Public Key Cryptography

Transcript

1. Public  Key   Cryptography   Vimal Atreya Ramaka

2. Overview •  Introduction •  Public Key Cryptography •  Public Key

   Encryption •  Digital Signature •  Authentication with Public Key •  Examples of Authentication with Public Key •  Weaknesses

3. Introduction •  We use networks for: o  Communication o  File

   Sharing o  Information Sharing •  Data / messages need to be secure

4. Public  Key  Cryptography •  A form of cryptography in which

   the key used to encrypt a message differs from the key used to decrypt it. •  A user has a pair of keys: o  Public Key o  Private Key

5. Public  Key  Cryptography •  Two main branches of Public Key

   Cryptography: •  Public Key Encryption •  Digital Signatures

6. Key  Terms •  Public Key and Private Key o  The

   pair of keys generated by each user o  Usually the receiver provides the sender of the message with their public key to encrypt the plain text •  Cipher Text o  This is the scrambled message produced as output. It depends on the plain text and the key. For a given message, two different keys will produce two different cipher texts

7. Public  Key  Encryption •  A message encrypted with a recipients

   public key cannot be decrypted by anyone except the recipient possessing the corresponding private key

8. Public  Key  Encryption

9. Digital  Signature •  An authentication mechanism that enables the creator

   or a message to attach a code that acts as a signature •  Used in situations where there is not complete trust between sender and receiver and something more than regular authentication is needed

10. Public  Key  for   Authentication •  You generate a key

    pair, consisting of a public key and a private key. The private key is able to generate signatures. A signature created using your private key cannot be forged by anybody who does not have that key; but anybody who has your public key can verify that a particular signature is genuine.

11. Public  Key  for   Authentication •  Copy the public key

    to the host server under a certain name. Then, when the server asks you to prove who you are, you can generate a signature using your private key. The server can verify that signature (since it has your public key) and allow you to log in. Now if the server is hacked or spoofed, the attacker does not gain your private key or password; they only gain one signature. And signatures cannot be re-used, so they have gained nothing.

12. Places  that  use  Public  Key •  GitHub for authentication while

    pushing a code •  Amazon AWS for authentication to an instance •  Mostly any VPS or authentication to any remote system

13. GitHub

14. Amazon  AWS

15. Weaknesses •  Computational Cost •  Vulnerable to Brute Force Attacks

    o  Relatively more vulnerable to brute force attacks when compared to other key cryptographies •  Vulnerable to the Man in the Middle Attack o  A malicious third party can intercept a public key on its way to one of the parties involved

16. Thank  You