Your SlideShare is downloading. ×
0
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Alice & bob  public key cryptography 101 - uncon dpc
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Alice & bob public key cryptography 101 - uncon dpc

5,556

Published on

Published in: Technology, Education
1 Comment
4 Likes
Statistics
Notes
No Downloads
Views
Total Views
5,556
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
256
Comments
1
Likes
4
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  1. Alice & Bob Public key cryptography 101 DPC Uncon - May 2011 Amsterdam - Netherlands ‣ http://joind.in/3466Friday, May 20, 2011
  2. Who am I? Joshua Thijssen (32) Senior Software Engineer @ Enrise Development in PHP, Python, Perl, C, Java.... Blogs: http://www.adayinthelifeof.nl http://www.enrise.com/blog Email: joshua@enrise.com Twitter: @jaytaphFriday, May 20, 2011
  3. What are we discussing? ‣ An introduction into public key encryption ‣ But first of all... ‣ Who are Alice and Bob???Friday, May 20, 2011
  4. Terminology (1)Friday, May 20, 2011
  5. Terminology (1) Meet Alice, and Bob.Friday, May 20, 2011
  6. Terminology (2) Fictional characters who are representing either side of the (communication) line. Person A(lice) is sending a message to person B(ob).Friday, May 20, 2011
  7. Terminology (3) http://labs.google.com/sets?hl=en&q1=plaintext&q2=ciphertext&q3=cipher&q4=deterministic&q5=rsa&btn=Large+Set http://www.wordle.net/createFriday, May 20, 2011
  8. Encryption history Before we look at good encryptions, let’s take a look at some bad ones...http://www.flickr.com/photos/wwworks/4612188594/sizes/m/in/photostream/Friday, May 20, 2011
  9. Encryption history (1) “algorithm”: A = 1, B = 2, C = 3, ...., Z = 26 ‣ SUBSTITUTION SCHEMEFriday, May 20, 2011
  10. Encryption history (1) “algorithm”: A = 1, B = 2, C = 3, ...., Z = 26 Encrypted message: 12,1,13,5 ‣ SUBSTITUTION SCHEMEFriday, May 20, 2011
  11. Encryption history (1) “algorithm”: A = 1, B = 2, C = 3, ...., Z = 26 Encrypted message: 12,1,13,5 = L,A,M,E ‣ SUBSTITUTION SCHEMEFriday, May 20, 2011
  12. Encryption history (2) “algorithm”: A = (A + key) mod 26, B = (B + key) mod 26 .... Z = (Z + key) mod 26 or: m = m + k mod 26 ‣ CAESAREAN CIPHERFriday, May 20, 2011
  13. Encryption history (2) “algorithm”: A = (A + key) mod 26, B = (B + key) mod 26 .... Z = (Z + key) mod 26 or: Message: L A M E m = m + k mod 26 ‣ CAESAREAN CIPHERFriday, May 20, 2011
  14. Encryption history (2) “algorithm”: A = (A + key) mod 26, B = (B + key) mod 26 .... Z = (Z + key) mod 26 or: Message: L A M E m = m + k mod 26 Ciphertext (key=1): M B N F ‣ CAESAREAN CIPHERFriday, May 20, 2011
  15. Encryption history (2) “algorithm”: A = (A + key) mod 26, B = (B + key) mod 26 .... Z = (Z + key) mod 26 or: Message: L A M E m = m + k mod 26 Ciphertext (key=1): M B N F Ciphertext (key=-1): K Z L D ‣ CAESAREAN CIPHERFriday, May 20, 2011
  16. Encryption history (2) “algorithm”: A = (A + key) mod 26, B = (B + key) mod 26 .... Z = (Z + key) mod 26 or: Message: L A M E m = m + k mod 26 Ciphertext (key=1): M B N F Ciphertext (key=-1): K Z L D Ciphertext (key=26): L A M E ‣ CAESAREAN CIPHERFriday, May 20, 2011
  17. Encryption history (2) “algorithm”: A = (A + key) mod 26, B = (B + key) mod 26 .... Z = (Z + key) mod 26 or: Message: L A M E m = m + k mod 26 Ciphertext (key=1): M B N F Ciphertext (key=-1): K Z L D Ciphertext (key=26): L A M E Ciphertext (key=0): L A M E ‣ CAESAREAN CIPHERFriday, May 20, 2011
  18. Encryption history (2) “algorithm”: A = (A + key) mod 26, B = (B + key) mod 26 .... Z = (Z + key) mod 26 or: Message: L A M E m = m + k mod 26 Ciphertext (key=1): M B N F Ciphertext (key=-1): K Z L D Ciphertext (key=26): L A M E Ciphertext (key=0): L A M E Ciphertext (key=13):Y N Z R (ROT13) ‣ CAESAREAN CIPHERFriday, May 20, 2011
  19. Encryption history (3) ‣ FLAWS IN THESE CIPHERSFriday, May 20, 2011
  20. Encryption history (3) ‣ Key is too easy to guess. ‣ FLAWS IN THESE CIPHERSFriday, May 20, 2011
  21. Encryption history (3) ‣ Key is too easy to guess. ‣ Key has to be send to Bob. ‣ FLAWS IN THESE CIPHERSFriday, May 20, 2011
  22. Encryption history (3) ‣ Key is too easy to guess. ‣ Key has to be send to Bob. ‣ Deterministic. ‣ FLAWS IN THESE CIPHERSFriday, May 20, 2011
  23. Encryption history (3) ‣ Key is too easy to guess. ‣ Key has to be send to Bob. ‣ Deterministic. ‣ Prone to frequency analysis. ‣ FLAWS IN THESE CIPHERSFriday, May 20, 2011
  24. Frequency Analysis (1)Friday, May 20, 2011
  25. Frequency Analysis (1) ‣ The usage of every letter in the English (or any other language) can be represented by a percentage.Friday, May 20, 2011
  26. Frequency Analysis (1) ‣ The usage of every letter in the English (or any other language) can be represented by a percentage. ‣ ‘E’ is used 12.7% of the times in english texts, the ‘Z’ only 0.074%.Friday, May 20, 2011
  27. Frequency Analysis (2) Once upon a midnight dreary, while I pondered, weak and weary, Over many a quaint and curious volume of forgotten lore— While I nodded, nearly napping, suddenly there came a tapping, As of some one gently rapping—rapping at my chamber door. "Tis some visitor," I muttered, "tapping at my chamber door— Only this and nothing more." Ah, distinctly I remember, it was in the bleak December, And each separate dying ember wrought its ghost upon the floor. Eagerly I wished the morrow;—vainly I had sought to borrow From my books surcease of sorrow—sorrow for the lost Lenore— For the rare and radiant maiden whom the angels name Lenore— Nameless here for evermore. And the silken sad uncertain rustling of each purple curtain Thrilled me—filled me with fantastic terrors never felt before; So that now, to still the beating of my heart, I stood repeating "Tis some visitor entreating entrance at my chamber door— Some late visitor entreating entrance at my chamber door;— This it is and nothing more." ‣ EDGAR ALLAN POE: THE RAVENhttp://www.gutenberg.org/cache/epub/14082/pg14082.txtFriday, May 20, 2011
  28. Frequency Analysis (3) A small bit of text can result in differences, but still there are some letters we can deduce.. ‣ “THE RAVEN”, FIRST PARAGRAPHFriday, May 20, 2011
  29. Frequency Analysis (3) A small bit of text can result in differences, but still there are some letters we can deduce.. ‣ “THE RAVEN”, FIRST PARAGRAPHFriday, May 20, 2011
  30. Frequency Analysis (4) We can deduce almost all letters just without even CARING about the crypto algorithm used. ‣ “THE RAVEN”, ALL PARAGRAPHSFriday, May 20, 2011
  31. Encryption algorithms (1) ‣ SYMMETRICAL ALGORITHMSFriday, May 20, 2011
  32. Encryption algorithms (1) ‣ Previous examples were symmetrical encryptions. ‣ SYMMETRICAL ALGORITHMSFriday, May 20, 2011
  33. Encryption algorithms (1) ‣ Previous examples were symmetrical encryptions. ‣ Same key is used for both encryption and decryption. ‣ SYMMETRICAL ALGORITHMSFriday, May 20, 2011
  34. Encryption algorithms (1) ‣ Previous examples were symmetrical encryptions. ‣ Same key is used for both encryption and decryption. ‣ Good symmetrical encryptions: AES, Blowfish, (3)DES ‣ SYMMETRICAL ALGORITHMSFriday, May 20, 2011
  35. Encryption algorithms (2) ‣ THE PROBLEM WITH SYMMETRICAL ALGORITHMSFriday, May 20, 2011
  36. Encryption algorithms (2) ‣ How do we send over the key securely? ‣ THE PROBLEM WITH SYMMETRICAL ALGORITHMSFriday, May 20, 2011
  37. Encryption algorithms (2) ‣ How do we send over the key securely? ‣ O hai egg, meet chicken. ‣ THE PROBLEM WITH SYMMETRICAL ALGORITHMSFriday, May 20, 2011
  38. Public key encryption Another encryption method: asymmetrical encryption or public key encryption. ‣ FINALLY, WE HAVE ARRIVED...Friday, May 20, 2011
  39. Public key encryption (1) Two keys instead of one: public key - available for everybody. Can be published on your blog. private key - For your eyes only!Friday, May 20, 2011
  40. Public key encryption (2) ‣ USES 2 KEYS INSTEAD OF ONE: A KEYPAIRhttp://upload.wikimedia.org/wikipedia/commons/f/f9/Public_key_encryption.svgFriday, May 20, 2011
  41. Public key encryption (3) It is NOT possible to decrypt the message with same key that is used to encrypt. but We can encrypt with either key.Friday, May 20, 2011
  42. Public key encryption (4) ‣ MULTIPLE APPLICATIONS FOR PUBLIC KEY ENCRYPTIONFriday, May 20, 2011
  43. Public key encryption (4) ‣ Can be used for encrypting data. ‣ MULTIPLE APPLICATIONS FOR PUBLIC KEY ENCRYPTIONFriday, May 20, 2011
  44. Public key encryption (4) ‣ Can be used for encrypting data. ‣ Can be used for data validation and authentication (signing). ‣ MULTIPLE APPLICATIONS FOR PUBLIC KEY ENCRYPTIONFriday, May 20, 2011
  45. Symmetrical vs Asymmetrical (1) Symmetrical Asymmetrical ✓ quick. ✓ no need to send over the ✓ not resource intensive. (whole) key. ✓useful for small and large ✓ can be used for encryption messages. and validation (signing). ✗ need to send over the key ✗ very resource intensive. to the other side. ✗ only useful for small messages.Friday, May 20, 2011
  46. Symmetrical vs Asymmetrical (2) Use symmetrical encryption for the (large) message and encrypt the key used with an asymmetrical encryption method.Friday, May 20, 2011
  47. Symmetrical vs Asymmetrical (3) Hybrid ✓ quick ✓ not resource intensive ✓ useful for small and large messages ✓ safely exchange key dataFriday, May 20, 2011
  48. Symmetrical vs Asymmetrical (3) Hybrid ✓ quick ✓ not resource intensive ✓ useful for small and large messages ✓ safely exchange key data +Friday, May 20, 2011
  49. Symmetrical vs Asymmetrical (3) Hybrid ✓ quick ✓ not resource intensive ✓ useful for small and large messages ✓ safely exchange key data + = http://www.zastavki.com/pictures/1152x864/2008/Animals_Cats_Small_cat_005241_.jpgFriday, May 20, 2011
  50. How does it work? We will focus on the popular RSA, but there are other algorithms as well: DH, DSS(DSA) etc...Friday, May 20, 2011
  51. How does it work? (1) Public key encryption works on the premise that it is practically impossible to refactor a large number back into 2 separate prime numbers.Friday, May 20, 2011
  52. How does it work? (1) Public key encryption works on the premise that it is practically impossible to refactor a large number back into 2 separate prime numbers. Prime number is only divisible by 1 and itself: 2, 3, 5, 7, 11, 13, 17, 19 etc...Friday, May 20, 2011
  53. How does it work? (2)Friday, May 20, 2011
  54. How does it work? (2) ‣ There is no proof that it’s impossible to refactor quickly (all tough it doesn’t look plausible)Friday, May 20, 2011
  55. How does it work? (2) ‣ There is no proof that it’s impossible to refactor quickly (all tough it doesn’t look plausible) ‣ Brute-force decrypting is always lurking around (quicker machines, better algorithms).Friday, May 20, 2011
  56. How does it work? (2) ‣ There is no proof that it’s impossible to refactor quickly (all tough it doesn’t look plausible) ‣ Brute-force decrypting is always lurking around (quicker machines, better algorithms). ‣ Good enough today != good enough tomorrow.Friday, May 20, 2011
  57. How does it work? (3) (it’s 13 and 17 btw)Friday, May 20, 2011
  58. How does it work? (3) “large” number: 221 (it’s 13 and 17 btw)Friday, May 20, 2011
  59. How does it work? (3) “large” number: 221 but we cannot calculate its prime factors without brute force. There is no “formula” (like e=mc 2) (it’s 13 and 17 btw)Friday, May 20, 2011
  60. Math example ‣ LET’S DO SOME MATHFriday, May 20, 2011
  61. Math example This is mathness!Friday, May 20, 2011
  62. Math example No, this is RSAAAAAAAAFriday, May 20, 2011
  63. Math exampleFriday, May 20, 2011
  64. Math example ‣ p = (large) prime number ‣ q = (large) prime number (but not too close to p) ‣ n = p . q (= bit length of the rsa-key) ‣ φ = (p-1) . (q-1) (the φ thingie is called phi) ‣ e = gcd(e, φ) = 1 ‣ d = e^-1 mod φ ‣ public key = tuple (n, e) ‣ private key = tuple (n, d)Friday, May 20, 2011
  65. Math exampleFriday, May 20, 2011
  66. Math example Step 1: select primes P and Q ‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ?Friday, May 20, 2011
  67. Math example Step 1: select primes P and Q ‣ P = 11 ‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ?Friday, May 20, 2011
  68. Math example Step 1: select primes P and Q ‣ P = 11 ‣ Q=3 ‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ?Friday, May 20, 2011
  69. Math example Step 2: calculate N and Phi ‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ?Friday, May 20, 2011
  70. Math example Step 2: calculate N and Phi ‣ N = P . Q = 11 . 3 = 33 ‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ?Friday, May 20, 2011
  71. Math example Step 2: calculate N and Phi ‣ N = P . Q = 11 . 3 = 33 ‣ Phi = (11-1) . (3-1) = 10 . 2 = 20 ‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ?Friday, May 20, 2011
  72. Math example Step 3: find e ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ?Friday, May 20, 2011
  73. Math example Step 3: find e ‣ e = 3 (Fermat prime: 3, 17, 65537) ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ?Friday, May 20, 2011
  74. Math example Step 3: find e ‣ e = 3 (Fermat prime: 3, 17, 65537) ‣ gcd(e, phi) = 1 ==> gcd(3, 20) = 1 ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ?Friday, May 20, 2011
  75. Math example Step 4: find d ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ?Friday, May 20, 2011
  76. Math example Step 4: find d ‣ Extended Euclidean Algorithm gives 7 ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ?Friday, May 20, 2011
  77. Math example Step 4: find d ‣ Extended Euclidean Algorithm gives 7 ‣ brute force: (e.d mod n = 1) ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ?Friday, May 20, 2011
  78. Math example Step 4: find d ‣ Extended Euclidean Algorithm gives 7 ‣ brute force: (e.d mod n = 1) 3 . 1 = 3 mod 20 = 3 3 . 6 = 18 mod 20 = 18 3 . 2 = 6 mod 20 = 6 3 . 7 = 21 mod 20 = 1 3 . 3 = 9 mod 20 = 9 3 . 8 = 24 mod 20 = 4 3 . 4 = 12 mod 20 = 12 3 . 9 = 27 mod 20 = 7 3 . 5 = 15 mod 20 = 15 ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ?Friday, May 20, 2011
  79. Math example ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7Friday, May 20, 2011
  80. Math example That’s it: ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7Friday, May 20, 2011
  81. Math example That’s it: ‣ public key = (n, e) = (33, 3) ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7Friday, May 20, 2011
  82. Math example That’s it: ‣ public key = (n, e) = (33, 3) ‣ private key = (n, d) = (33, 7) ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7Friday, May 20, 2011
  83. Math example The actual math is much more complex since we use very large numbers, but it all comes down to these (relatively simple) calculations..Friday, May 20, 2011
  84. Encrypting & decrypting Encrypting a message: c = me mod n Decrypting a message: m = cd mod nFriday, May 20, 2011
  85. Encrypting & decrypting (1) Encrypting a message: private key = (n,d) = (33, 7): m = 13, 20, 15, 5 13^7 mod 33 = 7 20^7 mod 33 = 26 15^7 mod 33 = 27 5^7 mod 33 = 14 c = 7, 26, 27,14Friday, May 20, 2011
  86. Encrypting & decrypting (2) Decrypting a message: public key = (n,e) = (33, 3): c = 7, 26, 27, 14 7^3 mod 33 = 13 26^3 mod 33 = 20 27^3 mod 33 = 15 14^3 mod 33 =5 m = 13, 20, 15, 5Friday, May 20, 2011
  87. Encrypting & decrypting (3)Friday, May 20, 2011
  88. Encrypting & decrypting (3) ‣ A message is an “integer”, not a block of data.Friday, May 20, 2011
  89. Encrypting & decrypting (3) ‣ A message is an “integer”, not a block of data. ‣ A message must be between 2 and n-1.Friday, May 20, 2011
  90. Encrypting & decrypting (3) ‣ A message is an “integer”, not a block of data. ‣ A message must be between 2 and n-1. ‣ Deterministic, so we must use a padding scheme to make it non-deterministic.Friday, May 20, 2011
  91. Encrypting & decrypting (4) ‣ Public Key Cryptography Standard #1 ‣ Pads data with (random) bytes up to n bits in length (v1.5 or OAEP/v2.x). ‣ Got it flaws and weaknesses too. Always use the latest available version (v2.1) ‣ http://www.rsa.com/rsalabs/node.asp?id=2125Friday, May 20, 2011
  92. Encrypting & decrypting (5) Data = 4E636AF98E40F3ADCFCCB698F4E80B9F The encoded message block, EMB, after encoding but before encryption, with random padding bytes shown in green: 0002257F48FD1F1793B7E5E02306F2D3228F5C95ADF5F31566729F132AA12009 E3FC9B2B475CD6944EF191E3F59545E671E474B555799FE3756099F044964038 B16B2148E9A2F9C6F44BB5C52E3C6C8061CF694145FAFDB24402AD1819EACEDF 4A36C6E4D2CD8FC1D62E5A1268F496004E636AF98E40F3ADCFCCB698F4E80B9F After RSA encryption, the output is: 3D2AB25B1EB667A40F504CC4D778EC399A899C8790EDECEF062CD739492C9CE5 8B92B9ECF32AF4AAC7A61EAEC346449891F49A722378E008EFF0B0A8DBC6E621 EDC90CEC64CF34C640F5B36C48EE9322808AF8F4A0212B28715C76F3CB99AC7E 609787ADCE055839829E0142C44B676D218111FFE69F9D41424E177CBA3A435B ‣ PKCS#1 (v1.5) IN ACTION http://www.di-mgt.com.au/rsa_alg.html#pkcs1schemesFriday, May 20, 2011
  93. Implementations of public keys in real life http://farm4.static.flickr.com/3538/3420164047_09ccc14e29.jpgFriday, May 20, 2011
  94. Web communication public key encryption in Web communications (aka: I never use my credit card for internet purchases. It’s not safe. Instead, I gave it to the waiter who walked away with it into the kitchen for 5 minutes..)Friday, May 20, 2011
  95. Web communication (1) Welcome to 1991: HTTP is plaintext. Everybody can be trusted. This page is under construction, here’s a photo of my cat and a link to geocities. ‣ BACK IN TIMEFriday, May 20, 2011
  96. Web communication (2) ‣ BUT NOW...Friday, May 20, 2011
  97. Web communication (2) ‣ Free WiFi everywhere ‣ BUT NOW...Friday, May 20, 2011
  98. Web communication (2) ‣ Free WiFi everywhere ‣ Traffic snooping ‣ BUT NOW...Friday, May 20, 2011
  99. Web communication (2) ‣ Free WiFi everywhere ‣ Traffic snooping ‣ Authorization: Basic? (yes,VERY basic) ‣ BUT NOW...Friday, May 20, 2011
  100. Web communication (3) ‣ USING HTTPSFriday, May 20, 2011
  101. Web communication (3) ‣ HTTP encapsulated by TLS (previously SSL). ‣ USING HTTPSFriday, May 20, 2011
  102. Web communication (3) ‣ HTTP encapsulated by TLS (previously SSL). ‣ More or less: an encryption layer on top of http. ‣ USING HTTPSFriday, May 20, 2011
  103. Web communication (3) ‣ HTTP encapsulated by TLS (previously SSL). ‣ More or less: an encryption layer on top of http. ‣ Hybrid encryption. ‣ USING HTTPSFriday, May 20, 2011
  104. Web communication (4)Friday, May 20, 2011
  105. Web communication (4) ‣ Actual encryption methodology is decided by the browser and the server (highest possible encryption used).Friday, May 20, 2011
  106. Web communication (4) ‣ Actual encryption methodology is decided by the browser and the server (highest possible encryption used). ‣ Symmetric encryption (AES-256, others)Friday, May 20, 2011
  107. Web communication (4) ‣ Actual encryption methodology is decided by the browser and the server (highest possible encryption used). ‣ Symmetric encryption (AES-256, others) ‣ But both sides needs the same key, so we have the same problem as before: how do we send over the key?Friday, May 20, 2011
  108. Web communication (5)Friday, May 20, 2011
  109. Web communication (5) ‣ Key is exchanged in a public/private encrypted communication.Friday, May 20, 2011
  110. Web communication (5) ‣ Key is exchanged in a public/private encrypted communication. ‣ Which public key?Friday, May 20, 2011
  111. Web communication (5) ‣ Key is exchanged in a public/private encrypted communication. ‣ Which public key? ‣ It is stored inside the server’s SSL certificateFriday, May 20, 2011
  112. Web communication (6) ‣ “GLOBAL” HTTPS HANDSHAKEFriday, May 20, 2011
  113. Web communication (6) ‣ Browser sends over its encryption methods. ‣ “GLOBAL” HTTPS HANDSHAKEFriday, May 20, 2011
  114. Web communication (6) ‣ Browser sends over its encryption methods. ‣ Server decides which one to use. ‣ “GLOBAL” HTTPS HANDSHAKEFriday, May 20, 2011
  115. Web communication (6) ‣ Browser sends over its encryption methods. ‣ Server decides which one to use. ‣ Server send certificate(s). ‣ “GLOBAL” HTTPS HANDSHAKEFriday, May 20, 2011
  116. Web communication (6) ‣ Browser sends over its encryption methods. ‣ Server decides which one to use. ‣ Server send certificate(s). ‣ Client sends “session key” encrypted by the public key found in the server certificate. ‣ “GLOBAL” HTTPS HANDSHAKEFriday, May 20, 2011
  117. Web communication (6) ‣ Browser sends over its encryption methods. ‣ Server decides which one to use. ‣ Server send certificate(s). ‣ Client sends “session key” encrypted by the public key found in the server certificate. ‣ Server and client uses the “session key” for symmetrical encryption. ‣ “GLOBAL” HTTPS HANDSHAKEFriday, May 20, 2011
  118. Web communication (7)Friday, May 20, 2011
  119. Web communication (7) ‣ Thus: Public/private encryption is only used in establishing a secondary (better!?) encryption.Friday, May 20, 2011
  120. Web communication (7) ‣ Thus: Public/private encryption is only used in establishing a secondary (better!?) encryption. ‣ SSL/TLS is a separate talk (it’s way more complex as this)Friday, May 20, 2011
  121. Web communication (7) ‣ Thus: Public/private encryption is only used in establishing a secondary (better!?) encryption. ‣ SSL/TLS is a separate talk (it’s way more complex as this) ‣ http://www.moserware.com/2009/06/first-few- milliseconds-of-https.htmlFriday, May 20, 2011
  122. Email communication public key encryption in Email communication (aka: the worst communication method invented when it comes to privacy or secrecy, except for yelling)Friday, May 20, 2011
  123. Email communication (2)http://change-your-ip.com/wp-content/uploads/image/nigerian_419_scam.jpghttp://torontoemerg.files.wordpress.com/2010/09/spam.gifFriday, May 20, 2011
  124. Email communication (3) ‣ DID YOU EVER SEND/RECEIVE EMAILS LIKE THIS?Friday, May 20, 2011
  125. Email communication (4)Friday, May 20, 2011
  126. Email communication (4) ‣ Did Bill really send this email?Friday, May 20, 2011
  127. Email communication (4) ‣ Did Bill really send this email? ‣ Do we know for sure that nobody has read this email (before it came to us?)Friday, May 20, 2011
  128. Email communication (4) ‣ Did Bill really send this email? ‣ Do we know for sure that nobody has read this email (before it came to us?) ‣ Do we know for sure that the contents of the message isn’t tampered with?Friday, May 20, 2011
  129. Email communication (4) ‣ Did Bill really send this email? ‣ Do we know for sure that nobody has read this email (before it came to us?) ‣ Do we know for sure that the contents of the message isn’t tampered with? ‣ We use signing!Friday, May 20, 2011
  130. Signing (1)Friday, May 20, 2011
  131. Signing (1) ‣ Signing a message means adding a signature that authenticates the validity of a message.Friday, May 20, 2011
  132. Signing (1) ‣ Signing a message means adding a signature that authenticates the validity of a message. ‣ Like md5 or sha1, so when the message changes, so will the signature.Friday, May 20, 2011
  133. Signing (1) ‣ Signing a message means adding a signature that authenticates the validity of a message. ‣ Like md5 or sha1, so when the message changes, so will the signature. ‣ This works on the premise that Alice and only Alice has the private key that can create the signature.Friday, May 20, 2011
  134. Signing (2) http://en.wikipedia.org/wiki/File:Digital_Signature_diagram.svgFriday, May 20, 2011
  135. Signing (3)Friday, May 20, 2011
  136. Signing (3) ‣ GPG / PGP: Application for signing and/or encrypting data (or emails).Friday, May 20, 2011
  137. Signing (3) ‣ GPG / PGP: Application for signing and/or encrypting data (or emails). ‣ Try it yourself with Thunderbird’s Enigmail extension.Friday, May 20, 2011
  138. Signing (3) ‣ GPG / PGP: Application for signing and/or encrypting data (or emails). ‣ Try it yourself with Thunderbird’s Enigmail extension. ‣ Public keys can be send / found on PGP- servers so you don’t need to send your keys to everybody all the time.Friday, May 20, 2011
  139. Signing (4)Friday, May 20, 2011
  140. Signing (5)Friday, May 20, 2011
  141. Signing (5)Friday, May 20, 2011
  142. Signing (5)Friday, May 20, 2011
  143. Email communication (10) ‣ ADVANTAGES OF SIGNING YOUR MAILFriday, May 20, 2011
  144. Email communication (10) ‣ Everybody can send emails that ONLY YOU can read. ‣ ADVANTAGES OF SIGNING YOUR MAILFriday, May 20, 2011
  145. Email communication (10) ‣ Everybody can send emails that ONLY YOU can read. ‣ Everybody can verify that YOU have send the email and that it is authentic. ‣ ADVANTAGES OF SIGNING YOUR MAILFriday, May 20, 2011
  146. Email communication (10) ‣ Everybody can send emails that ONLY YOU can read. ‣ Everybody can verify that YOU have send the email and that it is authentic. ‣ Why is this not the standard? ‣ ADVANTAGES OF SIGNING YOUR MAILFriday, May 20, 2011
  147. Email communication (10) ‣ Everybody can send emails that ONLY YOU can read. ‣ Everybody can verify that YOU have send the email and that it is authentic. ‣ Why is this not the standard? ‣ No really, why isn’t it the standard? ‣ ADVANTAGES OF SIGNING YOUR MAILFriday, May 20, 2011
  148. Email communication (7)Friday, May 20, 2011
  149. Email communication (8)Friday, May 20, 2011
  150. Email communication (9) Stupidity trumps everything: Don’t loose your private key(s) (as I did on multiple occasions)http://farm4.static.flickr.com/3231/2783827537_b4d2a5cc9a.jpgFriday, May 20, 2011
  151. Other applications PGP / GPG (encrypt / decrypt sensitive data) OpenSSH (Secure connection to other systems) IPSEC (VPN tunnels) Software signing ‣ PUBLIC KEY ENCRYPTION IN OTHER FIELDSFriday, May 20, 2011
  152. Any questions? ‣ FOOTER TEXT http://farm1.static.flickr.com/73/163450213_18478d3aa6_d.jpgFriday, May 20, 2011
  153. Please rate my talk on joind.in: http://joind.in/3466 ‣ THANK YOU FOR YOUR ATTENTIONFriday, May 20, 2011

×