes P and Q ‣ P = 11 ‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ?
  • Math exampleStep 1: select primes P and Q ‣ P = 11 ‣ Q=3 ‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ?
  • Math exampleStep 2: calculate N and Phi ‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ?
  • Math exampleStep 2: calculate N and Phi ‣ N = P . Q = 11.3 = 33 ‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ?
  • Math exampleStep 2: calculate N and Phi ‣ N = P . Q = 11.3 = 33 ‣ Phi = (11-1) . (3-1) = 10.2 = 20 ‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ?
  • Math exampleStep 3: find e ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ?
  • Math exampleStep 3: find e ‣ e = 3 (Fermat prime: 3, 17, 65537) ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ?
  • Math exampleStep 3: find e ‣ e = 3 (Fermat prime: 3, 17, 65537) ‣ gcd(3, 20) = 1 ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ?
  • Math exampleStep 4: find d ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ?
  • Math exampleStep 4: find d ‣ Extended Euclidean Algorithm gives 7 ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ?
  • Math exampleStep 4: find d ‣ Extended Euclidean Algorithm gives 7 ‣ brute force: (e.d mod n = 1) ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ?
  • Math exampleStep 4: find d ‣ Extended Euclidean Algorithm gives 7 ‣ brute force: (e.d mod n = 1) 3 . 1 = 3 mod 20 = 3 3 . 6 = 18 mod 20 = 18 3 . 2 = 6 mod 20 = 6 3 . 7 = 21 mod 20 = 1 3 . 3 = 9 mod 20 = 9 3 . 8 = 24 mod 20 = 4 3 . 4 = 12 mod 20 = 12 3 . 9 = 27 mod 20 = 7 3 . 5 = 15 mod 20 = 15 ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ?
  • Math example‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7
  • Math example That’s it:‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7
  • Math example That’s it: ‣ public key = (n, e) = (33, 3)‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7
  • Math example That’s it: ‣ public key = (n, e) = (33, 3) ‣ private key = (n, d) = (33, 7)‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7
  • Math example The actual math is much more complex since we use very large numbers, but it all comes down to these (relatively simple) calculations..
  • Encrypting & decrypting Encrypting a message: c = me mod n Decrypting a message: m = cd mod n
  • Encrypting & decrypting (1) Encrypting a message: private key = (n,d) = (33, 7): m = 13, 20, 15, 5 13^7 mod 33 = 7 20^7 mod 33 = 26 15^7 mod 33 = 27 5^7 mod 33 = 14 c = 7, 26, 27,14
  • Encrypting & decrypting (2) Decrypting a message: public key = (n,e) = (33, 3): c = 7, 26, 27, 14 7^3 mod 33 = 13 26^3 mod 33 = 20 27^3 mod 33 = 15 14^3 mod 33 =5 m = 13, 20, 15, 5
  • Encrypting & decrypting (3)
  • Encrypting & decrypting (3) ‣ A message is an “integer”, not a block of data.
  • Encrypting & decrypting (3) ‣ A message is an “integer”, not a block of data. ‣ A message must be between 2 and n-1.
  • Encrypting & decrypting (3) ‣ A message is an “integer”, not a block of data. ‣ A message must be between 2 and n-1. ‣ Deterministic, so we must use a padding scheme to make it non-deterministic.
  • Encrypting & decrypting (4) ‣ Public Key Cryptography Standard #1 ‣ Pads data with (random) bytes up to n bits in length (v1.5 or OAEP/v2.x). ‣ Got it flaws and weaknesses too. Always use the latest available version (v2.1)‣ http://www.rsa.com/rsalabs/node.asp?id=2125
  • Encrypting & decrypting (5) Data = 4E636AF98E40F3ADCFCCB698F4E80B9F The encoded message block, EMB, after encoding but before encryption, with random padding bytes shown in green: 0002257F48FD1F1793B7E5E02306F2D3228F5C95ADF5F31566729F132AA12009 E3FC9B2B475CD6944EF191E3F59545E671E474B555799FE3756099F044964038 B16B2148E9A2F9C6F44BB5C52E3C6C8061CF694145FAFDB24402AD1819EACEDF 4A36C6E4D2CD8FC1D62E5A1268F496004E636AF98E40F3ADCFCCB698F4E80B9F After RSA encryption, the output is: 3D2AB25B1EB667A40F504CC4D778EC399A899C8790EDECEF062CD739492C9CE5 8B92B9ECF32AF4AAC7A61EAEC346449891F49A722378E008EFF0B0A8DBC6E621 EDC90CEC64CF34C640F5B36C48EE9322808AF8F4A0212B28715C76F3CB99AC7E 609787ADCE055839829E0142C44B676D218111FFE69F9D41424E177CBA3A435B ‣ PKCS#1 (v1.5) IN ACTIONhttp://www.di-mgt.com.au/rsa_alg.html#pkcs1schemes
  • Implementations of public keys in real lifehttp://farm4.static.flickr.com/3538/3420164047_09ccc14e29.jpg
  • Web communication public key encryption in Web communications (aka: I never use my credit card for internet purchases. It’s not safe. Instead, I gave it to the waiter who walked away with it into the kitchen for 5 minutes..)
  • Web communication (1) Welcome to 1991: HTTP is plaintext. Everybody can be trusted. This page is under construction, here’s a photo of my cat and a link to geocities.‣ BACK IN TIME
  • Web communication (2)‣ BUT NOW...
  • Web communication (2) ‣ Free WiFi everywhere‣ BUT NOW...
  • Web communication (2) ‣ Free WiFi everywhere ‣ Traffic snooping‣ BUT NOW...
  • Web communication (2) ‣ Free WiFi everywhere ‣ Traffic snooping ‣ Authorization: Basic? (yes,VERY basic)‣ BUT NOW...
  • Web communication (3)‣ USING HTTPS
  • Web communication (3)‣ HTTP encapsulated by TLS (previously SSL).‣ USING HTTPS
  • Web communication (3)‣ HTTP encapsulated by TLS (previously SSL).‣ More or less: an encryption layer on top of http.‣ USING HTTPS
  • Web communication (3)‣ HTTP encapsulated by TLS (previously SSL).‣ More or less: an encryption layer on top of http.‣ Hybrid encryption.‣ USING HTTPS
  • Web communication (4)
  • Web communication (4) ‣ Actual encryption methodology is decided by the browser and the server (highest possible encryption used).
  • Web communication (4) ‣ Actual encryption methodology is decided by the browser and the server (highest possible encryption used). ‣ Symmetric encryption (AES-256, others)
  • Web communication (4) ‣ Actual encryption methodology is decided by the browser and the server (highest possible encryption used). ‣ Symmetric encryption (AES-256, others) ‣ But both sides needs the same key, so we have the same problem as before: how do we send over the key?
  • Web communication (5)
  • Web communication (5)‣ Key is exchanged in a public/private encrypted communication.
  • Web communication (5)‣ Key is exchanged in a public/private encrypted communication.‣ Which public and private key?
  • Web communication (5)‣ Key is exchanged in a public/private encrypted communication.‣ Which public and private key?‣ They are stored inside the server’s SSL certificate
  • Web communication (6)‣ “GLOBAL” HTTPS HANDSHAKE
  • Web communication (6) ‣ Browser sends over its encryption methods.‣ “GLOBAL” HTTPS HANDSHAKE
  • Web communication (6) ‣ Browser sends over its encryption methods. ‣ Server decides which one to use.‣ “GLOBAL” HTTPS HANDSHAKE
  • Web communication (6) ‣ Browser sends over its encryption methods. ‣ Server decides which one to use. ‣ Server send certificate(s).‣ “GLOBAL” HTTPS HANDSHAKE
  • Web communication (6) ‣ Browser sends over its encryption methods. ‣ Server decides which one to use. ‣ Server send certificate(s). ‣ Client sends “session key” encrypted by the public key found in the server certificate.‣ “GLOBAL” HTTPS HANDSHAKE
  • Web communication (6) ‣ Browser sends over its encryption methods. ‣ Server decides which one to use. ‣ Server send certificate(s). ‣ Client sends “session key” encrypted by the public key found in the server certificate. ‣ Server and client uses the “session key” for symmetrical encryption.‣ “GLOBAL” HTTPS HANDSHAKE
  • Web communication (7)
  • Web communication (7)‣ Thus: Public/private encryption is only used in establishing a secondary (better!?) encryption.
  • Web communication (7)‣ Thus: Public/private encryption is only used in establishing a secondary (better!?) encryption.‣ SSL/TLS is a separate talk (it’s way more complex as this)
  • Email communication public key encryption in Email communication(aka: the worst communication method invented when it comes to privacy or secrecy, except for yelling)
  • Email communication (2)http://change-your-ip.com/wp-content/uploads/image/nigerian_419_scam.jpghttp://torontoemerg.files.wordpress.com/2010/09/spam.gif
  • Email communication (3)‣ DID YOU EVER SEND/RECEIVE EMAILS LIKE THIS?
  • Email communication (4)
  • Email communication (4) ‣ Did Bill really send this email?
  • Email communication (4) ‣ Did Bill really send this email? ‣ Do we know for sure that nobody has read this email (before it came to us?)
  • Email communication (4) ‣ Did Bill really send this email? ‣ Do we know for sure that nobody has read this email (before it came to us?) ‣ Do we know for sure that the contents of the message isn’t tampered with?
  • Email communication (4) ‣ Did Bill really send this email? ‣ Do we know for sure that nobody has read this email (before it came to us?) ‣ Do we know for sure that the contents of the message isn’t tampered with? ‣ We use signing!
  • Signing (1)
  • Signing (1) ‣ Signing a message means adding a signature that authenticates the validity of a message.
  • Signing (1) ‣ Signing a message means adding a signature that authenticates the validity of a message. ‣ Like md5 or sha1, so when the message changes, so will the signature.
  • Signing (1) ‣ Signing a message means adding a signature that authenticates the validity of a message. ‣ Like md5 or sha1, so when the message changes, so will the signature. ‣ This works on the premise that Alice and only Alice has the private key that can create the signature.
  • Signing (2)http://en.wikipedia.org/wiki/File:Digital_Signature_diagram.svg
  • Signing (3)
  • Signing (3) ‣ GPG / PGP: Application for signing and/or encrypting data (or emails).
  • Signing (3) ‣ GPG / PGP: Application for signing and/or encrypting data (or emails). ‣ Try it yourself with Thunderbird’s Enigmail extension.
  • Signing (3) ‣ GPG / PGP: Application for signing and/or encrypting data (or emails). ‣ Try it yourself with Thunderbird’s Enigmail extension. ‣ Public keys can be send / found on PGP- servers so you don’t need to send your keys to everybody all the time.
  • Signing (4)
  • Signing (5)
  • Signing (5)
  • Signing (5)
  • Email communication (10)‣ ADVANTAGES OF SIGNING YOUR MAIL
  • Email communication (10) ‣ Everybody can send emails that ONLY YOU can read.‣ ADVANTAGES OF SIGNING YOUR MAIL
  • Email communication (10) ‣ Everybody can send emails that ONLY YOU can read. ‣ Everybody can verify that YOU have send the email and that it is authentic.‣ ADVANTAGES OF SIGNING YOUR MAIL
  • Email communication (10) ‣ Everybody can send emails that ONLY YOU can read. ‣ Everybody can verify that YOU have send the email and that it is authentic. ‣ Why is this not the standard?‣ ADVANTAGES OF SIGNING YOUR MAIL
  • Email communication (10) ‣ Everybody can send emails that ONLY YOU can read. ‣ Everybody can verify that YOU have send the email and that it is authentic. ‣ Why is this not the standard? ‣ No really, why isn’t it the standard?‣ ADVANTAGES OF SIGNING YOUR MAIL
  • Email communication (7)
  • Email communication (8)
  • Email communication (9) Stupidity trumps everything: Don’t loose your private key(s) (as I did on multiple occasions)http://farm4.static.flickr.com/3231/2783827537_b4d2a5cc9a.jpg
  • Other applications PGP / GPG (encrypt / decrypt sensitive data) OpenSSH (Secure connection to other systems) IPSEC (VPN tunnels) Software signing‣ PUBLIC KEY ENCRYPTION IN OTHER FIELDS
  • Any questions?http://farm1.static.flickr.com/73/163450213_18478d3aa6_d.jpg
  • Please rate my talk on joind.in: http://joind.in/3305‣ THANK YOU FOR YOUR ATTENTION