SlideShare a Scribd company logo

Protocols for Public Key Management

Download as PPT, PDF
Shafaan Khaliq Bhatti
Shafaan Khaliq Bhatti

Protocols for Public Key Management

Education
1 of 12
Protocols for public-key management
Key management –two problems • �Distribution of public keys (for public-key cryptography) • �Distribution of secret keys (for classical cryptography) • �This has more to do with authentication of the users
Management of public keys • One problem we went over too quickly: if Alice and Bob do not know each other, how do they get each other’s public key to communicate with each other? • �Solution 1: append your public key (e.g., for PGP) to the end of your email – �Attack: emails can be forged –Eve sends an email to Bob pretending she is Alice and handing him a public key, supposedly Alice’s; she will be able to communicate with Bob pretending she is Alice • �Solution 2: post it on your website – �Attack: Eve breaks into the DNS server and sends Alice a fake webpage purportedly of Bob’s – �Alice encrypts the message using that public key and Eve will beable to read it; Eve may even modify the message and forwards it to Bob using his public key
First solution: Public-key Authority �Bottom-line idea here: get the public key of the other user from a trusted central authority • �This scenario assumes the existence of a public authority (whoever that may be) that maintains a dynamic directory of public keys of all users – �The public authority has its own (private key, public key) that it is using to communicate to users • �Whenever Alice want to communicate with Bob she will go through the following protocol: – 1.Alice sends a time stamped message to the central authority with a request for Bob’s public key (the time stamp is to mark the moment of the request) – 2.The authority sends back a message encrypted with its private key (for authentication) – message contains Bob’s public key and the original message of Alice –this way Alice knows this is not a reply to an old request; – 3.Alice starts the communication to Bob by sending him an encrypted message containing her name and a random number (to identify uniquely this transaction) – 4.Bob gets Alice’s public key in the same way (step 1) – 5.Bob gets Alice’s public key in the same way (step 2) – 6.Bob replies to Alice by sending an encrypted message with Alice’s random number plus another random number (to identify uniquely the transaction) – 7.Alice replies once more encrypting Bob’s random number • �Steps 6,7 are desirable so that Alice and Bob authenticate each other –indeed they are the only ones who could read each other’s random number
First solution: Public-key Authority
Drawbacks to the first solution • For any communication between any two users, the central authority must be consulted by both users to get the newest public keys • �The central authority must be online 24 hours/day • �If the central authority goes offline, all secure communications halt • �This clearly leads to an undesirable bottleneck
Second solution: Certificate Authority• Idea: have a trusted authority to certify one’s own public key – �Whenever Alice want to start secure communication with Bob she sends him her public key certified by the central authority (encrypted with its private key) –Bob will know that it is indeed Alice because he will see her name in the certificate (he can decrypt it using the authority’s public certificate) – �To get her own certificate she must visit the authority (with her passport) or otherwise use some type of e-security –after that she may place it on the web because it is unforgeable – �The certificate can be used for a period of time after which it must be changed –think of it as a credit card with an expiration date – �The central authority does not have to be online all the time –it may not be online at all • �The main job of the certification authority is to bind a public key to someone’s identity – �Note however that the name of the user need not be in the certificate – �Instead the certificate may only state that the user is over 18 years old or has some other kind of rights –this may be useful for anonymity • �When Alice has her private key compromised she is in the same position as losing her credit card: she must go to the authority and get a new certificate; same after expiration time of her certificate
Certificate Authority (CA)
A standard for certificates: X.509 • To avoid having different types of certificates for different users standard X.509 has been issued for the format of certificates –widely used over the Internet • �At its core, X.509 is a way to describe certificates (see the table on the next slide) –for detailed information see the standard or RFC 2459 • �Example: if Bob works in the loan department of the Money Bank in the US, his X.500 (a series of recommendations) address could be/C=US/O=Money Bank/OU=Loan/CN=Bob, where C is for country, O for organization, OU for organizational unit, CN for common name
A standard for certificates: X.509
Public key infrastructures (PKI) • One single CA issuing all the world’s certificates is clearly infeasible • �Several CAs all run by the same organization (which one?) using the same private key to issue certificates introduces the real problem of key leakage –this would ruin the whole world’s e-security • �Proposed solution (still to be standardized): Public Key Infrastructure (PKI) – �Has multiple components, including users, CAs, certificates, directories – �Give here just a simple form of PKI as a hierarchy of CAs – �In our example we show only three levels, but in practice there could many more – �On the top of the hierarchy is the top-level CA (the root) – �The root certifies second-level CAs that we call RAs (Regional Authorities) – �RAs certify the real CAs which issue X.509 certificates to individuals and institutions
Public key infrastructures

Recommended

Authentication: keys, MAC
Authentication: keys, MACAuthentication: keys, MAC
Authentication: keys, MACShafaan Khaliq Bhatti
 
PUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONPUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONraf_slide
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSADr.Florence Dayana
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptographyanusachu .
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptographyRutvik Mehta
 
crypto2ssh
crypto2sshcrypto2ssh
crypto2sshHasan Sharif
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its UsesMohsin Ali
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key CryptosystemDevakumar Kp
 

Recommended

Authentication: keys, MAC
Authentication: keys, MACAuthentication: keys, MAC
Authentication: keys, MACShafaan Khaliq Bhatti
 
PUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONPUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONraf_slide
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSADr.Florence Dayana
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptographyanusachu .
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptographyRutvik Mehta
 
crypto2ssh
crypto2sshcrypto2ssh
crypto2sshHasan Sharif
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its UsesMohsin Ali
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key CryptosystemDevakumar Kp
 
Information and network security 45 digital signature standard
Information and network security 45 digital signature standardInformation and network security 45 digital signature standard
Information and network security 45 digital signature standardVaibhav Khanna
 
Cryptography
CryptographyCryptography
Cryptographyfsl khan
 
Final ss2-digital-signature-group5
Final ss2-digital-signature-group5Final ss2-digital-signature-group5
Final ss2-digital-signature-group5Phan Minh
 
Public Key Encryption & Hash functions
Public Key Encryption & Hash functionsPublic Key Encryption & Hash functions
Public Key Encryption & Hash functionsDr.Florence Dayana
 
CGI White Paper - Key Incryption Mechanism
CGI White Paper - Key Incryption MechanismCGI White Paper - Key Incryption Mechanism
CGI White Paper - Key Incryption MechanismAmit Singh
 
Digital signature
Digital signatureDigital signature
Digital signatureSadhana28
 
Key Distribution Problem in advanced operating system
Key Distribution Problem in advanced operating systemKey Distribution Problem in advanced operating system
Key Distribution Problem in advanced operating systemMerlin Florrence
 
Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication rajakhurram
 
Public key cryptography and RSA
Public key cryptography and RSAPublic key cryptography and RSA
Public key cryptography and RSAShafaan Khaliq Bhatti
 
Digital Security 101
Digital Security 101Digital Security 101
Digital Security 101Gary Jan
 
Ch10
Ch10Ch10
Ch10Joe Christensen
 
Introduction to Digital signatures
Introduction to Digital signaturesIntroduction to Digital signatures
Introduction to Digital signaturesRohit Bhat
 
Cryptography
CryptographyCryptography
CryptographySandip kumar
 
Authentication in Different Scenarios
Authentication in Different ScenariosAuthentication in Different Scenarios
Authentication in Different ScenariosRaj Sikarwar
 
Network security
Network securityNetwork security
Network securityPerfect Training Center
 
Ch13
Ch13Ch13
Ch13Joe Christensen
 
Authentication in Different Scenarios
Authentication in Different ScenariosAuthentication in Different Scenarios
Authentication in Different ScenariosRaj Sikarwar
 
Lecture12
Lecture12Lecture12
Lecture12Hardik Padhy
 
20 security
20 security20 security
20 securityabiy2004
 
BAIT1103 Chapter 3
BAIT1103 Chapter 3BAIT1103 Chapter 3
BAIT1103 Chapter 3limsh
 
Message Authentication: MAC, Hashes
Message Authentication: MAC, HashesMessage Authentication: MAC, Hashes
Message Authentication: MAC, HashesShafaan Khaliq Bhatti
 
Chapter 2: Network Models
Chapter 2: Network ModelsChapter 2: Network Models
Chapter 2: Network ModelsShafaan Khaliq Bhatti
 

More Related Content

What's hot

Information and network security 45 digital signature standard
Information and network security 45 digital signature standardInformation and network security 45 digital signature standard
Information and network security 45 digital signature standardVaibhav Khanna
 
Cryptography
CryptographyCryptography
Cryptographyfsl khan
 
Final ss2-digital-signature-group5
Final ss2-digital-signature-group5Final ss2-digital-signature-group5
Final ss2-digital-signature-group5Phan Minh
 
Public Key Encryption & Hash functions
Public Key Encryption & Hash functionsPublic Key Encryption & Hash functions
Public Key Encryption & Hash functionsDr.Florence Dayana
 
CGI White Paper - Key Incryption Mechanism
CGI White Paper - Key Incryption MechanismCGI White Paper - Key Incryption Mechanism
CGI White Paper - Key Incryption MechanismAmit Singh
 
Digital signature
Digital signatureDigital signature
Digital signatureSadhana28
 
Key Distribution Problem in advanced operating system
Key Distribution Problem in advanced operating systemKey Distribution Problem in advanced operating system
Key Distribution Problem in advanced operating systemMerlin Florrence
 
Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication rajakhurram
 
Digital Security 101
Digital Security 101Digital Security 101
Digital Security 101Gary Jan
 
Introduction to Digital signatures
Introduction to Digital signaturesIntroduction to Digital signatures
Introduction to Digital signaturesRohit Bhat
 
Authentication in Different Scenarios
Authentication in Different ScenariosAuthentication in Different Scenarios
Authentication in Different ScenariosRaj Sikarwar
 
Authentication in Different Scenarios
Authentication in Different ScenariosAuthentication in Different Scenarios
Authentication in Different ScenariosRaj Sikarwar
 
20 security
20 security20 security
20 securityabiy2004
 
BAIT1103 Chapter 3
BAIT1103 Chapter 3BAIT1103 Chapter 3
BAIT1103 Chapter 3limsh
 

What's hot (20)

Information and network security 45 digital signature standard
Information and network security 45 digital signature standardInformation and network security 45 digital signature standard
Information and network security 45 digital signature standard
 
Cryptography
CryptographyCryptography
Cryptography
 
Final ss2-digital-signature-group5
Final ss2-digital-signature-group5Final ss2-digital-signature-group5
Final ss2-digital-signature-group5
 
Public Key Encryption & Hash functions
Public Key Encryption & Hash functionsPublic Key Encryption & Hash functions
Public Key Encryption & Hash functions
 
CGI White Paper - Key Incryption Mechanism
CGI White Paper - Key Incryption MechanismCGI White Paper - Key Incryption Mechanism
CGI White Paper - Key Incryption Mechanism
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Key Distribution Problem in advanced operating system
Key Distribution Problem in advanced operating systemKey Distribution Problem in advanced operating system
Key Distribution Problem in advanced operating system
 
Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication
 
Public key cryptography and RSA
Public key cryptography and RSAPublic key cryptography and RSA
Public key cryptography and RSA
 
Digital Security 101
Digital Security 101Digital Security 101
Digital Security 101
 
Ch10
Ch10Ch10
Ch10
 
Introduction to Digital signatures
Introduction to Digital signaturesIntroduction to Digital signatures
Introduction to Digital signatures
 
Cryptography
CryptographyCryptography
Cryptography
 
Authentication in Different Scenarios
Authentication in Different ScenariosAuthentication in Different Scenarios
Authentication in Different Scenarios
 
Network security
Network securityNetwork security
Network security
 
Ch13
Ch13Ch13
Ch13
 
Authentication in Different Scenarios
Authentication in Different ScenariosAuthentication in Different Scenarios
Authentication in Different Scenarios
 
Lecture12
Lecture12Lecture12
Lecture12
 
20 security
20 security20 security
20 security
 
BAIT1103 Chapter 3
BAIT1103 Chapter 3BAIT1103 Chapter 3
BAIT1103 Chapter 3
 

Viewers also liked

Cryptography and applications
Cryptography and applicationsCryptography and applications
Cryptography and applicationsthai
 
Chapter 1: Introduction to Data Communication and Networks
Chapter 1: Introduction to Data Communication and NetworksChapter 1: Introduction to Data Communication and Networks
Chapter 1: Introduction to Data Communication and NetworksShafaan Khaliq Bhatti
 
Distribution of public keys and hmac
Distribution of public keys and hmacDistribution of public keys and hmac
Distribution of public keys and hmacanuragjagetiya
 
key distribution in network security
key distribution in network securitykey distribution in network security
key distribution in network securitybabak danyal
 
Chapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityChapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityShafaan Khaliq Bhatti
 
Chapter 3: Block Ciphers and the Data Encryption Standard
Chapter 3: Block Ciphers and the Data Encryption StandardChapter 3: Block Ciphers and the Data Encryption Standard
Chapter 3: Block Ciphers and the Data Encryption StandardShafaan Khaliq Bhatti
 
Data communication and network Chapter -1
Data communication and network Chapter -1Data communication and network Chapter -1
Data communication and network Chapter -1Zafar Ayub
 
One Flaw over the Cuckoo's Nest
One Flaw over the Cuckoo's NestOne Flaw over the Cuckoo's Nest
One Flaw over the Cuckoo's NestIñaki Rodríguez
 
Ccna+sec+ch01+ +overview+security
Ccna+sec+ch01+ +overview+securityCcna+sec+ch01+ +overview+security
Ccna+sec+ch01+ +overview+securitymysoria
 
Internet Technology
Internet TechnologyInternet Technology
Internet Technologyhome
 

Viewers also liked (20)

Message Authentication: MAC, Hashes
Message Authentication: MAC, HashesMessage Authentication: MAC, Hashes
Message Authentication: MAC, Hashes
 
Chapter 2: Network Models
Chapter 2: Network ModelsChapter 2: Network Models
Chapter 2: Network Models
 
Cryptography and applications
Cryptography and applicationsCryptography and applications
Cryptography and applications
 
Chapter 1: Introduction to Data Communication and Networks
Chapter 1: Introduction to Data Communication and NetworksChapter 1: Introduction to Data Communication and Networks
Chapter 1: Introduction to Data Communication and Networks
 
Distribution of public keys and hmac
Distribution of public keys and hmacDistribution of public keys and hmac
Distribution of public keys and hmac
 
Chapter 3: Data & Signals
Chapter 3: Data & SignalsChapter 3: Data & Signals
Chapter 3: Data & Signals
 
key distribution in network security
key distribution in network securitykey distribution in network security
key distribution in network security
 
Chapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityChapter 1: Overview of Network Security
Chapter 1: Overview of Network Security
 
Chapter 7: Transmission Media
Chapter 7: Transmission MediaChapter 7: Transmission Media
Chapter 7: Transmission Media
 
Chapter 3: Processes
Chapter 3: ProcessesChapter 3: Processes
Chapter 3: Processes
 
Chapter 8: Switching
Chapter 8: SwitchingChapter 8: Switching
Chapter 8: Switching
 
Chapter 3: Block Ciphers and the Data Encryption Standard
Chapter 3: Block Ciphers and the Data Encryption StandardChapter 3: Block Ciphers and the Data Encryption Standard
Chapter 3: Block Ciphers and the Data Encryption Standard
 
Data communication and network Chapter -1
Data communication and network Chapter -1Data communication and network Chapter -1
Data communication and network Chapter -1
 
Block Ciphers Modes of Operation
Block Ciphers Modes of OperationBlock Ciphers Modes of Operation
Block Ciphers Modes of Operation
 
One Flaw over the Cuckoo's Nest
One Flaw over the Cuckoo's NestOne Flaw over the Cuckoo's Nest
One Flaw over the Cuckoo's Nest
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Fuzzy Set | Statistics
Fuzzy Set | StatisticsFuzzy Set | Statistics
Fuzzy Set | Statistics
 
Cv
CvCv
Cv
 
Ccna+sec+ch01+ +overview+security
Ccna+sec+ch01+ +overview+securityCcna+sec+ch01+ +overview+security
Ccna+sec+ch01+ +overview+security
 
Internet Technology
Internet TechnologyInternet Technology
Internet Technology
 

Similar to Protocols for Public Key Management

Network Security.ppt
Network Security.pptNetwork Security.ppt
Network Security.pptChSheraz3
 
Key Management, key management three tools ,
Key Management, key management three tools ,Key Management, key management three tools ,
Key Management, key management three tools ,salutiontechnology
 
Lec 10 - Key Management.ppt
Lec 10 - Key Management.pptLec 10 - Key Management.ppt
Lec 10 - Key Management.pptIshaKanwal4
 
Establishing Public and secret keys in Network Security
Establishing Public and secret keys in Network SecurityEstablishing Public and secret keys in Network Security
Establishing Public and secret keys in Network Securitychitram210
 
5.3. Undercover communications
5.3. Undercover communications5.3. Undercover communications
5.3. Undercover communicationsdefconmoscow
 
Chapter 8 - Security in Computer Networks
Chapter 8 - Security in Computer NetworksChapter 8 - Security in Computer Networks
Chapter 8 - Security in Computer NetworksAndy Juan Sarango Veliz
 
Crypto-Book Hotnets
Crypto-Book HotnetsCrypto-Book Hotnets
Crypto-Book Hotnetsmahan9
 
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, WorteksParis Open Source Summit
 
[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies[POSS 2019] TLS for Dummies
[POSS 2019] TLS for DummiesWorteks
 
AOL - Concordia use cases
AOL - Concordia use casesAOL - Concordia use cases
AOL - Concordia use casesGeorge Fletcher
 
Network Security
Network SecurityNetwork Security
Network Securityhj43us
 
authentication.ppt
authentication.pptauthentication.ppt
authentication.pptjayarao21
 
Crypto-Book: Document leakage
Crypto-Book: Document leakageCrypto-Book: Document leakage
Crypto-Book: Document leakagemahan9
 

Similar to Protocols for Public Key Management (20)

Network Security.ppt
Network Security.pptNetwork Security.ppt
Network Security.ppt
 
Key Management, key management three tools ,
Key Management, key management three tools ,Key Management, key management three tools ,
Key Management, key management three tools ,
 
PKI101 polk
PKI101 polkPKI101 polk
PKI101 polk
 
Lec 10 - Key Management.ppt
Lec 10 - Key Management.pptLec 10 - Key Management.ppt
Lec 10 - Key Management.ppt
 
Establishing Public and secret keys in Network Security
Establishing Public and secret keys in Network SecurityEstablishing Public and secret keys in Network Security
Establishing Public and secret keys in Network Security
 
authentication.ppt
authentication.pptauthentication.ppt
authentication.ppt
 
Blockchain meetup
Blockchain meetupBlockchain meetup
Blockchain meetup
 
5.3. Undercover communications
5.3. Undercover communications5.3. Undercover communications
5.3. Undercover communications
 
Chapter 8 - Security in Computer Networks
Chapter 8 - Security in Computer NetworksChapter 8 - Security in Computer Networks
Chapter 8 - Security in Computer Networks
 
Crypto-Book Hotnets
Crypto-Book HotnetsCrypto-Book Hotnets
Crypto-Book Hotnets
 
Chapter 7 security
Chapter 7 securityChapter 7 security
Chapter 7 security
 
Black opspki 2
Black opspki 2Black opspki 2
Black opspki 2
 
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
 
[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies
 
AOL - Concordia use cases
AOL - Concordia use casesAOL - Concordia use cases
AOL - Concordia use cases
 
Network Security
Network SecurityNetwork Security
Network Security
 
authentication.ppt
authentication.pptauthentication.ppt
authentication.ppt
 
Dmk bo2 k8_ccc
Dmk bo2 k8_cccDmk bo2 k8_ccc
Dmk bo2 k8_ccc
 
Crypto-Book: Document leakage
Crypto-Book: Document leakageCrypto-Book: Document leakage
Crypto-Book: Document leakage
 
grid authentication
grid authenticationgrid authentication
grid authentication
 

More from Shafaan Khaliq Bhatti

15 lecture - acl part1, introduction to access control list
15 lecture - acl part1, introduction to access control list15 lecture - acl part1, introduction to access control list
15 lecture - acl part1, introduction to access control listShafaan Khaliq Bhatti
 
13 lecture - introduction and configuration of eigrp
13 lecture - introduction and configuration of eigrp13 lecture - introduction and configuration of eigrp
13 lecture - introduction and configuration of eigrpShafaan Khaliq Bhatti
 
10 lecture - ospf part1 , introduction to ospf , areas and abr
10 lecture - ospf part1 , introduction to ospf , areas and abr10 lecture - ospf part1 , introduction to ospf , areas and abr
10 lecture - ospf part1 , introduction to ospf , areas and abrShafaan Khaliq Bhatti
 
Chapter 2: Operating System Structures
Chapter 2: Operating System StructuresChapter 2: Operating System Structures
Chapter 2: Operating System StructuresShafaan Khaliq Bhatti
 
Chapter 1: Introduction to Operating System
Chapter 1: Introduction to Operating SystemChapter 1: Introduction to Operating System
Chapter 1: Introduction to Operating SystemShafaan Khaliq Bhatti
 

More from Shafaan Khaliq Bhatti (18)

1- Introduction to Red Hat
1- Introduction to Red Hat1- Introduction to Red Hat
1- Introduction to Red Hat
 
Linux Servers
Linux ServersLinux Servers
Linux Servers
 
5 - Networking in Red Hat
5 - Networking in Red Hat5 - Networking in Red Hat
5 - Networking in Red Hat
 
2- System Initialization in Red Hat
2- System Initialization in Red Hat2- System Initialization in Red Hat
2- System Initialization in Red Hat
 
3 - Disk Partitioning in Red Hat
3 - Disk Partitioning in Red Hat3 - Disk Partitioning in Red Hat
3 - Disk Partitioning in Red Hat
 
6 - Package Management in Red Hat
6 - Package Management in Red Hat6 - Package Management in Red Hat
6 - Package Management in Red Hat
 
11 - SELinux in Red Hat
11 - SELinux in Red Hat11 - SELinux in Red Hat
11 - SELinux in Red Hat
 
7 - User Administration in Red Hat
7 - User Administration in Red Hat7 - User Administration in Red Hat
7 - User Administration in Red Hat
 
12 - System Security in Red Hat
12 - System Security in Red Hat12 - System Security in Red Hat
12 - System Security in Red Hat
 
15 lecture - acl part1, introduction to access control list
15 lecture - acl part1, introduction to access control list15 lecture - acl part1, introduction to access control list
15 lecture - acl part1, introduction to access control list
 
13 lecture - introduction and configuration of eigrp
13 lecture - introduction and configuration of eigrp13 lecture - introduction and configuration of eigrp
13 lecture - introduction and configuration of eigrp
 
10 lecture - ospf part1 , introduction to ospf , areas and abr
10 lecture - ospf part1 , introduction to ospf , areas and abr10 lecture - ospf part1 , introduction to ospf , areas and abr
10 lecture - ospf part1 , introduction to ospf , areas and abr
 
Chapter 2: Operating System Structures
Chapter 2: Operating System StructuresChapter 2: Operating System Structures
Chapter 2: Operating System Structures
 
Chapter 1: Introduction to Operating System
Chapter 1: Introduction to Operating SystemChapter 1: Introduction to Operating System
Chapter 1: Introduction to Operating System
 
Chapter 20: Internet Protocol
Chapter 20: Internet ProtocolChapter 20: Internet Protocol
Chapter 20: Internet Protocol
 
Chapter 19: Logical Addressing
Chapter 19: Logical AddressingChapter 19: Logical Addressing
Chapter 19: Logical Addressing
 
Classical Encryption
Classical EncryptionClassical Encryption
Classical Encryption
 
Chapter 01 (Discovering Computers)
Chapter 01 (Discovering Computers)Chapter 01 (Discovering Computers)
Chapter 01 (Discovering Computers)
 

Recently uploaded

Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
MICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxMICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxabhijeetpadhi001
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxJiesonDelaCerna
 
AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.arsicmarija21
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitolTechU
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

Recently uploaded (20)

Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)
 
MICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxMICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptx
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptx
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptx
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 

Protocols for Public Key Management

  • 2. Key management –two problems • �Distribution of public keys (for public-key cryptography) • �Distribution of secret keys (for classical cryptography) • �This has more to do with authentication of the users
  • 3. Management of public keys • One problem we went over too quickly: if Alice and Bob do not know each other, how do they get each other’s public key to communicate with each other? • �Solution 1: append your public key (e.g., for PGP) to the end of your email – �Attack: emails can be forged –Eve sends an email to Bob pretending she is Alice and handing him a public key, supposedly Alice’s; she will be able to communicate with Bob pretending she is Alice • �Solution 2: post it on your website – �Attack: Eve breaks into the DNS server and sends Alice a fake webpage purportedly of Bob’s – �Alice encrypts the message using that public key and Eve will beable to read it; Eve may even modify the message and forwards it to Bob using his public key
  • 4. First solution: Public-key Authority �Bottom-line idea here: get the public key of the other user from a trusted central authority • �This scenario assumes the existence of a public authority (whoever that may be) that maintains a dynamic directory of public keys of all users – �The public authority has its own (private key, public key) that it is using to communicate to users • �Whenever Alice want to communicate with Bob she will go through the following protocol: – 1.Alice sends a time stamped message to the central authority with a request for Bob’s public key (the time stamp is to mark the moment of the request) – 2.The authority sends back a message encrypted with its private key (for authentication) – message contains Bob’s public key and the original message of Alice –this way Alice knows this is not a reply to an old request; – 3.Alice starts the communication to Bob by sending him an encrypted message containing her name and a random number (to identify uniquely this transaction) – 4.Bob gets Alice’s public key in the same way (step 1) – 5.Bob gets Alice’s public key in the same way (step 2) – 6.Bob replies to Alice by sending an encrypted message with Alice’s random number plus another random number (to identify uniquely the transaction) – 7.Alice replies once more encrypting Bob’s random number • �Steps 6,7 are desirable so that Alice and Bob authenticate each other –indeed they are the only ones who could read each other’s random number
  • 6. Drawbacks to the first solution • For any communication between any two users, the central authority must be consulted by both users to get the newest public keys • �The central authority must be online 24 hours/day • �If the central authority goes offline, all secure communications halt • �This clearly leads to an undesirable bottleneck
  • 7. Second solution: Certificate Authority• Idea: have a trusted authority to certify one’s own public key – �Whenever Alice want to start secure communication with Bob she sends him her public key certified by the central authority (encrypted with its private key) –Bob will know that it is indeed Alice because he will see her name in the certificate (he can decrypt it using the authority’s public certificate) – �To get her own certificate she must visit the authority (with her passport) or otherwise use some type of e-security –after that she may place it on the web because it is unforgeable – �The certificate can be used for a period of time after which it must be changed –think of it as a credit card with an expiration date – �The central authority does not have to be online all the time –it may not be online at all • �The main job of the certification authority is to bind a public key to someone’s identity – �Note however that the name of the user need not be in the certificate – �Instead the certificate may only state that the user is over 18 years old or has some other kind of rights –this may be useful for anonymity • �When Alice has her private key compromised she is in the same position as losing her credit card: she must go to the authority and get a new certificate; same after expiration time of her certificate
  • 9. A standard for certificates: X.509 • To avoid having different types of certificates for different users standard X.509 has been issued for the format of certificates –widely used over the Internet • �At its core, X.509 is a way to describe certificates (see the table on the next slide) –for detailed information see the standard or RFC 2459 • �Example: if Bob works in the loan department of the Money Bank in the US, his X.500 (a series of recommendations) address could be/C=US/O=Money Bank/OU=Loan/CN=Bob, where C is for country, O for organization, OU for organizational unit, CN for common name
  • 10. A standard for certificates: X.509
  • 11. Public key infrastructures (PKI) • One single CA issuing all the world’s certificates is clearly infeasible • �Several CAs all run by the same organization (which one?) using the same private key to issue certificates introduces the real problem of key leakage –this would ruin the whole world’s e-security • �Proposed solution (still to be standardized): Public Key Infrastructure (PKI) – �Has multiple components, including users, CAs, certificates, directories – �Give here just a simple form of PKI as a hierarchy of CAs – �In our example we show only three levels, but in practice there could many more – �On the top of the hierarchy is the top-level CA (the root) – �The root certifies second-level CAs that we call RAs (Regional Authorities) – �RAs certify the real CAs which issue X.509 certificates to individuals and institutions