SlideShare a Scribd company logo

Public key cryptography

Israel Herraiz
Israel Herraiz
1 of 44
Download to read offline
Public key cryptography: a practical approach Israel Herraiz <isra@herraiz.org> <herraiz@uax.es> KeyID FE0A7AF3 Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF3 th December 10 2010 1 http://herraiz.org
Privacy in electronic communicatios Can we ensure privacy in electronic communications? 2 http://herraiz.org
Reaching Google 1 10.8.0.1 (10.8.0.1) 2 192.168.1.1 (192.168.1.1) 3 62.81.125.179.static.user.ono.com (62.81.125.179) 4 10.115.49.217 (10.115.49.217) 5 10.127.151.49 (10.127.151.49) 6 10.127.10.137 (10.127.10.137) 7 10.127.10.133 (10.127.10.133) 8 10.127.3.82 (10.127.3.82) 9 213.242.71.21 (213.242.71.21) 10 ae-5-5.ebr1.Paris1.Level3.net (4.69.141.42) 11 ae-45-45.ebr1.London1.Level3.net (4.69.143.101) 12 ae-1-51.edge3.London1.Level3.net (4.69.139.73) 13 unknown.Level3.net (212.113.15.186) 14 209.85.255.78 (209.85.255.78) 15 66.249.95.173 (66.249.95.173) 16 216.239.49.45 (216.239.49.45) 17 * * * 18 ww-in-f147.1e100.net (209.85.229.147) 3 http://herraiz.org
Reaching Google 1 10.8.0.1 (10.8.0.1) 2 192.168.1.1 (192.168.1.1) Getafe 3 62.81.125.179.static.user.ono.com (62.81.125.179) 4 10.115.49.217 (10.115.49.217) 5 10.127.151.49 (10.127.151.49) Barcelona 6 10.127.10.137 (10.127.10.137) 7 10.127.10.133 (10.127.10.133) 8 10.127.3.82 (10.127.3.82) 9 213.242.71.21 (213.242.71.21) Minneapolis 10 ae-5-5.ebr1.Paris1.Level3.net (4.69.141.42) Paris 11 ae-45-45.ebr1.London1.Level3.net (4.69.143.101) 12 ae-1-51.edge3.London1.Level3.net (4.69.139.73) London 13 unknown.Level3.net (212.113.15.186) 14 209.85.255.78 (209.85.255.78) Atlanta 15 66.249.95.173 (66.249.95.173) New York 16 216.239.49.45 (216.239.49.45) Los Angeles 17 * * * 18 ww-in-f147.1e100.net (209.85.229.147) Atlanta 4 http://herraiz.org
Hops while attempting to reach Google 5 http://herraiz.org
Is it that bad? What kind of private Information can be captured? 6 http://herraiz.org
Non-cyphered information ● Geolocalization ● Using your IP address ● Web browser and operating system ● Any info written in a form ● Including passwords ● Cookies ● Have a look and take care – http://www.youtube.com/watch?v=yyLdxO6xvh8 – http://www.youtube.com/watch?v=1FgKL2ywrX0 7 http://herraiz.org
Solution Enforce cyphering using public key cryptography 8 http://herraiz.org
Cryptography ● Traditionally, cyphering was done using a password and an algorithm ● Symmetric approach ● Password shared by both peers ● Public key cryptography ● Insecure channel ● Private and secure communication without any previous physical contact 9 http://herraiz.org
Public key cryptography (PKP) Pub Pri Pub Pri 10 http://herraiz.org
Public key cryptography Pub Pri Pub Pri Keyserver Pub Pub 11 http://herraiz.org
Criptografía de clave pública Hi there! Pub Pri Pub Pri Keyserver Pub Pub 12 http://herraiz.org
Public key cryptography Pub 0F231A5 Pub Pri Pub Pri Keyserver Pub Pub 13 http://herraiz.org
Public key cryptography Pub 0F231A5 Pub Pri Pub Pri Keyserver Pub Pub 14 http://herraiz.org
Public key cryptography Hi there! Pub Pri Pub Pri Keyserver Pub Pub 15 http://herraiz.org
How does it work? ● PKP Algorithms ● Prime number factorization ● From a mathematical point of view, all messages can be decrypted ● From a computational point of view, decrypting a message without the private key takes too long – Key length is a crucial property 16 http://herraiz.org
Now it's your turn Go create your own public-private key pair 17 http://herraiz.org
Public key sample -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.10 (GNU/Linux) JeP5F/eRS9G8EE1fObRRW6mRf+bGSeluFEMiOi3UB/5P0GBx8iM0QIjezR0R+2n8 bMjuJmWHTjvEeplnx9iual4J4BT/9FznFs7o4tFVVfYBacFrhWjQyAf2xoP3gyn3 5OlV55VHVB+oidXUVNSNHZbXwrd1sH42x7x8o17PDFJrWjiq4kAb2EfSOIuSS6na K9Y06bqh3yRbVtRdZOuCLcY8QJwt/mx//uQqG6NuSvYhx1QyC6g==XuDESOIuSSa mQINBEtUTeQBEACejdGQhscmsDXM7xG2/ZYFpMQg/GmPlJ85uJJUkLr2T+5Rw8Xv VfZjNZkMwsq94BGFrBxu477tKhQ5wiUBBz/jJ01a39Wrazgp21fvEon2T0Vay45t 2BYbU4AF815UL6o74YlW5SLdAofwylZS8pX4CKjGAB0T+fDiwkAepQl45nzX0ulv -----END PGP PUBLIC KEY BLOCK----- 18 http://herraiz.org
Private key sample -----BEGIN PGP PRIVATE KEY BLOCK----- Version: GnuPG v1.4.10 (GNU/Linux) mQINBEtUTeQBEACejdGQhscmsDXM7xG2/ZYFpMQg/GmPlJ85uJJUkLr2T+5Rw8Xv JeP5F/eRS9G8EE1fObRRW6mRf+bGSeluFEMiOi3UB/5P0GBx8iM0QIjezR0R+2n8 VfZjNZkMwsq94BGFrBxu477tKhQ5wiUBBz/jJ01a39Wrazgp21fvEon2T0Vay45t 2BYbU4AF815UL6o74YlW5SLdAofwylZS8pX4CKjGAB0T+fDiwkAepQl45nzX0ulv bMjuJmWHTjvEeplnx9iual4J4BT/9FznFs7o4tFVVfYBacFrhWjQyAf2xoP3gyn3 5OlV55VHVB+oidXUVNSNHZbXwrd1sH42x7x8o17PDFJrWjiq4kAb2EfSOIuSS6na K9Y06bqh3yRbVtRdZOuCLcY8QJwt/mx//uQqG6NuSvYhx1QyC6g==XuDESOIuSSa -----END PGP PRIVATE KEY BLOCK----- 19 http://herraiz.org
Keyservers ● Internet hosts that contain public keys ● Federated services ● All servers contain all the public keys in the world ● Public keyserver in Spain thanks to RedIRIS ● URL: pgp.rediris.es 20 http://herraiz.org
Your turn again Upload your key to a server Download your mates' keys 21 http://herraiz.org
Message signing Hi there! Pub Pri Pub Pri Keyserver Pub Pub 22 http://herraiz.org
Message signing Created with the private key Hi there! Pub Pri Pub Pri Keyserver Pub Pub 23 http://herraiz.org
Message signing Hi there! Pub Pri Pub Pri Keyserver Pub Pub 24 http://herraiz.org
Signing and encrypting Hi there! Pub Pri Pub Pri Keyserver Pub Pub 25 http://herraiz.org
Signing and encrypting Pub FAD43A Pub Pri Pub Pri Keyserver Pub Pub 26 http://herraiz.org
Signing and encrypting Pub FAD43A Pub Pri Pub Pri Keyserver Pub Pub 27 http://herraiz.org
Signing and encrypting Hi there! Pub Pri Pub Pri Keyserver Pub Pub 28 http://herraiz.org
Signing and encrypting Hi there! Pub Pri Pub Pri Keyserver Pub Pub 29 http://herraiz.org
Identity certification How do you know that public keys belong to their legitimate owners? Public key Can we ensure that the Barack Obama key does belong to Barack Obama? 30 http://herraiz.org
Identity certification Certificate Authorities Trust chain 31 http://herraiz.org
Public key signing ● Public keys are plain text documents that can be cryptographically signed ● Mutual public signing adds identity certification to PKP schemes 32 http://herraiz.org
Public key signing Barack Obama Pub Pri Pub Pri Keyserver Pub Pub 33 http://herraiz.org
Public key signing Barack Obama Key FE0A7AF2 Name Barack Obama Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2 Pub Pri Pub Pri Keyserver Pub Pub 34 http://herraiz.org
Public key signing Barack Obama Key FE0A7AF2 Name Barack Obama Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2 Pub Pri Pub Pri Keyserver Pub Pub 35 http://herraiz.org
Public key signing Show me your passport Barack Obama Key FE0A7AF2 Name Barack Obama Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2 Pub Pri Pub Pri Keyserver Pub Pub 36 http://herraiz.org
Public key signing Show me your passport Barack Obama Key FE0A7AF2 Name Barack Obama Fingerprint Passport D0DA E915 BFDD E5CD 8BA0 Barack B159 7E97 2ACB FE0A 7AF2 Obama Pub Pri Pub Pri Keyserver Pub Pub 37 http://herraiz.org
Public key signing Pub Key FE0A7AF2 Barack Obama Name Barack Obama D0DA E915 BFDD E5CD 8BA0 Fingerprint B159 7E97 2ACB FE0A 7AF2 D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2 Download key FE0A7AF2 Pub Pri Keyserver Pub Pub 38 http://herraiz.org
Public key signing Pub Key FE0A7AF2 Barack Obama Name Barack Obama D0DA E915 BFDD E5CD 8BA0 Fingerprint B159 7E97 2ACB FE0A 7AF2 D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2 Pub Pri Keyserver Pub Pub 39 http://herraiz.org
Public key signing Pub Key FE0A7AF2 Barack Obama Name Barack Obama D0DA E915 BFDD E5CD 8BA0 Fingerprint B159 7E97 2ACB FE0A 7AF2 D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2 Pub Pri Keyserver Pub Pub 40 http://herraiz.org
Public key signing Barack Obama Key signing is often mutual Pub Pri Pub Pri Keyserver Pub Pub 41 http://herraiz.org
Public key signing Barack Obama Trust chain Pub Pub Is he Barack Pub Obama? 42 http://herraiz.org
Signing party ● How we do sign everyone else in the group? ● Linear chain – 2N signatures, weak chain ● Everybody signs everybody – N2 signatures, strong chain – Fast signing party protocol 43 http://herraiz.org
Take away PKP Each user creates Secure comms. a public-private through key pair insec. channels Trust chain Keyservers Identity cert. contain every through key in the world public key signing 44 http://herraiz.org

Recommended

Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key CryptographyIsrael Herraiz
 
Desconstruindo a web
Desconstruindo a webDesconstruindo a web
Desconstruindo a webWillian Molinari
 
Report from IETF 89 in London - DNS, DHCP and IPv6
Report from IETF 89 in London - DNS, DHCP and IPv6Report from IETF 89 in London - DNS, DHCP and IPv6
Report from IETF 89 in London - DNS, DHCP and IPv6Men and Mice
 
Deep web links .onion hidden service urls list 1
Deep web links .onion hidden service urls list 1Deep web links .onion hidden service urls list 1
Deep web links .onion hidden service urls list 1Abhijeet Jha
 
Change log
Change logChange log
Change logWagner Alves
 
The Ring programming language version 1.10 book - Part 23 of 212
The Ring programming language version 1.10 book - Part 23 of 212The Ring programming language version 1.10 book - Part 23 of 212
The Ring programming language version 1.10 book - Part 23 of 212Mahmoud Samir Fayed
 
Rastreadores 2015
Rastreadores 2015Rastreadores 2015
Rastreadores 2015André Fernandes
 
Update Lexia 3 DiagBox 7.61
Update Lexia 3 DiagBox 7.61 Update Lexia 3 DiagBox 7.61
Update Lexia 3 DiagBox 7.61 buyobdii
 

Recommended

Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key CryptographyIsrael Herraiz
 
Desconstruindo a web
Desconstruindo a webDesconstruindo a web
Desconstruindo a webWillian Molinari
 
Report from IETF 89 in London - DNS, DHCP and IPv6
Report from IETF 89 in London - DNS, DHCP and IPv6Report from IETF 89 in London - DNS, DHCP and IPv6
Report from IETF 89 in London - DNS, DHCP and IPv6Men and Mice
 
Deep web links .onion hidden service urls list 1
Deep web links .onion hidden service urls list 1Deep web links .onion hidden service urls list 1
Deep web links .onion hidden service urls list 1Abhijeet Jha
 
Change log
Change logChange log
Change logWagner Alves
 
The Ring programming language version 1.10 book - Part 23 of 212
The Ring programming language version 1.10 book - Part 23 of 212The Ring programming language version 1.10 book - Part 23 of 212
The Ring programming language version 1.10 book - Part 23 of 212Mahmoud Samir Fayed
 
Rastreadores 2015
Rastreadores 2015Rastreadores 2015
Rastreadores 2015André Fernandes
 
Update Lexia 3 DiagBox 7.61
Update Lexia 3 DiagBox 7.61 Update Lexia 3 DiagBox 7.61
Update Lexia 3 DiagBox 7.61 buyobdii
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key CryptosystemDevakumar Kp
 
Public Key Authentication With SSH
Public Key Authentication With SSHPublic Key Authentication With SSH
Public Key Authentication With SSHDon Norwood
 
Public private key
Public private keyPublic private key
Public private keyStudsPlanet.com
 
Cryptography
CryptographyCryptography
Cryptographyamiable_indian
 
Alice & bob public key cryptography 101
Alice & bob public key cryptography 101Alice & bob public key cryptography 101
Alice & bob public key cryptography 101Joshua Thijssen
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptographyRutvik Mehta
 
PUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONPUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONraf_slide
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptographyanusachu .
 
Introduction to SSH & PGP
Introduction to SSH & PGPIntroduction to SSH & PGP
Introduction to SSH & PGPSarang Ananda Rao
 
OSINT tools for security auditing with python
OSINT tools for security auditing with pythonOSINT tools for security auditing with python
OSINT tools for security auditing with pythonJose Manuel Ortega Candel
 
MNSEC Conference 2023: Mining Bots
MNSEC Conference 2023: Mining BotsMNSEC Conference 2023: Mining Bots
MNSEC Conference 2023: Mining BotsAPNIC
 
Preso fcul
Preso fculPreso fcul
Preso fculTiago Henriques
 
GOTO Paris | @see Gopher
GOTO Paris | @see GopherGOTO Paris | @see Gopher
GOTO Paris | @see GopherJan Klat
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestSecuRing
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestPawel Rzepa
 
CONFidence 2018: Hunting for the secrets in a cloud forest (Paweł Rzepa)
CONFidence 2018: Hunting for the secrets in a cloud forest (Paweł Rzepa)CONFidence 2018: Hunting for the secrets in a cloud forest (Paweł Rzepa)
CONFidence 2018: Hunting for the secrets in a cloud forest (Paweł Rzepa)PROIDEA
 
Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi Daniele Albrizio
 
Observations from the APNIC Community Honeynet Project, presentation by Adli ...
Observations from the APNIC Community Honeynet Project, presentation by Adli ...Observations from the APNIC Community Honeynet Project, presentation by Adli ...
Observations from the APNIC Community Honeynet Project, presentation by Adli ...APNIC
 
Github - Down the Rabbit Hole
Github - Down the Rabbit HoleGithub - Down the Rabbit Hole
Github - Down the Rabbit HoleVagmi Mudumbai
 
Frontend Performance: De débutant à Expert à Fou Furieux
Frontend Performance: De débutant à Expert à Fou FurieuxFrontend Performance: De débutant à Expert à Fou Furieux
Frontend Performance: De débutant à Expert à Fou FurieuxPhilip Tellis
 
When a robot is smart enough?
When a robot is smart enough?When a robot is smart enough?
When a robot is smart enough?Tomáš Jukin
 
MNSEC 2018 - Observations from the APNIC Community Honeynet Project
MNSEC 2018 - Observations from the APNIC Community Honeynet Project MNSEC 2018 - Observations from the APNIC Community Honeynet Project
MNSEC 2018 - Observations from the APNIC Community Honeynet Project MNCERT
 

More Related Content

Viewers also liked

Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key CryptosystemDevakumar Kp
 
Public Key Authentication With SSH
Public Key Authentication With SSHPublic Key Authentication With SSH
Public Key Authentication With SSHDon Norwood
 
Alice & bob public key cryptography 101
Alice & bob public key cryptography 101Alice & bob public key cryptography 101
Alice & bob public key cryptography 101Joshua Thijssen
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptographyRutvik Mehta
 
PUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONPUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONraf_slide
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptographyanusachu .
 

Viewers also liked (9)

Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key Cryptosystem
 
Public Key Authentication With SSH
Public Key Authentication With SSHPublic Key Authentication With SSH
Public Key Authentication With SSH
 
Public private key
Public private keyPublic private key
Public private key
 
Cryptography
CryptographyCryptography
Cryptography
 
Alice & bob public key cryptography 101
Alice & bob public key cryptography 101Alice & bob public key cryptography 101
Alice & bob public key cryptography 101
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptography
 
PUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONPUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTION
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptography
 
Introduction to SSH & PGP
Introduction to SSH & PGPIntroduction to SSH & PGP
Introduction to SSH & PGP
 

Similar to Public key cryptography

OSINT tools for security auditing with python
OSINT tools for security auditing with pythonOSINT tools for security auditing with python
OSINT tools for security auditing with pythonJose Manuel Ortega Candel
 
MNSEC Conference 2023: Mining Bots
MNSEC Conference 2023: Mining BotsMNSEC Conference 2023: Mining Bots
MNSEC Conference 2023: Mining BotsAPNIC
 
GOTO Paris | @see Gopher
GOTO Paris | @see GopherGOTO Paris | @see Gopher
GOTO Paris | @see GopherJan Klat
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestSecuRing
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestPawel Rzepa
 
CONFidence 2018: Hunting for the secrets in a cloud forest (Paweł Rzepa)
CONFidence 2018: Hunting for the secrets in a cloud forest (Paweł Rzepa)CONFidence 2018: Hunting for the secrets in a cloud forest (Paweł Rzepa)
CONFidence 2018: Hunting for the secrets in a cloud forest (Paweł Rzepa)PROIDEA
 
Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi Daniele Albrizio
 
Observations from the APNIC Community Honeynet Project, presentation by Adli ...
Observations from the APNIC Community Honeynet Project, presentation by Adli ...Observations from the APNIC Community Honeynet Project, presentation by Adli ...
Observations from the APNIC Community Honeynet Project, presentation by Adli ...APNIC
 
Github - Down the Rabbit Hole
Github - Down the Rabbit HoleGithub - Down the Rabbit Hole
Github - Down the Rabbit HoleVagmi Mudumbai
 
Frontend Performance: De débutant à Expert à Fou Furieux
Frontend Performance: De débutant à Expert à Fou FurieuxFrontend Performance: De débutant à Expert à Fou Furieux
Frontend Performance: De débutant à Expert à Fou FurieuxPhilip Tellis
 
When a robot is smart enough?
When a robot is smart enough?When a robot is smart enough?
When a robot is smart enough?Tomáš Jukin
 
MNSEC 2018 - Observations from the APNIC Community Honeynet Project
MNSEC 2018 - Observations from the APNIC Community Honeynet Project MNSEC 2018 - Observations from the APNIC Community Honeynet Project
MNSEC 2018 - Observations from the APNIC Community Honeynet Project MNCERT
 
38th TWNIC OPM: Observations and mitigation of Mozi botnet
38th TWNIC OPM: Observations and mitigation of Mozi botnet 38th TWNIC OPM: Observations and mitigation of Mozi botnet
38th TWNIC OPM: Observations and mitigation of Mozi botnet APNIC
 
TDC2016POA | Trilha Pyhton - Python para Internet of Things
TDC2016POA | Trilha Pyhton - Python para Internet of ThingsTDC2016POA | Trilha Pyhton - Python para Internet of Things
TDC2016POA | Trilha Pyhton - Python para Internet of Thingstdc-globalcode
 
HES2011 - Sebastien Tricaud - Capture me if you can
HES2011 - Sebastien Tricaud - Capture me if you canHES2011 - Sebastien Tricaud - Capture me if you can
HES2011 - Sebastien Tricaud - Capture me if you canHackito Ergo Sum
 
Hackito Ergo Sum 2011: Capture me if you can!
Hackito Ergo Sum 2011: Capture me if you can!Hackito Ergo Sum 2011: Capture me if you can!
Hackito Ergo Sum 2011: Capture me if you can!stricaud
 
DevNexus 2013 - Introduction to WebSockets
DevNexus 2013 - Introduction to WebSocketsDevNexus 2013 - Introduction to WebSockets
DevNexus 2013 - Introduction to WebSocketsGunnar Hillert
 
Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Jason Williams
 

Similar to Public key cryptography (20)

OSINT tools for security auditing with python
OSINT tools for security auditing with pythonOSINT tools for security auditing with python
OSINT tools for security auditing with python
 
MNSEC Conference 2023: Mining Bots
MNSEC Conference 2023: Mining BotsMNSEC Conference 2023: Mining Bots
MNSEC Conference 2023: Mining Bots
 
Preso fcul
Preso fculPreso fcul
Preso fcul
 
GOTO Paris | @see Gopher
GOTO Paris | @see GopherGOTO Paris | @see Gopher
GOTO Paris | @see Gopher
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forest
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forest
 
CONFidence 2018: Hunting for the secrets in a cloud forest (Paweł Rzepa)
CONFidence 2018: Hunting for the secrets in a cloud forest (Paweł Rzepa)CONFidence 2018: Hunting for the secrets in a cloud forest (Paweł Rzepa)
CONFidence 2018: Hunting for the secrets in a cloud forest (Paweł Rzepa)
 
Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi
 
Observations from the APNIC Community Honeynet Project, presentation by Adli ...
Observations from the APNIC Community Honeynet Project, presentation by Adli ...Observations from the APNIC Community Honeynet Project, presentation by Adli ...
Observations from the APNIC Community Honeynet Project, presentation by Adli ...
 
Github - Down the Rabbit Hole
Github - Down the Rabbit HoleGithub - Down the Rabbit Hole
Github - Down the Rabbit Hole
 
Frontend Performance: De débutant à Expert à Fou Furieux
Frontend Performance: De débutant à Expert à Fou FurieuxFrontend Performance: De débutant à Expert à Fou Furieux
Frontend Performance: De débutant à Expert à Fou Furieux
 
When a robot is smart enough?
When a robot is smart enough?When a robot is smart enough?
When a robot is smart enough?
 
MNSEC 2018 - Observations from the APNIC Community Honeynet Project
MNSEC 2018 - Observations from the APNIC Community Honeynet Project MNSEC 2018 - Observations from the APNIC Community Honeynet Project
MNSEC 2018 - Observations from the APNIC Community Honeynet Project
 
38th TWNIC OPM: Observations and mitigation of Mozi botnet
38th TWNIC OPM: Observations and mitigation of Mozi botnet 38th TWNIC OPM: Observations and mitigation of Mozi botnet
38th TWNIC OPM: Observations and mitigation of Mozi botnet
 
TDC2016POA | Trilha Pyhton - Python para Internet of Things
TDC2016POA | Trilha Pyhton - Python para Internet of ThingsTDC2016POA | Trilha Pyhton - Python para Internet of Things
TDC2016POA | Trilha Pyhton - Python para Internet of Things
 
HES2011 - Sebastien Tricaud - Capture me if you can
HES2011 - Sebastien Tricaud - Capture me if you canHES2011 - Sebastien Tricaud - Capture me if you can
HES2011 - Sebastien Tricaud - Capture me if you can
 
Hackito Ergo Sum 2011: Capture me if you can!
Hackito Ergo Sum 2011: Capture me if you can!Hackito Ergo Sum 2011: Capture me if you can!
Hackito Ergo Sum 2011: Capture me if you can!
 
DevNexus 2013 - Introduction to WebSockets
DevNexus 2013 - Introduction to WebSocketsDevNexus 2013 - Introduction to WebSockets
DevNexus 2013 - Introduction to WebSockets
 
Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)
 
Deploy your own P2P network
Deploy your own P2P networkDeploy your own P2P network
Deploy your own P2P network
 

More from Israel Herraiz

intensive metrics software evolution
intensive metrics software evolutionintensive metrics software evolution
intensive metrics software evolutionIsrael Herraiz
 
Statistical Distribution of Metrics
Statistical Distribution of MetricsStatistical Distribution of Metrics
Statistical Distribution of MetricsIsrael Herraiz
 
¿MATLAB? Yo uso Octave UPM
¿MATLAB? Yo uso Octave UPM¿MATLAB? Yo uso Octave UPM
¿MATLAB? Yo uso Octave UPMIsrael Herraiz
 
The Ultimate Debian Database
The Ultimate Debian DatabaseThe Ultimate Debian Database
The Ultimate Debian DatabaseIsrael Herraiz
 
Evaluating the presence and impact of bias in bug-fix datasets
Evaluating the presence and impact of bias in bug-fix datasetsEvaluating the presence and impact of bias in bug-fix datasets
Evaluating the presence and impact of bias in bug-fix datasetsIsrael Herraiz
 
Software size distribution - Why we always underestimate software cost
Software size distribution - Why we always underestimate software costSoftware size distribution - Why we always underestimate software cost
Software size distribution - Why we always underestimate software costIsrael Herraiz
 
The dynamics of software evolution - EVOLUMONS 2011
The dynamics of software evolution - EVOLUMONS 2011The dynamics of software evolution - EVOLUMONS 2011
The dynamics of software evolution - EVOLUMONS 2011Israel Herraiz
 
Mining Software Repositories
Mining Software RepositoriesMining Software Repositories
Mining Software RepositoriesIsrael Herraiz
 

More from Israel Herraiz (8)

intensive metrics software evolution
intensive metrics software evolutionintensive metrics software evolution
intensive metrics software evolution
 
Statistical Distribution of Metrics
Statistical Distribution of MetricsStatistical Distribution of Metrics
Statistical Distribution of Metrics
 
¿MATLAB? Yo uso Octave UPM
¿MATLAB? Yo uso Octave UPM¿MATLAB? Yo uso Octave UPM
¿MATLAB? Yo uso Octave UPM
 
The Ultimate Debian Database
The Ultimate Debian DatabaseThe Ultimate Debian Database
The Ultimate Debian Database
 
Evaluating the presence and impact of bias in bug-fix datasets
Evaluating the presence and impact of bias in bug-fix datasetsEvaluating the presence and impact of bias in bug-fix datasets
Evaluating the presence and impact of bias in bug-fix datasets
 
Software size distribution - Why we always underestimate software cost
Software size distribution - Why we always underestimate software costSoftware size distribution - Why we always underestimate software cost
Software size distribution - Why we always underestimate software cost
 
The dynamics of software evolution - EVOLUMONS 2011
The dynamics of software evolution - EVOLUMONS 2011The dynamics of software evolution - EVOLUMONS 2011
The dynamics of software evolution - EVOLUMONS 2011
 
Mining Software Repositories
Mining Software RepositoriesMining Software Repositories
Mining Software Repositories
 

Public key cryptography

  • 1. Public key cryptography: a practical approach Israel Herraiz <isra@herraiz.org> <herraiz@uax.es> KeyID FE0A7AF3 Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF3 th December 10 2010 1 http://herraiz.org
  • 2. Privacy in electronic communicatios Can we ensure privacy in electronic communications? 2 http://herraiz.org
  • 3. Reaching Google 1 10.8.0.1 (10.8.0.1) 2 192.168.1.1 (192.168.1.1) 3 62.81.125.179.static.user.ono.com (62.81.125.179) 4 10.115.49.217 (10.115.49.217) 5 10.127.151.49 (10.127.151.49) 6 10.127.10.137 (10.127.10.137) 7 10.127.10.133 (10.127.10.133) 8 10.127.3.82 (10.127.3.82) 9 213.242.71.21 (213.242.71.21) 10 ae-5-5.ebr1.Paris1.Level3.net (4.69.141.42) 11 ae-45-45.ebr1.London1.Level3.net (4.69.143.101) 12 ae-1-51.edge3.London1.Level3.net (4.69.139.73) 13 unknown.Level3.net (212.113.15.186) 14 209.85.255.78 (209.85.255.78) 15 66.249.95.173 (66.249.95.173) 16 216.239.49.45 (216.239.49.45) 17 * * * 18 ww-in-f147.1e100.net (209.85.229.147) 3 http://herraiz.org
  • 4. Reaching Google 1 10.8.0.1 (10.8.0.1) 2 192.168.1.1 (192.168.1.1) Getafe 3 62.81.125.179.static.user.ono.com (62.81.125.179) 4 10.115.49.217 (10.115.49.217) 5 10.127.151.49 (10.127.151.49) Barcelona 6 10.127.10.137 (10.127.10.137) 7 10.127.10.133 (10.127.10.133) 8 10.127.3.82 (10.127.3.82) 9 213.242.71.21 (213.242.71.21) Minneapolis 10 ae-5-5.ebr1.Paris1.Level3.net (4.69.141.42) Paris 11 ae-45-45.ebr1.London1.Level3.net (4.69.143.101) 12 ae-1-51.edge3.London1.Level3.net (4.69.139.73) London 13 unknown.Level3.net (212.113.15.186) 14 209.85.255.78 (209.85.255.78) Atlanta 15 66.249.95.173 (66.249.95.173) New York 16 216.239.49.45 (216.239.49.45) Los Angeles 17 * * * 18 ww-in-f147.1e100.net (209.85.229.147) Atlanta 4 http://herraiz.org
  • 5. Hops while attempting to reach Google 5 http://herraiz.org
  • 6. Is it that bad? What kind of private Information can be captured? 6 http://herraiz.org
  • 7. Non-cyphered information ● Geolocalization ● Using your IP address ● Web browser and operating system ● Any info written in a form ● Including passwords ● Cookies ● Have a look and take care – http://www.youtube.com/watch?v=yyLdxO6xvh8 – http://www.youtube.com/watch?v=1FgKL2ywrX0 7 http://herraiz.org
  • 8. Solution Enforce cyphering using public key cryptography 8 http://herraiz.org
  • 9. Cryptography ● Traditionally, cyphering was done using a password and an algorithm ● Symmetric approach ● Password shared by both peers ● Public key cryptography ● Insecure channel ● Private and secure communication without any previous physical contact 9 http://herraiz.org
  • 10. Public key cryptography (PKP) Pub Pri Pub Pri 10 http://herraiz.org
  • 11. Public key cryptography Pub Pri Pub Pri Keyserver Pub Pub 11 http://herraiz.org
  • 12. Criptografía de clave pública Hi there! Pub Pri Pub Pri Keyserver Pub Pub 12 http://herraiz.org
  • 13. Public key cryptography Pub 0F231A5 Pub Pri Pub Pri Keyserver Pub Pub 13 http://herraiz.org
  • 14. Public key cryptography Pub 0F231A5 Pub Pri Pub Pri Keyserver Pub Pub 14 http://herraiz.org
  • 15. Public key cryptography Hi there! Pub Pri Pub Pri Keyserver Pub Pub 15 http://herraiz.org
  • 16. How does it work? ● PKP Algorithms ● Prime number factorization ● From a mathematical point of view, all messages can be decrypted ● From a computational point of view, decrypting a message without the private key takes too long – Key length is a crucial property 16 http://herraiz.org
  • 17. Now it's your turn Go create your own public-private key pair 17 http://herraiz.org
  • 18. Public key sample -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.10 (GNU/Linux) JeP5F/eRS9G8EE1fObRRW6mRf+bGSeluFEMiOi3UB/5P0GBx8iM0QIjezR0R+2n8 bMjuJmWHTjvEeplnx9iual4J4BT/9FznFs7o4tFVVfYBacFrhWjQyAf2xoP3gyn3 5OlV55VHVB+oidXUVNSNHZbXwrd1sH42x7x8o17PDFJrWjiq4kAb2EfSOIuSS6na K9Y06bqh3yRbVtRdZOuCLcY8QJwt/mx//uQqG6NuSvYhx1QyC6g==XuDESOIuSSa mQINBEtUTeQBEACejdGQhscmsDXM7xG2/ZYFpMQg/GmPlJ85uJJUkLr2T+5Rw8Xv VfZjNZkMwsq94BGFrBxu477tKhQ5wiUBBz/jJ01a39Wrazgp21fvEon2T0Vay45t 2BYbU4AF815UL6o74YlW5SLdAofwylZS8pX4CKjGAB0T+fDiwkAepQl45nzX0ulv -----END PGP PUBLIC KEY BLOCK----- 18 http://herraiz.org
  • 19. Private key sample -----BEGIN PGP PRIVATE KEY BLOCK----- Version: GnuPG v1.4.10 (GNU/Linux) mQINBEtUTeQBEACejdGQhscmsDXM7xG2/ZYFpMQg/GmPlJ85uJJUkLr2T+5Rw8Xv JeP5F/eRS9G8EE1fObRRW6mRf+bGSeluFEMiOi3UB/5P0GBx8iM0QIjezR0R+2n8 VfZjNZkMwsq94BGFrBxu477tKhQ5wiUBBz/jJ01a39Wrazgp21fvEon2T0Vay45t 2BYbU4AF815UL6o74YlW5SLdAofwylZS8pX4CKjGAB0T+fDiwkAepQl45nzX0ulv bMjuJmWHTjvEeplnx9iual4J4BT/9FznFs7o4tFVVfYBacFrhWjQyAf2xoP3gyn3 5OlV55VHVB+oidXUVNSNHZbXwrd1sH42x7x8o17PDFJrWjiq4kAb2EfSOIuSS6na K9Y06bqh3yRbVtRdZOuCLcY8QJwt/mx//uQqG6NuSvYhx1QyC6g==XuDESOIuSSa -----END PGP PRIVATE KEY BLOCK----- 19 http://herraiz.org
  • 20. Keyservers ● Internet hosts that contain public keys ● Federated services ● All servers contain all the public keys in the world ● Public keyserver in Spain thanks to RedIRIS ● URL: pgp.rediris.es 20 http://herraiz.org
  • 21. Your turn again Upload your key to a server Download your mates' keys 21 http://herraiz.org
  • 22. Message signing Hi there! Pub Pri Pub Pri Keyserver Pub Pub 22 http://herraiz.org
  • 23. Message signing Created with the private key Hi there! Pub Pri Pub Pri Keyserver Pub Pub 23 http://herraiz.org
  • 24. Message signing Hi there! Pub Pri Pub Pri Keyserver Pub Pub 24 http://herraiz.org
  • 25. Signing and encrypting Hi there! Pub Pri Pub Pri Keyserver Pub Pub 25 http://herraiz.org
  • 26. Signing and encrypting Pub FAD43A Pub Pri Pub Pri Keyserver Pub Pub 26 http://herraiz.org
  • 27. Signing and encrypting Pub FAD43A Pub Pri Pub Pri Keyserver Pub Pub 27 http://herraiz.org
  • 28. Signing and encrypting Hi there! Pub Pri Pub Pri Keyserver Pub Pub 28 http://herraiz.org
  • 29. Signing and encrypting Hi there! Pub Pri Pub Pri Keyserver Pub Pub 29 http://herraiz.org
  • 30. Identity certification How do you know that public keys belong to their legitimate owners? Public key Can we ensure that the Barack Obama key does belong to Barack Obama? 30 http://herraiz.org
  • 31. Identity certification Certificate Authorities Trust chain 31 http://herraiz.org
  • 32. Public key signing ● Public keys are plain text documents that can be cryptographically signed ● Mutual public signing adds identity certification to PKP schemes 32 http://herraiz.org
  • 33. Public key signing Barack Obama Pub Pri Pub Pri Keyserver Pub Pub 33 http://herraiz.org
  • 34. Public key signing Barack Obama Key FE0A7AF2 Name Barack Obama Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2 Pub Pri Pub Pri Keyserver Pub Pub 34 http://herraiz.org
  • 35. Public key signing Barack Obama Key FE0A7AF2 Name Barack Obama Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2 Pub Pri Pub Pri Keyserver Pub Pub 35 http://herraiz.org
  • 36. Public key signing Show me your passport Barack Obama Key FE0A7AF2 Name Barack Obama Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2 Pub Pri Pub Pri Keyserver Pub Pub 36 http://herraiz.org
  • 37. Public key signing Show me your passport Barack Obama Key FE0A7AF2 Name Barack Obama Fingerprint Passport D0DA E915 BFDD E5CD 8BA0 Barack B159 7E97 2ACB FE0A 7AF2 Obama Pub Pri Pub Pri Keyserver Pub Pub 37 http://herraiz.org
  • 38. Public key signing Pub Key FE0A7AF2 Barack Obama Name Barack Obama D0DA E915 BFDD E5CD 8BA0 Fingerprint B159 7E97 2ACB FE0A 7AF2 D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2 Download key FE0A7AF2 Pub Pri Keyserver Pub Pub 38 http://herraiz.org
  • 39. Public key signing Pub Key FE0A7AF2 Barack Obama Name Barack Obama D0DA E915 BFDD E5CD 8BA0 Fingerprint B159 7E97 2ACB FE0A 7AF2 D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2 Pub Pri Keyserver Pub Pub 39 http://herraiz.org
  • 40. Public key signing Pub Key FE0A7AF2 Barack Obama Name Barack Obama D0DA E915 BFDD E5CD 8BA0 Fingerprint B159 7E97 2ACB FE0A 7AF2 D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2 Pub Pri Keyserver Pub Pub 40 http://herraiz.org
  • 41. Public key signing Barack Obama Key signing is often mutual Pub Pri Pub Pri Keyserver Pub Pub 41 http://herraiz.org
  • 42. Public key signing Barack Obama Trust chain Pub Pub Is he Barack Pub Obama? 42 http://herraiz.org
  • 43. Signing party ● How we do sign everyone else in the group? ● Linear chain – 2N signatures, weak chain ● Everybody signs everybody – N2 signatures, strong chain – Fast signing party protocol 43 http://herraiz.org
  • 44. Take away PKP Each user creates Secure comms. a public-private through key pair insec. channels Trust chain Keyservers Identity cert. contain every through key in the world public key signing 44 http://herraiz.org