Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Public Key Cryptography

Public Key Cryptography

Vimal Atreya Ramaka

November 14, 2013
Tweet

More Decks by Vimal Atreya Ramaka

Other Decks in Technology

Transcript

  1. Overview •  Introduction •  Public Key Cryptography •  Public Key

    Encryption •  Digital Signature •  Authentication with Public Key •  Examples of Authentication with Public Key •  Weaknesses
  2. Introduction •  We use networks for: o  Communication o  File

    Sharing o  Information Sharing •  Data / messages need to be secure
  3. Public  Key  Cryptography •  A form of cryptography in which

    the key used to encrypt a message differs from the key used to decrypt it. •  A user has a pair of keys: o  Public Key o  Private Key
  4. Public  Key  Cryptography •  Two main branches of Public Key

    Cryptography: •  Public Key Encryption •  Digital Signatures
  5. Key  Terms •  Public Key and Private Key o  The

    pair of keys generated by each user o  Usually the receiver provides the sender of the message with their public key to encrypt the plain text •  Cipher Text o  This is the scrambled message produced as output. It depends on the plain text and the key. For a given message, two different keys will produce two different cipher texts
  6. Public  Key  Encryption •  A message encrypted with a recipients

    public key cannot be decrypted by anyone except the recipient possessing the corresponding private key
  7. Digital  Signature •  An authentication mechanism that enables the creator

    or a message to attach a code that acts as a signature •  Used in situations where there is not complete trust between sender and receiver and something more than regular authentication is needed
  8. Public  Key  for   Authentication •  You generate a key

    pair, consisting of a public key and a private key. The private key is able to generate signatures. A signature created using your private key cannot be forged by anybody who does not have that key; but anybody who has your public key can verify that a particular signature is genuine.
  9. Public  Key  for   Authentication •  Copy the public key

    to the host server under a certain name. Then, when the server asks you to prove who you are, you can generate a signature using your private key. The server can verify that signature (since it has your public key) and allow you to log in. Now if the server is hacked or spoofed, the attacker does not gain your private key or password; they only gain one signature. And signatures cannot be re-used, so they have gained nothing.
  10. Places  that  use  Public  Key •  GitHub for authentication while

    pushing a code •  Amazon AWS for authentication to an instance •  Mostly any VPS or authentication to any remote system
  11. Weaknesses •  Computational Cost •  Vulnerable to Brute Force Attacks

    o  Relatively more vulnerable to brute force attacks when compared to other key cryptographies •  Vulnerable to the Man in the Middle Attack o  A malicious third party can intercept a public key on its way to one of the parties involved