Public  Key   Cryptography   Vimal Atreya Ramaka 

Overview •  Introduction •  Public Key Cryptography •  Public Key Encryption •  Digital Signature •  Authentication with Public Key •  Examples of Authentication with Public Key •  Weaknesses 

Introduction •  We use networks for: o  Communication o  File Sharing o  Information Sharing •  Data / messages need to be secure 

Public  Key  Cryptography •  A form of cryptography in which the key used to encrypt a message differs from the key used to decrypt it. •  A user has a pair of keys: o  Public Key o  Private Key 

Public  Key  Cryptography •  Two main branches of Public Key Cryptography: •  Public Key Encryption •  Digital Signatures 

Key  Terms •  Public Key and Private Key o  The pair of keys generated by each user o  Usually the receiver provides the sender of the message with their public key to encrypt the plain text •  Cipher Text o  This is the scrambled message produced as output. It depends on the plain text and the key. For a given message, two different keys will produce two different cipher texts 

Public  Key  Encryption •  A message encrypted with a recipients public key cannot be decrypted by anyone except the recipient possessing the corresponding private key 

Public  Key  Encryption 

Digital  Signature •  An authentication mechanism that enables the creator or a message to attach a code that acts as a signature •  Used in situations where there is not complete trust between sender and receiver and something more than regular authentication is needed 

Public  Key  for   Authentication •  You generate a key pair, consisting of a public key and a private key. The private key is able to generate signatures. A signature created using your private key cannot be forged by anybody who does not have that key; but anybody who has your public key can verify that a particular signature is genuine. 

Public  Key  for   Authentication •  Copy the public key to the host server under a certain name. Then, when the server asks you to prove who you are, you can generate a signature using your private key. The server can verify that signature (since it has your public key) and allow you to log in. Now if the server is hacked or spoofed, the attacker does not gain your private key or password; they only gain one signature. And signatures cannot be re-used, so they have gained nothing. 

Places  that  use  Public  Key •  GitHub for authentication while pushing a code •  Amazon AWS for authentication to an instance •  Mostly any VPS or authentication to any remote system 

GitHub 

Amazon  AWS 

Weaknesses •  Computational Cost •  Vulnerable to Brute Force Attacks o  Relatively more vulnerable to brute force attacks when compared to other key cryptographies •  Vulnerable to the Man in the Middle Attack o  A malicious third party can intercept a public key on its way to one of the parties involved 

Thank  You