Network Security - IIS Windows Server
Download
Report
Transcript Network Security - IIS Windows Server
Network Security
CPSC6128 – Lecture 5
Cryptography
CPSC6128 - Network Security
1
Cryptography
Overview
Symmetric Key Cryptography
Public Key Cryptography
Message integrity and digital signatures
References:
Stamp
Schneier
CPSC6128- Network Security
2
Cryptography basics
The process of converting plaintext into ciphertext
Plaintext
Readable text
Ciphertext
Unreadable or encrypted text
It is used to hide information from unauthorized users
Decryption
the process of converting ciphertext back to plaintext
CPSC6128- Network Security
3
History of Cryptography
Substitution Cipher
Replaces one letter with another letter based on some key
Example: Julius Ceasar’s Cipher
Key value of 3
ABCDEFGHIJKLMNOPQRSTUVWXYZ
DEFGHIJKLMNOPQRSTUVWXYZABC
CPSC6128- Network Security
4
History of Cryptography (cont)
Cryptanalysis
studies the process of breaking encryption algorithms
When a new encryption algorithm is developed
cryptanalysts study it and try to break it
This is an important part of the development cycle of a new
encryption algorithm
CPSC6128- Network Security
5
World War I
Zimmerman Telegram
Encrypted telegram from
foreign secretary of the German
empire to German ambassador
in Mexico
Intercepted and decrypted by
the British
Indicated that unrestricted sub
warfare would commence
Proposed an alliance with
Mexico to reclaim lost land to
US.
Pivotal in US entering WWI
Cortesty: Wikipedia
CPSC6128- Network Security
6
World War II
Enigma
Used by the Germans
Replaced letters as they were typed
Substitutions were computed using a key and a set of
switches and rotors
CPSC6128- Network Security
7
Cryptography Issues
Confidentiality
only sender, intended receiver should “understand” message
contents:
sender encrypts message
receiver decrypts message
End-Point Authentication
send, receiver want to confirm identity of each other.
Message Integrity
sender, receiver want to ensure message not altered
CPSC6128- Network Security
8
Friends and enemies: Alice, Bob, Eve (or Trudy)
Well known model in network security world
Bob, Alice want to communicate securely
Trudy (intruder) may intercept, delete, add to message
CPSC6128- Network Security
9
Who might Bob, Alice be?
...well, real-life Bobs and Alices
Web browsers/server for electronic transactions
online banking client/server
DNS servers
routers exchanging routing table updates
CPSC6128- Network Security
10
The Language of Cryptography
m plaintext message
KA(m) is ciphertext, encrypted with key KA
m = KB(KA(m))
CPSC6128- Network Security
11
Simple Encryption Scheme
Substitution Cipher
substituting one thing for another
Mono-alphabetic cipher: substitute one letter for another
Plaintext: abcdefghijklmnopqrstuvwxyz
Ciphertext: mnbvcxzasdfghjklpoiuytrewq
Example:
Plaintext: bob. i love you. alice
ciphertext: nkn. s gktc wky. mgsbc
Key: The mapping from the set of 26 letters to the set of 26 letters
CPSC6128- Network Security
12
Poly-alphabetic Encryption - Vignere
n monoalphabetic ciphers M1, M2, ...., Mn
Cycling pattern:
e.g. n=4, M1, M3, M4, M3, M2; M1, M3, M4, M3, M2
For each new plaintext symbol, use subsequent
monoalphabetic pattern in a cyclic pattern.
dog: d from M1, o from M3, g from M4
Key: the n ciphers and the cyclic pattern
CPSC6128- Network Security
13
Vigenere Square
CPSC6128- Network Security
14
Vernam – Perfect Substitution Cipher
If we use Vignere with keylength as long as the plaintext
then cryptanalysis will become very difficult.
If we change key every time we encrypt
then cryptanalyst’s job becomes even more difficult
One-time pad or Vernam Cipher
How do we get such long keys?
A large book shared by transmitter and receiver
Initial key followed by previous messages themselves!!
Random number sequence based on common shared and
secret seed
Such a cipher is difficult to break
but not very practical
CPSC6128- Network Security
15
Breaking an Encryption Scheme
Ciphertext only attack
Eve has ciphertext that she can analyze
Two approaches
Search through all keys
must be able to differentiate resulting plaintext from gibbersh
Statistical analysis
Know-plaintext attack
Eve has some plaintext corresponding to some ciphertext
eg, in monoalphabetic cipher, trudy determines pairings for
a,l,i,c,e,b,o
Chosen-plaintext attack
Eve can get the ciphertext from some chosen plaintext
CPSC6128- Network Security
16
Computational Effort Required
Time
Number of primitive operations required
Computational time required for the attack
Some attacks become more feasible as computing power becomes
cheaper and faster
Memory
Amount of storage required to complete the attack
This can be either hard disk or memory
Data
Amount of captured data required to complete the attack
CPSC6128- Network Security
17
Rainbow Tables attack
Time/Memory Tradeoff
Used to recover the plaintext from a given HASH value
Commonly used to attack HASHed password
SALT
random number concatenated to the HASH value to prevent Rainbow
table attacks
saltedhash(password) = hash(password.salt)
Since SALT is a random number
the attacker would have to compute a Rainbow table for each SALT value
Large SALT value is critical
More on Hashes Later
CPSC6128- Network Security
18
Types of Cryptography
Crypto often uses keys:
Algorithm is known to everyone
Only “keys” are secret
Kerckhoff’s Principle
Can be extended to security systems design in general
Public Key Cryptography
Involves the use of two keys
Symmetric key cryptography
Involves the use of one key
Hash functions
Involves the use of no keys
Nothing secret: How can this be useful?
CPSC6128- Network Security
19
Shannon Characteristics of Good Ciphers
The amount of secrecy needed should determine
the amount of labor appropriate for encryption and decryption
The set of keys and enciphering algorithms
should be free from complexity
The implementation of the process
should be as simple as possible
Errors in ciphering should not
propagate and cause corruption of future information in the message
The size of enciphered text
Should not be longer than the text of the original message
CPSC6128- Network Security
20
Confusion and Diffusion
Confusion
The cryptanalyst should not be able to predict what changing one
character in the plaintext will do to the ciphertext
Diffusion
Changes in the key should affect many parts in the ciphertext
CPSC6128- Network Security
21
Symmetric Key Cryptography
CPSC6128 - Network Security
22
Symmetric key Cryptography
Symmetric Key crypto
Bob and Alice share same symmetric key: Ks
CPSC6128- Network Security
23
Two Types of Symmetric Ciphers
Stream Ciphers
Encrypt one bit at a time
Block Ciphers
Break plaintext message into equal-size blocks
Encrypt each block as a unit
CPSC6128- Network Security
24
Stream Ciphers:
Combine each bit of keystream with bit of plaintext to get
bit of ciphertext
m(i) = ith bit of message
ks(i) = ith bit of keystream
c(i) = ith bit of ciphertext
c(i) = ks(i) m(i) ( = exclusive or)
m(i) = ks(i) c(i)
CPSC6128- Network Security
25
Problems With Stream Ciphers
Known plain-text attack
There’s often predictable and repetitive data in communication messages
attacker receives some cipher text c and correctly guesses corresponding
plaintext m
ks = m c
Attacker now observes c', obtained with same sequence ks
M' = ks c'
Even easier
Attacker obtains two ciphertexts, c and c', generating with same key
sequence
c c' = m m'
There are well known methods for decrypting 2 plaintexts given their XOR
Integrity problem too
suppose attacker knows c and m (eg, plaintext attack);
wants to change m to m'
calculates c' = c (m m')
sends c' to destination
CPSC6128- Network Security
26
Example: RC4 Stream Cipher
RC4 is a popular stream cipher
Extensively analyzed and considered good
Key can be from 1 to 256 bytes
Used in WEP for 802.11
Can be used in SSL
CPSC6128- Network Security
27
Block Ciphers
Message to be encrypted
is processed in blocks of k bits (e.g., 64-bit blocks).
1-to-1 mapping is used to
map k-bit block of plaintext to k-bit block of ciphertext
Example with k=3
input
000
001
010
011
output
110
111
101
100
input
100
101
110
111
output
011
010
000
001
What is the ciphertext for 010110001111 ?
CPSC6128- Network Security
28
Block Ciphers
How many possible mappings are there for k=3?
How many 3-bit inputs?
How many permutations of the 3-bit inputs?
Answer: 40,320 ; not very many!
In general, 2k! mappings; huge for k=64
Problem:
Table approach requires table with 264 entries
Each entry with 64 bits
Table is too big
instead use function that simulates a randomly permuted table
CPSC6128- Network Security
29
Prototype Function
From Kaufman
et al
64-bit input
8bits
8bits
8bits
8bits
8bits
8bits
8bits
8bits
S1
S2
S3
S4
S5
S6
S7
S8
8 bits
8 bits
8 bits
8 bits
8 bits
8 bits
8 bits
8 bits
64-bit intermediate
Loop for
n rounds
64-bit output
CPSC6128- Network Security
30
Why Rounds in Prototype?
If only a single round, then one bit of input affects at most
8 bits of output.
In 2nd round, the 8 affected bits get scattered and
inputted into multiple substitution boxes.
How many rounds?
How many times do you need to shuffle cards?
Becomes less efficient as n increases
CPSC6128- Network Security
31
Encrypting a Large Message
Why not just break message in 64-bit blocks, encrypt each
block separately?
If same block of plaintext appears twice, will give same cyphertext
How to fix it?
Generate random 64-bit number r(i) for each plaintext block m(i)
Calculate c(i) = KS( m(i) r(i) )
Transmit c(i), r(i), i=1,2,…
At receiver: m(i) = KS(c(i)) r(i)
Problem: inefficient, need to send c(i) and r(i)
CPSC6128- Network Security
32
Cipher Block Chaining (CBC)
CBC generates its own random numbers
Have encryption of current block depending on result of previous block
c(i) = KS( m(i) c(i-1) )
m(i) = KS( c(i)) c(i-1)
How to encrypt the first block?
Initialization vector (IV): random block = c(0)
IV does not have to be secret
Change IV for each message (or session)
Guarantees that even if the same message is sent repeatedly, the ciphertext will be completely
different each time
CPSC6128- Network Security
33
Cipher Block Chaining (CBC)
CPSC6128- Network Security
34
Symmetric Key Crypto: DES
DES: Data Encryption Standard
US encryption standard [NIST 1993]
56-bit symmetric key, 64-bit plaintext input
Block cipher with cipher block chaining
How secure is DES?
DES Challenge: 56-bit-key-encrypted phrase decrypted (brute force) in
less than a day
No known good analytic attack making DES more secure
3DES: encrypt/decrypt 3 times with 3 different keys
ciphertext = EK3(DK2(EK1(plaintext)))
CPSC6128- Network Security
35
Symmetric Key Crypto: DES
DES Operation:
initial permutation
16 identical “rounds” of function application
each using different 48 bits of key
Final permutation
CPSC6128- Network Security
36
Advanced Encryption Standard
New (Nov. 2001) symmetric-key NIST standard
Used to replace DES
Processes data in 128 bit blocks
128, 192, or 256 bit keys
Brute force decryption (try each key)
takes 1 day on DES, but 149 trillion years for AES
CPSC6128- Network Security
37
Public Key Cryptography
CPSC6128- Network Security
38
Why Public Key Cryptography
Symmetric Key Cryptography
Requires Sender and Receiver know shared key
Q: How do we agree on the key in the first place?
Public Key Cryptography
radically different approach [Diffie-Hellman76, RSA78]
Sender and receiver do not share secret key
public encryption key known to all
private decryption key known only to receiver
CPSC6128- Network Security
39
Public Key Cryptography
CPSC6128- Network Security
40
Public Key Encryption Algorithms:
Requirements:
+
need KB and KB such that:
-
+
B
B
K (K (m)) = m
+
Given public key K , it should be impossible to
compute private key K
B
-
B
RSA: Rivest, Shamir, Adelson algorithm
CPSC6128- Network Security
41
Prereq: Modular Arithmetic
x mod n = remainder of x when divide by n
Facts:
[(a mod n) + (b mod n)] mod n = (a+b) mod n
[(a mod n) - (b mod n)] mod n = (a-b) mod n
[(a mod n) * (b mod n)] mod n = (a*b) mod n
Thus
(a mod n)d mod n = ad mod n
Example: x=14, n=10, d=2:
(x mod n)d mod n = 42 mod 10 = 6
xd = 142 = 196 xd mod 10 = 6
CPSC6128- Network Security
42
RSA: Getting Ready
A message is a bit pattern
A bit pattern can be uniquely represented by an integer number
Thus encrypting a message is equivalent to encrypting a number
Example
m= 10010001 . This message is uniquely represented by the decimal
number 145. i.e. 14510 = 100100012
To encrypt m, we encrypt the corresponding number
which gives a new number (the cyphertext)
CPSC6128- Network Security
43
RSA: Creating Public/Private Keypair
1. Choose two large prime numbers p, q
(e.g., 1024 bits each)
2. Compute n = pq, Φ = (p-1)(q-1)
3. Choose e (with e<n) that has no common factors
with Φ. (e, Φ are “relatively prime”). There may be many
choices for w
4. Choose d such that ed-1 is exactly divisible by Φ.
(in other words: ed mod Φ = 1 ; or d = e -1 mod Φ)
{
{
5. Public key is (n,e). Private key is (n,d).
+
-
KB
KB
CPSC6128- Network Security
44
RSA: Encryption and Decryption
0. Given (n,e) and (n,d) as computed above
1. To encrypt message m (<n), compute
c = me mod n
2. To decrypt received bit pattern, c, compute
m = cd mod n
d
e
m = (m mod n)
mod n
c
CPSC6128- Network Security
45
RSA Example
Bob chooses p=5, q=7. Then n=35, Φ=24.
e=5 (so e, Φ relatively prime).
d=29 (so ed-1 exactly divisible by Φ).
Encrypting 8-bit messages.
e
bit pattern
m
m
0000l000
12*
248832
e
c = m mod n
encrypt:
decrypt:
c
17
c
d
481968572106750915091411825223071697
17
d
m = c mod n
12
* The letter “l”
CPSC6128- Network Security
46
RSA: Another Important Property
The following property will be very useful later:
-
+
K (K (m))
B B
+ = m = K (K (m))
B B
use public key
first, followed by
private key
use private key
first, followed by
public key
Result is the same!
CPSC6128- Network Security
47
Why Does RSA Work?
Must show that cd mod n = m
where c = me mod n
Fact: for any x and y: xy mod n = x(y mod z) mod n
where n= pq and z = (p-1)(q-1)
Thus,
cd mod n = (me mod n)d mod n
= med mod n
= m(ed mod z) mod n
= m1 mod n
=m
CPSC6128- Network Security
48
Why is RSA Secure?
Suppose you know Bob’s public key (n,e)
How hard is it to determine d?
Essentially need to find factors of n without knowing the two factors p and q
Fact: factoring a big number is hard.
Remember e is not unique!! Recent literature
Generating RSA Keys
Have to find big primes p and q
Approach: make good guess then apply testing rules
CPSC6128- Network Security
49
Session Keys KS
Exponentiation is computationally intensive
DES is at least 100 times faster than RSA
Bob and Alice use RSA to exchange a symmetric key KS
Once both have KS, they use symmetric key cryptography
CPSC6128- Network Security
50
Diffie-Hellman
Allows two entities to agree on shared key
But does not provide encryption
n is a large prime; g is a number less than n.
n and g are made public
a, g, n
a
b
g, n, A
A=g mod n
a
K=B mod n
b
B=g mod n
B
b
K=A mod n
a,b – Alice, Bob private key
A,B – Alice, Bob public key
K – Shared secrete
CPSC6128- Network Security
51
Diffie-Hellman Example
Alice and Bob agree to use a prime number
n=23 and base g=5.
Alice chooses a secret integer a=6
then sends Bob A = ga mod n
A = 56 mod 23 = 8.
Bob chooses a secret integer b=15
then sends Alice B = gb mod n
B = 515 mod 23 = 19.
Alice computes s = Ba mod n
196 mod 23 = 2.
Bob computes s = Ab mod n
815 mod 23 = 2.
CPSC6128- Network Security
52
Message Integrity and
Digital Signatures
CPSC6128- Network Security
53
Message Integrity
Allows communicating parties to verify the received
messages are authentic
Content of message has not been altered
Source of message is who/what you think it is
Message has not been artificially delayed (playback attack)
Sequence of messages is maintained
Let’s first talk about message digests
CPSC6128- Network Security
54
Encryption vs. Hashing
PlainText
Message
CipherText
Encryption( )
or
Hash
Decryption( )
Message Digest
Encryption keeps
Hash transforms message into
communications private
Encryption and decryption can
use same or different keys
Achieved by various algorithms,
e.g. DES, CAST
Need key management
fixed-size string
One-way hash function
Strongly collision-free hash
Message digest can be viewed as
“digital fingerprint”
Used for message integrity check
and digital certificates
Hash is generally faster than
encryption
CPSC6128- Network Security
Message Digests
Function H( ) that takes as input
an arbitrary length message and
outputs a fixed-length string:
“message signature”
Note that H( ) is a many-to-1
function
Desirable properties:
H( ) is often called a “hash
Easy to calculate
function”
Irreversibility
Can’t determine
m from H(m)
Collision resistance:
Computationally
difficult to produce m and
m’ such that H(m) =
H(m’)
Seemingly random output
CPSC6128- Network Security
56
Hash Function Algorithms
MD5 hash function widely used (RFC 1321)
computes 128-bit message digest in 4-step process
SHA-1 is also used
US standard [NIST, FIPS PUB 180-1]
160-bit message digest
kobrien-laptop:~ kobrien$ echo "test" | md5sum
d8e8fca2dc0f896fd7cb4cb0031ba249 kobrien-laptop:~ kobrien$ echo "test" | md5sum
d8e8fca2dc0f896fd7cb4cb0031ba249 kobrien-laptop:~ kobrien$ echo "test1" | md5sum
3e7705498e8be60520841409ebc69bc1 kobrien-laptop:~ kobrien$ echo "test1" | md5sum
3e7705498e8be60520841409ebc69bc1 -
CPSC6128- Network Security
57
Commonly Used Hash Functions
(MD5 and SHA)
Both MD5 and SHA are derived based on MD4
MD5 provides 128-bit output
SHA provide 160-bit output (only first 96 bits used in IPSec)
Both of MD5 and SHA are considered
one-way strongly collision-free hash functions
SHA is computationally slower than MD5, but more secure
MD5, SHA1 not collision resistant
Relevance to non-repudiation, commitment
CPSC6128- Network Security
So What Does This Mean?
SHA1 is still much safer than MD5
Best known attack has effort > 2^64
HMAC SHA1 (keyed SHA1)
believed to be unaffected by current attacks
Industry making a move towards SHA256
and other secure crypto methods
Actual transition will take place within standard groups first
IETF and NIST among others addressing this issue
CPSC6128- Network Security
Birthday Attack
If 23 people are in the room, what is the chance that they
all have different birthdays?
365 x 364 x 363 x 362 x 361 x 360 x . . . 343
365 365 365 365 365 365
365 = 49%
So there is a 51% chance that two of them have the same
birthday
CPSC6128- Network Security
60
Birthday Attack (Cont)
If there are N possible hash values,
You’ll find collisions when you have calculated 1.2 x sqrt(N)
values
SHA-1 uses a 160-bit key
Theoretically, it would require 280 computations to break
SHA-1 has already been broken, because of other weaknesses
CPSC6128- Network Security
61
Security Level of Crypto Algorithms
Security Level
Work Factor
Algorithms
Weak
O(240)
DES, MD5
Legacy
O(264)
RC4, SHA1
Minimum
O(280)
3DES, SEAL, SKIPJACK
Standard
O(2128)
AES-128, SHA-256
High
O(2192)
AES-192, SHA-384
Ultra
O(2256)
AES-256, SHA-512
CPSC6128- Network Security
Message Authentication Code (MAC)
Authenticates sender
Verifies message integrity
No encryption !
Also called “keyed hash”
Notation: MDm = H(s||m); send m||MDm
CPSC6128- Network Security
63
HMAC
Popular MAC standard
Addresses some subtle security flaws
1.
2.
3.
4.
Concatenates secret to front of message
Hashes concatenated message
Concatenates the secret to front of digest
Hashes the combination again
CPSC6128- Network Security
64
Example: OSPF
Recall that OSPF is an intra-AS routing protocol
Each router creates map of entire AS (or area) and
runs shortest path algorithm over map
Router receives link-state advertisements (LSAs) from all
other routers in AS
Attacks:
Message insertion
Message deletion
Message modification
How do we know if an OSPF message is authentic?
CPSC6128- Network Security
65
OSPF Authentication
Within an Autonomous
System, routers send OSPF messages to each other
OSPF provides authentication choices
No authentication
Shared password
inserted in clear in 64-bit authentication field in OSPF packet
Cryptographic hash
Cryptographic hash with MD5
64-bit authentication field includes 32-bit sequence number
MD5 is run over a concatenation of the OSPF packet and shared secret key
MD5 hash then appended to OSPF packet
encapsulated in IP datagram
CPSC6128- Network Security
66
End Point Authentication
Want to be sure of the originator of the message
end-point authentication
Assuming Alice and Bob have a shared secret, but will
MAC provide message authentication?
We do know that Alice created the message
But did she send it?
CPSC6128- Network Security
67
Playback Attack
Bob cannot distinguish
between the original communication and the later playback
The Problem is that the shared secret is used over and over
CPSC6128- Network Security
68
Defending Against Playback Attack: Nonce
1) Alice sends the message, ”I
am Alice," to Bob
2) Bob chooses a nonce,
R, and sends it to Alice
3) Alice encrypts the nonce
using Alice and Bob's
symmetric secret key, KA-B.
, and sends the encrypted
nonce, KA-B (R) back to
Bob.
A nonce is a number that a protocol will only ever use once-ina-lifetime
CPSC6128- Network Security
69
Nonce (con’t)
It is the fact that Alice knows KA-B and uses it to encrypt
a value that lets Bob know that the message he receives
was generated by Alice.
The nonce is used to insure that Alice is "live."
Bob decrypts the received message
If the decrypted nonce equals the nonce he sent Alice
then Alice is authenticated.
CPSC6128- Network Security
70
PKI: IKE Authentication Architecture
Registration and
Certification Issuance
Certificate
Authority
Key
Recovery
Certificate
Revocation
Key
Generation
Certificate
Distribution
Trusted
Time Service
Key Storage
Support for Non-Repudiation
CPSC6128- Network Security
Digital Signatures
Public
Private
Entity authentication
Data origin authentication
Integrity
Non-repudiation
CPSC6128- Network Security
Digital Signatures
One-Way Function
Easy to Produce Hash from Message
“Impossible” to Produce Message from Hash
Hash
Function
Alice
Hash of Message
Sign Hash with Private Key
s74hr7sh7040236fw
7sr7ewq7ytoj56o457
Signature = “Encrypted” Hash of Message
CPSC6128- Network Security
Signature Verification
Message
Decrypt the Received
Signature
Re-Hash the
Received
Message
Signature
Signature
Message with
Appended
Signature
Decrypt Using
Alice’s Public Key
Alice
Hash of
Message
Hash
Function
Hash Message
If Hashes Are
Equal, Signature
Is Authentic
CPSC6128- Network Security
Digital Signature = signed message digest
Bob sends digitally signed
message:
large
message
m
H: Hash
function
Bob’s
private
key K
B
+
Alice verifies signature and
integrity of digitally
signed message:
encrypted
msg digest
KB(H(m))
H(m)
digital
signature
(encrypt)
encrypted
msg digest
KB(H(m))
large
message
Bob’s
m
public
K+
key
H: Hash
B
function
digital
signature
(decrypt)
H(m)
H(m)
equal
?
CPSC6128- Network Security
75
Digital Signatures (more)
Alice thus verifies that:
m was signed by Bob (or some else used Bob’s private
key) by applying Bob’s public key KB to KB(m) then
checks KB(KB(m) ) = m.
• Bob signed m.
• No one else signed m.
• Bob signed m and not m’.
Non-repudiation:
• Alice can take m, and signature KB(m) to court and prove that
Bob signed m.
CPSC6128- Network Security
76
Public Key Certifcation
Motivation
Trudy plays pizza prank on Bob
Trudy creates e-mail order:
Dear Pizza Store, Please deliver to me four pepperoni pizzas. Thank you,
Bob
Trudy signs order with her private key
Trudy sends order to Pizza Store
Trudy sends to Pizza Store her public key, but says it’s Bob’s public key.
Pizza Store verifies signature; then delivers four pizzas to Bob.
Bob doesn’t even like Pepperoni
CPSC6128- Network Security
77
Certificate Authorities
Certification authority (CA)
binds public key to particular entity, E.
E (person, router) registers its public key with CA.
E provides “proof of identity” to CA.
CA creates certificate binding E to its public key.
certificate containing E’s public key digitally signed by CA – CA says
“this is E’s public key”
CPSC6128- Network Security
78
Certificate Authorities
When Alice wants Bob’s public key:
gets Bob’s certificate (Bob or elsewhere).
apply CA’s public key to Bob’s certificate, get Bob’s public key
CPSC6128- Network Security
79
X.509 v3 Certificate
Version
Serial Number
Signing Algorithm,
e.g. SHA1withRSA
Signature Algorithm ID
Issuer (CA) X.500 Name
CA’s Identity
Validity Period
Lifetime of this Cert
Subject X.500 Name
User’s Identity, e.g. cn, ou, o
Subject Public Algorithm ID
Key Info
Public Key Value
User’s Public Key (Bound
to User’s Subject Name)
Issuer Unique ID
Subject Unique ID
Other User Info,
e.g. subAltName, CDP
Extension
Signed by CA’s Private Key
CA Digital Signature
CPSC6128- Network Security
Example X.509 Certificate
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 7829 (0x1e95)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc,
OU=Certification Services Division,
CN=Thawte Server CA/[email protected]
Validity
Not Before: Jul 9 16:04:02 1998 GMT
Not After : Jul 9 16:04:02 1999 GMT
Subject: C=US, ST=Maryland, L=Pasadena, O=Brent Baccala,
OU=FreeSoft, CN=www.freesoft.org/[email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:b4:31:98:0a:c4:bc:62:c1:88:aa:dc:b0:c8:bb:
33:35:19:d5:0c:64:b9:3d:41:b2:96:fc:f3:31:e1:
66:36:d0:8e:56:12:44:ba:75:eb:e8:1c:9c:5b:66:
70:33:52:14:c9:ec:4f:91:51:70:39:de:53:85:17:
16:94:6e:ee:f4:d5:6f:d5:ca:b3:47:5e:1b:0c:7b:
c5:cc:2b:6b:c1:90:c3:16:31:0d:bf:7a:c7:47:77:
8f:a0:21:c7:4c:d0:16:65:00:c1:0f:d7:b8:80:e3:
d2:75:6b:c1:ea:9e:5c:5c:ea:7d:c1:a1:10:bc:b8:
e8:35:1c:9e:27:52:7e:41:8f
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSAEncryption
93:5f:8f:5f:c5:af:bf:0a:ab:a5:6d:fb:24:5f:b6:59:5d:9d:
92:2e:4a:1b:8b:ac:7d:99:17:5d:cd:19:f6:ad:ef:63:2f:92:
ab:2f:4b:cf:0a:13:90:ee:2c:0e:43:03:be:f6:ea:8e:9c:67:
d0:a2:40:03:f7:ef:6a:15:09:79:a9:46:ed:b7:16:1b:41:72:
0d:19:aa:ad:dd:9a:df:ab:97:50:65:f5:5e:85:a6:ef:19:d1:
5a:de:9d:ea:63:cd:cb:cc:6d:5d:01:85:b5:6d:c8:f3:d9:f7:
8f:0e:fc:ba:1f:34:e9:96:6e:6c:cf:f2:ef:9b:bf:de:b5:22:
68:9f
CPSC6128- Network Security
81