• Save
Security everywhere digital signature and digital fingerprint v1 (personal)
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Security everywhere digital signature and digital fingerprint v1 (personal)

on

  • 298 views

This is the slide I used to train people about the security concepts, such as digital signature and digital fingerprint. ...

This is the slide I used to train people about the security concepts, such as digital signature and digital fingerprint.

I tried to use friendly way to explain the topic with animation and many example in real life.

Hope it helps for you.

Statistics

Views

Total Views
298
Views on SlideShare
298
Embed Views
0

Actions

Likes
0
Downloads
4
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • 在就例 我們列出 今日的學習目標 Besides, 今天 我們的內容 是以 比較生活化的方式來進行講解 無可避免的 在座如果有一些 對 security 以早有研究的先進 可能會想了解更詳細的內容 , 如演算法 及數學的求證 或者是攻擊者 how to attack , 及你要如何 defense 這些 threat 我們可以折日 在更 advance 的課程 來滿足各位的需求 麻煩
  • Why I said Security is everywhere … . We firstly check our physical realm out …
  • 講到 security , 必然一定要提到 其 4 大特性 還有程度的差異 The transmitted message must make sense to only the intended receiver -- Privacy Receiver needs to be sure of the sender’s identity – Authentication Data must arrive at the receiver exactly as they were sent – Integrity Receiver must prove that a received message came from a specific sender -- Non-repudiation
  • 護照 是一個 國家 的政府发放給本國 公民 ( citizen )或 國民 ( national )的一種旅行 证件 ,用於證明持有人的 身分 與 國籍 ,以便其出入本國及在外國旅行,同時亦用於請求有關外國當局給予持照人通行便利及保護。 護照關係到在國外所受合法保護的權利與進入本籍國的權利。护照上通常有持有者的照片、签名、出生日期、国籍和其它个人身分的证明。许多国家正在開發將 生物识别 技术用於護照,以便能够更精确地确认护照的使用者是其合法持有人。 如今国际间旅行通常要求出示护照 , 但也有例外的情况。护照实际上仅仅是一种国际认可的用来对旅行者身份鉴定的手段。而这样的鉴定要求在很多情况下或针对某些旅行者可以免除。例如现在 美国 公民凭驾照即可进入 墨西哥 ,而 欧盟 国民在欧盟内部旅行也不需要护照。 同样的,护照在一个国家内部也可以被当成身份证件而使用。
  • 由 喬納森·莫斯托 拍攝並於 2000 年上映的電影 U-571 講的是一群美國潛艇兵為繳獲一台恩尼格瑪機而搶了一艘德國潛艇後的故事
  • 小組成員調查神秘與不尋常的死因,以判定是誰以及如何殺了他們。成員們也會解決一些其他的重罪,例如強姦罪的採證,但這個系列影集的主題仍以謀殺案件為主。 Criminalistics is the application of various sciences to answer questions relating to examination and comparison of biological evidence , trace evidence , impression evidence (such as fingerprints , footwear impressions, and tire tracks), controlled substances , ballistics , firearm and toolmark examination, and other evidence in criminal investigations. Typically, evidence is processed in a crime lab . Digital forensics is the application of proven scientific methods and techniques in order to recover data from electronic / digital media. DF specialists work in the field as well as in the lab. Forensic anthropology is the application of physical anthropology in a legal setting, usually for the recovery and identification of skeletonized human remains. Forensic archaeology is the application of a combination of archaeological techniques and forensic science, typically in law enforcement. Forensic DNA analysis takes advantage of the uniqueness of an individual's DNA to answer forensic questions such as determining paternity/maternity or placing a suspect at a crime scene. Forensic entomology deals with the examination of insects in, on, and around human remains to assist in determination of time or location of death. It is also possible to determine if the body was moved after death. Forensic geology deals with trace evidence in the form of soils, minerals and petroleums. Forensic interviewing is a method of communicating designed to elicit information and evidence. Forensic meteorology is a site specific analysis of past weather conditions for a point of loss. Forensic odontology is the study of the uniqueness of dentition better known as the study of teeth. Forensic pathology is a field in which the principles of medicine and pathology are applied to determine a cause of death or injury in the context of a legal inquiry. Forensic psychology is the study of the mind of an individual, using forensic methods. Usually it determines the circumstances behind a criminal's behavior. Forensic toxicology is the study of the effect of drugs and poisons on/in the human body. Forensic document examination or questioned document examination answers questions about a disputed document using a variety of scientific processes and methods. Many examinations involve a comparison of the questioned document, or components of the document, to a set of known standards. The most common type of examination involves handwriting wherein the examiner tries to address concerns about potential authorship. Veterinary Forensics is forensics applied to crimes involving animals. Association of Firearm and Tool Mark Examiners Ballistic fingerprinting Computer forensics Crime Diplomatics (Forensic paleography) Forensic accounting Forensic animation Forensic anthropology Forensic chemistry Forensic engineering Forensic facial reconstruction Forensic identification Forensic materials engineering Forensic polymer engineering Forensic profiling Forensic psychology Questioned document examination Retrospective diagnosis Skid mark Trace evidence Profiling practices Testimony  · Documentary Physical  / Real  · Digital Exculpatory  · Scientific Demonstrative Eyewitness identification Genetic (DNA)  · Lies
  • Digital signing ensures that data originates from a specific party by creating a digital signature that is unique to that party. This process also uses hash functions. Put simply, digital signatures combine hashing (for the validation of the signature data) with asymmetric encryption for encoding that signature data. The following occurs when data is signed with a digital signature: A hash algorithm is applied to the data to create a hash value. The hash value is encrypted with User A’s private key, thereby creating the digital signature. The digital signature and the data are sent to User B. The following occurs when digitally signed data is decrypted: User B decrypts the signature by using User A’s public key and then recovers the hash value. If the signature can be decrypted, User B knows that the data came from User A (or the owner of the private key). The hash algorithm is applied to the data to create a second hash value. The two hash values are compared. If the hash values match, User B knows that the data has not been modified.
  • In a public key environment, it is vital that you are assured that the public key to which you are encrypting data is in fact the public key of the intended recipient and not a forgery. You could simply encrypt only to those keys which have been physically handed to you. But suppose you need to exchange information with people you have never met; how can you tell that you have the correct key? Digital certificates, or certs, simplify the task of establishing whether a public key truly belongs to the purported owner. A certificate is a form of credential. Examples might be your driver's license, your social security card, or your birth certificate. Each of these has some information on it identifying you and some authorization stating that someone else has confirmed your identity. Some certificates, such as your passport, are important enough confirmation of your identity that you would not want to lose them, lest someone use them to impersonate you. A digital certificate is data that functions much like a physical certificate. A digital certificate is information included with a person's public key that helps others verify that a key is genuine or valid. Digital certificates are used to thwart attempts to substitute one person's key for another. A digital certificate consists of three things: A public key. Certificate information. ("Identity" information about the user, such as name, user ID, and so on.) One or more digital signatures. The purpose of the digital signature on a certificate is to state that the certificate information has been attested to by some other person or entity. The digital signature does not attest to the authenticity of the certificate as a whole; it vouches only that the signed identity information goes along with, or is bound to, the public key. Thus, a certificate is basically a public key with one or two forms of ID attached, plus a hearty stamp of approval from some other trusted individual.
  • PKI 是一種基礎建設內含對稱及非對稱性密碼學、軟體和網路服務的整合技術,主要是用來提供保障網路通訊和企業電子交易的安全性。 PKI 為一種支援數位憑證的軟體、標準和協定的安全性整合服務。 證管理中心 公開金鑰基礎建設 ,又稱公開金鑰基礎設施、公開金鑰基礎架構,簡稱公鑰基礎建設、公鑰基礎設施、公鑰基礎架構或 PKI 。 密碼學上,公開金鑰基礎建設藉著 憑證管理中心 ( CA )將使用者的個人身分跟公開金鑰鏈結在一起。對每個憑證中心使用者的身分必須是唯一的,可能在人為監督下,合併使用分散於各地的其他協同軟體。對每個使用者,憑證中心發行的 公開金鑰憑證 含有不可偽造的個人身分、公鑰、有效條件與其他資料等。 可信賴的第三者( Trusted third party , TTP )也長被用來指憑證中心。 PKI 有時被錯誤地拿來代表公開金鑰密碼學或公開金鑰演算法。 大部分企業級的公鑰基礎建設系統,依賴由更高階級的憑證中心發行給低階憑證中心的憑證,而層層構築而成的憑證鏈,來建立某個參與者的身份識別憑證的合法 性。這產生了不只一個電腦且通常涵蓋多個組織的憑證階層,涉及到多個來源軟體間的合作。因此公開的標準對公鑰基礎建設相當重要。這個領域的標準化多由 網際網路工程工作小組 ( IETF )的 PKIX 工作群完成。 企業公鑰基礎建設通常和企業的資料庫目錄緊密結合,每個員工的公鑰內嵌在憑證中,和人事資料一起儲存。今日最先進的目錄科技是輕量目錄存取協定( Lightweight Directory Access Protocol , LDAP )。事實上,最常見的憑證格式 X.509 的前身 X.500 是用於 LDAP 的前置處理器的目錄略圖。
  • VeriSign introduced the concept of classes of digital certificates: Class 1 for individuals, intended for email Class 2 for organizations, for which proof of identity is required Class 3 for servers and software signing, for which independent verification and checking of identity and authority is done by the issuing certificate authority Class 4 for online business transactions between companies Class 5 for private organizations or governmental security
  • 護照 是一個國家的政府发放給本國公民( citizen )或國民( national )的一種旅行证件,用於證明持有人的身分與國籍,以便其出入本國及在外國旅行,同時亦用於請求有關外國當局給予持照人通行便利及保護。 護照關係到在國外所受合法保護的權利與進入本籍國的權利。护照上通常有持有者的照片、签名、出生日期、国籍和其它个人身分的证明。许多国家正在開發將生物识别技术用於護照,以便能够更精确地确认护照的使用者是其合法持有人。 如今国际间旅行通常要求出示护照 , 但也有例外的情况。护照实际上仅仅是一种国际认可的用来对旅行者身份鉴定的手段。而这样的鉴定要求在很多情况下或针对某些旅行者可以免除。例如现在美国公民凭驾照即可进入墨西哥,而欧盟国民在欧盟内部旅行也不需要护照。 同样的,护照在一个国家内部也可以被当成身份证件而使用。

Security everywhere digital signature and digital fingerprint v1 (personal) Presentation Transcript

  • 1. Security Everywhere: Digital Fingerprint, Signature & Certificate <Fundamental 1> Paul Yang Feb 2009
  • 2. Course Objectives: • Bring up your awareness of security • Give you an idea to secure your electronic life
  • 3. Agenda • Security Everywhere • How to secure our E-life • Digital Fingerprint (Hash, Digest, Measure) • Digital Signature • Digital Certificate with PKI
  • 4. Our Life Physical Realm 4
  • 5. 4 Factors of Security Authentication Integrity Non- repudiation Privacy Nobody Can Know Who I Am It’s Unmodifiable It’s Undeniable
  • 6. Security Everywhere Real life: Sealing wax in Middle Ages Q1. How to prevent someone from tamperingQ1. How to prevent someone from tampering your letteryour letter ?? Q1. How to prevent someone from tamperingQ1. How to prevent someone from tampering your letteryour letter ??
  • 7. Security Everywhere Real life: Enigma in World War II Demo Flash Simulator
  • 8. Security Everywhere Real life: Crime Scene Investigation (CSI) Forensic scienceForensic science Testimony Testimony  DocumentaryDocumentary Physical / Real Physical / Real  Digital Exculpatory Digital Exculpatory  Scientific DemonstrativeScientific Demonstrative Eyewitness identificationEyewitness identification Genetic (DNA) Genetic (DNA)  LiesLies
  • 9. Take a look at our electronic Life 9
  • 10. Security Everywhere Challenges • How to prove the card is forged or not?  How does bank authenticate your identity?  How to protect my data won’t be intercepted by bad guy during data transmission?  How can merchant prevent customer from denying his/her order?  How can I trust the merchant is not bad guy?
  • 11. Are They Still the Original Data ? • When you receive files from your friend – Picture files – MP3 files – Video files – Many others type of files…. • When you download Files from Web – Utility – Driver – Patch – Picture/music/video.. filesHow Do you Know They Are Original - No lost, Not Been Hacked, No Virus…..
  • 12. Fingerprint for Any Digital Data • What is Human Fingerprint ? – a unique identification to a person – Small but can represent a person, like a digest • Is it a way for any digital data? • a program, a letter, or… • one byte…. one gigabyte, or ….. Is It Possible ? Digital Data Just Like Human ?
  • 13. Yes, We Can ! Message Digest Variable-length input message to aVariable-length input message to a fixed-lengthfixed-length Human Fingerprint  Virtual uniqueness Measurement  Detection ofDetection of genuinenessgenuineness Digital fingerprint  a logic process which will result in a fixed length unique data value If there is any single bit change in the original data, the result will change dramatically, so you’ll notice the change easily For example: using MD5 Hash algorithm will always result in xxx bit data value
  • 14. Fingerprint HOWTO Fingerprint Function Original Message (Document, E-mail) fingerprint  A unique value which can be used to represent the original data Demo: PsPad editor MD5
  • 15. Fingerprint HOWTOInput Fingerprint I love you Fingerprint MD5 e4f58a805a6e1fd0f6bef58c86f9ceb3 Demo: PsPad editor MD5 I love yoU Fingerprint MD5 8bbe24876210671597572bf075412311 Photo1.jpg Fingerprint MD5 8cd5c5a2ab5eea7c649fa0994885fb44 Modified Photo1.jpg Fingerprint MD5 dfaa08438c77f924717f6dcac756530f
  • 16. Fingerprint Algorithms Message-Digest Algorithm Digest Length (bits) MD2 128 MD4 128 MD5 128 Secure Hash Algorithm (SHA) 160 References: MD2 MD4 MD5 SHA
  • 17. Hash Function Ex: Downloading the file (Integrity) Demo – 1 , 2 Problem: The SW I download can’t be opened! Any way to know if the file is not modified during network transmission? Problem: The SW I download can’t be opened! Any way to know if the file is not modified during network transmission?
  • 18. Hash Function Ex: User authentication in OS or ATM machineProblem:  can I protect my password during user authentication?  can I shadow my password in OS to prevent someone from stealing it Problem:  can I protect my password during user authentication?  can I shadow my password in OS to prevent someone from stealing it Client Server Fingerprint Function ID: PaulID: Paul Password: ILoveYouPassword: ILoveYou Login requestLogin request Account: PaulAccount: Paul Password:Password: +!3420$ User DB ID Password Paul +!3420$ Stephen ss-3&6# Jack l*^$23w Account: PaulAccount: Paul Password:Password: +!3420$ User Authentication User Authentication Login successful Login successful Login successful Login successful
  • 19. Are you sure where they come from?• When you receive files from your friend – Picture files – MP3 files – Video files – Many others type of files…. • When you download Files from Web – Utility – Driver – Patch – Picture/music/video.. files How can you know where they come from?
  • 20. Context (Plaint Text) Digital signature Sign Yes, We Can ! Digital Signatures A Electronic document to provide Authentication, Integrity and Non-repudiation but NOT Privacy Verify Sender ReceiverSender
  • 21. How Signature Works? You must understand “What is key?” first Encryption DecryptionPlaintext Plaintext Cipher text Key Key Variable value used by cryptographic to produce encrypted text, or decrypt encrypted text Variable value used by cryptographic to produce encrypted text, or decrypt encrypted text
  • 22. Quiz? Problem: I’ve got to remember many passwords for •My Computer Login •My ATM PIN •My Internet Bank •My Mobile Phone SIM •My mailbox and MSN •More……. Question: Do you know someplace or someway in which you can secure your passwords and can check them out easily?
  • 23. Let’s Practice!Answer: • Assuming they are four digit numbers (xxxx) • Write them down in a paper • Pick up a set of 4 digital number and keep it in your mind, ex. 1234 • Make simple mathematics (Addition +) Ex. Computer Login: 7622 + 1234 = 8856 ATM PIN: 1285 + 1234 = 2519 Internet Bank: 2247 + 1234 = 3481 • Put them in somewhere you like, (laptop or wallet) • When you need them, just make simple subtraction (-) Ex. Computer Login: 8856 - 1234 = 7622 ATM PIN: 2519 - 1234 = 1285 • Even if someone steals your wallet, no one can use those number to unlock your account. • Which is the plaint text? • Which is the cipher text? • Which is the encryption? • Which is the decryption? • Which is the KEY? • Which is the plaint text? • Which is the cipher text? • Which is the encryption? • Which is the decryption? • Which is the KEY? Encryption DecryptionPlaintext Plaintext Cipher text Key Key Encryption is still difficult? 7622 (Login) 8856 (+) addition (-) Subtraction 1234
  • 24. Public-Private Key Encryption • Involves 2 distinct keys – Public, Private. • The private key is kept secret and never be divulged • The public key is not secret and can be freely distributed, shared with anyone. • It is also called “asymmetric cryptography”. • Two keys are mathematically related, it is infeasible to derive the private key from the public key. Encryption DecryptionPlaintext Plaintext Ciphertext Public Key Private Key Use Public key to encrypt and Private Key to decrypt!
  • 25. Hello, Mary Wanna go out for dinner? PaulPaul MaryMary encrypt using Mpublic decrypt using Mprivate OK, Paul Fridays or Ruby Tuesday ? PaulPaul MaryMary decrypt using Pprivate encrypt using Ppublic
  • 26. Each individual generates his own key pair [Public key known to everyone & Private key only to the owner] Private Key – Used for Signing the document Public Key – Used for Verifying the signed document Digital Signatures HOWTO Use Private key to encrypt (sign) Public Key to decrypt (verify) !!!
  • 27. Paul Mary Data Fingerprint Algorithm Paul Private key Paul Public Key Fingerprint Algorithm If fingerprint values match, data came from the owner of the private key and is valid Digital Signatures HOWTO Fingerprint Fingerprint Fingerprint Digital signature Data Signing Verification
  • 28. Agenda • Security Everywhere • How to secure our E-life • Hash function (Digest, Figure print) • Digital Signature • Digital Certificate with PKI • VPro Security World
  • 29. Digital Certificates • Why we use driver license and ID card? • Digital Certificate much likes a physical passport • A data with digital signature from one trusted Certification Authority (CA). • This data contains: – Who owns this certificate – Who signed this certificate – The expired date – User name & email address CERTIFICATE IssuerIssuer SubjectSubject IssuerIssuer DigitalDigital SignatureSignature Subject Public KeySubject Public Key
  • 30. Elements of Digital Cert.• A Digital ID typically contains the following information: – Your public key, Your name and email address – Expiration date of the public key, Name of the CA who issued your Digital ID
  • 31. Public Key Infrastructure (PKI) • A Public Key Infrastructure is an Infrastructure to support and manage Public Key-based Digital Certificates • There are 4 major parts in PKI. – Certification Authority (CA) – A directory Service – Services, Banks, Web servers – Business Users
  • 32. Certification Authority (CA) • A trusted agent who certifies public keys (certificate) for general use (Corporation or Bank). – User has to decide which CAs can be trusted. • CA provider: • Comodo • DigiCert • Trustwave • TURKTRUST • VeriSign More ….
  • 33. PKI Structure Certification Authority Directory services User Services, Banks, Webservers Public/Private Keys
  • 34. Demonstration… • Digital Signature & Certificate – Generate Message Digest [SHA1]  OpenSSL [Option] – Encrypting Digest using Private Key [Signatures]  OpenSSL [Option] – Verification of Signatures  OpenSSL [Option] – Apply your email certificate – Outlook 2003 case [Multipurpose Internet Mail Extensions MIME]
  • 35. Security Everywhere Recap: Challenges • How to prove the card is forged or not?  How Server authenticate your identity?How Server authenticate your identity?  How you transmit your sensitive data ?How you transmit your sensitive data ?  How to protect my data won’t be intercepted byHow to protect my data won’t be intercepted by bad guy?bad guy?  How can merchant avoid customer repudiateHow can merchant avoid customer repudiate his/her order?his/her order?  How can I trust the merchant is not bad guy?How can I trust the merchant is not bad guy?  What’s SSL 128? Is it able to protect my data?What’s SSL 128? Is it able to protect my data? Digital Fingerprint (Digest, Hash, & Measure)Digital Fingerprint (Digest, Hash, & Measure) Digital signature (SignDigital signature (Signinging)) Encryption (Public Key, Secret Key)Encryption (Public Key, Secret Key) Digital Certificate (PKI)Digital Certificate (PKI) HOWTO Solve ?HOWTO Solve ?
  • 36. Q&A
  • 37. • Backup
  • 38. Why Security Matters? It’s everywhere, just you don’t know !
  • 39. Security Everywhere E-life: E-commerce Q1. How to protect my data won’t be interceptedQ1. How to protect my data won’t be intercepted by Bad guy?by Bad guy? Q1. How to protect my data won’t be interceptedQ1. How to protect my data won’t be intercepted by Bad guy?by Bad guy? Q2. How can I trust merchant is not bad guy?Q2. How can I trust merchant is not bad guy?Q2. How can I trust merchant is not bad guy?Q2. How can I trust merchant is not bad guy? Q3. How can merchant avoid customer repudiateQ3. How can merchant avoid customer repudiate his/her order?his/her order? Q3. How can merchant avoid customer repudiateQ3. How can merchant avoid customer repudiate his/her order?his/her order?
  • 40. Security Everywhere E-life: E-commerce httpshttps SSL 128SSL 128 Credit card infoCredit card info Q1. What’s SSL 128bit ?Q1. What’s SSL 128bit ? Q2. Why / How can it protect my credit info?Q2. Why / How can it protect my credit info? Q1. What’s SSL 128bit ?Q1. What’s SSL 128bit ? Q2. Why / How can it protect my credit info?Q2. Why / How can it protect my credit info?
  • 41. Security Everywhere Storing the password in OS, ATM machine Problem: can I shadow my password in OS to prevent someone from stealing it can I protect my password during user authentication? roblem: can I shadow my password in OS to prevent someone from stealing it can I protect my password during user authentication? Plaintext
  • 42. Key length • It is the number of bits (bytes) in the key. • A 2-bit key has four values – 00, 01, 10, 11 in its key space • A key of length “n” has a key space of 2^n distinct values. • E.g. the key is 128 bits – 101010101010….10010101111111 – There are 2^128 combinations – 340 282 366 920 938 463 463 374 607 431 768 211 456
  • 43. How difficult to crack a key? Key Length Individual Attacker Small Group Academic Network Large Company Military Inteligence Agency 40 Weeks Days Hours Milliseconds Microseconds 56 Centuries Decades Years Hours Seconds 64 Millennia Centuries Decades Days Minutes 80 Infeasible Infeasible Infeasible Centuries Centuries 128 Infeasible Infeasible Infeasible Infeasible Millennia Attacker Computer Resources Keys / Second Individual attacker One high-performance desktop machine & Software 2^17 – 2^24 Small group 16 high-end machines & Software 2^21 – 2^24 Academic Network 256 high-end machines & Software 2^25 – 2^28 Large company $1,000,000 hardware budget 2^43 Military Intelligence agency $1,000,000 hardware budget + advanced technology 2^55
  • 44. Secret-key Encryption • Use a secret key to encrypt a message into ciphertext. • In AMT provision, we call it Pre-Shared Key (PSK) • Use the same key to decrypt the ciphertext to the original message. • Also called “Symmetric cryptography”. Encryption DecryptionPlaintext Plaintext Ciphertext Secret Key Secret Key
  • 45. Secret-Key algorithms Algorithm Name Key Length (bits) Blowfish Up to 448 DES 56 IDEA 128 RC2 Up to 2048 RC4 Up to 2048 RC5 Up to 2048 Triple DES 192 References: Blowfish DES IDEA RC2 RC4 RC5 DES-3
  • 46. Digital CertificateDigital Certificate • How are Digital Certificates Issued?How are Digital Certificates Issued? • Who is issuing them?Who is issuing them? • Why should I Trust the Certificate Issuer?Why should I Trust the Certificate Issuer? • How can I check if a Certificate is valid?How can I check if a Certificate is valid? • How can I revoke a Certificate?How can I revoke a Certificate? • Who is revoking Certificates?Who is revoking Certificates? ProblemsProblems Moving towards PKI …Moving towards PKI …
  • 47. Public Key Algorithms Algorithm Name Key Length (bits) DSA Up to 448 El Gamal 56 RSA 128 Diffie-Hellman Up to 2048 References: DSA El Gamal RSA Diffie-Hellman
  • 48. CERTIFICATE Digital CertificateDigital Certificate IssuerIssuer SubjectSubject IssuerIssuer DigitalDigital SignatureSignature Subject Public KeySubject Public Key
  • 49. Message-Digest Algorithms Message-Digest Algorithm Digest Length (bits) MD2 128 MD4 128 MD5 128 Secure Hash Algorithm (SHA) 160 References: MD2 MD4 MD5 SHA
  • 50. OK, Paul Fridays or Ruby Tuesday ? PaulPaul MaryMary decrypt using Pprivate encrypt using Ppublic
  • 51. Security Everywhere Our life: Passport Q1. How to know it’s a official passport?Q1. How to know it’s a official passport?Q1. How to know it’s a official passport?Q1. How to know it’s a official passport? Q2. How to prove the passport belongs to you?Q2. How to prove the passport belongs to you?Q2. How to prove the passport belongs to you?Q2. How to prove the passport belongs to you?
  • 52. Security Everywhere Real life: Passport Photographic Micro-lettering Lines Micro Letters Watermark Laser-perforation
  • 53. Hash Function Ex: Storing the password in OS, ATM machine Client Server Hash Function ID: PaulID: Paul Password: ILoveYouPassword: ILoveYou Login requestLogin request Account: PaulAccount: Paul Password:Password: +!3420$ User DB ID Password Paul +!3420$ Stephen ss-3&6# Wang l*^$23w Account: PaulAccount: Paul Password:Password: +!3420$ User Authentication User Authentication Login successful Login successful Login successful Login successful
  • 54. How Signature Works? You must understand “What is key?” first Encryption DecryptionPlaintext Plaintext Cipher text Key Key The length of the key reflects the difficulty to decrypt from the encrypted message The length of the key reflects the difficulty to decrypt from the encrypted message Variable value used by cryptographic to produce encrypted text, or decrypt encrypted text Variable value used by cryptographic to produce encrypted text, or decrypt encrypted text