Digital Signature & Digital Certificate

8/2/2019 Digital Signature & Digital Certificate

1/56

Digital Signature,Digital Signature,

Digital CertificateDigital Certificate

CSC1720CSC1720 IntroductiontoInternetIntroductiontoInternet

Essential MaterialsEssential Materials


2/56

CSC1720CSC1720 IntroductiontoInternetIntroductiontoInternet Allcopyrightsreserved by C.C. Cheung 2003.Allcopyrightsreserved by C.C. Cheung 2003.22

OutlineOutline

IntroductionIntroduction

CryptographyCryptography

SecretSecret--keyalgorithmskeyalgorithms PublicPublic--keyalgorithmskeyalgorithms

MessageMessage--DigestalgorithmsDigestalgorithms

Digital SignatureDigital Signature

Digital CertificateDigital Certificate Public KeyInfrastructure (PKI)Public KeyInfrastructure (PKI)

SecureElectronic Transaction (SET)SecureElectronic Transaction (SET)

SummarySummary


3/56


IntroductionIntroduction

CryptographyCryptography andanddigitalcertificatesdigitalcertificates arefirstarefirstappearedinclosedcommercial,financialappearedinclosedcommercial,financial

networkandmilitarysystems.networkandmilitarysystems. Wecansend/receivesecureeWecansend/receivesecuree--mail,connectmail,connect

tosecurewebsitetopurchasegoodsortosecurewebsitetopurchasegoodsorobtainservices.obtainservices.

Problem:Problem: HowdoweimplementtheminthisHowdoweimplementtheminthisglobal,opennetwork,Internet?global,opennetwork,Internet?

TowhatlevelofencryptionissufficienttoTowhatlevelofencryptionissufficienttoprovidesafeandtrustservicesonthe Net?providesafeandtrustservicesonthe Net?


4/56


CryptographyCryptography

3 cryptographicalgorithms:3 cryptographicalgorithms:

MessageMessage--digestalgorithmsdigestalgorithms

MapvariableMapvariable--lengthplaintexttofixedlengthplaintexttofixed--lengthlengthciphertext.ciphertext.

SecretSecret--keyalgorithmskeyalgorithms

Useone

single

key

to

encrypt

and

decrypt

.Use

one

single

key

to

encrypt

and

decrypt

.

PublicPublic--keyalgorithmskeyalgorithms

Use 2 differentkeysUse 2 differentkeys publickeyandprivatepublickeyandprivatekey.key.


5/56


KeysKeys

Itisavariablevaluethatisused byItisavariablevaluethatisused bycryptographicalgorithmstoproducecryptographicalgorithmstoproduce

encryptedtext,ordecryptencryptedtext.encryptedtext,ordecryptencryptedtext. ThelengthofthekeyreflectsthedifficultyThelengthofthekeyreflectsthedifficulty

todecryptfromtheencryptedmessage.todecryptfromtheencryptedmessage.

Encryption DecryptionPlaintext PlaintextCiphertext

Key Key


6/56


Key lengthKey length

Itisthenumberofbits (bytes)inthekey.Itisthenumberofbits (bytes)inthekey.

A 2A 2--bitkeyhasfourvaluesbitkeyhasfourvalues

00, 01, 10, 11 initskeyspace00, 01, 10, 11 initskeyspace

AkeyoflengthAkeyoflengthnn hasakeyspaceof2^nhasakeyspaceof2^ndistinctvalues.distinctvalues.

E.g. thekeyis 128 bitsE.g. thekeyis 128 bits 101010101010101010101010.10010101111111.10010101111111

Thereare 2^128 combinationsThereare 2^128 combinations

340 282 366 920 938 463 463 374 607 431 768 211 456340 282 366 920 938 463 463 374 607 431 768 211 456


7/56


SecretSecret--key Encryptionkey Encryption

UseasecretkeytoencryptamessageUseasecretkeytoencryptamessageintociphertext.intociphertext.

UsethesamekeytodecrypttheUsethesamekeytodecrypttheciphertexttotheoriginalmessage.ciphertexttotheoriginalmessage.

AlsocalledAlsocalledSymmetriccryptographySymmetriccryptography..


SecretKey SecretKey


8/56


Secret Key How to?Secret Key How to?

Encrypted TextOriginal Text

+

Secretkey

=

Encrypted Text Original TextSecretkey

+ =

Encryption

Decryption


9/56


SecretSecret--Key Problem?Key Problem?

Allkeysneedto beAllkeysneedto bereplaced,ifonekeyreplaced,ifonekeyiscompromised.iscompromised.

NotpracticalforNotpracticalfortheInternettheInternetenvironment.environment.

Ontheotherhand,Ontheotherhand,

theencryptiontheencryptionspeedisfast.speedisfast.

SuitabletoencryptSuitabletoencryptyourpersonaldata.yourpersonaldata.


10/56


SecretSecret--Key algorithmsKey algorithms

Algorithm NameAlgorithm Name Key Length (bits)Key Length (bits)

BlowfishBlowfish Upto 448Upto 448

DESDES 5656

IDEAIDEA 128128

RC2RC2 Upto 2048Upto 2048

RC4RC4 Upto 2048Upto 2048RC5RC5 Upto 2048Upto 2048

TripleDESTripleDES 192192

References:

BlowfishDESIDEARC2RC4

RC5

DES-3


11/56


PublicPublic--key Encryptionkey Encryption

Involves 2 distinctkeysInvolves 2 distinctkeys publicpublic,,privateprivate..

Theprivatekeyiskeptsecretandnever bedivulged,anditisTheprivatekeyiskeptsecretandnever bedivulged,anditispasswordprotected (Passphase).passwordprotected (Passphase).

Thepublickeyisnotsecretandcan befreelydistributed,Thepublickeyisnotsecretandcan befreelydistributed,sharedwithanyone.sharedwithanyone.

ItisalsocalledItisalsocalledasymmetriccryptographyasymmetriccryptography..

Twokeysaremathematicallyrelated,itisinfeasibletoderiveTwokeysaremathematicallyrelated,itisinfeasibletoderivetheprivatekeyfromthepublickey.theprivatekeyfromthepublickey.

100 to 1000 timesslowerthansecret100 to 1000 timesslowerthansecret--keyalgorithms.keyalgorithms.


Public Key Private Key


12/56


How to use 2 different keys?How to use 2 different keys?

Justanexample:Justanexample:

Public KeyPublic Key = 4,= 4,Private KeyPrivate Key = 1/4,= 1/4,message M = 5message M = 5

Encryption:Encryption:

CiphertextC = M *CiphertextC = M * Public KeyPublic Key

5 * 4 = 205 * 4 = 20 Decryption:Decryption:

PlaintextM = C *PlaintextM = C * Private KeyPrivate Key

20 *20 * = 5= 5


13/56


PublicPublic--Private EncryptionPrivate Encryption

First,createpublic

andprivatekey

Publickey

Privatekey

Privatekey

Privatekeystoredinyourpersonalcomputer

Public KeyDirectory

Public Key

Publickeystoredinthedirectory


14/56


Message EncryptionMessage Encryption

((User AUser A sends message tosends message to User BUser B))

Public KeyDirectory

Text

UserA

UserBsPublic Key

Encryption

EncryptedText


15/56


Message EncryptionMessage Encryption

Original Message Encrypted Message


16/56


Transfer Encrypted DataTransfer Encrypted Data

UserA

EncryptedTextEncryptedText

Insecure Channel

UserB


17/56


Decryption with yourDecryption with your

Private keyPrivate keyEncrypted

Text

UserBsPrivatekey

Privatekeystoredinyourpersonalcomputer

Decryption

Original Text

UserB


18/56


Asymmetric algorithmsAsymmetric algorithms

Algorithm NameAlgorithm Name Key Length (bits)Key Length (bits)

DSADS A Upto 448Upto 448

El GamalEl Gamal 5656

RSARSA 128128

DiffieDiffie--HellmanHellman Upto 2048Upto 2048

References:

DSAEl GamalRSADiffie-Hellman


19/56


How difficult to crack a key?How difficult to crack a key?

KeyKeyLengthLength

IndividualIndividualAttackerAttacker

SmallSmallGroupGroup

AcademicAcademicNetworkNetwork

Large CompanyLarge Company MilitaryInteligenceMilitaryInteligenceAgencyAgency

4040 WeeksWeeks DaysDays HoursHours MillisecondsMilliseconds MicrosecondsMicroseconds

5656 CenturiesCenturies DecadesDecades Years Years HoursHours SecondsSeconds

6464 MillenniaMillennia CenturiesCenturies DecadesDecades DaysDays MinutesMinutes

8080 InfeasibleInfeasible InfeasibleInfeasible InfeasibleInfeasible CenturiesCenturies CenturiesCenturies

128128 InfeasibleInfeasible InfeasibleInfeasible InfeasibleInfeasible InfeasibleInfeasible MillenniaMillennia

AttackerAttacker Computer ResourcesComputer Resources Keys/ SecondKeys/ Second

IndividualattackerIndividualattacker OnehighOnehigh--performancedesktopmachine & Softwareperformancedesktopmachine & Software 2^172^17 2^242^24

SmallgroupSmallgroup 16 high16 high--endmachines & Softwareendmachines & Software 2^212^21 2^242^24

Academic NetworkAcademic Network 256 high256 high--endmachines & Softwareendmachines & Software 2^252^25 2^282^28

LargecompanyLargecompany $1,000,000 hardware budget$1,000,000 hardware budget 2^432^43

MilitaryIntelligenceagencyMilitaryIntelligenceagency $1,000,000 hardware budget+advancedtechnology$1,000,000 hardware budget+advancedtechnology 2^552^55


20/56


Crack DESCrack DES--3 (Secret3 (Secret--key)key)

Distributed.netconnects100,000 PCsonthe Net,togetarecord-breaking22 hr 15 mintocracktheDES algorithm.

Speed: 245 billionkeys/s

Win$10,000


21/56


MessageMessage--DigestDigest

AlgorithmsAlgorithms ItmapsavariableItmapsavariable--lengthinputlengthinput

messagetoafixedmessagetoafixed--lengthoutputlengthoutput

digest.digest. ItisnotfeasibletodeterminetheItisnotfeasibletodeterminethe

originalmessage basedonitsdigest.originalmessage basedonitsdigest.

ItisimpossibletofindanarbitraryItisimpossibletofindanarbitrarymessagethathasadesireddigest.messagethathasadesireddigest.

ItisinfeasibletofindtwomessagesItisinfeasibletofindtwomessagesthathavethesamedigest.thathavethesamedigest.


22/56


MessageMessage--Digest How toDigest How to

AhashfunctionisaAhashfunctionisamathequationthatmathequationthat

createamessagecreateamessagedigestfrommessage.digestfrommessage.

AmessagedigestisAmessagedigestisusedtocreateausedtocreateauniquedigitaluniquedigitalsignaturefromasignaturefromaparticulardocument.particulardocument.

MD5 exampleMD5 example

HashFunction

Original Message(Document,E-mail)

Digest


23/56


Message Digest DemoMessage Digest Demo


24/56


MessageMessage--DigestDigest

MessageMessage--DigestDigestAlgorithmAlgorithm

DigestLengthDigestLength(bits)(bits)

MD2MD2 128128

MD4MD4 128128

MD5MD5 128128

SecureHashSecureHashAlgorithm (SHA)Algorithm (SHA)

160160

References:

MD2MD4MD5

SHA


25/56


Break TimeBreak Time 15 minutes15 minutes


26/56



Digitalsignaturecan beusedinallDigitalsignaturecan beusedinallelectroniccommunicationselectroniccommunications

Web,eWeb,e--mail,email,e--commercecommerce

ItisanelectronicstamporsealthatItisanelectronicstamporsealthatappendtothedocument.appendtothedocument.

EnsurethedocumentbeingEnsurethedocumentbeingunchangedduringtransmission.unchangedduringtransmission.


27/56


How digital SignatureHow digital Signature

works?works?UserA

UserB

UseAsprivatekeytosignthedocument

TransmitviatheInternet

UserBreceivedthedocumentwith

signatureattachedVerifythesignaturebyAspublickeystoredatthedirectory


28/56


Digital Signature GenerationDigital Signature Generation

and Verificationand VerificationMessage Sender Message Receiver

Message Message

Hashfunction

Digest

Encryption

Signature

Hashfunction

Digest

Decryption

ExpectedDigest

PrivateKey

PublicKey


29/56



ReferenceReference


30/56


Key ManagementKey Management

PrivatekeyarepasswordPrivatekeyarepassword--protected.protected.

Ifsomeonewantyourprivatekey:Ifsomeonewantyourprivatekey:

TheyneedthefilecontainsthekeyTheyneedthefilecontainsthekey

TheyneedthepassphraseforthatkeyTheyneedthepassphraseforthatkey

IfyouhaveneverwrittendownyourIfyouhaveneverwrittendownyour

passphraseortoldanyonepassphraseortoldanyone VeryhardtocrackVeryhardtocrack

BruteBrute--forceforce attackwonattackwontworktwork


31/56


Digital CertificatesDigital Certificates

Digital CertificateisadatawithdigitalDigital Certificateisadatawithdigitalsignaturefromonetrustedsignaturefromonetrusted

CertificationAuthority (CA).CertificationAuthority (CA).

Thisdatacontains:Thisdatacontains:

WhoownsthiscertificateWhoownsthiscertificate

WhosignedthiscertificateWhosignedthiscertificate TheexpireddateTheexpireddate

Username & emailaddressUsername & emailaddress


32/56



ReferenceReference


33/56


Elements of Digital Cert.Elements of Digital Cert.

ADigitalIDtypicallycontainsthefollowinginformation:ADigitalIDtypicallycontainsthefollowinginformation:

Yourpublickey,YournameandemailaddressYourpublickey,Yournameandemailaddress

Expirationdateofthepublickey, Nameofthe CAwhoissuedyourDigitalIDExpirationdateofthepublickey, Nameofthe CAwhoissuedyourDigitalID


34/56


Certification AuthorityCertification Authority

(CA)(CA) AtrustedagentwhocertifiespublickeysforAtrustedagentwhocertifiespublickeysfor

generaluse (CorporationorBank).generaluse (CorporationorBank).

Userhastodecidewhich CAscan betrusted.Userhastodecidewhich CAscan betrusted. Themodelforkeycertification basedonThemodelforkeycertification basedon

friendsandfriendsoffriendsiscalledfriendsandfriendsoffriendsiscalledWebWebofTrustofTrust .. Thepublickeyispassingfromfriendtofriend.Thepublickeyispassingfromfriendtofriend.

Workswellinsmallorhighconnectedworlds.Workswellinsmallorhighconnectedworlds.

WhatifyoureceiveapublickeyfromsomeoneWhatifyoureceiveapublickeyfromsomeoneyoudonyoudontknow?tknow?


35/56


CA model (Trust model)CA model (Trust model)

RootCertificate

CA Certificate

Browser Cert.

CA Certificate

Server Cert.


36/56


Web of Trust modelWeb of Trust model

Bob

A

B

Alice

D

C


37/56


Public Key InfrastructurePublic Key Infrastructure

(PKI)(PKI) PKIisasystemthatusespublicPKIisasystemthatusespublic--keykey

encryptionanddigitalcertificatestoencryptionanddigitalcertificatesto

achievesecureInternetservices.achievesecureInternetservices.

Thereare 4 majorpartsinPKI.Thereare 4 majorpartsinPKI.

CertificationAuthority (CA)CertificationAuthority (CA)

Adirectory ServiceAdirectory Service Services,Banks, Web serversServices,Banks, Web servers

BusinessUsersBusinessUsers


38/56


Digital 21 . gov .hkDigital 21 . gov .hk

Reference:AnofficialhomepagewhichprovideslotofPKI,e-commerceinformation


39/56


PKI StructurePKI Structure

CertificationAuthority Directoryservices

User

Services,Banks,Webservers

Public/Private Keys


40/56


4 key services4 key services

AuthenticationAuthentication Digital CertificateDigital Certificate Toidentifyauserwhoclaimwhohe/sheis,inordertoaccessToidentifyauserwhoclaimwhohe/sheis,inordertoaccess

theresource.theresource.

NonNon--repudiationrepudiation

Digital SignatureDigital Signature Tomaketheuser becomesunabletodenythathe/shehassentTomaketheuser becomesunabletodenythathe/shehassentthemessage,signedthedocumentorparticipatedinathemessage,signedthedocumentorparticipatedinatransaction.transaction.

ConfidentialityConfidentiality-- EncryptionEncryption Tomakethetransactionsecure,nooneelseisabletoTomakethetransactionsecure,nooneelseisableto

read/retrievetheongoingtransactionunlessthecommunicatingread/retrievetheongoingtransactionunlessthecommunicatingparties.parties.

IntegrityIntegrity-- EncryptionEncryption ToensuretheinformationhasnotbeentamperedduringToensuretheinformationhasnotbeentamperedduring

transmission.transmission.


41/56


Certificate SignersCertificate Signers


42/56


Certificate EnrollmentCertificate Enrollment

and Distributionand Distribution


43/56


Secure WebSecure Web

CommunicationCommunication ServerauthenticationisnecessaryforawebServerauthenticationisnecessaryforaweb

clienttoidentifytheweb siteitisclienttoidentifytheweb siteitis

communicatingwith

.communicating

with

.

Touse SSL,aspecialtypeofdigitalTouse SSL,aspecialtypeofdigitalcertificatecertificate ServercertificateServercertificate isused.isused.

Getaservercertificatefroma CA.Getaservercertificatefroma CA.

E.g.E.g. www.hitrust.com.hkwww.hitrust.com.hk,,www.cuhk.edu.hk/ca/www.cuhk.edu.hk/ca/ Installaservercertificateatthe Web server.Installaservercertificateatthe Web server.

Enable SSL onthe Web site.Enable SSL onthe Web site.

ClientauthenticationClientauthentication ClientcertificatesClientcertificates


44/56


Strong and WeakStrong and Weak

EncryptionEncryption StrongencryptionStrongencryption

Encryptionmethodsthatcannotbecracked byEncryptionmethodsthatcannotbecracked bybrutebrute--force (inareasonableperiodoftime).force (inareasonableperiodoftime).

TheworldfastestcomputerneedsthousandsofTheworldfastestcomputerneedsthousandsofyearstocomputeakey.yearstocomputeakey.

WeakencryptionWeakencryption Acodethatcan be brokeninapracticaltimeAcodethatcan be brokeninapracticaltime

frame.frame. 5656--bitencryptionwascrackedin 1999.bitencryptionwascrackedin 1999.

6464--bitwill becrackedin 2011.bitwill becrackedin 2011.

128128--bitwill becrackedin 2107.bitwill becrackedin 2107.


45/56


Pretty Good PrivacyPretty Good Privacy

(PGP)(PGP) ReleaseinJune 1991 byPhilipReleaseinJune 1991 byPhilip

Zimmerman (PRZ)Zimmerman (PRZ)

PGPisahybridcryptosystemthatPGPisahybridcryptosystemthatallowsusertoencryptanddecrypt.allowsusertoencryptanddecrypt.

UsesessionkeyUsesessionkeyarandomgeneratedarandomgenerated

numberfromthemousemovementornumberfromthemousemovementorkeystrokeskeystrokes

Demo &Demo & TutorialTutorial


46/56


PGP Public KeyPGP Public Key

Philip R Zimmermann's Public KeysPhilip R Zimmermann's Public Keys

Current DSS/DiffieCurrent DSS/Diffie--Hellman Key:Hellman Key:

Key fingerprint: 055F C78F 1121 9349 2C4F 37AF C746 3639 B2D7 795EKey fingerprint: 055F C78F 1121 9349 2C4F 37AF C746 3639 B2D7 795E

----------BEGIN PGP PUBLIC KEY BLOCKBEGIN PGP PUBLIC KEY BLOCK----------

Version: PGP 7.0.3Version: PGP 7.0.3

mQGiBDpU6CcRBADCT/tGpBu0EHpjd3G11QtkTWYnihZDBdenjYV2EvotgRZAj5h4ewprq1u/zqzGBYpiYL/9j+5XDFcoWF24bzsUmHXsbDmQGiBDpU6CcRBADCT/tGpBu0EHpjd3G11QtkTWYnihZDBdenjYV2EvotgRZAj5h4ewprq1u/zqzGBYpiYL/9j+5XDFcoWF24bzsUmHXsbDSiv+XEyQND1GUdx4wVcEY5rNjkArX06XuZzObvXFXOvqRj6LskePtw3xLf5uj8jPN0Nf6YKnhfGIHRWQCg/0UAr3hMK6zcA/egvWRGsm9dSiv+XEyQND1GUdx4wVcEY5rNjkArX06XuZzObvXFXOvqRj6LskePtw3xLf5uj8jPN0Nf6YKnhfGIHRWQCg/0UAr3hMK6zcA/egvWRGsm9dJecD/18XWekzt5JJeK3febJO/3Mwe43O6VNOxmMpGWOYTrhivyOb/ZLgLedqX+MeXHGdGroARZ+kxYq/a9y5jNcivD+EyN+IiNDPD64rl00JecD/18XWekzt5JJeK3febJO/3Mwe43O6VNOxmMpGWOYTrhivyOb/ZLgLedqX+MeXHGdGroARZ+kxYq/a9y5jNcivD+EyN+IiNDPD64rl00FNZksx7dijD89PbIULDCtUpps2J0gk5inR+yzinf+jDyFnn5UEHI2rPFLUbXWHJXJcp0UBACBkzDdesPjEVXZdTRTLk0sfiWEdcBM/5GpNswFNZksx7dijD89PbIULDCtUpps2J0gk5inR+yzinf+jDyFnn5UEHI2rPFLUbXWHJXJcp0UBACBkzDdesPjEVXZdTRTLk0sfiWEdcBM/5GpNswMlK4A7A6iqJoSNJ4pO5Qq6PYOwDFqGir19WEfoTyHW0kxipnVbvq4q2vAhSIKOqNEJGxg4DTEKecf3xCdJ0kW8dVSogHDH/c+Q4+RFQMlK4A7A6iqJoSNJ4pO5Qq6PYOwDFqGir19WEfoTyHW0kxipnVbvq4q2vAhSIKOqNEJGxg4DTEKecf3xCdJ0kW8dVSogHDH/c+Q4+RFQq/31aev3HDy20YayxAE94BWIsKkhaMyokAYQQfEQIAIQUCOlTwWwIHABcMgBE/xzIEHSPp6mbdtQCcnbwh33TcYQAKCRDHRjY5std5Xlq/31aev3HDy20YayxAE94BWIsKkhaMyokAYQQfEQIAIQUCOlTwWwIHABcMgBE/xzIEHSPp6mbdtQCcnbwh33TcYQAKCRDHRjY5std5Xle4AKCh1dqtFxD/BiZMqdP1eZYG8AZgTACfU7VX8NpIaGmdyzVdrSDUo49AJae0IlBoaWxpcCBSLiBaaW1tZXJtYW5uIDxwcnpAbWl0LmVe4AKCh1dqtFxD/BiZMqdP1eZYG8AZgTACfU7VX8NpIaGmdyzVdrSDUo49AJae0IlBoaWxpcCBSLiBaaW1tZXJtYW5uIDxwcnpAbWl0LmVkdT6JAFUEEBECABUFAjpU6CcFCwkIBwMCGQEFGwMAAAAACgkQx0Y2ObLXeV5WUQCfWWfTDHzSezrDawgN2Z4Qb7dHKooAoJyVkdT6JAFUEEBECABUFAjpU6CcFCwkIBwMCGQEFGwMAAAAACgkQx0Y2ObLXeV5WUQCfWWfTDHzSezrDawgN2Z4Qb7dHKooAoJyVnm61utdRsdLr2e6QnV5Z0yjjiQBGBBARAgAGBQI6VOkSAAoJEGPLaR3669X8JPcAnim4+Hc0oteQZrNUeuMSuirNVUr7AKC1WXJI7gwMnm61utdRsdLr2e6QnV5Z0yjjiQBGBBARAgAGBQI6VOkSAAoJEGPLaR3669X8JPcAnim4+Hc0oteQZrNUeuMSuirNVUr7AKC1WXJI7gwMq0Agz07hQs++POJBMokARgQQEQIABgUCOlcobQAKCRDXjLzlZqdLMVBtAKDa5VPcb6NVH6tVeEDJUv+tBjp6oACeLoNtfbs2rvJkgKDHq0Agz07hQs++POJBMokARgQQEQIABgUCOlcobQAKCRDXjLzlZqdLMVBtAKDa5VPcb6NVH6tVeEDJUv+tBjp6oACeLoNtfbs2rvJkgKDHWEIDmJdgy2GJAD8DBRA6WP4Y8CBzV/QUlSsRAkmdAKC3TfkSSeh+poPFnMfW+/Y/+AAEEpGSUYAAQEAAAEAAQAA/9sAQwAKBwcWEIDmJdgy2GJAD8DBRA6WP4Y8CBzV/QUlSsRAkmdAKC3TfkSSeh+poPFnMfW+/Y/+AAEEpGSUYAAQEAAAEAAQAA/9sAQwAKBwcIBwYKCAgICwoKCw4YEA4NDQ4dFRYRGCMfJSQiHyIhJis3LyYpNCkhIjBBMTQ5Oz4+PiUuRElDPEg3PT47///EALUQAAIBAwMCBAMFBIBwYKCAgICwoKCw4YEA4NDQ4dFRYRGCMfJSQiHyIhJis3LyYpNCkhIjBBMTQ5Oz4+PiUuRElDPEg3PT47///EALUQAAIBAwMCBAMFB

....

QQEAAABfQECAwAEEQUSITFBBhNRYQcicRQygZk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2drh4uPk5ebn6OnQQEAAABfQECAwAEEQUSITFBBhNRYQcicRQygZk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2drh4uPk5ebn6Onq8fLz9PX29/j5+v/EAB8BAAMBAQEBAQEBAQEAAAAAAAABAgMEBQYHCAkKC//EALURAAIBAgQEAwQHBQQEAAECdwABAgMRBAUq8fLz9PX29/j5+v/EAB8BAAMBAQEBAQEBAQEAAAAAAAABAgMEBQYHCAkKC//EALURAAIBAgQEAwQHBQQEAAECdwABAgMRBAU

hMQYSQVEHYXETIjKBCBRCkaGxwQkjM1LwFWJy0QoWJDThJfEXGBkaJicoKSo1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWphMQYSQVEHYXETIjKBCBRCkaGxwQkjM1LwFWJy0QoWJDThJfEXGBkaJicoKSo1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoKDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uLj5OXm5+jp6vLz9PX29/j5+v/aAAzdHV2d3h5eoKDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uLj5OXm5+jp6vLz9PX29/j5+v/aAAwDAQACEQMRAD8A9mooooAKKKKACsjW/Eum6FGTdS7pcfLEv3j/AIfjWV428XHQrf7HY4e/lHXIxEvqfevH7y8lupXmmuJppWOZJC+AD9wDAQACEQMRAD8A9mooooAKKKKACsjW/Eum6FGTdS7pcfLEv3j/AIfjWV428XHQrf7HY4e/lHXIxEvqfevH7y8lupXmmuJppWOZJC+AD9aly7GkIX1Z3OpfE3Up3K2EUVumcdN7fy/pWLL4415wPM1GWPJyNpK/0Fc5btG/Pktkfx7yTVhYAGLsAxbryf5c5rNvzNlG3Q6yz8ZaxEyudQaly7GkIX1Z3OpfE3Up3K2EUVumcdN7fy/pWLL4415wPM1GWPJyNpK/0Fc5btG/Pktkfx7yTVhYAGLsAxbryf5c5rNvzNlG3Q6yz8ZaxEyudQkcZ+7JtYH867PRfG9nfIsd7/o8p/iI+U/4V5EI/IGV+XUGfnHy9iUsiGSa6q6Jew1XpTDJvAAICDACNUV4K2PS6h574Z3NaBsIQe5jkVO48MSkcZ+7JtYH867PRfG9nfIsd7/o8p/iI+U/4V5EI/IGV+XUGfnHy9iUsiGSa6q6Jew1XpTDJvAAICDACNUV4K2PS6h574Z3NaBsIQe5jkVO48MSohjC6s29CjPhlU79cQIYWmBpuNfwroZ6zltyz6Y2Fm65V0IfvVicR7zvFFCOhahMuk1cr+Qp936OMEq9sLZGxTjClgwrHGS7YpMSZrEC7bpohjC6s29CjPhlU79cQIYWmBpuNfwroZ6zltyz6Y2Fm65V0IfvVicR7zvFFCOhahMuk1cr+Qp936OMEq9sLZGxTjClgwrHGS7YpMSZrEC7bpOmERjo4F/n5YmCHJCH8QzCOc9+80gjVEsHiJVABrC8yykjKL5x1V/PSArE4QtMLbkBPGmQYOw8bx6jCHoO43QjUzbqRfBMHZqWVJyoIIOmERjo4F/n5YmCHJCH8QzCOc9+80gjVEsHiJVABrC8yykjKL5x1V/PSArE4QtMLbkBPGmQYOw8bx6jCHoO43QjUzbqRfBMHZqWVJyoIIZCp+n13XM4+NO/cDVsZ8bjch0LIOyMrT85n24yfXRlP0s7BFjLm59Jjhf4djuJWikJawWETlypAy86OYRRuwCbIyNauBeTKy+avZvF2oLvpwZCp+n13XM4+NO/cDVsZ8bjch0LIOyMrT85n24yfXRlP0s7BFjLm59Jjhf4djuJWikJawWETlypAy86OYRRuwCbIyNauBeTKy+avZvF2oLvpwH4UnudpC06/O0jkj2lQpn9EEUw11RwO6sq9zYTwAUyKerN00cbCfyiZl01CIo0btcTO6hQK3c67PaloJ9lVH8/mH7LuqkMLDH5ugkpzmed/8H4UnudpC06/O0jkj2lQpn9EEUw11RwO6sq9zYTwAUyKerN00cbCfyiZl01CIo0btcTO6hQK3c67PaloJ9lVH8/mH7LuqkMLDH5ugkpzmed/8SorfqVkakne6b4mRySFCBXaVZoKmDHzcH2oSSMhM9exyh6dzi1bGu6JAEwEGBECAAwFAjpU6CcFGwwAAAAACgkQx0Y2ObLXeV7lbSorfqVkakne6b4mRySFCBXaVZoKmDHzcH2oSSMhM9exyh6dzi1bGu6JAEwEGBECAAwFAjpU6CcFGwwAAAAACgkQx0Y2ObLXeV7lbQCg+N+fI3bzqF9+fB50J5sFHVHM7hYAn0+9AfDl5ncnr4D7 ReMDlYoIZwRR =Bgy+QCg+N+fI3bzqF9+fB50J5sFHVHM7hYAn0+9AfDl5ncnr4D7 ReMDlYoIZwRR =Bgy+

----------END PGP PUBLIC KEY BLOCKEND PGP PUBLIC KEY BLOCK----------


47/56


PGP encryptionPGP encryption

ReferenceReference


48/56


PGP decryptionPGP decryption

ReferenceReference


49/56


Secure SHell (SSH)Secure SHell (SSH)

ProvideanProvideanencryptedencrypted

securechannelsecurechannelbetweenclientbetweenclientandserver.andserver.

ReplacementforReplacementfor

telnetandftp.telnetandftp. Reference:Reference:SSHSSH


50/56


Secure Shell & Secure FTPSecure Shell & Secure FTP

Secure Shell SecureFTP

TheHostsPublic Key


51/56


Secure ElectronicSecure Electronic

Transaction (SET)Transaction (SET) Thisprotocolisdeveloped byVisaand MasterCardThisprotocolisdeveloped byVisaand MasterCard

specificallyforthesecurecreditcardtransactionsspecificallyforthesecurecreditcardtransactionsontheInternet.ontheInternet.

SET encryptscreditcardandpurchaseinformationSET encryptscreditcardandpurchaseinformationbeforetransmissionovertheInternet.beforetransmissionovertheInternet.

SET allowsthemerchantSET allowsthemerchantsidentify beauthenticatedsidentify beauthenticatedviadigitalcertificates,alsoallowsthemerchanttoviadigitalcertificates,alsoallowsthemerchantto

authenticateusersthroughtheirdigitalcertificatesauthenticateusersthroughtheirdigitalcertificates(moredifficulttosomeone(moredifficulttosomeonesstolencreditcard).sstolencreditcard).

SET DEMOSET DEMO


52/56


Secure ElectronicSecure Electronic

Transaction (SET)Transaction (SET) Therearefourpartsinthe SET system.Therearefourpartsinthe SET system.

AsoftwareAsoftwarewalletwallet ontheuserontheuserscomputerscomputerCardholderCardholder

..

AcommerceserverthatrunsonthemerchantAcommerceserverthatrunsonthemerchantssweb siteweb siteMerchantMerchant ..

ThepaymentserverthatrunsatthemerchantThepaymentserverthatrunsatthemerchantssbankbankAcquiring bankAcquiring bank..

The CertificationAuthorityThe CertificationAuthorityIssuing bankIssuing bank..

SET FAQsSET FAQs


53/56


SETSET


54/56


PrivacyPrivacy--Enhanced EEnhanced E--mailmail

Encrypted

Signed


55/56


SummarySummary

MakesureyouunderstandtherelationshipMakesureyouunderstandtherelationshipbetweenbetween EncryptionEncryption



CertificateAuthorityCertificateAuthority

UnderstandwhichPublic/PrivatekeyshouldUnderstandwhichPublic/Privatekeyshouldbeusedtoencrypt/decryptmessagebeusedtoencrypt/decryptmessageto/fromyou?to/fromyou?

DiscussPGP, SET, SSH,encryptedemail.DiscussPGP, SET, SSH,encryptedemail.


56/56

CSC1720CSC1720 Introduction to InternetIntroduction to Internet All copyrights reserved by C C Cheung 2003All copyrights reserved by C C Cheung 20035656

ReferencesReferences

Digital Certificate (AppliedInternet Security)ByDigital Certificate (AppliedInternet Security)ByFeghhi,Feghhi, WilliamsFeghhi,Feghhi, Williams Addison WesleyAddison Wesley

Basic CrytographyBasic Crytography


PKI ResourcesPKI Resources

SET ResourcesSET Resources

GeneralDefinitionsGeneralDefinitions

DigitalIDFAQDigitalIDFAQ

TheEnd.TheEnd.

Thankyouforyourpatience!Thankyouforyourpatience!

Digital Signature & Digital Certificate

Documents

Transcript of Digital Signature & Digital Certificate