Crypto Tutorial (shrt) 6-16-99

icon

16

pages

icon

English

icon

Documents

Écrit par

Publié par

Le téléchargement nécessite un accès à la bibliothèque YouScribe Tout savoir sur nos offres

icon

16

pages

icon

English

icon

Documents

Le téléchargement nécessite un accès à la bibliothèque YouScribe Tout savoir sur nos offres

Crypto Concepts CrypTEC SystemsField-Maintainable Secure Operating SystemsCertificate VersionCryptographic Serial NumberSignature AlgorithmIssuer (authority)Concepts Validity DatesSubject (owner)Public Key InformationCertificate CAA Tutorial For BusyAuthoritySSignatureCA CABusiness Executives. Cert.Hash DigestSFundamental security objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4Privacy with secret-key and public key encryption . . . . . . . . . . . . . . . . . .6Integrity and non-repudiation with digital signatures . . . . . . . . . . . . . . . .8Authentication with digital certificates . . . . . . . . . . . . . . . . . . . . . . . . . .10An example of a hybrid crypto system — privacy-enhanced mail . . . . . .12Dual key sets for messaging and signing . . . . . . . . . . . . . . . . . . . . . . . . .13Cryptography summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14Simple examples of public key mathematics . . . . . . . . . . . . . . . . . . . . . .15Cryptographic Legend Please take a minute Hashing operation, resulting in a Digital certificate, signed by a CertificateHash P to learn these symbols. message digest Authority (CA)CAC.T.Message digestDigest Understanding them Symmetric key encrypting operation: lockingPublic key encrypting operation: creating ana secret message is essential to under-M electronic envelope or verifying a signatureM Private key decrypting operation: opening an ...
Voir icon arrow

Publié par

Langue

English

Crypto Concepts CrypTEC Systems
Field-Maintainable Secure Operating Systems
Certificate VersionCryptographic Serial Number
Signature Algorithm
Issuer (authority)Concepts Validity Dates
Subject (owner)
Public Key Information
Certificate CAA Tutorial For Busy
Authority
SSignature
CA CABusiness Executives. Cert.
Hash DigestSFundamental security objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Privacy with secret-key and public key encryption . . . . . . . . . . . . . . . . . .6
Integrity and non-repudiation with digital signatures . . . . . . . . . . . . . . . .8
Authentication with digital certificates . . . . . . . . . . . . . . . . . . . . . . . . . .10
An example of a hybrid crypto system — privacy-enhanced mail . . . . . .12
Dual key sets for messaging and signing . . . . . . . . . . . . . . . . . . . . . . . . .13
Cryptography summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Simple examples of public key mathematics . . . . . . . . . . . . . . . . . . . . . .15
Cryptographic Legend Please take a minute
Hashing operation, resulting in a Digital certificate, signed by a Certificate
Hash P to learn these symbols. message digest Authority (CA)
CAC.T.
Message digestDigest Understanding them
Symmetric key encrypting operation: lockingPublic key encrypting operation: creating an
a secret message is essential to under-M electronic envelope or verifying a signature
M Private key decrypting operation: opening an Symmetric key decrypting operation: unlock-
standing Cryptography. electronic envelope or creating a signature ing a secret message
Locked electronic envelope (typically con-
M C.R. Locked (symmetrically encrypted) message They will be used taining an encrypted session key)
CA Digital signature (a message digest, en-
? throughout the paper.Comparison: do these two equal each other?crypted with a private key)This document is for the busy executive who does not have time to become a “crypto
expert” to understand what technical people are saying. Cryptography is a complex
subject. However, it also is like a modern automobile: you don't have to know how to
build or fix a car to be qualified to drive it. This tutorial will give you enough informa-
tion to “drive” a crypto decision.
We are living in the Information Revolution, the third great revolution of humanity.
The Information Revolution succeeds the Agricultural Revolution and the Industrial
Revolution and, like the two that have gone before, is accelerating at a pace that has
not been experienced before. A dramatic alteration is taking place in the way informa-
tion is transmitted and exchanged. The traditional face-to-face, paper-based system we
have been using for the last thousand years or so is giving way to a new, faceless elec-
tronic commerce system that is rapidly expanding on a worldwide basis. We are cur-
rently caught between paper-based systems and the electronic versions that are replac-
ing them. This middle ground is painful. The paper-based systems still dominate, but
they are falling prey to advances in counterfeiting technologies at an alarming rate. (As
an example, in Northern California, a counterfeit California driver's license can be
bought on the street for $90, and that includes entering the illicit data in the
Department of Motor Vehicles’ computer!)
As the Information Revolution progresses, more and more paper-based systems are
being replaced by electronic means. Examples include paying for groceries at the
supermarket with our ATM cards, keeping our check registers on-line with
Quicken, sending e-mail to our business associates, and browsing the World
Wide Web to obtain dealer costs before negotiating with auto dealers.
Unfortunately, the very thing that attracts us to electronic com-
merce––the ease of manipulating information––also works for an
attacker in gaining access to critical information and using it
to damage the legitimate participants. Examples of elec-
tronic break-ins abound in daily life.
Digital transaction security has become a highly visible topic as more and more organi-
zations attempt to move critical and sensitive applications to open networks such as the
Internet. Companies have had to face the hard reality that the penalty for using the
Internet can be inferior security, which in turn has deterred many companies from
putting applications on the Internet or on internal intranets.
Modern cryptography can change that by providing digital security that is not only
equivalent, but is vastly superior to the paper-based system we have had for centuries.Fundamental
Security Objectives
As the information revolution has
entered our lives, some of our paper-
based transaction elements have been
replaced by electronic means.
Examples are when credit-card trans- very benefits that attracts us to elec-
actions are authorized over the phone tronic transactions —also works
or debit-card cash withdrawals are against us in terms of security. It is
authorized at the supermarket. simply too easy for a talented attacker
to gain access to critical information,
Unfortunately, the ease of moving
and in many cases, to change that
and storing information —one of the
information in ways that are damag-
ing to the interests of the legitimate
participants.
If the promise of electronic com-
merce is to be fulfilled, electronic
security elements have to be at leastProper security should
as good as face-to-face, paper-based
allow the transaction to security. And given the increasing vul-
nerability of paper systems to coun-
happen, prevent either terfeiting, and the fact that electronic
commerce breaks through the naturalparticipant from falsify-
ing any aspects of the
transaction (including
their identity), keep all
elements of the transac-
tion private, and leave
an audit trail for third
parties and law enforce-
ment to follow in case
of disputes or fraud.
(T 283ndks93n2-
3= fke49 d FO”
t mT%6 & 8_F d
x! tu rF
T*&+! # 657598
4What is security? How
do you know when you
have it? If the face-to-
face system we have
barriers of geography, time and physi-
used for thousands ofcal instruments, the need for electron-
ic substitutes is ever increasing.
years is examined, it
The good news is that with modern
becomes obvious thatcryptography, all of the elements of
face-to-face, paper-based transactions transactional security
can be replaced with electronic trans-
actions, which include: consists of four critical
• Privacy components: privacy,
• Authentication is usually a matter of transport such authentication, integri-
that the transacting entities are close
• Integrity
enough to communicate and transact. ty, and non-repudiation.
• Non-repudiation However, when the transaction takes
place over electronic facilities —even
Added to these four is one more ele-
if that transaction has all of the prop-
ment needed to accomplish security
er, digital-transaction security
over electronic networks: availability.
features —it is still possible for an
Legitimate users should not be denied
attacker to harm the participants by
access to information and resources.
denying them service (e.g., cut the
In the face-to-face world, availability
line, kill the power, jam the channel).
Of course, even if all four elements of
transactional security are in place, you
still may be defrauded by an unscrupu-
lous person—say, someone takes your
money and fails to deliver their end of
the bargain. However, if your security
is proper, that unscrupulous person
will have left an audit trail for the
authorities to follow and will not be
able to stay in business for very long.
Traditional paper method Electronic crypto method
Privacy is enforced by physical limitations such as dis- Digital privacy is enforced by symmetric encryption that is virtuallyPrivacy
tance, closed doors, safes, cabinets, and envelopes. impossible to break when used properly. Others may be able to copy the
These are used so others cannot see our transactions. transactions, but they will not be able to decode and understand them.
When we want to ensure that the people we deal with Digital authentication is produced via certificates—electronic “driver’sAuthentication
are who they say they are, we inspect a driver’s license licenses” digitally “signed” (hashed and encrypted by a private key) by a
or passport—examples of authentication. trusted authority—and a digital signature on a challenge file.
A transaction can be verified by carefully inspecting Digital verification reverses the signing process: a signature is decryptedIntegrity
the document that is authorized, to insure it properly with the authorizer’s public key to obtain the message digest. The mes-
represents the correct characteristics of the transac- sage is hashed to create a second digest. If the digests are identical, the
tion and was properly authorized, typically through a message is authentic and the signer’s identity is proven. Digital security
signature. The integrity of paper transaction protocols requires properly secured secret and private keys, and tamper-resistant
are protected by civil and criminal justice systems. protocols for system integrity.
A hand-written signatur

Voir icon more
Alternate Text