Public key cryptography

1,877 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,877
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
27
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Public key cryptography

  1. 1. Public key cryptography: a practical approach Israel Herraiz <isra@herraiz.org> <herraiz@uax.es> KeyID FE0A7AF3 Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF3 th December 10 2010 1http://herraiz.org
  2. 2. Privacy in electronic communicatios Can we ensure privacy in electronic communications? 2http://herraiz.org
  3. 3. Reaching Google 1 10.8.0.1 (10.8.0.1) 2 192.168.1.1 (192.168.1.1) 3 62.81.125.179.static.user.ono.com (62.81.125.179) 4 10.115.49.217 (10.115.49.217) 5 10.127.151.49 (10.127.151.49) 6 10.127.10.137 (10.127.10.137) 7 10.127.10.133 (10.127.10.133) 8 10.127.3.82 (10.127.3.82) 9 213.242.71.21 (213.242.71.21) 10 ae-5-5.ebr1.Paris1.Level3.net (4.69.141.42) 11 ae-45-45.ebr1.London1.Level3.net (4.69.143.101) 12 ae-1-51.edge3.London1.Level3.net (4.69.139.73) 13 unknown.Level3.net (212.113.15.186) 14 209.85.255.78 (209.85.255.78) 15 66.249.95.173 (66.249.95.173) 16 216.239.49.45 (216.239.49.45) 17 * * * 18 ww-in-f147.1e100.net (209.85.229.147) 3http://herraiz.org
  4. 4. Reaching Google 1 10.8.0.1 (10.8.0.1) 2 192.168.1.1 (192.168.1.1) Getafe 3 62.81.125.179.static.user.ono.com (62.81.125.179) 4 10.115.49.217 (10.115.49.217) 5 10.127.151.49 (10.127.151.49) Barcelona 6 10.127.10.137 (10.127.10.137) 7 10.127.10.133 (10.127.10.133) 8 10.127.3.82 (10.127.3.82) 9 213.242.71.21 (213.242.71.21) Minneapolis 10 ae-5-5.ebr1.Paris1.Level3.net (4.69.141.42) Paris 11 ae-45-45.ebr1.London1.Level3.net (4.69.143.101) 12 ae-1-51.edge3.London1.Level3.net (4.69.139.73) London 13 unknown.Level3.net (212.113.15.186) 14 209.85.255.78 (209.85.255.78) Atlanta 15 66.249.95.173 (66.249.95.173) New York 16 216.239.49.45 (216.239.49.45) Los Angeles 17 * * * 18 ww-in-f147.1e100.net (209.85.229.147) Atlanta 4http://herraiz.org
  5. 5. Hops while attempting to reach Google 5http://herraiz.org
  6. 6. Is it that bad? What kind of private Information can be captured? 6http://herraiz.org
  7. 7. Non-cyphered information ● Geolocalization ● Using your IP address ● Web browser and operating system ● Any info written in a form ● Including passwords ● Cookies ● Have a look and take care – http://www.youtube.com/watch?v=yyLdxO6xvh8 – http://www.youtube.com/watch?v=1FgKL2ywrX0 7http://herraiz.org
  8. 8. Solution Enforce cyphering using public key cryptography 8http://herraiz.org
  9. 9. Cryptography ● Traditionally, cyphering was done using a password and an algorithm ● Symmetric approach ● Password shared by both peers ● Public key cryptography ● Insecure channel ● Private and secure communication without any previous physical contact 9http://herraiz.org
  10. 10. Public key cryptography (PKP) Pub Pri Pub Pri 10http://herraiz.org
  11. 11. Public key cryptography Pub Pri Pub Pri Keyserver Pub Pub 11http://herraiz.org
  12. 12. Criptografía de clave pública Hi there! Pub Pri Pub Pri Keyserver Pub Pub 12http://herraiz.org
  13. 13. Public key cryptography Pub 0F231A5 Pub Pri Pub Pri Keyserver Pub Pub 13http://herraiz.org
  14. 14. Public key cryptography Pub 0F231A5 Pub Pri Pub Pri Keyserver Pub Pub 14http://herraiz.org
  15. 15. Public key cryptography Hi there! Pub Pri Pub Pri Keyserver Pub Pub 15http://herraiz.org
  16. 16. How does it work? ● PKP Algorithms ● Prime number factorization ● From a mathematical point of view, all messages can be decrypted ● From a computational point of view, decrypting a message without the private key takes too long – Key length is a crucial property 16http://herraiz.org
  17. 17. Now its your turn Go create your own public-private key pair 17http://herraiz.org
  18. 18. Public key sample-----BEGIN PGP PUBLIC KEY BLOCK-----Version: GnuPG v1.4.10 (GNU/Linux)JeP5F/eRS9G8EE1fObRRW6mRf+bGSeluFEMiOi3UB/5P0GBx8iM0QIjezR0R+2n8bMjuJmWHTjvEeplnx9iual4J4BT/9FznFs7o4tFVVfYBacFrhWjQyAf2xoP3gyn35OlV55VHVB+oidXUVNSNHZbXwrd1sH42x7x8o17PDFJrWjiq4kAb2EfSOIuSS6naK9Y06bqh3yRbVtRdZOuCLcY8QJwt/mx//uQqG6NuSvYhx1QyC6g==XuDESOIuSSamQINBEtUTeQBEACejdGQhscmsDXM7xG2/ZYFpMQg/GmPlJ85uJJUkLr2T+5Rw8XvVfZjNZkMwsq94BGFrBxu477tKhQ5wiUBBz/jJ01a39Wrazgp21fvEon2T0Vay45t2BYbU4AF815UL6o74YlW5SLdAofwylZS8pX4CKjGAB0T+fDiwkAepQl45nzX0ulv-----END PGP PUBLIC KEY BLOCK----- 18http://herraiz.org
  19. 19. Private key sample-----BEGIN PGP PRIVATE KEY BLOCK-----Version: GnuPG v1.4.10 (GNU/Linux)mQINBEtUTeQBEACejdGQhscmsDXM7xG2/ZYFpMQg/GmPlJ85uJJUkLr2T+5Rw8XvJeP5F/eRS9G8EE1fObRRW6mRf+bGSeluFEMiOi3UB/5P0GBx8iM0QIjezR0R+2n8VfZjNZkMwsq94BGFrBxu477tKhQ5wiUBBz/jJ01a39Wrazgp21fvEon2T0Vay45t2BYbU4AF815UL6o74YlW5SLdAofwylZS8pX4CKjGAB0T+fDiwkAepQl45nzX0ulvbMjuJmWHTjvEeplnx9iual4J4BT/9FznFs7o4tFVVfYBacFrhWjQyAf2xoP3gyn35OlV55VHVB+oidXUVNSNHZbXwrd1sH42x7x8o17PDFJrWjiq4kAb2EfSOIuSS6naK9Y06bqh3yRbVtRdZOuCLcY8QJwt/mx//uQqG6NuSvYhx1QyC6g==XuDESOIuSSa-----END PGP PRIVATE KEY BLOCK----- 19http://herraiz.org
  20. 20. Keyservers ● Internet hosts that contain public keys ● Federated services ● All servers contain all the public keys in the world ● Public keyserver in Spain thanks to RedIRIS ● URL: pgp.rediris.es 20http://herraiz.org
  21. 21. Your turn again Upload your key to a server Download your mates keys 21http://herraiz.org
  22. 22. Message signing Hi there! Pub Pri Pub Pri Keyserver Pub Pub 22http://herraiz.org
  23. 23. Message signing Created with the private key Hi there! Pub Pri Pub Pri Keyserver Pub Pub 23http://herraiz.org
  24. 24. Message signing Hi there! Pub Pri Pub Pri Keyserver Pub Pub 24http://herraiz.org
  25. 25. Signing and encrypting Hi there! Pub Pri Pub Pri Keyserver Pub Pub 25http://herraiz.org
  26. 26. Signing and encrypting Pub FAD43A Pub Pri Pub Pri Keyserver Pub Pub 26http://herraiz.org
  27. 27. Signing and encrypting Pub FAD43A Pub Pri Pub Pri Keyserver Pub Pub 27http://herraiz.org
  28. 28. Signing and encrypting Hi there! Pub Pri Pub Pri Keyserver Pub Pub 28http://herraiz.org
  29. 29. Signing and encrypting Hi there! Pub Pri Pub Pri Keyserver Pub Pub 29http://herraiz.org
  30. 30. Identity certification How do you know that public keys belong to their legitimate owners? Public key Can we ensure that the Barack Obama key does belong to Barack Obama? 30http://herraiz.org
  31. 31. Identity certification Certificate Authorities Trust chain 31http://herraiz.org
  32. 32. Public key signing ● Public keys are plain text documents that can be cryptographically signed ● Mutual public signing adds identity certification to PKP schemes 32http://herraiz.org
  33. 33. Public key signing Barack Obama Pub Pri Pub Pri Keyserver Pub Pub 33http://herraiz.org
  34. 34. Public key signing Barack Obama Key FE0A7AF2 Name Barack Obama Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2 Pub Pri Pub Pri Keyserver Pub Pub 34http://herraiz.org
  35. 35. Public key signing Barack Obama Key FE0A7AF2 Name Barack Obama Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2 Pub Pri Pub Pri Keyserver Pub Pub 35http://herraiz.org
  36. 36. Public key signing Show me your passport Barack Obama Key FE0A7AF2 Name Barack Obama Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2 Pub Pri Pub Pri Keyserver Pub Pub 36http://herraiz.org
  37. 37. Public key signing Show me your passport Barack Obama Key FE0A7AF2 Name Barack Obama Fingerprint Passport D0DA E915 BFDD E5CD 8BA0 Barack B159 7E97 2ACB FE0A 7AF2 Obama Pub Pri Pub Pri Keyserver Pub Pub 37http://herraiz.org
  38. 38. Public key signing Pub Key FE0A7AF2 Barack Obama Name Barack Obama D0DA E915 BFDD E5CD 8BA0 Fingerprint B159 7E97 2ACB FE0A 7AF2 D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2 Download key FE0A7AF2 Pub Pri Keyserver Pub Pub 38http://herraiz.org
  39. 39. Public key signing Pub Key FE0A7AF2 Barack Obama Name Barack Obama D0DA E915 BFDD E5CD 8BA0 Fingerprint B159 7E97 2ACB FE0A 7AF2 D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2 Pub Pri Keyserver Pub Pub 39http://herraiz.org
  40. 40. Public key signing Pub Key FE0A7AF2 Barack Obama Name Barack Obama D0DA E915 BFDD E5CD 8BA0 Fingerprint B159 7E97 2ACB FE0A 7AF2 D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2 Pub Pri Keyserver Pub Pub 40http://herraiz.org
  41. 41. Public key signing Barack Obama Key signing is often mutual Pub Pri Pub Pri Keyserver Pub Pub 41http://herraiz.org
  42. 42. Public key signing Barack Obama Trust chain Pub Pub Is he Barack Pub Obama? 42http://herraiz.org
  43. 43. Signing party ● How we do sign everyone else in the group? ● Linear chain – 2N signatures, weak chain ● Everybody signs everybody – N2 signatures, strong chain – Fast signing party protocol 43http://herraiz.org
  44. 44. Take away PKP Each user creates Secure comms. a public-private through key pair insec. channels Trust chain Keyservers Identity cert. contain every through key in the world public key signing 44http://herraiz.org

×