Upload
israel-herraiz
View
498
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Updated version of my slides about Public Key Cryptography, with some additions about the legal status of PKC in the world
Citation preview
1
http://herraiz.org
Public key cryptography: a practical Public key cryptography: a practical approachapproach
Israel Herraiz <[email protected]>
KeyID FE0A7AF3
Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF3
Slides and additional info athttp://mat.caminos.upm.es/~iht/pkc/
2
http://herraiz.org
Privacy in electronic communicatiosPrivacy in electronic communicatios
Can we ensureprivacy in electroniccommunications?
3
http://herraiz.org
Reaching GoogleReaching Google 1 10.8.0.1 (10.8.0.1) 2 192.168.1.1 (192.168.1.1) 3 62.81.125.179.static.user.ono.com (62.81.125.179) 4 10.115.49.217 (10.115.49.217) 5 10.127.151.49 (10.127.151.49) 6 10.127.10.137 (10.127.10.137) 7 10.127.10.133 (10.127.10.133) 8 10.127.3.82 (10.127.3.82) 9 213.242.71.21 (213.242.71.21)10 ae-5-5.ebr1.Paris1.Level3.net (4.69.141.42)11 ae-45-45.ebr1.London1.Level3.net (4.69.143.101)12 ae-1-51.edge3.London1.Level3.net (4.69.139.73)13 unknown.Level3.net (212.113.15.186)14 209.85.255.78 (209.85.255.78)15 66.249.95.173 (66.249.95.173)16 216.239.49.45 (216.239.49.45)17 * * *18 ww-in-f147.1e100.net (209.85.229.147)
1 10.8.0.1 (10.8.0.1) 2 192.168.1.1 (192.168.1.1) 3 62.81.125.179.static.user.ono.com (62.81.125.179) 4 10.115.49.217 (10.115.49.217) 5 10.127.151.49 (10.127.151.49) 6 10.127.10.137 (10.127.10.137) 7 10.127.10.133 (10.127.10.133) 8 10.127.3.82 (10.127.3.82) 9 213.242.71.21 (213.242.71.21)10 ae-5-5.ebr1.Paris1.Level3.net (4.69.141.42)11 ae-45-45.ebr1.London1.Level3.net (4.69.143.101)12 ae-1-51.edge3.London1.Level3.net (4.69.139.73)13 unknown.Level3.net (212.113.15.186)14 209.85.255.78 (209.85.255.78)15 66.249.95.173 (66.249.95.173)16 216.239.49.45 (216.239.49.45)17 * * *18 ww-in-f147.1e100.net (209.85.229.147)
4
http://herraiz.org
Reaching GoogleReaching Google 1 10.8.0.1 (10.8.0.1) 2 192.168.1.1 (192.168.1.1) 3 62.81.125.179.static.user.ono.com (62.81.125.179) 4 10.115.49.217 (10.115.49.217) 5 10.127.151.49 (10.127.151.49) 6 10.127.10.137 (10.127.10.137) 7 10.127.10.133 (10.127.10.133) 8 10.127.3.82 (10.127.3.82) 9 213.242.71.21 (213.242.71.21)10 ae-5-5.ebr1.Paris1.Level3.net (4.69.141.42)11 ae-45-45.ebr1.London1.Level3.net (4.69.143.101)12 ae-1-51.edge3.London1.Level3.net (4.69.139.73)13 unknown.Level3.net (212.113.15.186)14 209.85.255.78 (209.85.255.78)15 66.249.95.173 (66.249.95.173)16 216.239.49.45 (216.239.49.45)17 * * *18 ww-in-f147.1e100.net (209.85.229.147)
1 10.8.0.1 (10.8.0.1) 2 192.168.1.1 (192.168.1.1) 3 62.81.125.179.static.user.ono.com (62.81.125.179) 4 10.115.49.217 (10.115.49.217) 5 10.127.151.49 (10.127.151.49) 6 10.127.10.137 (10.127.10.137) 7 10.127.10.133 (10.127.10.133) 8 10.127.3.82 (10.127.3.82) 9 213.242.71.21 (213.242.71.21)10 ae-5-5.ebr1.Paris1.Level3.net (4.69.141.42)11 ae-45-45.ebr1.London1.Level3.net (4.69.143.101)12 ae-1-51.edge3.London1.Level3.net (4.69.139.73)13 unknown.Level3.net (212.113.15.186)14 209.85.255.78 (209.85.255.78)15 66.249.95.173 (66.249.95.173)16 216.239.49.45 (216.239.49.45)17 * * *18 ww-in-f147.1e100.net (209.85.229.147)
Getafe
Barcelona
MinneapolisParis
LondonAtlanta
New YorkLos Angeles
Atlanta
5
http://herraiz.org
Hops while attempting to reach Hops while attempting to reach GoogleGoogle
6
http://herraiz.org
Is it that bad?Is it that bad?
What kind of privateInformation can be
captured?
7
http://herraiz.org
Non-cyphered informationNon-cyphered information
● Geolocalization● Using your IP address
● Web browser and operating system● Any info written in a form
● Including passwords
● Cookies● Have a look and take care
– http://www.youtube.com/watch?v=yyLdxO6xvh8– http://www.youtube.com/watch?v=1FgKL2ywrX0
8
http://herraiz.org
Is it important?Is it important?
● Strong PK crypto illegal in France up to 2004
● PK implementations in software considered weapons in the US
● Software export restrictions in EU and US
http://en.wikipedia.org/wiki/Phil_Zimmermann
http://en.wikipedia.org/wiki/Key_disclosure_lawhttp://en.wikipedia.org/wiki/Cryptography_law
http://en.wikipedia.org/wiki/Export_of_cryptography_in_the_United_States#History
9
http://herraiz.org
Solution
Enforce cypheringusing public key
cryptography
10
http://herraiz.org
CryptographyCryptography
● Traditionally, cyphering was done using a password and an algorithm
● Symmetric approach● Password shared by both peers
● Public key cryptography● Insecure channel● Private and secure communication without any
previous physical contact
11
http://herraiz.org
Public key cryptography (PKP)Public key cryptography (PKP)
Pub Pri Pub Pri
12
http://herraiz.org
Public key cryptographyPublic key cryptography
Pri PriPubPub
Pub Pub
Keyserver
13
http://herraiz.org
Criptografía de clave públicaCriptografía de clave pública
Pri PriPubPub
Pub Pub
Keyserver
Hi there!
14
http://herraiz.org
Public key cryptographyPublic key cryptography
Pri PriPubPub
Pub Pub
Keyserver
0F231A5
Pub
15
http://herraiz.org
Public key cryptographyPublic key cryptography
Pri PriPubPub
Pub Pub
Keyserver
0F231A5
Pub
16
http://herraiz.org
Public key cryptographyPublic key cryptography
Pri PriPubPub
Pub Pub
Keyserver
Hi there!
17
http://herraiz.org
How does it work?How does it work?
● PKP Algorithms● Prime number factorization
● From a mathematical point of view, all messages can be decrypted
● From a computational point of view, decrypting a message without the private key takes too long
– Key length is a crucial property
18
http://herraiz.org
Public key samplePublic key sample
-----BEGIN PGP PUBLIC KEY BLOCK-----Version: GnuPG v2.0.19 (GNU/Linux)
JeP5F/eRS9G8EE1fObRRW6mRf+bGSeluFEMiOi3UB/5P0GBx8iM0QIjezR0R+2n8bMjuJmWHTjvEeplnx9iual4J4BT/9FznFs7o4tFVVfYBacFrhWjQyAf2xoP3gyn35OlV55VHVB+oidXUVNSNHZbXwrd1sH42x7x8o17PDFJrWjiq4kAb2EfSOIuSS6naK9Y06bqh3yRbVtRdZOuCLcY8QJwt/mx//uQqG6NuSvYhx1QyC6g==XuDESOIuSSamQINBEtUTeQBEACejdGQhscmsDXM7xG2/ZYFpMQg/GmPlJ85uJJUkLr2T+5Rw8XvVfZjNZkMwsq94BGFrBxu477tKhQ5wiUBBz/jJ01a39Wrazgp21fvEon2T0Vay45t2BYbU4AF815UL6o74YlW5SLdAofwylZS8pX4CKjGAB0T+fDiwkAepQl45nzX0ulv
-----END PGP PUBLIC KEY BLOCK-----
19
http://herraiz.org
Private key samplePrivate key sample
-----BEGIN PGP PRIVATE KEY BLOCK-----Version: GnuPG v2.0.19 (GNU/Linux)
mQINBEtUTeQBEACejdGQhscmsDXM7xG2/ZYFpMQg/GmPlJ85uJJUkLr2T+5Rw8XvJeP5F/eRS9G8EE1fObRRW6mRf+bGSeluFEMiOi3UB/5P0GBx8iM0QIjezR0R+2n8VfZjNZkMwsq94BGFrBxu477tKhQ5wiUBBz/jJ01a39Wrazgp21fvEon2T0Vay45t2BYbU4AF815UL6o74YlW5SLdAofwylZS8pX4CKjGAB0T+fDiwkAepQl45nzX0ulvbMjuJmWHTjvEeplnx9iual4J4BT/9FznFs7o4tFVVfYBacFrhWjQyAf2xoP3gyn35OlV55VHVB+oidXUVNSNHZbXwrd1sH42x7x8o17PDFJrWjiq4kAb2EfSOIuSS6naK9Y06bqh3yRbVtRdZOuCLcY8QJwt/mx//uQqG6NuSvYhx1QyC6g==XuDESOIuSSa
-----END PGP PRIVATE KEY BLOCK-----
20
http://herraiz.org
KeyserversKeyservers
● Internet hosts that contain public keys● Federated services
● All servers contain all the public keys in the world
● Public keyserver in Spain thanks to RedIRIS● URL: pgp.rediris.es
21
http://herraiz.org
Message signingMessage signing
Pri PriPubPub
Pub Pub
Keyserver
Hi there!
22
http://herraiz.org
Message signingMessage signing
Pri PriPubPub
Pub Pub
Keyserver
Hi there!
Created with theprivate key
23
http://herraiz.org
Message signingMessage signing
Pri PriPubPub
Pub Pub
Keyserver
Hi there!
24
http://herraiz.org
Signing and encryptingSigning and encrypting
Pri PriPubPub
Pub Pub
Keyserver
Hi there!
25
http://herraiz.org
Signing and encryptingSigning and encrypting
Pri PriPubPub
Pub Pub
Keyserver
FAD43A
Pub
26
http://herraiz.org
Signing and encryptingSigning and encrypting
Pri PriPubPub
Pub Pub
Keyserver
FAD43A
Pub
27
http://herraiz.org
Signing and encryptingSigning and encrypting
Pri PriPubPub
Pub Pub
Keyserver
Hi there!
28
http://herraiz.org
Signing and encryptingSigning and encrypting
Pri PriPubPub
Pub Pub
Keyserver
Hi there!
29
http://herraiz.org
Identity certificationIdentity certification
How do you know thatpublic keys belong to their
legitimate owners?
Public key
Barack Obama
Can we ensure that thekey does belong to
Barack Obama?
30
http://herraiz.org
Identity certificationIdentity certification
Certificate Authorities
Trust chain
31
http://herraiz.org
Public key signingPublic key signing
● Public keys are plain text documents that can be cryptographically signed
● Mutual public signing adds identity certification to PKP schemes
32
http://herraiz.org
Public key signingPublic key signing
Pri PriPubPub
Pub Pub
Keyserver
Barack Obama
33
http://herraiz.org
Public key signingPublic key signing
Pri PriPubPub
Pub Pub
Keyserver
Barack Obama
Key FE0A7AF2Name Barack ObamaFingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2
34
http://herraiz.org
Public key signingPublic key signing
Pri PriPubPub
Pub Pub
Keyserver
Barack Obama
Key FE0A7AF2Name Barack ObamaFingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2
35
http://herraiz.org
Public key signingPublic key signing
Pri PriPubPub
Pub Pub
Keyserver
Barack Obama
Show meyour passport
Key FE0A7AF2Name Barack ObamaFingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2
36
http://herraiz.org
Passport
BarackObama
Public key signingPublic key signing
Pri PriPubPub
Pub Pub
Keyserver
Barack Obama
Key FE0A7AF2Name Barack ObamaFingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2
Show meyour passport
37
http://herraiz.org
Public key signingPublic key signing
PriPub
Pub Pub
Keyserver
Key FE0A7AF2Name Barack ObamaFingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2
Pub
Barack ObamaD0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2
Download key FE0A7AF2
38
http://herraiz.org
Public key signingPublic key signing
PriPub
Pub Pub
Keyserver
Key FE0A7AF2Name Barack ObamaFingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2
Pub
Barack ObamaD0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2
39
http://herraiz.org
Public key signingPublic key signing
PriPub
Pub Pub
Keyserver
Key FE0A7AF2Name Barack ObamaFingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2
Pub
Barack ObamaD0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF2
40
http://herraiz.org
Public key signingPublic key signing
PriPub
Pub Pub
Keyserver
PriPub
Barack Obama
Key signing isoften mutual
41
http://herraiz.org
Public key signingPublic key signing
Barack Obama
Pub
Pub
Pub
Is he Barack Obama?
Trust chain
42
http://herraiz.org
Signing partySigning party
43
http://herraiz.org
Take awayTake away
PK Cryptog.Secure comms.
throughinsec. channels
Each user createsa public-private
key pair
Keyserverscontain every
key in the world
Trust chainIdentity cert.
through public key signing