Public Key Cryptography and Digital Certificates

1
Public Key Cryptography and Digital Certificates

• Ryan ZhiCheng Liang
• CSC494h

2
Table of Contents

• Why do we need cryptography
• Symmetric key and public key cryptography
• RSA algorithm for public key cryptography
• Public key certificate and its structure
• An example of authentication with certificates

3
Why do We Need Cryptography?

• Internet Security Issues
• Eavesdropping.
• Tampering.
• Impersonation.

4
Two Types of Cryptography Using Keys

• Terminology
• Plaintext unencrypted text.
• Cipher cryptographic algorithm.
• One way function A function which is hard to
  reverse.
• Key Is a word, number, or phrase that is used to
  encrypt the plaintext
• Symmetric Key Cryptography.
• Public Key Cryptography.
• (a.k.a Asymmetric Key Cryptography)

5
Symmetric Key Cryptography

• Use the same Key to encrypt and decrypt messages.

HNFmsEm6Un
Hey Bob
Hey Bob
Encryption
Decryption
ciphertext
Symmetric Key
Symmetric Key
Bob
Same key
Alice
6
Symmetric Key Cryptography (Contn)

• Drawbacks
• Transferring the symmetric key is prone to
  security risks.

7
Public Key Cryptography

• Asymmetric Key Pair contains a public key and a
  private key.
• Use public key to encrypt and private key to
  decrypt.

8
Private Key

• Kept and Protected by owner.
• Used to sign messages.
• Use to decrypt messages.

9
Public Key

• Distributed freely and openly.
• Used to verify signature.
• Use to encrypt messages.
• Key pairs are complementary.
• Information encrypted by public key can only be
  decrypted by its own private key.

10
How Is Public Key Cryptography Used?

• Sign messages and verify signature.
• Encrypt and decrypt messages.

11
Sign and Verify Signatures
12
Encrypt and Decrypt Messages
HNFmsEm6Un
Decryption
Hey Bob
Encryption
Hey Bob
ciphertext
Bobs Public Key
Bobs Private Key
Bob
Different keys
Alice
13
RSA Algorithm

• Discovered by Ron Rivest, Adi Shamir, and Len
  Adleman.
• Main idea is to manipulate large integers by
  modulus and exponentiation.
• Security relies on the difficulty of factoring
  large integer.

14
RSA Algorithm

• Step 1. Bob chooses large primes p and q, and
  multiplies them to get n.
• Step 2. Bob chooses a public exponent e such that
  
• (p 1) x (q 1) is not divisible by e.
• Step 3. Bob calculates a private exponent d e21
  mod (p 1) x (q 1).
• Step 4. Bob shares the public key, (e , n)with
  Carol, and the Bobs private key is (d , n).
• Step 5. Carol encrypts M to C with C Me mod
  n, and sends C to Bob.
• Step 6. Bob decrypts C back to M with M Cd mod
  n.

15
RSA Algorithm Example

• 1. Bob chooses prime numbers p 5 and q 11,
  then multiplies them to get modulus n 55.
• 2. Bob calculates f(n) (p - 1) x (q - 1) 4 x
  10 40.
• 3. Bob chooses an e by which 40 is not divisible.
  The factors of 40 are 2, 2, 2, 5, and 1, so Bob
  chooses a private exponent e 3.

16
RSA Algorithm Example(Cont)

• 4. Bob chooses a public exponent d 321 mod 40.
  This modular inverse function is actually
  difficult, but for the small numbers we are using
  we can see that 27 x 3 mod 40 81 mod 40 1. So
  d 27.
• 5. Now Bob's public key is the pair of numbers
  (3, 55), and his private key is the pair of
  numbers (27, 55). Bob gives Carol his public key.

17
RSA Algorithm Example(Cont)

• 6. Carol's message M 25. She encrypts it to
  ciphertext
• C 253 mod 55 15, 625 mod 55 5.
• Carol sends 5 to Bob.
• 7. Bob decrypts the ciphertext with
• M 527 mod 55 7,450,580,596,923,828,125 mod
  55 25, which is Carol's original message.

18
What is a Public-Key Certificate?

• A certificate is an electronic document used to
  identify an individual, a server, a company, or
  some other entity and to associate that identity
  with a public key.
• Issued by Certificate Authorities(CA).

19
Certificate Structure
20
Certificate Structure(contn)

• Signature
• Is the hash value generated by applying CAs
  private key on the certificate itself.
• Plays an important role in verifying
  certificates.(see example below)

21
A Real X.509 Certificate

•     Data        Version v3 (0x2)        Serial
  Number 3 (0x3)        Signature Algorithm
  PKCS 1 MD5 With RSA Encryption        Issuer
  OUAce Certificate Authority, OAce Industry,
  CUS        Validity            Not Before
  Fri Oct 17 183625 1997            Not After
  Sun Oct 17 183625 1999        Subject CNJane
  Doe, OUFinance, OAce Industry,
  CUS        Subject Public Key
  Info            Algorithm PKCS 1 RSA
  Encryption            Public Key               
   Modulus   437d456d714e173df
  0364b5b7fa8             Public Exponent
  65537 (0x10001)
• Signature
•         Algorithm PKCS 1 MD5 With RSA
  Encryption        Signature            6d23af
  f3d3b67adf90dfcd7e186c                
          
•        

22
How are Certificates used?

• Client Server SSL Certificates.
• Object-signing certificates.
• Such as signing a Java Applet.
• CA certificates.

23
Example of Verifying Certificate
24
References

• Public key crytography
• http//en.wikipedia.org/wiki/Public_key
• Public key infrastructure implementation and
  design   Choudhury, Suranjan.
• Digital signatures
•   Atreya, Mohan. aut
• Internet security cryptographic principles,
  algorithms, and protocols   Rhee, Man Young.

25
Any Questions?