Public Key Infrastructures PKI - PowerPoint PPT Presentation

1 / 29

About This Presentation

Title:

Public Key Infrastructures PKI

Description:

Basic Notions (revisited) Hash Functions. fixed length digest of (arbitrary) messages ... Basic Notions (revisited) Certificates ... – PowerPoint PPT presentation

Number of Views:57

Avg rating:3.0/5.0

Slides: 30

Provided by: Benu65

Category:

more less

Transcript and Presenter's Notes

Title: Public Key Infrastructures PKI

1
Public Key Infrastructures(PKI)
2
Paper on PKI and Digital Signatures
3
Symmetric Key versus Public Key Encryption

Key distribution for symmetric keys
secure channel for distribution
Distributing keys in a group
one key per group
one key per pair of (group) members
one key per (group) member
Compare solutions!

4
Symmetric Key versus Public Key Encryption

Key distribution for symmetric keys
Number of key distributions depends on
communication structure (see figure).
One key per pair

5
Symmetric Key versus Public Key Encryption

Key distribution for symmetric keys by a central
server (KDC)
fixed number of distributions (for given n)

However, need security protocol
public key encryption for distribution
Needham Schroeder
Kerberos

6
Symmetric Key versus Public Key Encryption

Efficiency
symmetric key long messages can be processed
fast
7 megabytes per second (DES)
public key slower, for short messages
digital signatures
(symmetric) key distribution
Problem with public key encryption
binding between public keys and names
(identities)

7
Problems with Public Keys
look up of Aichas key
But Alice has replaced Aichas key by her own!
sends encr. message
What does Alice do?
8
Signatures

signing
authenticity of identity
expressing (free) will of signer (by an action)
fixing the content (position of signatures)
confirming integrity (according to
interpretation of signer)
checking
recognizing identities
checking authenticity of signature (individual
signature)
non repudiation (individual signature)
integrity of content
duplication

Content
Identities
Signatures

9
Signature Scheme Key Generation

key generation
RSA, El-Gamal
secure environment

key pair
key pair

key pair
RSA
El-Gamal

public
publication of keys
signature component uses private key
signature component uses private key
signature generation secret key on device from
the beginning
10
Signature Scheme Signature Components

Signature Component
stores secret key
computation of signature
Smart Card, PDA,
security access control/information flow
policy may be necessary

key pair
RSA
El-Gamal

11
Signature Scheme Public Keys
key pair
key pair
Have to kept in trusted public repository.
12
Signature Scheme Trust Ccenter
Public Repository for certificates
Trust Centre (TC)
13
Signature Scheme Registration and Repository

Registration
checking the identity of users

Identity Card,
Identity Card,

Repository
certificates bind identities to public keys
certificates are signed by TC
requests
revocation
security of server

Public Repository
14
Trust Center Activities
Registration
Key Generation
TC Cert. Auth.
Personali- zation
Repository
15
Signature Scheme Signing
Principle of Digital Signature
hash
private key
encr
hash value fingerprint
16
Signature Scheme Signing
d

Computing hash value
fixed (small) length)
no collisions
trusted viewer problem

hash
hash(d)
hash value fingerprint
17
Signature Scheme Signing

Signature
encryption with secret key
critical will of signer
protection against manipulation necessary

secret key sk
hash(d)
encr
sig(d,sk) encr(hash(d),sk)
18
Signature Scheme Checking
result
hash(d) decr(sig,pk) ??
sig
d
pk
check
19
Signature Scheme Verification
Validity of Certificates
result
hash
public key of Alice
check
fingerprint
20
Infrastructure
Root Authority
Trust Center
Trust Center
User
User
21
Signature Scheme Verification
Certificates
DN-U(ser)
DOC
DN-U DN-TC CERT
DN-TC DN-ROOT CERT
?
hash
decr.
?
?
?
?
hash
decr.
hash
decr.