Lecture14 - CSE 484(Winter 2008 Applied Cryptography...

• Notes
• 11

This preview shows page 1 - 4 out of 11 pages.

Applied Cryptography Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials ... CSE 484 (Winter 2008) Goals for Today Asymmetric cryptography Project 2 out Informal checkpoint: Feb 22 (11:59pm) Full submission: Feb 29 (11:59pm) Advantages of Public-Key Crypto Confidentiality without shared secrets • Very useful in open environments • No “chicken-and-egg” key establishment problem – With symmetric crypto, two parties must share a secret before they can exchange secret messages – Caveats to come Authentication without shared secrets • Use digital signatures to prove the origin of messages Reduce protection of information to protection of authenticity of public keys • No need to keep public keys secret, but must be sure that Alice’s public key is really her true public key Disadvantages of Public-Key Crypto Calculations are 2-3 orders of magnitude slower • Modular exponentiation is an expensive computation • Typical usage: use public-key cryptography to establish a shared secret, then switch to symmetric crypto – We’ll see this in IPSec and SSL Keys are longer • 1024 bits (RSA) rather than 128 bits (AES) Relies on unproven number-theoretic assumptions • What if factoring is easy? – Factoring is believed to be neither P, nor NP-complete • (Of course, symmetric crypto also rests on unproven assumptions)

Subscribe to view the full document.

Authenticity of Public Keys ? Problem : How does Alice know that the public key she received is really Bob’s public key? private key Alice Bob public key Bob’s key Distribution of Public Keys Public announcement or public directory • Risks: forgery and tampering Public-key certificate • Signed statement specifying the key and identity – sig Alice (“Bob”, PK B ) Common approach: certificate authority (CA) • Single agency responsible for certifying public keys • After generating a private/public key pair, user proves his identity and knowledge of the private key to obtain CA’s certificate for the public key (offline) • Every computer is pre-configured with CA’s public key Hierarchical Approach Single CA certifying every public key is impractical Instead, use a trusted root authority • For example, Verisign • Everybody must know the public key for verifying root authority’s signatures Root authority signs certificates for lower-level authorities, lower-level authorities sign certificates for individual networks, and so on • Instead of a single certificate, use a certificate chain – sig Verisign (“UW”, PK UW ), sig UW (“Alice”, PK A ) • What happens if root authority is ever compromised? Many Challenges
Many Challenges Alternative: “Web of Trust” Used in PGP (Pretty Good Privacy) Instead of a single root certificate authority, each person has a set of keys they “trust” • If public-key certificate is signed by one of the “trusted”

Subscribe to view the full document.

• Winter '08
• Johnsmith
• Computer Security, Alice, Public-key cryptography, Certificate authority, public keys

{[ snackBarMessage ]}

"Before using Course Hero my grade was at 78%. By the end of the semester my grade was at 90%. I could not have done it without all the class material I found."
— Christopher R., University of Rhode Island '15, Course Hero Intern

What students are saying

• As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

Kiran Temple University Fox School of Business ‘17, Course Hero Intern

• I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

Dana University of Pennsylvania ‘17, Course Hero Intern

• The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

Jill Tulane University ‘16, Course Hero Intern