Public Key Cryptography

Transcript

1. Public  Key  
   Cryptography  
   Vimal Atreya Ramaka
   

   View Slide

2. Overview
   •  Introduction
   •  Public Key Cryptography
   •  Public Key Encryption
   •  Digital Signature
   •  Authentication with Public Key
   •  Examples of Authentication with Public Key
   •  Weaknesses
   

   View Slide

3. Introduction
   •  We use networks for:
   o  Communication
   o  File Sharing
   o  Information Sharing
   •  Data / messages need to be secure
   

   View Slide

4. Public  Key  Cryptography
   •  A form of cryptography in which the key used to
   encrypt a message differs from the key used to
   decrypt it.
   •  A user has a pair of keys:
   o  Public Key
   o  Private Key
   

   View Slide

5. Public  Key  Cryptography
   •  Two main branches of Public Key Cryptography:
   •  Public Key Encryption
   •  Digital Signatures
   

   View Slide

6. Key  Terms
   •  Public Key and Private Key
   o  The pair of keys generated by each user
   o  Usually the receiver provides the sender of the message with their public
   key to encrypt the plain text
   •  Cipher Text
   o  This is the scrambled message produced as output. It depends on the
   plain text and the key. For a given message, two different keys will
   produce two different cipher texts
   

   View Slide

7. Public  Key  Encryption
   •  A message encrypted with a recipients public key
   cannot be decrypted by anyone except the
   recipient possessing the corresponding private key
   

   View Slide

8. Public  Key  Encryption
   

   View Slide

9. Digital  Signature
   •  An authentication mechanism that enables the
   creator or a message to attach a code that acts as
   a signature
   •  Used in situations where there is not complete trust
   between sender and receiver and something more
   than regular authentication is needed
   

   View Slide

10. Public  Key  for  
    Authentication
    •  You generate a key pair, consisting of a public key
    and a private key. The private key is able to
    generate signatures. A signature created using your
    private key cannot be forged by anybody who
    does not have that key; but anybody who has your
    public key can verify that a particular signature is
    genuine.
    

    View Slide

11. Public  Key  for  
    Authentication
    •  Copy the public key to the host server under a
    certain name. Then, when the server asks you to
    prove who you are, you can generate a signature
    using your private key. The server can verify that
    signature (since it has your public key) and allow
    you to log in. Now if the server is hacked or spoofed,
    the attacker does not gain your private key or
    password; they only gain one signature. And
    signatures cannot be re-used, so they have gained
    nothing.
    

    View Slide

12. Places  that  use  Public  Key
    •  GitHub for authentication while pushing a code
    •  Amazon AWS for authentication to an instance
    •  Mostly any VPS or authentication to any remote
    system
    

    View Slide

13. GitHub
    

    View Slide

14. Amazon  AWS
    

    View Slide

15. Weaknesses
    •  Computational Cost
    •  Vulnerable to Brute Force Attacks
    o  Relatively more vulnerable to brute force attacks when compared to
    other key cryptographies
    •  Vulnerable to the Man in the Middle Attack
    o  A malicious third party can intercept a public key on its way to one of the
    parties involved
    

    View Slide

16. Thank  You
    

    View Slide