9
y Asymmetric encryption y Each participant self g enerates a keypair y Encryption Secret Key, Public Key Encryption Message encrypted by a recipient’s public key y Decryption M d db ii k Message decryptedby a recipients secret k ey

clee9 Final Presentation - stevens.netmeister.orgjschauma/765-ASA/... · Step 1: I am XXX server Step_1: . Step_2: 777 Step_3: 777 Step_4: 10566 client Step_5: 1056 OK Validation

  • Upload
    others

  • View
    1

  • Download
    0

Embed Size (px)

Citation preview

Page 1: clee9 Final Presentation - stevens.netmeister.orgjschauma/765-ASA/... · Step 1: I am XXX server Step_1: . Step_2: 777 Step_3: 777 Step_4: 10566 client Step_5: 1056 OK Validation

Asymmetric encryptionEach participant self generates a key pairp p g y p

Encryption

Secret  Key, Public Key

EncryptionMessage encrypted by a recipient’s public key

DecryptionM  d d b     i i ’     k   Message decrypted by a recipient’s  secret key  

Page 2: clee9 Final Presentation - stevens.netmeister.orgjschauma/765-ASA/... · Step 1: I am XXX server Step_1: . Step_2: 777 Step_3: 777 Step_4: 10566 client Step_5: 1056 OK Validation

blProblem:Case 1:  Bad guy

Sender ReceiverPs; Ss; Pr Ps; Sr; Pr{Message}Ps

Case 2: Bad guyCase 2: Bad guy

P  S  P S d{Message}Ss Receiver Ps; Sr; Pr

Ps; Ss; Pr Sender

Page 3: clee9 Final Presentation - stevens.netmeister.orgjschauma/765-ASA/... · Step 1: I am XXX server Step_1: . Step_2: 777 Step_3: 777 Step_4: 10566 client Step_5: 1056 OK Validation

Bad guy

?

Ps; Ss; Pr {{Message}Ss}PrP  S  P

?

Ps; Ss; PrSender

{{ g } }Receiver Pr; Sr; Ps

‐ Data Encryption Standard (DES)‐ Data Encryption Standard (DES)

Page 4: clee9 Final Presentation - stevens.netmeister.orgjschauma/765-ASA/... · Step 1: I am XXX server Step_1: . Step_2: 777 Step_3: 777 Step_4: 10566 client Step_5: 1056 OK Validation

Diff H ll  K  E hDiffe‐Hellman Key ExchangeThe dynamic exchange of keysCommunication overheadCommunication overhead

RSARSAStatic key for each receiverDistributed the key by a formal trusted authorityDistributed the key by a formal trusted authorityReduces communication overhead

Page 5: clee9 Final Presentation - stevens.netmeister.orgjschauma/765-ASA/... · Step 1: I am XXX server Step_1: . Step_2: 777 Step_3: 777 Step_4: 10566 client Step_5: 1056 OK Validation

T f t th ti tiTwo-factor authentication

Chip Authentication ProgramChip Authentication Program

Pseudo random numberPseudo‐random number

PIN or Password

Page 6: clee9 Final Presentation - stevens.netmeister.orgjschauma/765-ASA/... · Step 1: I am XXX server Step_1: . Step_2: 777 Step_3: 777 Step_4: 10566 client Step_5: 1056 OK Validation

Step 1: I am XXX

server

Step_1: I am XXX.

Step_2: 777Step_3: 777

clientS   6 serverclientStep_4: 1056 Step_5: 1056

OK

Validationf(777)=1056Success!!!Success!!!

Page 7: clee9 Final Presentation - stevens.netmeister.orgjschauma/765-ASA/... · Step 1: I am XXX server Step_1: . Step_2: 777 Step_3: 777 Step_4: 10566 client Step_5: 1056 OK Validation

Step_1: I am XXX.

Step_2: 777Step_3: 777

clientStep_4: 1056

Step_5: 1056

OKserver

Validationf(777)=1056777 => 1056 (777) 5Success!!!.

.

.

Page 8: clee9 Final Presentation - stevens.netmeister.orgjschauma/765-ASA/... · Step 1: I am XXX server Step_1: . Step_2: 777 Step_3: 777 Step_4: 10566 client Step_5: 1056 OK Validation

Step 1: I am XXX

server

Step_1: I am XXX.

Step_2: 777Step_3: 777

clientS   6 serverclientStep_4: 1056 Step_5: 1056

OK

Validationf(777)=1056Success!!!

‐Build‐in Clock‐ Factory‐encoded random key (seed)‐ One time passwords

‐Build‐in Clock‐ Factory‐encoded random key (seed)‐ One time passwords Success!!!One time passwords‐ Declining authentication if we found two credentials within the same time frame

One time passwords‐ Declining authentication if we found two credentials within the same time framea e‐ Utilize encryption mechanismsa e

‐ Utilize encryption mechanisms

Page 9: clee9 Final Presentation - stevens.netmeister.orgjschauma/765-ASA/... · Step 1: I am XXX server Step_1: . Step_2: 777 Step_3: 777 Step_4: 10566 client Step_5: 1056 OK Validation

Cost effectivenessCost effectiveness Hiffe‐Hellman Public Key Exchange

Hiffe‐Hellman Public Key Exchange

RSA Secure ID ProtocolRSA Secure ID Protocol??????