Lecture14 - CSE 484(Winter 2008 Applied Cryptography...

This preview shows page 1 - 4 out of 11 pages.

Applied Cryptography Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials ... CSE 484 (Winter 2008) Goals for Today Asymmetric cryptography Project 2 out Informal checkpoint: Feb 22 (11:59pm) Full submission: Feb 29 (11:59pm) Advantages of Public-Key Crypto Confidentiality without shared secrets • Very useful in open environments • No “chicken-and-egg” key establishment problem – With symmetric crypto, two parties must share a secret before they can exchange secret messages – Caveats to come Authentication without shared secrets • Use digital signatures to prove the origin of messages Reduce protection of information to protection of authenticity of public keys • No need to keep public keys secret, but must be sure that Alice’s public key is really her true public key Disadvantages of Public-Key Crypto Calculations are 2-3 orders of magnitude slower • Modular exponentiation is an expensive computation • Typical usage: use public-key cryptography to establish a shared secret, then switch to symmetric crypto – We’ll see this in IPSec and SSL Keys are longer • 1024 bits (RSA) rather than 128 bits (AES) Relies on unproven number-theoretic assumptions • What if factoring is easy? – Factoring is believed to be neither P, nor NP-complete • (Of course, symmetric crypto also rests on unproven assumptions)
Image of page 1

Subscribe to view the full document.

Authenticity of Public Keys ? Problem : How does Alice know that the public key she received is really Bob’s public key? private key Alice Bob public key Bob’s key Distribution of Public Keys Public announcement or public directory • Risks: forgery and tampering Public-key certificate • Signed statement specifying the key and identity – sig Alice (“Bob”, PK B ) Common approach: certificate authority (CA) • Single agency responsible for certifying public keys • After generating a private/public key pair, user proves his identity and knowledge of the private key to obtain CA’s certificate for the public key (offline) • Every computer is pre-configured with CA’s public key Hierarchical Approach Single CA certifying every public key is impractical Instead, use a trusted root authority • For example, Verisign • Everybody must know the public key for verifying root authority’s signatures Root authority signs certificates for lower-level authorities, lower-level authorities sign certificates for individual networks, and so on • Instead of a single certificate, use a certificate chain – sig Verisign (“UW”, PK UW ), sig UW (“Alice”, PK A ) • What happens if root authority is ever compromised? Many Challenges
Image of page 2
Many Challenges Alternative: “Web of Trust” Used in PGP (Pretty Good Privacy) Instead of a single root certificate authority, each person has a set of keys they “trust” • If public-key certificate is signed by one of the “trusted”
Image of page 3

Subscribe to view the full document.

Image of page 4
  • Winter '08
  • Johnsmith
  • Computer Security, Alice, Public-key cryptography, Certificate authority, public keys

{[ snackBarMessage ]}

Get FREE access by uploading your study materials

Upload your study materials now and get free access to over 25 million documents.

Upload now for FREE access Or pay now for instant access
Christopher Reinemann
"Before using Course Hero my grade was at 78%. By the end of the semester my grade was at 90%. I could not have done it without all the class material I found."
— Christopher R., University of Rhode Island '15, Course Hero Intern

Ask a question for free

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern