Public Key Cryptosystems with Applications, Requirements and
Cryptanalysis, RSA algorithm, its computational aspects and security, Diffie-Hillman Key Exchange algorithm, Man-in-Middle attack
information security(Public key encryption its characteristics and weakness, ...Zara Nawaz
these slides of information security contains Public key encryption its characteristics and weakness its applications and Diffie-Hellman Algorithm with example
Key Management, Diffie-Hellman Key Exchange, Elliptic Curve Arithmetic, Elliptic Curve
Cryptography, Message Authentication and Hash Functions, Hash and MAC Algorithms
Digital Signatures and Authentication Protocols
Enterprise Resource Planning System includes various modules that reduce any business's workload. Additionally, it organizes the workflows, which drives towards enhancing productivity. Here are a detailed explanation of the ERP modules. Going through the points will help you understand how the software is changing the work dynamics.
To know more details here: https://blogs.nyggs.com/nyggs/enterprise-resource-planning-erp-system-modules/
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
More Related Content
Similar to ch10_Key_Management.ppt ch10_Key_Management.ppt ch10_Key_Management.ppt
Public Key Cryptosystems with Applications, Requirements and
Cryptanalysis, RSA algorithm, its computational aspects and security, Diffie-Hillman Key Exchange algorithm, Man-in-Middle attack
information security(Public key encryption its characteristics and weakness, ...Zara Nawaz
these slides of information security contains Public key encryption its characteristics and weakness its applications and Diffie-Hellman Algorithm with example
Key Management, Diffie-Hellman Key Exchange, Elliptic Curve Arithmetic, Elliptic Curve
Cryptography, Message Authentication and Hash Functions, Hash and MAC Algorithms
Digital Signatures and Authentication Protocols
Enterprise Resource Planning System includes various modules that reduce any business's workload. Additionally, it organizes the workflows, which drives towards enhancing productivity. Here are a detailed explanation of the ERP modules. Going through the points will help you understand how the software is changing the work dynamics.
To know more details here: https://blogs.nyggs.com/nyggs/enterprise-resource-planning-erp-system-modules/
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...kalichargn70th171
A dynamic process unfolds in the intricate realm of software development, dedicated to crafting and sustaining products that effortlessly address user needs. Amidst vital stages like market analysis and requirement assessments, the heart of software development lies in the meticulous creation and upkeep of source code. Code alterations are inherent, challenging code quality, particularly under stringent deadlines.
Do you want Software for your Business? Visit Deuglo
Deuglo has top Software Developers in India. They are experts in software development and help design and create custom Software solutions.
Deuglo follows seven steps methods for delivering their services to their customers. They called it the Software development life cycle process (SDLC).
Requirement — Collecting the Requirements is the first Phase in the SSLC process.
Feasibility Study — after completing the requirement process they move to the design phase.
Design — in this phase, they start designing the software.
Coding — when designing is completed, the developers start coding for the software.
Testing — in this phase when the coding of the software is done the testing team will start testing.
Installation — after completion of testing, the application opens to the live server and launches!
Maintenance — after completing the software development, customers start using the software.
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
May Marketo Masterclass, London MUG May 22 2024.pdfAdele Miller
Can't make Adobe Summit in Vegas? No sweat because the EMEA Marketo Engage Champions are coming to London to share their Summit sessions, insights and more!
This is a MUG with a twist you don't want to miss.
Transform Your Communication with Cloud-Based IVR SolutionsTheSMSPoint
Discover the power of Cloud-Based IVR Solutions to streamline communication processes. Embrace scalability and cost-efficiency while enhancing customer experiences with features like automated call routing and voice recognition. Accessible from anywhere, these solutions integrate seamlessly with existing systems, providing real-time analytics for continuous improvement. Revolutionize your communication strategy today with Cloud-Based IVR Solutions. Learn more at: https://thesmspoint.com/channel/cloud-telephony
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteGoogle
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-pilot-review/
AI Pilot Review: Key Features
✅Deploy AI expert bots in Any Niche With Just A Click
✅With one keyword, generate complete funnels, websites, landing pages, and more.
✅More than 85 AI features are included in the AI pilot.
✅No setup or configuration; use your voice (like Siri) to do whatever you want.
✅You Can Use AI Pilot To Create your version of AI Pilot And Charge People For It…
✅ZERO Manual Work With AI Pilot. Never write, Design, Or Code Again.
✅ZERO Limits On Features Or Usages
✅Use Our AI-powered Traffic To Get Hundreds Of Customers
✅No Complicated Setup: Get Up And Running In 2 Minutes
✅99.99% Up-Time Guaranteed
✅30 Days Money-Back Guarantee
✅ZERO Upfront Cost
See My Other Reviews Article:
(1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
E-commerce Application Development Company.pdfHornet Dynamics
Your business can reach new heights with our assistance as we design solutions that are specifically appropriate for your goals and vision. Our eCommerce application solutions can digitally coordinate all retail operations processes to meet the demands of the marketplace while maintaining business continuity.
Graspan: A Big Data System for Big Code AnalysisAftab Hussain
We built a disk-based parallel graph system, Graspan, that uses a novel edge-pair centric computation model to compute dynamic transitive closures on very large program graphs.
We implement context-sensitive pointer/alias and dataflow analyses on Graspan. An evaluation of these analyses on large codebases such as Linux shows that their Graspan implementations scale to millions of lines of code and are much simpler than their original implementations.
These analyses were used to augment the existing checkers; these augmented checkers found 132 new NULL pointer bugs and 1308 unnecessary NULL tests in Linux 4.4.0-rc5, PostgreSQL 8.3.9, and Apache httpd 2.2.18.
- Accepted in ASPLOS ‘17, Xi’an, China.
- Featured in the tutorial, Systemized Program Analyses: A Big Data Perspective on Static Analysis Scalability, ASPLOS ‘17.
- Invited for presentation at SoCal PLS ‘16.
- Invited for poster presentation at PLDI SRC ‘16.
OpenMetadata Community Meeting - 5th June 2024OpenMetadata
The OpenMetadata Community Meeting was held on June 5th, 2024. In this meeting, we discussed about the data quality capabilities that are integrated with the Incident Manager, providing a complete solution to handle your data observability needs. Watch the end-to-end demo of the data quality features.
* How to run your own data quality framework
* What is the performance impact of running data quality frameworks
* How to run the test cases in your own ETL pipelines
* How the Incident Manager is integrated
* Get notified with alerts when test cases fail
Watch the meeting recording here - https://www.youtube.com/watch?v=UbNOje0kf6E
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Łukasz Chruściel
No one wants their application to drag like a car stuck in the slow lane! Yet it’s all too common to encounter bumpy, pothole-filled solutions that slow the speed of any application. Symfony apps are not an exception.
In this talk, I will take you for a spin around the performance racetrack. We’ll explore common pitfalls - those hidden potholes on your application that can cause unexpected slowdowns. Learn how to spot these performance bumps early, and more importantly, how to navigate around them to keep your application running at top speed.
We will focus in particular on tuning your engine at the application level, making the right adjustments to ensure that your system responds like a well-oiled, high-performance race car.
Takashi Kobayashi and Hironori Washizaki, "SWEBOK Guide and Future of SE Education," First International Symposium on the Future of Software Engineering (FUSE), June 3-6, 2024, Okinawa, Japan
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeAftab Hussain
Understanding variable roles in code has been found to be helpful by students
in learning programming -- could variable roles help deep neural models in
performing coding tasks? We do an exploratory study.
- These are slides of the talk given at InteNSE'23: The 1st International Workshop on Interpretability and Robustness in Neural Software Engineering, co-located with the 45th International Conference on Software Engineering, ICSE 2023, Melbourne Australia
Utilocate offers a comprehensive solution for locate ticket management by automating and streamlining the entire process. By integrating with Geospatial Information Systems (GIS), it provides accurate mapping and visualization of utility locations, enhancing decision-making and reducing the risk of errors. The system's advanced data analytics tools help identify trends, predict potential issues, and optimize resource allocation, making the locate ticket management process smarter and more efficient. Additionally, automated ticket management ensures consistency and reduces human error, while real-time notifications keep all relevant personnel informed and ready to respond promptly.
The system's ability to streamline workflows and automate ticket routing significantly reduces the time taken to process each ticket, making the process faster and more efficient. Mobile access allows field technicians to update ticket information on the go, ensuring that the latest information is always available and accelerating the locate process. Overall, Utilocate not only enhances the efficiency and accuracy of locate ticket management but also improves safety by minimizing the risk of utility damage through precise and timely locates.
1. Chapter 10
Key Management; Other
Public Key Cryptosystems
by
Sherry O. Panicker, MCA, M. Phil
Asst. Professor
Dept. of Computer Science
2. Key Management
Public-key encryption helps address key distribution
problems
1. distribution of public keys
2. use of public-key encryption to distribute secret keys
2
3. 1. Distribution of Public Keys
• can be considered as using one of:
– Public announcement
– Publicly available directory
– Public-key authority
– Public-key certificates
3
4. Public Announcement
• users distribute public keys to recipients or broadcast to
community at large
– eg. append PGP keys to email messages or post to
news groups or email list
• major weakness is forgery
– anyone can create a key claiming to be someone else
and broadcast it
– until forgery is discovered can masquerade as claimed
user for authentication
Fig. page 291.
4
5. Publicly Available Directory
• can obtain greater security by registering keys with a
public directory
• directory must be trusted with properties:
– contains {name, public-key} entries
– participants register securely with directory
– participants can replace key at any time
– directory is periodically published
– directory can be accessed electronically
• still vulnerable to tampering or forgery
Fig page 292
5
7. Public-Key Authority
• improve security by tightening control over distribution
of keys from directory
• requires users to know public key for the directory
• then users interact with directory to obtain any desired
public key securely
– does require real-time access to directory when keys
are needed
7
8. Public-Key Certificates
• The public-key authority could be a bottleneck in the
system.
– must appeal to the authority for the key of every other
user
• certificates allow key exchange without real-time access
to public-key authority
• a certificate binds identity to public key
• with all contents signed by a trusted Public-Key or
Certificate Authority (CA)
– Certifies the identity
– Only the CA can make the certificates
8
10. Public-Key Distribution of Secret Keys
• public-key algorithms have relatively slow data rates
• so few users make exclusive use of public key encryption.
usually prefer private-key encryption to protect message
contents
• hence need a session key
• Public-Key encryption helps Distribution of Secret Keys
10
11. 1. Simple Secret Key Distribution
• proposed by Merkle in 1979
– A generates a new temporary public private key pair
{PUa, PRa}
– A sends B the public key and A’s identity
– B generates a session key Ks sends it to A encrypted
using the supplied public key
– A decrypts the session key and both use
• problem is that an opponent can intercept and
impersonate both halves of protocol
11
12. Public-Key Distribution of Secret
Keys
• First securely exchanged public-keys
using a previous method
12
13. Diffie-Hellman Key Exchange
• first public-key type scheme proposed
– For key distribution only
• by Diffie & Hellman in 1976 along with the
exposition of public key concepts
– note: now know that James Ellis (UK CESG)
secretly proposed the concept in 1970
• is a practical method for public exchange
of a secret key
• used in a number of commercial products
13
14. Diffie-Hellman Key Exchange
• a public-key distribution scheme
– cannot be used to exchange an arbitrary message
– rather it can establish a common key
– known only to the two participants
• value of key depends on the participants (and
their private and public key information)
• based on exponentiation in a finite (Galois) field
(modulo a prime or a polynomial) - easy
• security relies on the difficulty of computing
discrete logarithms (similar to factoring) – hard
14
15. Diffie-Hellman Setup
• all users agree on global parameters:
– large prime integer or polynomial q
– α a primitive root mod q
• each user (eg. A) generates their key
– chooses a secret key (number): xA < q
– compute their public key: yA = α
xA
mod q
• each user makes public that key yA
15
16. Diffie-Hellman Key Exchange
• shared session key for users A & B is K:
K = yA
xB
mod q (which B can compute)
K = yB
xA
mod q (which A can compute)
(example)
• K is used as session key in private-key
encryption scheme between Alice and Bob
• if Alice and Bob subsequently communicate,
they will have the same key as before, unless
they choose new public-keys
• attacker needs an x, must solve discrete log
16
17. Diffie-Hellman Example
• users Alice & Bob who wish to swap keys:
• agree on prime q=353 and α=3
• select random secret keys:
– A chooses xA=97, B chooses xB=233
• compute public keys:
– yA=3
97
mod 353 = 40 (Alice)
– yB=3
233
mod 353 = 248 (Bob)
• compute shared session key as:
KAB= yB
xA
mod 353 = 248
97
= 160 (Alice)
KAB= yA
xB
mod 353 = 40
233
= 160 (Bob)
17
18. Elliptic Curve Cryptography
• majority of public-key crypto (RSA, D-H)
use either integer or polynomial arithmetic
with very large numbers/polynomials
• imposes a significant load in storing and
processing keys and messages
• an alternative is to use elliptic curves
• offers same security with smaller bit sizes
18
19. Real Elliptic Curves
• an elliptic curve is defined by an equation in two
variables x & y, with coefficients
• consider a cubic elliptic curve of form
– y2 = x3 + ax + b
– where x,y,a,b are all real numbers
– also define zero point O
• have addition operation for elliptic curve
– Q+R is reflection of intersection R
– Closed form for additions
• (10.3) and (10.4) P.300-301
19
21. Finite Elliptic Curves
• Elliptic curve cryptography uses curves whose
variables & coefficients are finite integers
• have two families commonly used:
– prime curves Ep(a,b) defined over Zp
• y2 mod p = (x3+ax+b) mod p
• use integers modulo a prime for both variables and coeff
• best in software
– Closed form of additions: P.303
– Example: P=(3,10), Q=(9,7), in E23(1,1)
• P+Q = (17,20)
• 2P = (7,12)
21
23. Finite Elliptic Curves
• have two families commonly used:
– binary curves E2m(a,b) defined over GF(2m)
• use polynomials with binary coefficients
• best in hardware
– Take a slightly different form of the equation
– Different close forms for addition (P.304)
23
24. Elliptic Curve Cryptography
• ECC addition is analog of multiply
• ECC repeated addition is analog of
exponentiation
• need “hard” problem equiv to discrete log
– Q=kP, where Q,P are points in an elliptic curve
– is “easy” to compute Q given k,P
– but “hard” to find k given Q,P
– known as the elliptic curve logarithm problem
• Certicom example: E23(9,17) (P.305)
– k could be so large as to make brute-force fail
24
25. ECC Key Exchange
• can do key exchange similar to D-H
• users select a suitable curve Ep(a,b)
– Either a prime curve, or a binary curve
• select base point G=(x1,y1) with large order n s.t.
nG=O
• A & B select private keys nA<n, nB<n
• compute public keys: PA=nA×G, PB=nB×G
• compute shared key: K=nA×PB, K=nB×PA
– same since K=nA×nB×G
• Example: P.305
25
26. ECC Encryption/Decryption
• select suitable curve & point G as in D-H
• encode any message M as a point on the elliptic
curve Pm=(x,y)
• each user chooses private key nA<n
• and computes public key PA=nA×G
• to encrypt pick random k: Cm={kG, Pm+k Pb},
• decrypt Cm compute:
Pm+kPb–nB(kG) = Pm+k(nBG)–nB(kG) = Pm
• Example: P.307
26
28. ECC Security
• relies on elliptic curve logarithm problem
• fastest method is “Pollard rho method”
• compared to factoring, can use much
smaller key sizes than with RSA etc
• for equivalent key lengths computations
are roughly equivalent
• hence for similar security ECC offers
significant computational advantages
28
29. Summary
• have considered:
– distribution of public keys
– public-key distribution of secret keys
– Diffie-Hellman key exchange
– Elliptic Curve cryptography
29