public key cryptography

http://herraiz.org

Public key cryptography: a practical Public key cryptography: a practical approachapproach

Israel Herraiz <isra@herraiz.org>

<israel.herraiz@upm.es>

KeyID FE0A7AF3

Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF3

Slides and additional info athttp://mat.caminos.upm.es/~iht/pkc/

http://herraiz.org

Privacy in electronic communicatiosPrivacy in electronic communicatios

Can we ensureprivacy in electroniccommunications?

http://herraiz.org

Reaching GoogleReaching Google 1 10.8.0.1 (10.8.0.1) 2 192.168.1.1 (192.168.1.1) 3 62.81.125.179.static.user.ono.com (62.81.125.179) 4 10.115.49.217 (10.115.49.217) 5 10.127.151.49 (10.127.151.49) 6 10.127.10.137 (10.127.10.137) 7 10.127.10.133 (10.127.10.133) 8 10.127.3.82 (10.127.3.82) 9 213.242.71.21 (213.242.71.21)10 ae-5-5.ebr1.Paris1.Level3.net (4.69.141.42)11 ae-45-45.ebr1.London1.Level3.net (4.69.143.101)12 ae-1-51.edge3.London1.Level3.net (4.69.139.73)13 unknown.Level3.net (212.113.15.186)14 209.85.255.78 (209.85.255.78)15 66.249.95.173 (66.249.95.173)16 216.239.49.45 (216.239.49.45)17 * * *18 ww-in-f147.1e100.net (209.85.229.147)

1 10.8.0.1 (10.8.0.1) 2 192.168.1.1 (192.168.1.1) 3 62.81.125.179.static.user.ono.com (62.81.125.179) 4 10.115.49.217 (10.115.49.217) 5 10.127.151.49 (10.127.151.49) 6 10.127.10.137 (10.127.10.137) 7 10.127.10.133 (10.127.10.133) 8 10.127.3.82 (10.127.3.82) 9 213.242.71.21 (213.242.71.21)10 ae-5-5.ebr1.Paris1.Level3.net (4.69.141.42)11 ae-45-45.ebr1.London1.Level3.net (4.69.143.101)12 ae-1-51.edge3.London1.Level3.net (4.69.139.73)13 unknown.Level3.net (212.113.15.186)14 209.85.255.78 (209.85.255.78)15 66.249.95.173 (66.249.95.173)16 216.239.49.45 (216.239.49.45)17 * * *18 ww-in-f147.1e100.net (209.85.229.147)

http://herraiz.org

Reaching GoogleReaching Google 1 10.8.0.1 (10.8.0.1) 2 192.168.1.1 (192.168.1.1) 3 62.81.125.179.static.user.ono.com (62.81.125.179) 4 10.115.49.217 (10.115.49.217) 5 10.127.151.49 (10.127.151.49) 6 10.127.10.137 (10.127.10.137) 7 10.127.10.133 (10.127.10.133) 8 10.127.3.82 (10.127.3.82) 9 213.242.71.21 (213.242.71.21)10 ae-5-5.ebr1.Paris1.Level3.net (4.69.141.42)11 ae-45-45.ebr1.London1.Level3.net (4.69.143.101)12 ae-1-51.edge3.London1.Level3.net (4.69.139.73)13 unknown.Level3.net (212.113.15.186)14 209.85.255.78 (209.85.255.78)15 66.249.95.173 (66.249.95.173)16 216.239.49.45 (216.239.49.45)17 * * *18 ww-in-f147.1e100.net (209.85.229.147)

1 10.8.0.1 (10.8.0.1) 2 192.168.1.1 (192.168.1.1) 3 62.81.125.179.static.user.ono.com (62.81.125.179) 4 10.115.49.217 (10.115.49.217) 5 10.127.151.49 (10.127.151.49) 6 10.127.10.137 (10.127.10.137) 7 10.127.10.133 (10.127.10.133) 8 10.127.3.82 (10.127.3.82) 9 213.242.71.21 (213.242.71.21)10 ae-5-5.ebr1.Paris1.Level3.net (4.69.141.42)11 ae-45-45.ebr1.London1.Level3.net (4.69.143.101)12 ae-1-51.edge3.London1.Level3.net (4.69.139.73)13 unknown.Level3.net (212.113.15.186)14 209.85.255.78 (209.85.255.78)15 66.249.95.173 (66.249.95.173)16 216.239.49.45 (216.239.49.45)17 * * *18 ww-in-f147.1e100.net (209.85.229.147)

Getafe

Barcelona

MinneapolisParis

LondonAtlanta

New YorkLos Angeles

Atlanta

http://herraiz.org

Hops while attempting to reach Hops while attempting to reach GoogleGoogle

http://herraiz.org

Is it that bad?Is it that bad?

What kind of privateInformation can be

captured?

http://herraiz.org

Non-cyphered informationNon-cyphered information

● Geolocalization● Using your IP address

● Web browser and operating system● Any info written in a form

● Including passwords

● Cookies● Have a look and take care

– http://www.youtube.com/watch?v=yyLdxO6xvh8– http://www.youtube.com/watch?v=1FgKL2ywrX0

http://herraiz.org

Is it important?Is it important?

● Strong PK crypto illegal in France up to 2004

● PK implementations in software considered weapons in the US

● Software export restrictions in EU and US

http://en.wikipedia.org/wiki/Phil_Zimmermann

http://en.wikipedia.org/wiki/Key_disclosure_lawhttp://en.wikipedia.org/wiki/Cryptography_law

http://en.wikipedia.org/wiki/Export_of_cryptography_in_the_United_States#History

http://herraiz.org

Solution

Enforce cypheringusing public key

cryptography

http://herraiz.org

CryptographyCryptography

● Traditionally, cyphering was done using a password and an algorithm

● Symmetric approach● Password shared by both peers

● Public key cryptography● Insecure channel● Private and secure communication without any

previous physical contact

http://herraiz.org

Public key cryptography (PKP)Public key cryptography (PKP)

Pub Pri Pub Pri

http://herraiz.org

Public key cryptographyPublic key cryptography

Pri PriPubPub

Pub Pub

Keyserver

http://herraiz.org

Criptografía de clave públicaCriptografía de clave pública

Pri PriPubPub

Pub Pub

Keyserver

Hi there!

http://herraiz.org

Pri PriPubPub

Pub Pub

Keyserver

0F231A5

http://herraiz.org

Pri PriPubPub

Pub Pub

Keyserver

0F231A5

http://herraiz.org

Pri PriPubPub

Pub Pub

Keyserver

Hi there!

http://herraiz.org

How does it work?How does it work?

● PKP Algorithms● Prime number factorization

● From a mathematical point of view, all messages can be decrypted

● From a computational point of view, decrypting a message without the private key takes too long

– Key length is a crucial property

http://herraiz.org

Public key samplePublic key sample

-----BEGIN PGP PUBLIC KEY BLOCK-----Version: GnuPG v2.0.19 (GNU/Linux)

JeP5F/eRS9G8EE1fObRRW6mRf+bGSeluFEMiOi3UB/5P0GBx8iM0QIjezR0R+2n8bMjuJmWHTjvEeplnx9iual4J4BT/9FznFs7o4tFVVfYBacFrhWjQyAf2xoP3gyn35OlV55VHVB+oidXUVNSNHZbXwrd1sH42x7x8o17PDFJrWjiq4kAb2EfSOIuSS6naK9Y06bqh3yRbVtRdZOuCLcY8QJwt/mx//uQqG6NuSvYhx1QyC6g==XuDESOIuSSamQINBEtUTeQBEACejdGQhscmsDXM7xG2/ZYFpMQg/GmPlJ85uJJUkLr2T+5Rw8XvVfZjNZkMwsq94BGFrBxu477tKhQ5wiUBBz/jJ01a39Wrazgp21fvEon2T0Vay45t2BYbU4AF815UL6o74YlW5SLdAofwylZS8pX4CKjGAB0T+fDiwkAepQl45nzX0ulv

-----END PGP PUBLIC KEY BLOCK-----

http://herraiz.org

Private key samplePrivate key sample

-----BEGIN PGP PRIVATE KEY BLOCK-----Version: GnuPG v2.0.19 (GNU/Linux)

mQINBEtUTeQBEACejdGQhscmsDXM7xG2/ZYFpMQg/GmPlJ85uJJUkLr2T+5Rw8XvJeP5F/eRS9G8EE1fObRRW6mRf+bGSeluFEMiOi3UB/5P0GBx8iM0QIjezR0R+2n8VfZjNZkMwsq94BGFrBxu477tKhQ5wiUBBz/jJ01a39Wrazgp21fvEon2T0Vay45t2BYbU4AF815UL6o74YlW5SLdAofwylZS8pX4CKjGAB0T+fDiwkAepQl45nzX0ulvbMjuJmWHTjvEeplnx9iual4J4BT/9FznFs7o4tFVVfYBacFrhWjQyAf2xoP3gyn35OlV55VHVB+oidXUVNSNHZbXwrd1sH42x7x8o17PDFJrWjiq4kAb2EfSOIuSS6naK9Y06bqh3yRbVtRdZOuCLcY8QJwt/mx//uQqG6NuSvYhx1QyC6g==XuDESOIuSSa

-----END PGP PRIVATE KEY BLOCK-----

http://herraiz.org

KeyserversKeyservers

● Internet hosts that contain public keys● Federated services

● All servers contain all the public keys in the world

● Public keyserver in Spain thanks to RedIRIS● URL: pgp.rediris.es

http://herraiz.org

Message signingMessage signing

Pri PriPubPub

Pub Pub

Keyserver

Hi there!

http://herraiz.org

Pri PriPubPub

Pub Pub

Keyserver

Hi there!

Created with theprivate key

http://herraiz.org

Pri PriPubPub

Pub Pub

Keyserver

Hi there!

http://herraiz.org

Signing and encryptingSigning and encrypting

Pri PriPubPub

Pub Pub

Keyserver

Hi there!

http://herraiz.org

Pri PriPubPub

Pub Pub

Keyserver

FAD43A

http://herraiz.org

Pri PriPubPub

Pub Pub

Keyserver

FAD43A

http://herraiz.org

Pri PriPubPub

Pub Pub

Keyserver

Hi there!

http://herraiz.org

Pri PriPubPub

Pub Pub

Keyserver

Hi there!

http://herraiz.org

Identity certificationIdentity certification

How do you know thatpublic keys belong to their

legitimate owners?

Public key

Barack Obama

Can we ensure that thekey does belong to

Barack Obama?

http://herraiz.org

Identity certificationIdentity certification

Certificate Authorities

Trust chain

http://herraiz.org

Public key signingPublic key signing

● Public keys are plain text documents that can be cryptographically signed

● Mutual public signing adds identity certification to PKP schemes

http://herraiz.org

Pri PriPubPub

Pub Pub

Keyserver

Barack Obama

http://herraiz.org

Pri PriPubPub

Pub Pub

Keyserver

Barack Obama

Key FE0A7AF2Name Barack ObamaFingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2

http://herraiz.org

Pri PriPubPub

Pub Pub

Keyserver

Barack Obama

http://herraiz.org

Pri PriPubPub

Pub Pub

Keyserver

Barack Obama

Show meyour passport

http://herraiz.org

Passport

BarackObama

Pri PriPubPub

Pub Pub

Keyserver

Barack Obama

Show meyour passport

http://herraiz.org

PriPub

Pub Pub

Keyserver

Barack ObamaD0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2

Download key FE0A7AF2

http://herraiz.org

PriPub

Pub Pub

Keyserver

http://herraiz.org

PriPub

Pub Pub

Keyserver

http://herraiz.org

PriPub

Pub Pub

Keyserver

PriPub

Barack Obama

Key signing isoften mutual

http://herraiz.org

Barack Obama

Is he Barack Obama?

Trust chain

http://herraiz.org

Signing partySigning party

http://herraiz.org

Take awayTake away

PK Cryptog.Secure comms.

throughinsec. channels

Each user createsa public-private

key pair

Keyserverscontain every

key in the world

Trust chainIdentity cert.

through public key signing

public key cryptography

us http

law http

care http

public key sample

private key sample

pgp private key block

world public keyserver

toolong key length

Education

3 public key cryptography

public-key cryptography and rsa

key exchange with public key cryptography

cryptography or smalltalkers 2 public key cryptography

public key cryptography and...

part 1 cryptography 1 chapter 4: public key cryptography...

12822.public key cryptography

part 1 cryptography 1 chapter 4: public key cryptography...

methods of public-key cryptography emilie wheeler ·...

overview of public-key cryptography

css322y13s2l07 public key cryptography

public key cryptography & password protocols

bronson jastrow. outline what is cryptography? symmetric...

certiﬁcateless public key cryptography - springer€¦ ·...

1 lecture 2: introduction to cryptography outline uses of...

public key cryptography

public key cryptography -...

public-key cryptography

chapter 9: public key cryptography

public-key cryptography - stanford university · public-key...