Public Key Infrastructure

Securing the future of communication bit by bit Presented to

Ecole Mohamadia

By Hicham Zewaid ASIC Design Engineer

zewaid@yahoo.com

History of Cryptography Past- Present & Future

Roman were one of the 1st to use Cryptography -What is Encryption and Decryption? Plaintext Vs Ciphertext Algorithm, Cryptosystem and Cryptanalysis I love Morocco (plaintext) L oryh Prurffr (ciphertext) - Shift by 3 is used as cryptosystem - The number 3 is the secret key A..D, B..E, C..F so on and so forth.

Technology used in Cryptography

Manual Cryptography - Religious text and Egyptian hieroglyphs Mechanical Cryptography - Enigma machine - 3 rotors lead to 26x26x26 = 17576 keys Computerized Cryptography - Mainframes & PCs

DES Algorithm
Data Encryption Standard - Lucipher Developed by IBM with the help of NIST - 1977 adopted by NSA to US government and DoD Symmetric Cryptography (secret key) - One secret key is used to encrypt and decrypt Encryption based on 64 bit block size of data -56 bits are randomly generated and used directly by algorithm Key -8 bit for error detection

DES Algorithm
There is 72,000,000,000,000,000 (72 Quadrillion) encryption keys available For each message the key is chosen at random Sender and receiver must know & use the same key In 1997 by brute-force DES key was broken using 14,000 computer deciphered the message

Illustration of DES Algorithm

Symmetric Algorithms
DES Algo based on 64 bit block with 56 bit key Triple-DES Algo with 168 bit key Skipjack Algorithm with 80 bit key -Fortezza Using MYK82 chip Advanced Encryption Standard (AES) - Based on 128 bit block with 128, 196 and 256 bit key - Proposed Algos (MARS, RC6,Twofish,serpent,Rijndael)

Asymmetric Cryptography
Whitfield diffie and Martin Hellman developed the concept of public key cryptosystem New direction of cryptography. Implementation of public key RSA Algorithm -Ron Rivest, Adi Shamir and Le Adleman Public Key cryptosystem A pair of Keys is extract one Public and one Private Based on 128 bit key Algorithm Private Key to remain secret and Public key to be given to any one

Illustration of Public Key Algorithm

Encryption Algorithms
3 Type of Encryption methods available Symmetric Algorithms - DES , 3DES, Skipjack and AES Asymmetric Algorithm - RSA 1000 slower in HW &100 slower in SW Hash Function Algorithms -MD2, MD4, MD5 and SHA

Security Infrastructure
Information Technology eSecurity RSA public Key Cryptosystem -email, Netscape Browser, VPN

Secure communication protocols

-S/MIME, SSL, IPsec The need for extending security to the physical world created PKI to secure the Internet.

Public Key Infrastructure

Meeting legal Requirement
-Privacy: Only intended recipient can read the files -Integrity: Guarantees files are unaltered during transmission -Authentication: Ensures that parties involved are who they claim to be -Non-repudation: Prevents individuals from denying involvement in a transaction.

PKI Applications
E-mail with customers, partners and Employees e-Commerce including data exchange and financial transactions. Digital contract including loans, leases and Mortgages. Remote Access to corporate databases.

The components of PKI

Encryption using Public Key & secret key -Hybrid Approach Digital Signature Process Transporting Encryption Keys Digital Certificates Message Decryption and Verification

X.509 Digital Certificate

Version Serial number

Validity period User Public Key User unique identifier Digital signature

Signature algorithm ID
Issuer name User name

The Certification Process

1. 2. Subscriber applies to CA for Digital Certificates. CA Verifies the subscribers identity and issues digital certificates. CA publishes certificates to public on-line repository Subscriber signs message with private key & sends message to second party. Receiving party verifies digital signature with senders public key. CA reports status of subscriber certificates.

3. 4. 5.
6.

Block Diagrams of Certification Process

3

Certificate Authority CA 1 2

Repository Dbase 5 Receiving Party 6

Subscriber 4

Digital Signature Process Illustrated

The Hash Algorithm creates a unique abstract of the message Message

Message

Hash Function
Private key of sender Encrypts Digest

Digital Signature

Message Digest

Digital Signature Encrypted Digest Becomes Digital Signature

160 bit Value

The Encryption Process

One-time Symmetric key Encrypts Message And Signature

Encrypted Message & Signature

Message

Encrypted Message & Signature

Encrypted One Time Key

Digital Signature

Receivers Public Key Encrypts One-time Symmetric Key

Message Decryption and Verification Process

Encrypted Message & Signature Encrypted One Time Key Encrypted Message & Signature
Receivers Private Key Decrypts one-time Symmetric key One time Symmetric Key Decrypts Message & Digital Signature Decrypted with Public Signature key of the sender and original Digest extracted

Second Message Digest Produced

Decrypted Message hashed a second time

Message Digest 2

Hash Function Message

Original Digest compared to second Digest for identical Match to confirm Message Integrity Message Digest

Message Digest

Digital Signature

Authentication Methods
Smart card VS Token -iKey VS smart card Biometrics -Finger prints, voice print, Iris patterns, face print Wireless -Pagers, Cell phones, PDA

Issues in PKI deployment

What is the organizations PKI strategy? Are applications PKI ready? Do we agree yet in one standard? How many clients will be involved in initial deployment? What are technical stuff requirement?

Conclusion
A secure eCommerce web site can provide businesses with powerful competitive advantage. Today the business done on the internet is estimated to $25 billion and will reach 300 billion by 2005, securing the Internet will bring the following: New customers Cost effective delivery channel Streamlined enrollment paper-based enrollment Better marketing through better customer knowledge.

1. 2. 3. 4.

Inside Look of Encryption Hardware

Block Diagram of MYK82 chip