Tweet
Tweet

Slide 1

Slide 1 text

Alice & Bob Loadays - 16 & 17 april 2011 Antwerp - Belgium Public key cryptography 101 http://joind.in/3305 woensdag 25 april 12

Slide 2

Slide 2 text

Who am I? Joshua Thijssen (32) Senior Software Engineer @ Enrise Development in PHP, Python, Perl, C, Java.... Blogs: http://www.adayinthelifeof.nl http://www.enrise.com/blog Email: [email protected] Twitter: @jaytaph Identi.ca: jaytaph woensdag 25 april 12

Slide 3

Slide 3 text

What are we discussing? ‣ An introduction into public key encryption ‣ But first of all... ‣ Who are Alice and Bob??? woensdag 25 april 12

Slide 4

Slide 4 text

Terminology (1) woensdag 25 april 12

Slide 5

Slide 5 text

Terminology (1) Meet Alice, and Bob. woensdag 25 april 12

Slide 6

Slide 6 text

Terminology (2) Fictional characters who are representing either side of the (communication) line. Person A(lice) is sending a message to person B(ob). woensdag 25 april 12

Slide 7

Slide 7 text

Terminology (3) http://labs.google.com/sets?hl=en&q1=plaintext&q2=ciphertext&q3=cipher&q4=deterministic&q5=rsa&btn=Large+Set http://www.wordle.net/create woensdag 25 april 12

Slide 8

Slide 8 text

Encryption history Before we look at good encryptions, let’s take a look at some bad ones... http://www.flickr.com/photos/wwworks/4612188594/sizes/m/in/photostream/ woensdag 25 april 12

Slide 9

Slide 9 text

Encryption history (1) “algorithm”: A = 1, B = 2, C = 3, ...., Z = 26 ‣ SUBSTITUTION SCHEME woensdag 25 april 12

Slide 10

Slide 10 text

Encryption history (1) Encrypted message: 12,1,13,5 “algorithm”: A = 1, B = 2, C = 3, ...., Z = 26 ‣ SUBSTITUTION SCHEME woensdag 25 april 12

Slide 11

Slide 11 text

Encryption history (1) Encrypted message: 12,1,13,5 “algorithm”: A = 1, B = 2, C = 3, ...., Z = 26 = L,A,M,E ‣ SUBSTITUTION SCHEME woensdag 25 april 12

Slide 12

Slide 12 text

“algorithm”: A = (A + key) mod 26, B = (B + key) mod 26 .... Z = (Z + key) mod 26 or: m = m + k mod 26 ‣ CAESAREAN CIPHER Encryption history (2) woensdag 25 april 12

Slide 13

Slide 13 text

“algorithm”: A = (A + key) mod 26, B = (B + key) mod 26 .... Z = (Z + key) mod 26 or: m = m + k mod 26 Message: L A M E ‣ CAESAREAN CIPHER Encryption history (2) woensdag 25 april 12

Slide 14

Slide 14 text

“algorithm”: A = (A + key) mod 26, B = (B + key) mod 26 .... Z = (Z + key) mod 26 or: m = m + k mod 26 Message: L A M E Ciphertext (key=1): M B N F ‣ CAESAREAN CIPHER Encryption history (2) woensdag 25 april 12

Slide 15

Slide 15 text

“algorithm”: A = (A + key) mod 26, B = (B + key) mod 26 .... Z = (Z + key) mod 26 or: m = m + k mod 26 Message: L A M E Ciphertext (key=1): M B N F Ciphertext (key=-1): K Z L D ‣ CAESAREAN CIPHER Encryption history (2) woensdag 25 april 12

Slide 16

Slide 16 text

“algorithm”: A = (A + key) mod 26, B = (B + key) mod 26 .... Z = (Z + key) mod 26 or: m = m + k mod 26 Message: L A M E Ciphertext (key=1): M B N F Ciphertext (key=-1): K Z L D Ciphertext (key=26): L A M E ‣ CAESAREAN CIPHER Encryption history (2) woensdag 25 april 12

Slide 17

Slide 17 text

“algorithm”: A = (A + key) mod 26, B = (B + key) mod 26 .... Z = (Z + key) mod 26 or: m = m + k mod 26 Message: L A M E Ciphertext (key=1): M B N F Ciphertext (key=-1): K Z L D Ciphertext (key=26): L A M E Ciphertext (key=0): L A M E ‣ CAESAREAN CIPHER Encryption history (2) woensdag 25 april 12

Slide 18

Slide 18 text

“algorithm”: A = (A + key) mod 26, B = (B + key) mod 26 .... Z = (Z + key) mod 26 or: m = m + k mod 26 Message: L A M E Ciphertext (key=1): M B N F Ciphertext (key=-1): K Z L D Ciphertext (key=26): L A M E Ciphertext (key=0): L A M E Ciphertext (key=13): Y N Z R (ROT13) ‣ CAESAREAN CIPHER Encryption history (2) woensdag 25 april 12

Slide 19

Slide 19 text

Encryption history (3) ‣ FLAWS ON THESE CIPHERS woensdag 25 april 12

Slide 20

Slide 20 text

Encryption history (3) ‣ Key is too easy to guess. ‣ FLAWS ON THESE CIPHERS woensdag 25 april 12

Slide 21

Slide 21 text

Encryption history (3) ‣ Key is too easy to guess. ‣ Key has to be send to Bob. ‣ FLAWS ON THESE CIPHERS woensdag 25 april 12

Slide 22

Slide 22 text

Encryption history (3) ‣ Key is too easy to guess. ‣ Key has to be send to Bob. ‣ Deterministic. ‣ FLAWS ON THESE CIPHERS woensdag 25 april 12

Slide 23

Slide 23 text

Encryption history (3) ‣ Key is too easy to guess. ‣ Key has to be send to Bob. ‣ Deterministic. ‣ Prone to frequency analysis. ‣ FLAWS ON THESE CIPHERS woensdag 25 april 12

Slide 24

Slide 24 text

Frequency Analysis (1) woensdag 25 april 12

Slide 25

Slide 25 text

Frequency Analysis (1) ‣ The usage of every letter in the English (or any other language) can be represented by a percentage. woensdag 25 april 12

Slide 26

Slide 26 text

Frequency Analysis (1) ‣ The usage of every letter in the English (or any other language) can be represented by a percentage. ‣ ‘E’ is used 12.7% of the times in english texts, the ‘Z’ only 0.074%. woensdag 25 april 12

Slide 27

Slide 27 text

Frequency Analysis (2) http://www.gutenberg.org/cache/epub/14082/pg14082.txt Once upon a midnight dreary, while I pondered, weak and weary, Over many a quaint and curious volume of forgotten lore— While I nodded, nearly napping, suddenly there came a tapping, As of some one gently rapping—rapping at my chamber door. "'Tis some visitor," I muttered, "tapping at my chamber door— Only this and nothing more." Ah, distinctly I remember, it was in the bleak December, And each separate dying ember wrought its ghost upon the floor. Eagerly I wished the morrow;—vainly I had sought to borrow From my books surcease of sorrow—sorrow for the lost Lenore— For the rare and radiant maiden whom the angels name Lenore— Nameless here for evermore. And the silken sad uncertain rustling of each purple curtain Thrilled me—filled me with fantastic terrors never felt before; So that now, to still the beating of my heart, I stood repeating "'Tis some visitor entreating entrance at my chamber door— Some late visitor entreating entrance at my chamber door;— This it is and nothing more." ‣ EDGAR ALLAN POE: THE RAVEN woensdag 25 april 12

Slide 28

Slide 28 text

Frequency Analysis (3) A small bit of text can result in differences, but still there are some letters we can deduce.. ‣ “THE RAVEN”, FIRST PARAGRAPH woensdag 25 april 12

Slide 29

Slide 29 text

Frequency Analysis (3) A small bit of text can result in differences, but still there are some letters we can deduce.. ‣ “THE RAVEN”, FIRST PARAGRAPH woensdag 25 april 12

Slide 30

Slide 30 text

Frequency Analysis (4) We can deduce almost all letters just without even CARING about the crypto algorithm used. ‣ “THE RAVEN”, ALL PARAGRAPHS woensdag 25 april 12

Slide 31

Slide 31 text

Encryption algorithms ‣ WHAT IS A GOOD ENCRYPTION ALGORITHM? woensdag 25 april 12

Slide 32

Slide 32 text

Encryption algorithms ‣ Have an “open” algorithm. ‣ WHAT IS A GOOD ENCRYPTION ALGORITHM? woensdag 25 april 12

Slide 33

Slide 33 text

Encryption algorithms ‣ Have an “open” algorithm. ‣ Have strong mathematical proof. ‣ WHAT IS A GOOD ENCRYPTION ALGORITHM? woensdag 25 april 12

Slide 34

Slide 34 text

Encryption algorithms ‣ Have an “open” algorithm. ‣ Have strong mathematical proof. ‣ Knowing the algorithm cannot let you encrypt or decrypt without the key. ‣ WHAT IS A GOOD ENCRYPTION ALGORITHM? woensdag 25 april 12

Slide 35

Slide 35 text

Encryption algorithms (1) ‣ SYMMETRICAL ALGORITHMS woensdag 25 april 12

Slide 36

Slide 36 text

Encryption algorithms (1) ‣ Previous examples were symmetrical encryptions. ‣ SYMMETRICAL ALGORITHMS woensdag 25 april 12

Slide 37

Slide 37 text

Encryption algorithms (1) ‣ Previous examples were symmetrical encryptions. ‣ Same key is used for both encryption and decryption. ‣ SYMMETRICAL ALGORITHMS woensdag 25 april 12

Slide 38

Slide 38 text

Encryption algorithms (1) ‣ Previous examples were symmetrical encryptions. ‣ Same key is used for both encryption and decryption. ‣ Good symmetrical encryptions: AES, Blowfish, (3)DES ‣ SYMMETRICAL ALGORITHMS woensdag 25 april 12

Slide 39

Slide 39 text

Encryption algorithms (2) ‣ THE PROBLEM WITH SYMMETRICAL ALGORITHMS woensdag 25 april 12

Slide 40

Slide 40 text

Encryption algorithms (2) ‣ How do we send over the key securely? ‣ THE PROBLEM WITH SYMMETRICAL ALGORITHMS woensdag 25 april 12

Slide 41

Slide 41 text

Encryption algorithms (2) ‣ How do we send over the key securely? ‣ O hai egg, meet chicken. ‣ THE PROBLEM WITH SYMMETRICAL ALGORITHMS woensdag 25 april 12

Slide 42

Slide 42 text

Public key encryption Another encryption method: asymmetrical encryption or public key encryption. ‣ FINALLY, WE HAVE ARRIVED... woensdag 25 april 12

Slide 43

Slide 43 text

Public key encryption (1) http://upload.wikimedia.org/wikipedia/commons/f/f9/Public_key_encryption.svg ‣ USES 2 KEYS INSTEAD OF ONE: A KEYPAIR woensdag 25 april 12

Slide 44

Slide 44 text

Public key encryption (2) It is NOT possible to decrypt the message with same key that is used to encrypt We can encrypt with either key. woensdag 25 april 12

Slide 45

Slide 45 text

Public key encryption (3) ‣ MULTIPLE APPLICATIONS FOR PUBLIC KEY ENCRYPTION woensdag 25 april 12

Slide 46

Slide 46 text

Public key encryption (3) ‣ Can be used for encrypting data. ‣ MULTIPLE APPLICATIONS FOR PUBLIC KEY ENCRYPTION woensdag 25 april 12

Slide 47

Slide 47 text

Public key encryption (3) ‣ Can be used for encrypting data. ‣ Can be used for data validation and authentication (signing). ‣ MULTIPLE APPLICATIONS FOR PUBLIC KEY ENCRYPTION woensdag 25 april 12

Slide 48

Slide 48 text

Symmetrical vs Asymmetrical (1) Symmetrical ✓ quick. ✓ not resource intensive. ✓ useful for small and large messages. ✗ need to send over the key to the other side. Asymmetrical ✓ no need to send over the (whole) key. ✓ can be used for encryption and validation (signing). ✗ very resource intensive. ✗ only useful for small messages. woensdag 25 april 12

Slide 49

Slide 49 text

Symmetrical vs Asymmetrical (2) Use symmetrical encryption for the (large) message and encrypt the key used with an asymmetrical encryption method. woensdag 25 april 12

Slide 50

Slide 50 text

Symmetrical vs Asymmetrical (3) Hybrid ✓ quick ✓ not resource intensive ✓ useful for small and large messages ✓ safely exchange key data woensdag 25 april 12

Slide 51

Slide 51 text

Symmetrical vs Asymmetrical (3) + Hybrid ✓ quick ✓ not resource intensive ✓ useful for small and large messages ✓ safely exchange key data woensdag 25 april 12

Slide 52

Slide 52 text

Symmetrical vs Asymmetrical (3) + = http://www.zastavki.com/pictures/1152x864/2008/Animals_Cats_Small_cat_005241_.jpg Hybrid ✓ quick ✓ not resource intensive ✓ useful for small and large messages ✓ safely exchange key data woensdag 25 april 12

Slide 53

Slide 53 text

How does it work? We will focus on the popular RSA, but there are other algorithms as well: DH, DSS(DSA) etc... woensdag 25 april 12

Slide 54

Slide 54 text

How does it work? (1) Public key encryption works on the premise that it is practically impossible to refactor a large number back into 2 separate prime numbers. woensdag 25 april 12

Slide 55

Slide 55 text

How does it work? (1) Public key encryption works on the premise that it is practically impossible to refactor a large number back into 2 separate prime numbers. Prime number is only divisible by 1 and itself: 2, 3, 5, 7, 11, 13, 17, 19 etc... woensdag 25 april 12

Slide 56

Slide 56 text

How does it work? (2) woensdag 25 april 12

Slide 57

Slide 57 text

How does it work? (2) ‣ There is no proof that it’s impossible to refactor quickly (all tough it doesn’t look plausible) woensdag 25 april 12

Slide 58

Slide 58 text

How does it work? (2) ‣ There is no proof that it’s impossible to refactor quickly (all tough it doesn’t look plausible) ‣ Brute-force decrypting is always lurking around (quicker machines, better algorithms). woensdag 25 april 12

Slide 59

Slide 59 text

How does it work? (2) ‣ There is no proof that it’s impossible to refactor quickly (all tough it doesn’t look plausible) ‣ Brute-force decrypting is always lurking around (quicker machines, better algorithms). ‣ Good enough today != good enough tomorrow. woensdag 25 april 12

Slide 60

Slide 60 text

How does it work? (3) woensdag 25 april 12

Slide 61

Slide 61 text

How does it work? (3) “large” number: 221 woensdag 25 april 12

Slide 62

Slide 62 text

How does it work? (3) “large” number: 221 but we cannot “calculate” its prime factors without brute force (it’s 13 and 17 btw) woensdag 25 april 12

Slide 63

Slide 63 text

Math example ‣ LET’S DO SOME MATH woensdag 25 april 12

Slide 64

Slide 64 text

Math example This is mathness! woensdag 25 april 12

Slide 65

Slide 65 text

Math example No, this is RSAAAAAAAA woensdag 25 april 12

Slide 66

Slide 66 text

Math example woensdag 25 april 12

Slide 67

Slide 67 text

Math example ‣ p = (large) prime number ‣ q = (large) prime number (but not too close to p) ‣ n = p . q (= bit length of the rsa-key) ‣ φ = (p-1) . (q-1) (the φ thingie is called phi) ‣ e = gcd(e, φ) = 1 ‣ d = e^-1 mod φ ‣ public key = tuple (n, e) ‣ private key = tuple (n, d) woensdag 25 april 12

Slide 68

Slide 68 text

Math example woensdag 25 april 12

Slide 69

Slide 69 text

Math example Step 1: select primes P and Q ‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ? woensdag 25 april 12

Slide 70

Slide 70 text

Math example Step 1: select primes P and Q ‣ P = 11 ‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ? woensdag 25 april 12

Slide 71

Slide 71 text

Math example Step 1: select primes P and Q ‣ P = 11 ‣ Q = 3 ‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ? woensdag 25 april 12

Slide 72

Slide 72 text

Math example Step 2: calculate N and Phi ‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ? woensdag 25 april 12

Slide 73

Slide 73 text

Math example ‣ N = P . Q = 11.3 = 33 Step 2: calculate N and Phi ‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ? woensdag 25 april 12

Slide 74

Slide 74 text

Math example ‣ N = P . Q = 11.3 = 33 ‣ Phi = (11-1) . (3-1) = 10.2 = 20 Step 2: calculate N and Phi ‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ? woensdag 25 april 12

Slide 75

Slide 75 text

Math example Step 3: find e ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ? woensdag 25 april 12

Slide 76

Slide 76 text

Math example Step 3: find e ‣ e = 3 (Fermat prime: 3, 17, 65537) ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ? woensdag 25 april 12

Slide 77

Slide 77 text

Math example Step 3: find e ‣ e = 3 (Fermat prime: 3, 17, 65537) ‣ gcd(3, 20) = 1 ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ? woensdag 25 april 12

Slide 78

Slide 78 text

Math example ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ? Step 4: find d woensdag 25 april 12

Slide 79

Slide 79 text

Math example ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ? Step 4: find d ‣ Extended Euclidean Algorithm gives 7 woensdag 25 april 12

Slide 80

Slide 80 text

Math example ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ? Step 4: find d ‣ Extended Euclidean Algorithm gives 7 ‣ brute force: (e.d mod n = 1) woensdag 25 april 12

Slide 81

Slide 81 text

Math example ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ? Step 4: find d ‣ Extended Euclidean Algorithm gives 7 ‣ brute force: (e.d mod n = 1) 3 . 1 = 3 mod 20 = 3 3 . 2 = 6 mod 20 = 6 3 . 3 = 9 mod 20 = 9 3 . 4 = 12 mod 20 = 12 3 . 5 = 15 mod 20 = 15 3 . 6 = 18 mod 20 = 18 3 . 7 = 21 mod 20 = 1 3 . 8 = 24 mod 20 = 4 3 . 9 = 27 mod 20 = 7 woensdag 25 april 12

Slide 82

Slide 82 text

Math example ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7 woensdag 25 april 12

Slide 83

Slide 83 text

Math example That’s it: ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7 woensdag 25 april 12

Slide 84

Slide 84 text

Math example That’s it: ‣ public key = (n, e) = (33, 3) ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7 woensdag 25 april 12

Slide 85

Slide 85 text

Math example That’s it: ‣ public key = (n, e) = (33, 3) ‣ private key = (n, d) = (33, 7) ‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7 woensdag 25 april 12

Slide 86

Slide 86 text

Math example The actual math is much more complex since we use very large numbers, but it all comes down to these (relatively simple) calculations.. woensdag 25 april 12

Slide 87

Slide 87 text

Encrypting & decrypting Encrypting a message: c = me mod n Decrypting a message: m = cd mod n woensdag 25 april 12

Slide 88

Slide 88 text

Encrypting & decrypting (1) Encrypting a message: private key = (n,d) = (33, 7): m = 13, 20, 15, 5 13^7 mod 33 = 7 20^7 mod 33 = 26 15^7 mod 33 = 27 5^7 mod 33 = 14 c = 7, 26, 27,14 woensdag 25 april 12

Slide 89

Slide 89 text

Encrypting & decrypting (2) Decrypting a message: public key = (n,e) = (33, 3): c = 7, 26, 27, 14 7^3 mod 33 = 13 26^3 mod 33 = 20 27^3 mod 33 = 15 14^3 mod 33 =5 m = 13, 20, 15, 5 woensdag 25 april 12

Slide 90

Slide 90 text

Encrypting & decrypting (3) woensdag 25 april 12

Slide 91

Slide 91 text

‣ A message is an “integer”, not a block of data. Encrypting & decrypting (3) woensdag 25 april 12

Slide 92

Slide 92 text

‣ A message is an “integer”, not a block of data. ‣ A message must be between 2 and n-1. Encrypting & decrypting (3) woensdag 25 april 12

Slide 93

Slide 93 text

‣ A message is an “integer”, not a block of data. ‣ A message must be between 2 and n-1. ‣ Deterministic, so we must use a padding scheme to make it non-deterministic. Encrypting & decrypting (3) woensdag 25 april 12

Slide 94

Slide 94 text

‣ Public Key Cryptography Standard #1 ‣ Pads data with (random) bytes up to n bits in length (v1.5 or OAEP/v2.x). ‣ Got it flaws and weaknesses too. Always use the latest available version (v2.1) Encrypting & decrypting (4) ‣ http://www.rsa.com/rsalabs/node.asp?id=2125 woensdag 25 april 12

Slide 95

Slide 95 text

‣ PKCS#1 (v1.5) IN ACTION Data = 4E636AF98E40F3ADCFCCB698F4E80B9F The encoded message block, EMB, after encoding but before encryption, with random padding bytes shown in green: 0002257F48FD1F1793B7E5E02306F2D3228F5C95ADF5F31566729F132AA12009 E3FC9B2B475CD6944EF191E3F59545E671E474B555799FE3756099F044964038 B16B2148E9A2F9C6F44BB5C52E3C6C8061CF694145FAFDB24402AD1819EACEDF 4A36C6E4D2CD8FC1D62E5A1268F496004E636AF98E40F3ADCFCCB698F4E80B9F After RSA encryption, the output is: 3D2AB25B1EB667A40F504CC4D778EC399A899C8790EDECEF062CD739492C9CE5 8B92B9ECF32AF4AAC7A61EAEC346449891F49A722378E008EFF0B0A8DBC6E621 EDC90CEC64CF34C640F5B36C48EE9322808AF8F4A0212B28715C76F3CB99AC7E 609787ADCE055839829E0142C44B676D218111FFE69F9D41424E177CBA3A435B http://www.di-mgt.com.au/rsa_alg.html#pkcs1schemes Encrypting & decrypting (5) woensdag 25 april 12

Slide 96

Slide 96 text

Implementations of public keys in real life http://farm4.static.flickr.com/3538/3420164047_09ccc14e29.jpg woensdag 25 april 12

Slide 97

Slide 97 text

Web communication public key encryption in Web communications (aka: I never use my credit card for internet purchases. It’s not safe. Instead, I gave it to the waiter who walked away with it into the kitchen for 5 minutes..) woensdag 25 april 12

Slide 98

Slide 98 text

Web communication (1) ‣ BACK IN TIME Welcome to 1991: HTTP is plaintext. Everybody can be trusted. This page is under construction, here’s a photo of my cat and a link to geocities. woensdag 25 april 12

Slide 99

Slide 99 text

Web communication (2) ‣ BUT NOW... woensdag 25 april 12

Slide 100

Slide 100 text

Web communication (2) ‣ BUT NOW... ‣ Free WiFi everywhere woensdag 25 april 12

Slide 101

Slide 101 text

Web communication (2) ‣ BUT NOW... ‣ Free WiFi everywhere ‣ Traffic snooping woensdag 25 april 12

Slide 102

Slide 102 text

Web communication (2) ‣ BUT NOW... ‣ Free WiFi everywhere ‣ Traffic snooping ‣ Authorization: Basic? (yes, VERY basic) woensdag 25 april 12

Slide 103

Slide 103 text

Web communication (3) ‣ USING HTTPS woensdag 25 april 12

Slide 104

Slide 104 text

Web communication (3) ‣ USING HTTPS ‣ HTTP encapsulated by TLS (previously SSL). woensdag 25 april 12

Slide 105

Slide 105 text

Web communication (3) ‣ USING HTTPS ‣ HTTP encapsulated by TLS (previously SSL). ‣ More or less: an encryption layer on top of http. woensdag 25 april 12

Slide 106

Slide 106 text

Web communication (3) ‣ USING HTTPS ‣ HTTP encapsulated by TLS (previously SSL). ‣ More or less: an encryption layer on top of http. ‣ Hybrid encryption. woensdag 25 april 12

Slide 107

Slide 107 text

Web communication (4) woensdag 25 april 12

Slide 108

Slide 108 text

Web communication (4) ‣ Actual encryption methodology is decided by the browser and the server (highest possible encryption used). woensdag 25 april 12

Slide 109

Slide 109 text

Web communication (4) ‣ Actual encryption methodology is decided by the browser and the server (highest possible encryption used). ‣ Symmetric encryption (AES-256, others) woensdag 25 april 12

Slide 110

Slide 110 text

Web communication (4) ‣ Actual encryption methodology is decided by the browser and the server (highest possible encryption used). ‣ Symmetric encryption (AES-256, others) ‣ But both sides needs the same key, so we have the same problem as before: how do we send over the key? woensdag 25 april 12

Slide 111

Slide 111 text

Web communication (5) woensdag 25 april 12

Slide 112

Slide 112 text

Web communication (5) ‣ Key is exchanged in a public/private encrypted communication. woensdag 25 april 12

Slide 113

Slide 113 text

Web communication (5) ‣ Key is exchanged in a public/private encrypted communication. ‣ Which public and private key? woensdag 25 april 12

Slide 114

Slide 114 text

Web communication (5) ‣ Key is exchanged in a public/private encrypted communication. ‣ Which public and private key? ‣ They are stored inside the server’s SSL certificate woensdag 25 april 12

Slide 115

Slide 115 text

Web communication (6) ‣ “GLOBAL” HTTPS HANDSHAKE woensdag 25 april 12

Slide 116

Slide 116 text

Web communication (6) ‣ “GLOBAL” HTTPS HANDSHAKE ‣ Browser sends over its encryption methods. woensdag 25 april 12

Slide 117

Slide 117 text

Web communication (6) ‣ “GLOBAL” HTTPS HANDSHAKE ‣ Browser sends over its encryption methods. ‣ Server decides which one to use. woensdag 25 april 12

Slide 118

Slide 118 text

Web communication (6) ‣ “GLOBAL” HTTPS HANDSHAKE ‣ Browser sends over its encryption methods. ‣ Server decides which one to use. ‣ Server send certificate(s). woensdag 25 april 12

Slide 119

Slide 119 text

Web communication (6) ‣ “GLOBAL” HTTPS HANDSHAKE ‣ Browser sends over its encryption methods. ‣ Server decides which one to use. ‣ Server send certificate(s). ‣ Client sends “session key” encrypted by the public key found in the server certificate. woensdag 25 april 12

Slide 120

Slide 120 text

Web communication (6) ‣ “GLOBAL” HTTPS HANDSHAKE ‣ Browser sends over its encryption methods. ‣ Server decides which one to use. ‣ Server send certificate(s). ‣ Client sends “session key” encrypted by the public key found in the server certificate. ‣ Server and client uses the “session key” for symmetrical encryption. woensdag 25 april 12

Slide 121

Slide 121 text

Web communication (7) woensdag 25 april 12

Slide 122

Slide 122 text

Web communication (7) ‣ Thus: Public/private encryption is only used in establishing a secondary (better!?) encryption. woensdag 25 april 12

Slide 123

Slide 123 text

Web communication (7) ‣ Thus: Public/private encryption is only used in establishing a secondary (better!?) encryption. ‣ SSL/TLS is a separate talk (it’s way more complex as this) woensdag 25 april 12

Slide 124

Slide 124 text

Email communication public key encryption in Email communication (aka: the worst communication method invented when it comes to privacy or secrecy, except for yelling) woensdag 25 april 12

Slide 125

Slide 125 text

Email communication (2) http://torontoemerg.files.wordpress.com/2010/09/spam.gif http://change-your-ip.com/wp-content/uploads/image/nigerian_419_scam.jpg woensdag 25 april 12

Slide 126

Slide 126 text

Email communication (3) ‣ DID YOU EVER SEND/RECEIVE EMAILS LIKE THIS? woensdag 25 april 12

Slide 127

Slide 127 text

Email communication (4) woensdag 25 april 12

Slide 128

Slide 128 text

Email communication (4) ‣ Did Bill really send this email? woensdag 25 april 12

Slide 129

Slide 129 text

Email communication (4) ‣ Did Bill really send this email? ‣ Do we know for sure that nobody has read this email (before it came to us?) woensdag 25 april 12

Slide 130

Slide 130 text

Email communication (4) ‣ Did Bill really send this email? ‣ Do we know for sure that nobody has read this email (before it came to us?) ‣ Do we know for sure that the contents of the message isn’t tampered with? woensdag 25 april 12

Slide 131

Slide 131 text

Email communication (4) ‣ Did Bill really send this email? ‣ Do we know for sure that nobody has read this email (before it came to us?) ‣ Do we know for sure that the contents of the message isn’t tampered with? ‣ We use signing! woensdag 25 april 12

Slide 132

Slide 132 text

Signing (1) woensdag 25 april 12

Slide 133

Slide 133 text

Signing (1) ‣ Signing a message means adding a signature that authenticates the validity of a message. woensdag 25 april 12

Slide 134

Slide 134 text

Signing (1) ‣ Signing a message means adding a signature that authenticates the validity of a message. ‣ Like md5 or sha1, so when the message changes, so will the signature. woensdag 25 april 12

Slide 135

Slide 135 text

Signing (1) ‣ Signing a message means adding a signature that authenticates the validity of a message. ‣ Like md5 or sha1, so when the message changes, so will the signature. ‣ This works on the premise that Alice and only Alice has the private key that can create the signature. woensdag 25 april 12

Slide 136

Slide 136 text

Signing (2) http://en.wikipedia.org/wiki/File:Digital_Signature_diagram.svg woensdag 25 april 12

Slide 137

Slide 137 text

Signing (3) woensdag 25 april 12

Slide 138

Slide 138 text

Signing (3) ‣ GPG / PGP: Application for signing and/or encrypting data (or emails). woensdag 25 april 12

Slide 139

Slide 139 text

Signing (3) ‣ GPG / PGP: Application for signing and/or encrypting data (or emails). ‣ Try it yourself with Thunderbird’s Enigmail extension. woensdag 25 april 12

Slide 140

Slide 140 text

Signing (3) ‣ GPG / PGP: Application for signing and/or encrypting data (or emails). ‣ Try it yourself with Thunderbird’s Enigmail extension. ‣ Public keys can be send / found on PGP- servers so you don’t need to send your keys to everybody all the time. woensdag 25 april 12

Slide 141

Slide 141 text

Signing (4) woensdag 25 april 12

Slide 142

Slide 142 text

Signing (5) woensdag 25 april 12

Slide 143

Slide 143 text

Signing (5) woensdag 25 april 12

Slide 144

Slide 144 text

Signing (5) woensdag 25 april 12

Slide 145

Slide 145 text

Email communication (10) ‣ ADVANTAGES OF SIGNING YOUR MAIL woensdag 25 april 12

Slide 146

Slide 146 text

Email communication (10) ‣ ADVANTAGES OF SIGNING YOUR MAIL ‣ Everybody can send emails that ONLY YOU can read. woensdag 25 april 12

Slide 147

Slide 147 text

Email communication (10) ‣ ADVANTAGES OF SIGNING YOUR MAIL ‣ Everybody can send emails that ONLY YOU can read. ‣ Everybody can verify that YOU have send the email and that it is authentic. woensdag 25 april 12

Slide 148

Slide 148 text

Email communication (10) ‣ ADVANTAGES OF SIGNING YOUR MAIL ‣ Everybody can send emails that ONLY YOU can read. ‣ Everybody can verify that YOU have send the email and that it is authentic. ‣ Why is this not the standard? woensdag 25 april 12

Slide 149

Slide 149 text

Email communication (10) ‣ ADVANTAGES OF SIGNING YOUR MAIL ‣ Everybody can send emails that ONLY YOU can read. ‣ Everybody can verify that YOU have send the email and that it is authentic. ‣ Why is this not the standard? ‣ No really, why isn’t it the standard? woensdag 25 april 12

Slide 150

Slide 150 text

Email communication (7) woensdag 25 april 12

Slide 151

Slide 151 text

Email communication (8) woensdag 25 april 12

Slide 152

Slide 152 text

Email communication (9) Stupidity trumps everything: Don’t loose your private key(s) (as I did on multiple occasions) http://farm4.static.flickr.com/3231/2783827537_b4d2a5cc9a.jpg woensdag 25 april 12

Slide 153

Slide 153 text

Other applications ‣ PUBLIC KEY ENCRYPTION IN OTHER FIELDS PGP / GPG (encrypt / decrypt sensitive data) OpenSSH (Secure connection to other systems) IPSEC (VPN tunnels) Software signing woensdag 25 april 12

Slide 154

Slide 154 text

Any questions? http://farm1.static.flickr.com/73/163450213_18478d3aa6_d.jpg woensdag 25 april 12

Slide 155

Slide 155 text

‣ THANK YOU FOR YOUR ATTENTION Please rate my talk on joind.in: http://joind.in/3305 woensdag 25 april 12