Public key cryptography: a practical Public key cryptography: a - - PowerPoint PPT Presentation

public key cryptography a practical public key
SMART_READER_LITE
LIVE PREVIEW

Public key cryptography: a practical Public key cryptography: a - - PowerPoint PPT Presentation

Nov 19, 2023 561 likes •1k views

Public key cryptography: a practical Public key cryptography: a practical approach approach Israel Herraiz <isra@herraiz.org> <israel.herraiz@upm.es> KeyID FE0A7AF3 Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF3

slide-1
SLIDE 1

1 http://herraiz.org

Public key cryptography: a practical Public key cryptography: a practical approach approach

Israel Herraiz

<isra@herraiz.org> <israel.herraiz@upm.es>

KeyID FE0A7AF3 Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF3

Slides and additional info at http://mat.caminos.upm.es/~iht/pkc/

slide-2
SLIDE 2

2 http://herraiz.org

Privacy in electronic communicatios Privacy in electronic communicatios

Can we ensure privacy in electronic communications?

slide-3
SLIDE 3

3 http://herraiz.org

Reaching Google Reaching Google

1 10.8.0.1 (10.8.0.1) 2 192.168.1.1 (192.168.1.1) 3 62.81.125.179.static.user.ono.com (62.81.125.179) 4 10.115.49.217 (10.115.49.217) 5 10.127.151.49 (10.127.151.49) 6 10.127.10.137 (10.127.10.137) 7 10.127.10.133 (10.127.10.133) 8 10.127.3.82 (10.127.3.82) 9 213.242.71.21 (213.242.71.21) 10 ae-5-5.ebr1.Paris1.Level3.net (4.69.141.42) 11 ae-45-45.ebr1.London1.Level3.net (4.69.143.101) 12 ae-1-51.edge3.London1.Level3.net (4.69.139.73) 13 unknown.Level3.net (212.113.15.186) 14 209.85.255.78 (209.85.255.78) 15 66.249.95.173 (66.249.95.173) 16 216.239.49.45 (216.239.49.45) 17 * * * 18 ww-in-f147.1e100.net (209.85.229.147) 1 10.8.0.1 (10.8.0.1) 2 192.168.1.1 (192.168.1.1) 3 62.81.125.179.static.user.ono.com (62.81.125.179) 4 10.115.49.217 (10.115.49.217) 5 10.127.151.49 (10.127.151.49) 6 10.127.10.137 (10.127.10.137) 7 10.127.10.133 (10.127.10.133) 8 10.127.3.82 (10.127.3.82) 9 213.242.71.21 (213.242.71.21) 10 ae-5-5.ebr1.Paris1.Level3.net (4.69.141.42) 11 ae-45-45.ebr1.London1.Level3.net (4.69.143.101) 12 ae-1-51.edge3.London1.Level3.net (4.69.139.73) 13 unknown.Level3.net (212.113.15.186) 14 209.85.255.78 (209.85.255.78) 15 66.249.95.173 (66.249.95.173) 16 216.239.49.45 (216.239.49.45) 17 * * * 18 ww-in-f147.1e100.net (209.85.229.147)

slide-4
SLIDE 4

4 http://herraiz.org

Reaching Google Reaching Google

1 10.8.0.1 (10.8.0.1) 2 192.168.1.1 (192.168.1.1) 3 62.81.125.179.static.user.ono.com (62.81.125.179) 4 10.115.49.217 (10.115.49.217) 5 10.127.151.49 (10.127.151.49) 6 10.127.10.137 (10.127.10.137) 7 10.127.10.133 (10.127.10.133) 8 10.127.3.82 (10.127.3.82) 9 213.242.71.21 (213.242.71.21) 10 ae-5-5.ebr1.Paris1.Level3.net (4.69.141.42) 11 ae-45-45.ebr1.London1.Level3.net (4.69.143.101) 12 ae-1-51.edge3.London1.Level3.net (4.69.139.73) 13 unknown.Level3.net (212.113.15.186) 14 209.85.255.78 (209.85.255.78) 15 66.249.95.173 (66.249.95.173) 16 216.239.49.45 (216.239.49.45) 17 * * * 18 ww-in-f147.1e100.net (209.85.229.147) 1 10.8.0.1 (10.8.0.1) 2 192.168.1.1 (192.168.1.1) 3 62.81.125.179.static.user.ono.com (62.81.125.179) 4 10.115.49.217 (10.115.49.217) 5 10.127.151.49 (10.127.151.49) 6 10.127.10.137 (10.127.10.137) 7 10.127.10.133 (10.127.10.133) 8 10.127.3.82 (10.127.3.82) 9 213.242.71.21 (213.242.71.21) 10 ae-5-5.ebr1.Paris1.Level3.net (4.69.141.42) 11 ae-45-45.ebr1.London1.Level3.net (4.69.143.101) 12 ae-1-51.edge3.London1.Level3.net (4.69.139.73) 13 unknown.Level3.net (212.113.15.186) 14 209.85.255.78 (209.85.255.78) 15 66.249.95.173 (66.249.95.173) 16 216.239.49.45 (216.239.49.45) 17 * * * 18 ww-in-f147.1e100.net (209.85.229.147) Getafe Barcelona Minneapolis Paris London Atlanta New York Los Angeles Atlanta

slide-5
SLIDE 5

5 http://herraiz.org

Hops while attempting to reach Hops while attempting to reach Google Google

slide-6
SLIDE 6

6 http://herraiz.org

Is it that bad? Is it that bad?

What kind of private Information can be captured?

slide-7
SLIDE 7

7 http://herraiz.org

Non-cyphered information Non-cyphered information

  • Geolocalization
  • Using your IP address
  • Web browser and operating system
  • Any info written in a form
  • Including passwords
  • Cookies
  • Have a look and take care

– http://www.youtube.com/watch?v=yyLdxO6xvh8 – http://www.youtube.com/watch?v=1FgKL2ywrX0

slide-8
SLIDE 8

8 http://herraiz.org

Is it important? Is it important?

  • Strong PK crypto illegal

in France up to 2004

  • PK implementations in

software considered weapons in the US

  • Software export

restrictions in EU and US

http://en.wikipedia.org/wiki/Phil_Zimmermann http://en.wikipedia.org/wiki/Key_disclosure_law http://en.wikipedia.org/wiki/Cryptography_law http://en.wikipedia.org/wiki/Export_of_cryptography_in_the_United_States#History

slide-9
SLIDE 9

9 http://herraiz.org

Solution Enforce cyphering using public key cryptography

slide-10
SLIDE 10

10 http://herraiz.org

Cryptography Cryptography

  • Traditionally, cyphering was done using a

password and an algorithm

  • Symmetric approach
  • Password shared by both peers
  • Public key cryptography
  • Insecure channel
  • Private and secure communication without any

previous physical contact

slide-11
SLIDE 11

11 http://herraiz.org

Public key cryptography (PKP) Public key cryptography (PKP)

Pub Pri Pub Pri

slide-12
SLIDE 12

12 http://herraiz.org

Public key cryptography Public key cryptography

Pri Pri Pub Pub Pub Pub Keyserver

slide-13
SLIDE 13

13 http://herraiz.org

Criptografía de clave pública Criptografía de clave pública

Pri Pri Pub Pub Pub Pub Keyserver Hi there!

slide-14
SLIDE 14

14 http://herraiz.org

Public key cryptography Public key cryptography

Pri Pri Pub Pub Pub Pub Keyserver 0F231A5 Pub

slide-15
SLIDE 15

15 http://herraiz.org

Public key cryptography Public key cryptography

Pri Pri Pub Pub Pub Pub Keyserver 0F231A5 Pub

slide-16
SLIDE 16

16 http://herraiz.org

Public key cryptography Public key cryptography

Pri Pri Pub Pub Pub Pub Keyserver Hi there!

slide-17
SLIDE 17

17 http://herraiz.org

How does it work? How does it work?

  • PKP Algorithms
  • Prime number factorization
  • From a mathematical point of view, all

messages can be decrypted

  • From a computational point of view, decrypting

a message without the private key takes too long

– Key length is a crucial property

slide-18
SLIDE 18

18 http://herraiz.org

Public key sample Public key sample

  • ----BEGIN PGP PUBLIC KEY BLOCK-----

Version: GnuPG v2.0.19 (GNU/Linux) JeP5F/eRS9G8EE1fObRRW6mRf+bGSeluFEMiOi3UB/5P0GBx8iM0QIjezR0R+2n8 bMjuJmWHTjvEeplnx9iual4J4BT/9FznFs7o4tFVVfYBacFrhWjQyAf2xoP3gyn3 5OlV55VHVB+oidXUVNSNHZbXwrd1sH42x7x8o17PDFJrWjiq4kAb2EfSOIuSS6na K9Y06bqh3yRbVtRdZOuCLcY8QJwt/mx//uQqG6NuSvYhx1QyC6g==XuDESOIuSSa mQINBEtUTeQBEACejdGQhscmsDXM7xG2/ZYFpMQg/GmPlJ85uJJUkLr2T+5Rw8Xv VfZjNZkMwsq94BGFrBxu477tKhQ5wiUBBz/jJ01a39Wrazgp21fvEon2T0Vay45t 2BYbU4AF815UL6o74YlW5SLdAofwylZS8pX4CKjGAB0T+fDiwkAepQl45nzX0ulv

  • ----END PGP PUBLIC KEY BLOCK-----
slide-19
SLIDE 19

19 http://herraiz.org

Private key sample Private key sample

  • ----BEGIN PGP PRIVATE KEY BLOCK-----

Version: GnuPG v2.0.19 (GNU/Linux) mQINBEtUTeQBEACejdGQhscmsDXM7xG2/ZYFpMQg/GmPlJ85uJJUkLr2T+5Rw8Xv JeP5F/eRS9G8EE1fObRRW6mRf+bGSeluFEMiOi3UB/5P0GBx8iM0QIjezR0R+2n8 VfZjNZkMwsq94BGFrBxu477tKhQ5wiUBBz/jJ01a39Wrazgp21fvEon2T0Vay45t 2BYbU4AF815UL6o74YlW5SLdAofwylZS8pX4CKjGAB0T+fDiwkAepQl45nzX0ulv bMjuJmWHTjvEeplnx9iual4J4BT/9FznFs7o4tFVVfYBacFrhWjQyAf2xoP3gyn3 5OlV55VHVB+oidXUVNSNHZbXwrd1sH42x7x8o17PDFJrWjiq4kAb2EfSOIuSS6na K9Y06bqh3yRbVtRdZOuCLcY8QJwt/mx//uQqG6NuSvYhx1QyC6g==XuDESOIuSSa

  • ----END PGP PRIVATE KEY BLOCK-----
slide-20
SLIDE 20

20 http://herraiz.org

Keyservers Keyservers

  • Internet hosts that contain public keys
  • Federated services
  • All servers contain all the public keys in the world
  • Public keyserver in Spain thanks to RedIRIS
  • URL: pgp.rediris.es
slide-21
SLIDE 21

21 http://herraiz.org

Message signing Message signing

Pri Pri Pub Pub Pub Pub Keyserver Hi there!

slide-22
SLIDE 22

22 http://herraiz.org

Message signing Message signing

Pri Pri Pub Pub Pub Pub Keyserver Hi there! Created with the private key

slide-23
SLIDE 23

23 http://herraiz.org

Message signing Message signing

Pri Pri Pub Pub Pub Pub Keyserver Hi there!

slide-24
SLIDE 24

24 http://herraiz.org

Signing and encrypting Signing and encrypting

Pri Pri Pub Pub Pub Pub Keyserver Hi there!

slide-25
SLIDE 25

25 http://herraiz.org

Signing and encrypting Signing and encrypting

Pri Pri Pub Pub Pub Pub Keyserver FAD43A Pub

slide-26
SLIDE 26

26 http://herraiz.org

Signing and encrypting Signing and encrypting

Pri Pri Pub Pub Pub Pub Keyserver FAD43A Pub

slide-27
SLIDE 27

27 http://herraiz.org

Signing and encrypting Signing and encrypting

Pri Pri Pub Pub Pub Pub Keyserver Hi there!

slide-28
SLIDE 28

28 http://herraiz.org

Signing and encrypting Signing and encrypting

Pri Pri Pub Pub Pub Pub Keyserver Hi there!

slide-29
SLIDE 29

29 http://herraiz.org

Identity certification Identity certification

How do you know that public keys belong to their legitimate owners?

Public key Barack Obama

Can we ensure that the key does belong to Barack Obama?

slide-30
SLIDE 30

30 http://herraiz.org

Identity certification Identity certification

Certificate Authorities Trust chain

slide-31
SLIDE 31

31 http://herraiz.org

Public key signing Public key signing

  • Public keys are plain text documents that can

be cryptographically signed

  • Mutual public signing adds identity certification

to PKP schemes

slide-32
SLIDE 32

32 http://herraiz.org

Public key signing Public key signing

Pri Pri Pub Pub Pub Pub Keyserver Barack Obama

slide-33
SLIDE 33

33 http://herraiz.org

Public key signing Public key signing

Pri Pri Pub Pub Pub Pub Keyserver Barack Obama

Key FE0A7AF2 Name Barack Obama Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2

slide-34
SLIDE 34

34 http://herraiz.org

Public key signing Public key signing

Pri Pri Pub Pub Pub Pub Keyserver Barack Obama

Key FE0A7AF2 Name Barack Obama Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2

slide-35
SLIDE 35

35 http://herraiz.org

Public key signing Public key signing

Pri Pri Pub Pub Pub Pub Keyserver Barack Obama Show me your passport

Key FE0A7AF2 Name Barack Obama Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2

slide-36
SLIDE 36

36 http://herraiz.org

Passport Barack Obama

Public key signing Public key signing

Pri Pri Pub Pub Pub Pub Keyserver Barack Obama

Key FE0A7AF2 Name Barack Obama Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2

Show me your passport

slide-37
SLIDE 37

37 http://herraiz.org

Public key signing Public key signing

Pri Pub Pub Pub Keyserver

Key FE0A7AF2 Name Barack Obama Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2

Pub

Barack Obama

D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2

Download key FE0A7AF2

slide-38
SLIDE 38

38 http://herraiz.org

Public key signing Public key signing

Pri Pub Pub Pub Keyserver

Key FE0A7AF2 Name Barack Obama Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2

Pub

Barack Obama

D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2

slide-39
SLIDE 39

39 http://herraiz.org

Public key signing Public key signing

Pri Pub Pub Pub Keyserver

Key FE0A7AF2 Name Barack Obama Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2

Pub

Barack Obama

D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2

slide-40
SLIDE 40

40 http://herraiz.org

Public key signing Public key signing

Pri Pub Pub Pub Keyserver Pri Pub Barack Obama

Key signing is

  • ften mutual
slide-41
SLIDE 41

41 http://herraiz.org

Public key signing Public key signing

Barack Obama Pub Pub Pub Is he Barack Obama?

Trust chain

slide-42
SLIDE 42

42 http://herraiz.org

Signing party Signing party

slide-43
SLIDE 43

43 http://herraiz.org

Take away Take away

PK Cryptog. Secure comms. through

  • insec. channels

Each user creates a public-private key pair Keyservers contain every key in the world Trust chain Identity cert. through public key signing