SlideShare ist ein Scribd-Unternehmen logo

enkripsi and authentication

Als PPT, PDF herunterladen
ahmad amiruddin
ahmad amiruddin

1) Symmetric-key cryptography uses the same key to encrypt and decrypt data but requires a secure way to share the secret key between parties. 2) Public-key cryptography addresses this issue by using different but mathematically linked public and private keys, allowing secure communication without pre-shared keys. 3) Digital signatures use public-key cryptography to authenticate senders, working by encrypting a digest of the message with the sender's private key that can be decrypted and verified using their public key.

TechnologieBildung
1 von 26
Pertemuan-13 Enkripsi and Authentication Jaringan Komputer Teknik Informatika Universitas Yudharta Pasuruan 2012 MOCHAMAD SIRODJUDIN, S.Kom, MM www.sirodjudin.com
Symmetric-key Cryptography • Data encrypted and decrypted with same key • Classical examples: Caesar cipher, one-time pad, Enigma Machine
Symmetric-key Cryptography: Drawbacks • How do the parties get the shared, secret key? • How do we transmit this or establish it securely? • Must have some secret or ‘offline’ way of sending the secret. • This is really hard to do in some situations… • You could read it to them over the phone, but someone could be tapping your phone in addition to your internet connection. • How can we both get the shared secret?
Public Key Cryptography Each user has a keypair, consisting of a public and private key • Anything encrypted with one key may only be decrypted by the other. • To make message readable only by B, encrypt message using B's public key
Where we are now… • We can send coded messages without having to establish any shared secret keys between us ahead of time. • There’s another exciting application of this technology from the fact that Public and Private keys can be used to decode one another (no matter which is used to encode in the first place). • But why would someone code a message with their private key. Anyone in the world could use their public key to decode it…
Digital Signatures I • Well, what would the receiver know about the sender of a message if Bob Smith’s public key can decode the message? • Whoever sent the message had Bob Smith’s private key… (So, it was probably Bob Smith.) • We’re no longer keeping the contents of a message secret. Now we have found a way to verify who was the sender of a message. • Also, we know that nobody but Bob Smith modified the contents of the message along the way. (So, it’s intact and how Bob last saw it.)
Digital Signatures II Using Public-Key Crypto for Strong Authentication • Switch the roles of the keys • Encrypt with Private key ("signing") • Decrypt with Public key ("verifying" ) • Anyone (B) can read the message, • But only A could have generated it
Digital Signatures III • But there’s a problem… The Encoding/Decoding step for public/private key cryptography is really slow. • For secret agents and governments and people who really care about the secrecy of their message, this isn’t a big deal. • But for a lot of people who’d just like a digital signature, this slowness almost makes it not worthwhile to use the technology.
Digital Signatures IV • What if we only encrypt a part of the message? But then someone could go in and change the non-signed part, and we’d never know if Bob Smith really did that. • What if there was some good way to calculate some compressed or smaller form of the text and then encrypt/sign that? • But the smaller piece of text (or “digest”) would have to reflect the whole text in some way or else we have the same forgery problem as above. There are ways to do this…
Digital Signatures V • Remember our original digital signature picture?
Digital Signatures VI Signature Generation: Signature Verification:
A Digitally Signed Message (PGP) -----BEGIN PGP SIGNED MESSAGE----Dear Alice: I'm getting very tired of cryptographers talking about us behind our back. Why can't they keep their nosesin their own affairs?! Really, it's enough to make me paranoid. Sincerely, Bob -----BEGIN PGP SIGNATURE----Version: 2.6.2 iQB1AwUBL4XFS2F2HFbSU7RpAQEqsQMAvo3mETurtUnLBL zCj9/U8oOQg/T7iQcJvzMedbCfdR6ah8sErMV+3VRid64o2h2 XwlKAWpfVcC+2v5pba+BPvd86KIP1xRFIe3ipmDnMaYP+iV bxxBPVELundZZw7IRE=Xvrc -----END PGP SIGNATURE-----
But we’ve made an assumption here… • We’ve assumed that there’s an easy and accurate way to look up the public key for someone. • What if some imposter just makes a web page, claims to be Bob Smith, and publishes a public key that is supposedly for Bob Smith (but it’s really for them). • Now this imposter could send us e-mails, sign them as Bob Smith, and we might now know the difference.
Verify a Public Key… • How can we know that the public key we look up for someone really is the correct public key for that person. (And not just some key put up by an imposter who’s pretending to be Bob Smith.) • Well, there’s companies that make a big business out of this. They keep secure registries of listings of actual people and corporations and store a copy of their official public key. • You can go to this trusted company and know you’re getting the right public key for Bob Smith.
A lot of business for one company… • But there could be millions of times a day that people need to check digital signatures. This could just overwhelm some company. • So, the one company can also verify that a second company is also a trustworthy place to ask about people’s public keys. • So, now future requests for verification of public keys can go to these sub-companies.
Chain of Trust I • There’s a “Chain of Trust.” Start with a ‘root’ and grow the trust tree/chain until we find a company that is willing to verify Bob Smith’s public key. VeriSign Microsoft MSN Bob Smith
Chain of Trust II • There’s a “Chain of Trust.” Start with a ‘root’ and grow the trust tree/chain until we find a company that is willing to verify Bob Smith’s public key. VeriSign Microsoft Sheila Roy MSN Bob Smith
That slowness problem… • So, we’ve seen: • Symmetric Cryptography – Fast. • Asymmetric (or Public Key) Cryptography – Slow. • Digital Signatures (which use Private/Public Keys) —Chains of Trust of public key verification. • We also saw how to deal with the slowness issue for digital signatures. (Using a “digest.”) • Is there any way we can compensate for slowness in the general message encoding task? • Can we get the speed of symmetric cryptography? • With the convenience of public key cryptography?
What’s the problem with each? • Asymmetric is slower than symmetric. • Symmetric is hard to use because you need a secret/secure way to agree on your shared key. • What if we use the slow asymmetric cryptography to send a very short message: We send the secret shared key for symmetric. • Then we use symmetric crypto from then on. “Secure Socket Layer” Coding.
Secure Socket Layer • Used by most websites for secure connections and for financial transactions to keep info safe. • Encrypts the info you send to the site and the info it sends to you. It also authenticates that the site you are connected to is really who you think it is. • You can tell that this is being used when you see the little yellow padlock icon in Internet Explorer. • SSL uses Symmetric crypto, Asymmetric crypto, and Digital Signatures.
How does SSL Work? (1) • Go to a website for a financial transaction. • It sends you a ‘certificate’ claiming to be some organization and claiming to have some public key. • Your browser uses a chain of trust until it finds a site you trust to will “vouch” for the accuracy of the certificate the website sent you. • Now, you know that the Amazon.com site you are looking at is really authentic. You also know the public key for Amazon; so, you can send it stuff.
How does SSL Work? (2) • Now you can send stuff to Amazon securely using asymmetric public/private key cryptography. But this is a bit slow. • What do you send them? SHARED SECRET KEY. • If you both have this shared secret key, you can now use symmetric cryptography to do the rest of the transaction and send info in both directions. Symmetric crypto is a lot faster than asymmetric.
Look at a web page with a certificate… • Check out www.citizensbank.com. • Go to the Personal Banking Log-in Page. • File: Properties: Certificates. • This webpage is digitally signed by the bank so that you know it is the official bank web page and not some kind of imposter. • In this case, a ‘root’ has directly verified the bank’s public key.
Key length and security in real use • How could we break each part of this? • Factoring is the method to break public/private keys; to break a 1024-bit private key, one would need to factor an integer of length 1024 bits (or over 300 decimal digits), which is well beyond what anybody has done to date (currently people can factor numbers of about 130 digits with lots of computing power and time ….) (from RSA Security)
Key length and security in real use II But one can also attack encryption by trying to break the symmetric key…. Here, there’s no math trick to break it. You just try all the possible keys. But adding just one bit to the length of a symmetric key doubles the number of possible keys and the amount of time that is needed to find the right one. For example, the number of possible keys in a 56-bit encrypted message is about 72 quadrillion keys, or 72,057,594,037,927,936. Symmetric keys typically have lengths between 40 and 128 bits. Public keys typically have lengths between 512 and 2048 bits. Both the symmetric and public keys need to be long enough to withstand an attack. (from RSA Security)
So We’ve Seen… • Symmetric Crypto – Fast, but hard to share secret • Asymmetric Crypto – Slow but easier to set up • Digital Signatures – Uses Asymmetric, Digests, Chains of Trust • Secure Socket Layer – Uses all three of the above techniques to allow people to authenticate the sender of a web page and conduct secure business with it without having to use a lot of slow asymmetric cryptography.

Empfohlen

I Did Not Write This Document And Can Prove It!
I Did Not Write This Document And Can Prove It!I Did Not Write This Document And Can Prove It!
I Did Not Write This Document And Can Prove It!
jmoquendo
 
Whatisdigitalsignature
WhatisdigitalsignatureWhatisdigitalsignature
Whatisdigitalsignature
Kishankant Yadav
 
Passwords
PasswordsPasswords
Passwords
Kevin OBrien
 
SSL certificates
SSL certificatesSSL certificates
SSL certificates
Kevin OBrien
 
Network security notes
Network security notesNetwork security notes
Network security notes
netlabacademy
 
CGI White Paper - Key Incryption Mechanism
CGI White Paper - Key Incryption MechanismCGI White Paper - Key Incryption Mechanism
CGI White Paper - Key Incryption Mechanism
Amit Singh
 
Cryptography and security
Cryptography and securityCryptography and security
Cryptography and security
research30
 
Using PGP for securing the e-mail
Using PGP for securing the e-mailUsing PGP for securing the e-mail
Using PGP for securing the e-mail
davidepiccardi
 

Empfohlen

I Did Not Write This Document And Can Prove It!
I Did Not Write This Document And Can Prove It!I Did Not Write This Document And Can Prove It!
I Did Not Write This Document And Can Prove It!
jmoquendo
 
Whatisdigitalsignature
WhatisdigitalsignatureWhatisdigitalsignature
Whatisdigitalsignature
Kishankant Yadav
 
Passwords
PasswordsPasswords
Passwords
Kevin OBrien
 
SSL certificates
SSL certificatesSSL certificates
SSL certificates
Kevin OBrien
 
Network security notes
Network security notesNetwork security notes
Network security notes
netlabacademy
 
CGI White Paper - Key Incryption Mechanism
CGI White Paper - Key Incryption MechanismCGI White Paper - Key Incryption Mechanism
CGI White Paper - Key Incryption Mechanism
Amit Singh
 
Cryptography and security
Cryptography and securityCryptography and security
Cryptography and security
research30
 
Using PGP for securing the e-mail
Using PGP for securing the e-mailUsing PGP for securing the e-mail
Using PGP for securing the e-mail
davidepiccardi
 
cryptography
cryptographycryptography
cryptography
Balaji Ravi
 
The ultimate privacy guide
The ultimate privacy guideThe ultimate privacy guide
The ultimate privacy guide
JD Liners
 
OSDC 2014: Michael Renner - Secure encryption in a wiretapped future
OSDC 2014: Michael Renner - Secure encryption in a wiretapped futureOSDC 2014: Michael Renner - Secure encryption in a wiretapped future
OSDC 2014: Michael Renner - Secure encryption in a wiretapped future
NETWAYS
 
Introduction PGP-GPG Subkey Management
Introduction PGP-GPG Subkey ManagementIntroduction PGP-GPG Subkey Management
Introduction PGP-GPG Subkey Management
n|u - The Open Security Community
 
CAN BLOCKCHAIN PRIVATE KEY BE HACKED?
CAN BLOCKCHAIN PRIVATE KEY BE HACKED?CAN BLOCKCHAIN PRIVATE KEY BE HACKED?
CAN BLOCKCHAIN PRIVATE KEY BE HACKED?
Blockchain Council
 
Information Security
Information SecurityInformation Security
Information Security
Presentaionslive.blogspot.com
 
Some Thoughts On Bitcoin
Some Thoughts On BitcoinSome Thoughts On Bitcoin
Some Thoughts On Bitcoin
Dan Kaminsky
 
How encryption works
How encryption worksHow encryption works
How encryption works
RaxTonProduction
 
Keynote - Closing the TLS Authentication Gap
Keynote - Closing the TLS Authentication GapKeynote - Closing the TLS Authentication Gap
Keynote - Closing the TLS Authentication Gap
SecurityTube.Net
 
Cryptography
CryptographyCryptography
Cryptography
Jasim Jas
 
Cryptography Unchained - BeeBryte (White Paper)
Cryptography Unchained - BeeBryte (White Paper) Cryptography Unchained - BeeBryte (White Paper)
Cryptography Unchained - BeeBryte (White Paper)
BeeBryte | Energy Intelligence & Automation
 
Analysis of Cryptography Techniques
Analysis of Cryptography TechniquesAnalysis of Cryptography Techniques
Analysis of Cryptography Techniques
editor1knowledgecuddle
 
Cyber public key cryptography
Cyber public key cryptographyCyber public key cryptography
Cyber public key cryptography
Gopika Babu
 
Basic concept of pki
Basic concept of pkiBasic concept of pki
Basic concept of pki
Prabhat Goel
 
Cryptography
CryptographyCryptography
Cryptography
Milap Oza
 
Kisi kisi-ujian-nasional-2016-smk 2
Kisi kisi-ujian-nasional-2016-smk 2Kisi kisi-ujian-nasional-2016-smk 2
Kisi kisi-ujian-nasional-2016-smk 2
heri baskoro
 
Tugas terstruktur kkpi (sejarah jaringan komputer)
Tugas terstruktur kkpi (sejarah jaringan komputer)Tugas terstruktur kkpi (sejarah jaringan komputer)
Tugas terstruktur kkpi (sejarah jaringan komputer)
srimanisaja
 
6 materi analisis buku kur'13 edit syahril 290914
6 materi analisis buku kur'13 edit syahril 2909146 materi analisis buku kur'13 edit syahril 290914
6 materi analisis buku kur'13 edit syahril 290914
EKO SUPRIYADI
 
Silabus sistem komputer smt 1
Silabus sistem komputer smt 1Silabus sistem komputer smt 1
Silabus sistem komputer smt 1
Ikatan Guru Indonesia
 
Struktur kurikulum-tkj
Struktur kurikulum-tkjStruktur kurikulum-tkj
Struktur kurikulum-tkj
heri baskoro
 
Kurikulum tkj tahun 2016/2017 smk pgri enrekang
Kurikulum tkj tahun 2016/2017 smk pgri enrekangKurikulum tkj tahun 2016/2017 smk pgri enrekang
Kurikulum tkj tahun 2016/2017 smk pgri enrekang
Novian Siswahyudi
 
MAPEL SISTEM KOMPUTER KELAS X
MAPEL SISTEM KOMPUTER KELAS XMAPEL SISTEM KOMPUTER KELAS X
MAPEL SISTEM KOMPUTER KELAS X
ndriehs
 

Weitere ähnliche Inhalte

Was ist angesagt?

OSDC 2014: Michael Renner - Secure encryption in a wiretapped future
OSDC 2014: Michael Renner - Secure encryption in a wiretapped futureOSDC 2014: Michael Renner - Secure encryption in a wiretapped future
OSDC 2014: Michael Renner - Secure encryption in a wiretapped future
NETWAYS
 
Keynote - Closing the TLS Authentication Gap
Keynote - Closing the TLS Authentication GapKeynote - Closing the TLS Authentication Gap
Keynote - Closing the TLS Authentication Gap
SecurityTube.Net
 
Analysis of Cryptography Techniques
Analysis of Cryptography TechniquesAnalysis of Cryptography Techniques
Analysis of Cryptography Techniques
editor1knowledgecuddle
 
Basic concept of pki
Basic concept of pkiBasic concept of pki
Basic concept of pki
Prabhat Goel
 

Was ist angesagt? (15)

cryptography
cryptographycryptography
cryptography
 
The ultimate privacy guide
The ultimate privacy guideThe ultimate privacy guide
The ultimate privacy guide
 
OSDC 2014: Michael Renner - Secure encryption in a wiretapped future
OSDC 2014: Michael Renner - Secure encryption in a wiretapped futureOSDC 2014: Michael Renner - Secure encryption in a wiretapped future
OSDC 2014: Michael Renner - Secure encryption in a wiretapped future
 
Introduction PGP-GPG Subkey Management
Introduction PGP-GPG Subkey ManagementIntroduction PGP-GPG Subkey Management
Introduction PGP-GPG Subkey Management
 
CAN BLOCKCHAIN PRIVATE KEY BE HACKED?
CAN BLOCKCHAIN PRIVATE KEY BE HACKED?CAN BLOCKCHAIN PRIVATE KEY BE HACKED?
CAN BLOCKCHAIN PRIVATE KEY BE HACKED?
 
Information Security
Information SecurityInformation Security
Information Security
 
Some Thoughts On Bitcoin
Some Thoughts On BitcoinSome Thoughts On Bitcoin
Some Thoughts On Bitcoin
 
How encryption works
How encryption worksHow encryption works
How encryption works
 
Keynote - Closing the TLS Authentication Gap
Keynote - Closing the TLS Authentication GapKeynote - Closing the TLS Authentication Gap
Keynote - Closing the TLS Authentication Gap
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography Unchained - BeeBryte (White Paper)
Cryptography Unchained - BeeBryte (White Paper) Cryptography Unchained - BeeBryte (White Paper)
Cryptography Unchained - BeeBryte (White Paper)
 
Analysis of Cryptography Techniques
Analysis of Cryptography TechniquesAnalysis of Cryptography Techniques
Analysis of Cryptography Techniques
 
Cyber public key cryptography
Cyber public key cryptographyCyber public key cryptography
Cyber public key cryptography
 
Basic concept of pki
Basic concept of pkiBasic concept of pki
Basic concept of pki
 
Cryptography
CryptographyCryptography
Cryptography
 

Andere mochten auch

Tugas terstruktur kkpi (sejarah jaringan komputer)
Tugas terstruktur kkpi (sejarah jaringan komputer)Tugas terstruktur kkpi (sejarah jaringan komputer)
Tugas terstruktur kkpi (sejarah jaringan komputer)
srimanisaja
 
6 materi analisis buku kur'13 edit syahril 290914
6 materi analisis buku kur'13 edit syahril 2909146 materi analisis buku kur'13 edit syahril 290914
6 materi analisis buku kur'13 edit syahril 290914
EKO SUPRIYADI
 
Menghitung Jam Produktif Kejuruan SMK
Menghitung Jam Produktif Kejuruan SMKMenghitung Jam Produktif Kejuruan SMK
Menghitung Jam Produktif Kejuruan SMK
jibaini
 
Struktur kurikulum smk dan perhitungan jam produktif
Struktur kurikulum smk dan perhitungan jam produktifStruktur kurikulum smk dan perhitungan jam produktif
Struktur kurikulum smk dan perhitungan jam produktif
Wan Yogaswara
 
Pemetaan sk, kd adiwiyata 2013
Pemetaan sk, kd adiwiyata 2013Pemetaan sk, kd adiwiyata 2013
Pemetaan sk, kd adiwiyata 2013
SMA Negeri 2 Tuban
 

Andere mochten auch (20)

Kisi kisi-ujian-nasional-2016-smk 2
Kisi kisi-ujian-nasional-2016-smk 2Kisi kisi-ujian-nasional-2016-smk 2
Kisi kisi-ujian-nasional-2016-smk 2
 
Tugas terstruktur kkpi (sejarah jaringan komputer)
Tugas terstruktur kkpi (sejarah jaringan komputer)Tugas terstruktur kkpi (sejarah jaringan komputer)
Tugas terstruktur kkpi (sejarah jaringan komputer)
 
6 materi analisis buku kur'13 edit syahril 290914
6 materi analisis buku kur'13 edit syahril 2909146 materi analisis buku kur'13 edit syahril 290914
6 materi analisis buku kur'13 edit syahril 290914
 
Silabus sistem komputer smt 1
Silabus sistem komputer smt 1Silabus sistem komputer smt 1
Silabus sistem komputer smt 1
 
Struktur kurikulum-tkj
Struktur kurikulum-tkjStruktur kurikulum-tkj
Struktur kurikulum-tkj
 
Kurikulum tkj tahun 2016/2017 smk pgri enrekang
Kurikulum tkj tahun 2016/2017 smk pgri enrekangKurikulum tkj tahun 2016/2017 smk pgri enrekang
Kurikulum tkj tahun 2016/2017 smk pgri enrekang
 
MAPEL SISTEM KOMPUTER KELAS X
MAPEL SISTEM KOMPUTER KELAS XMAPEL SISTEM KOMPUTER KELAS X
MAPEL SISTEM KOMPUTER KELAS X
 
Silabus SISTEM KOMPUTER SMK X
Silabus SISTEM KOMPUTER SMK XSilabus SISTEM KOMPUTER SMK X
Silabus SISTEM KOMPUTER SMK X
 
MATERI SISTEM KOMPUTER KELAS X
MATERI SISTEM KOMPUTER KELAS XMATERI SISTEM KOMPUTER KELAS X
MATERI SISTEM KOMPUTER KELAS X
 
Rahadi - TIK C1 X TKJ Silabus Sistem Komputer Genap
Rahadi - TIK C1 X TKJ Silabus Sistem Komputer GenapRahadi - TIK C1 X TKJ Silabus Sistem Komputer Genap
Rahadi - TIK C1 X TKJ Silabus Sistem Komputer Genap
 
RPP KD 3.8/4.8 Sistem Komputer X TKJ SMK
RPP KD 3.8/4.8 Sistem Komputer X TKJ SMKRPP KD 3.8/4.8 Sistem Komputer X TKJ SMK
RPP KD 3.8/4.8 Sistem Komputer X TKJ SMK
 
RPP KD 3.9/4.9 Sistem Komputer X TKJ SMK
RPP KD 3.9/4.9 Sistem Komputer X TKJ SMKRPP KD 3.9/4.9 Sistem Komputer X TKJ SMK
RPP KD 3.9/4.9 Sistem Komputer X TKJ SMK
 
Menghitung Jam Produktif Kejuruan SMK
Menghitung Jam Produktif Kejuruan SMKMenghitung Jam Produktif Kejuruan SMK
Menghitung Jam Produktif Kejuruan SMK
 
Materi Sistem Komputer Kelas X Semester 1
Materi Sistem Komputer Kelas X Semester 1Materi Sistem Komputer Kelas X Semester 1
Materi Sistem Komputer Kelas X Semester 1
 
Perhitungan Alokasi Waktu
Perhitungan Alokasi Waktu Perhitungan Alokasi Waktu
Perhitungan Alokasi Waktu
 
FORMAT PERUBAHAN RPP KURIKULUM 2013
FORMAT PERUBAHAN RPP KURIKULUM 2013FORMAT PERUBAHAN RPP KURIKULUM 2013
FORMAT PERUBAHAN RPP KURIKULUM 2013
 
Struktur kurikulum smk dan perhitungan jam produktif
Struktur kurikulum smk dan perhitungan jam produktifStruktur kurikulum smk dan perhitungan jam produktif
Struktur kurikulum smk dan perhitungan jam produktif
 
Pemetaan sk, kd adiwiyata 2013
Pemetaan sk, kd adiwiyata 2013Pemetaan sk, kd adiwiyata 2013
Pemetaan sk, kd adiwiyata 2013
 
Penilaian ketrampilan Kurikulum 2013 edisi Revisi 2016
Penilaian ketrampilan Kurikulum 2013 edisi Revisi 2016Penilaian ketrampilan Kurikulum 2013 edisi Revisi 2016
Penilaian ketrampilan Kurikulum 2013 edisi Revisi 2016
 
SKL-KI-KD Kurikulum 2013
SKL-KI-KD Kurikulum 2013SKL-KI-KD Kurikulum 2013
SKL-KI-KD Kurikulum 2013
 

Ähnlich wie enkripsi and authentication

encryption
encryptionencryption
encryption
s1170037
 

Ähnlich wie enkripsi and authentication (20)

Security everywhere digital signature and digital fingerprint v1 (personal)
Security everywhere digital signature and digital fingerprint v1 (personal)Security everywhere digital signature and digital fingerprint v1 (personal)
Security everywhere digital signature and digital fingerprint v1 (personal)
 
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
 
[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies
 
Cryptointro
CryptointroCryptointro
Cryptointro
 
Public private key
Public private keyPublic private key
Public private key
 
Cgi whpr 35_pki_e
Cgi whpr 35_pki_eCgi whpr 35_pki_e
Cgi whpr 35_pki_e
 
Defcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoDefcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using Crypto
 
Encryption for Everyone
Encryption for EveryoneEncryption for Everyone
Encryption for Everyone
 
Dissemination of knowledge on Secure Systems Engineering
Dissemination of knowledge on Secure Systems EngineeringDissemination of knowledge on Secure Systems Engineering
Dissemination of knowledge on Secure Systems Engineering
 
lesson
lessonlesson
lesson
 
Blockchain meetup
Blockchain meetupBlockchain meetup
Blockchain meetup
 
Security pre
Security preSecurity pre
Security pre
 
Dmk bo2 k8_ccc
Dmk bo2 k8_cccDmk bo2 k8_ccc
Dmk bo2 k8_ccc
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Ss
SsSs
Ss
 
Amazon
AmazonAmazon
Amazon
 
Amazon
AmazonAmazon
Amazon
 
Amazon
AmazonAmazon
Amazon
 
encryption
encryptionencryption
encryption
 

Mehr von ahmad amiruddin

introduction to security
introduction to securityintroduction to security
introduction to security
ahmad amiruddin
 
transport layer protocol
transport layer protocoltransport layer protocol
transport layer protocol
ahmad amiruddin
 
penerapan ip address subnet
penerapan ip address subnetpenerapan ip address subnet
penerapan ip address subnet
ahmad amiruddin
 
ip address and subnet address
ip address and subnet addressip address and subnet address
ip address and subnet address
ahmad amiruddin
 
konsep dasar jaringan komputer
konsep dasar jaringan komputerkonsep dasar jaringan komputer
konsep dasar jaringan komputer
ahmad amiruddin
 
membuat desain sistem keamanan jaringan
membuat desain sistem keamanan jaringanmembuat desain sistem keamanan jaringan
membuat desain sistem keamanan jaringan
ahmad amiruddin
 
mengadministrasi server dalam jaringan
mengadministrasi server dalam jaringanmengadministrasi server dalam jaringan
mengadministrasi server dalam jaringan
ahmad amiruddin
 

Mehr von ahmad amiruddin (16)

firewall
firewallfirewall
firewall
 
security
securitysecurity
security
 
introduction to security
introduction to securityintroduction to security
introduction to security
 
application layer
application layerapplication layer
application layer
 
transport layer protocol
transport layer protocoltransport layer protocol
transport layer protocol
 
protokol routing
protokol routingprotokol routing
protokol routing
 
routing
routingrouting
routing
 
penerapan ip address subnet
penerapan ip address subnetpenerapan ip address subnet
penerapan ip address subnet
 
manajemen ip
manajemen ipmanajemen ip
manajemen ip
 
ip address and subnet address
ip address and subnet addressip address and subnet address
ip address and subnet address
 
internet layer protokol
internet layer protokolinternet layer protokol
internet layer protokol
 
data link layer
data link layerdata link layer
data link layer
 
referensi osi
referensi osireferensi osi
referensi osi
 
konsep dasar jaringan komputer
konsep dasar jaringan komputerkonsep dasar jaringan komputer
konsep dasar jaringan komputer
 
membuat desain sistem keamanan jaringan
membuat desain sistem keamanan jaringanmembuat desain sistem keamanan jaringan
membuat desain sistem keamanan jaringan
 
mengadministrasi server dalam jaringan
mengadministrasi server dalam jaringanmengadministrasi server dalam jaringan
mengadministrasi server dalam jaringan
 

Kürzlich hochgeladen

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Kürzlich hochgeladen (20)

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 

enkripsi and authentication

  • 1. Pertemuan-13 Enkripsi and Authentication Jaringan Komputer Teknik Informatika Universitas Yudharta Pasuruan 2012 MOCHAMAD SIRODJUDIN, S.Kom, MM www.sirodjudin.com
  • 2. Symmetric-key Cryptography • Data encrypted and decrypted with same key • Classical examples: Caesar cipher, one-time pad, Enigma Machine
  • 3. Symmetric-key Cryptography: Drawbacks • How do the parties get the shared, secret key? • How do we transmit this or establish it securely? • Must have some secret or ‘offline’ way of sending the secret. • This is really hard to do in some situations… • You could read it to them over the phone, but someone could be tapping your phone in addition to your internet connection. • How can we both get the shared secret?
  • 4. Public Key Cryptography Each user has a keypair, consisting of a public and private key • Anything encrypted with one key may only be decrypted by the other. • To make message readable only by B, encrypt message using B's public key
  • 5. Where we are now… • We can send coded messages without having to establish any shared secret keys between us ahead of time. • There’s another exciting application of this technology from the fact that Public and Private keys can be used to decode one another (no matter which is used to encode in the first place). • But why would someone code a message with their private key. Anyone in the world could use their public key to decode it…
  • 6. Digital Signatures I • Well, what would the receiver know about the sender of a message if Bob Smith’s public key can decode the message? • Whoever sent the message had Bob Smith’s private key… (So, it was probably Bob Smith.) • We’re no longer keeping the contents of a message secret. Now we have found a way to verify who was the sender of a message. • Also, we know that nobody but Bob Smith modified the contents of the message along the way. (So, it’s intact and how Bob last saw it.)
  • 7. Digital Signatures II Using Public-Key Crypto for Strong Authentication • Switch the roles of the keys • Encrypt with Private key ("signing") • Decrypt with Public key ("verifying" ) • Anyone (B) can read the message, • But only A could have generated it
  • 8. Digital Signatures III • But there’s a problem… The Encoding/Decoding step for public/private key cryptography is really slow. • For secret agents and governments and people who really care about the secrecy of their message, this isn’t a big deal. • But for a lot of people who’d just like a digital signature, this slowness almost makes it not worthwhile to use the technology.
  • 9. Digital Signatures IV • What if we only encrypt a part of the message? But then someone could go in and change the non-signed part, and we’d never know if Bob Smith really did that. • What if there was some good way to calculate some compressed or smaller form of the text and then encrypt/sign that? • But the smaller piece of text (or “digest”) would have to reflect the whole text in some way or else we have the same forgery problem as above. There are ways to do this…
  • 10. Digital Signatures V • Remember our original digital signature picture?
  • 11. Digital Signatures VI Signature Generation: Signature Verification:
  • 12. A Digitally Signed Message (PGP) -----BEGIN PGP SIGNED MESSAGE----Dear Alice: I'm getting very tired of cryptographers talking about us behind our back. Why can't they keep their nosesin their own affairs?! Really, it's enough to make me paranoid. Sincerely, Bob -----BEGIN PGP SIGNATURE----Version: 2.6.2 iQB1AwUBL4XFS2F2HFbSU7RpAQEqsQMAvo3mETurtUnLBL zCj9/U8oOQg/T7iQcJvzMedbCfdR6ah8sErMV+3VRid64o2h2 XwlKAWpfVcC+2v5pba+BPvd86KIP1xRFIe3ipmDnMaYP+iV bxxBPVELundZZw7IRE=Xvrc -----END PGP SIGNATURE-----
  • 13. But we’ve made an assumption here… • We’ve assumed that there’s an easy and accurate way to look up the public key for someone. • What if some imposter just makes a web page, claims to be Bob Smith, and publishes a public key that is supposedly for Bob Smith (but it’s really for them). • Now this imposter could send us e-mails, sign them as Bob Smith, and we might now know the difference.
  • 14. Verify a Public Key… • How can we know that the public key we look up for someone really is the correct public key for that person. (And not just some key put up by an imposter who’s pretending to be Bob Smith.) • Well, there’s companies that make a big business out of this. They keep secure registries of listings of actual people and corporations and store a copy of their official public key. • You can go to this trusted company and know you’re getting the right public key for Bob Smith.
  • 15. A lot of business for one company… • But there could be millions of times a day that people need to check digital signatures. This could just overwhelm some company. • So, the one company can also verify that a second company is also a trustworthy place to ask about people’s public keys. • So, now future requests for verification of public keys can go to these sub-companies.
  • 16. Chain of Trust I • There’s a “Chain of Trust.” Start with a ‘root’ and grow the trust tree/chain until we find a company that is willing to verify Bob Smith’s public key. VeriSign Microsoft MSN Bob Smith
  • 17. Chain of Trust II • There’s a “Chain of Trust.” Start with a ‘root’ and grow the trust tree/chain until we find a company that is willing to verify Bob Smith’s public key. VeriSign Microsoft Sheila Roy MSN Bob Smith
  • 18. That slowness problem… • So, we’ve seen: • Symmetric Cryptography – Fast. • Asymmetric (or Public Key) Cryptography – Slow. • Digital Signatures (which use Private/Public Keys) —Chains of Trust of public key verification. • We also saw how to deal with the slowness issue for digital signatures. (Using a “digest.”) • Is there any way we can compensate for slowness in the general message encoding task? • Can we get the speed of symmetric cryptography? • With the convenience of public key cryptography?
  • 19. What’s the problem with each? • Asymmetric is slower than symmetric. • Symmetric is hard to use because you need a secret/secure way to agree on your shared key. • What if we use the slow asymmetric cryptography to send a very short message: We send the secret shared key for symmetric. • Then we use symmetric crypto from then on. “Secure Socket Layer” Coding.
  • 20. Secure Socket Layer • Used by most websites for secure connections and for financial transactions to keep info safe. • Encrypts the info you send to the site and the info it sends to you. It also authenticates that the site you are connected to is really who you think it is. • You can tell that this is being used when you see the little yellow padlock icon in Internet Explorer. • SSL uses Symmetric crypto, Asymmetric crypto, and Digital Signatures.
  • 21. How does SSL Work? (1) • Go to a website for a financial transaction. • It sends you a ‘certificate’ claiming to be some organization and claiming to have some public key. • Your browser uses a chain of trust until it finds a site you trust to will “vouch” for the accuracy of the certificate the website sent you. • Now, you know that the Amazon.com site you are looking at is really authentic. You also know the public key for Amazon; so, you can send it stuff.
  • 22. How does SSL Work? (2) • Now you can send stuff to Amazon securely using asymmetric public/private key cryptography. But this is a bit slow. • What do you send them? SHARED SECRET KEY. • If you both have this shared secret key, you can now use symmetric cryptography to do the rest of the transaction and send info in both directions. Symmetric crypto is a lot faster than asymmetric.
  • 23. Look at a web page with a certificate… • Check out www.citizensbank.com. • Go to the Personal Banking Log-in Page. • File: Properties: Certificates. • This webpage is digitally signed by the bank so that you know it is the official bank web page and not some kind of imposter. • In this case, a ‘root’ has directly verified the bank’s public key.
  • 24. Key length and security in real use • How could we break each part of this? • Factoring is the method to break public/private keys; to break a 1024-bit private key, one would need to factor an integer of length 1024 bits (or over 300 decimal digits), which is well beyond what anybody has done to date (currently people can factor numbers of about 130 digits with lots of computing power and time ….) (from RSA Security)
  • 25. Key length and security in real use II But one can also attack encryption by trying to break the symmetric key…. Here, there’s no math trick to break it. You just try all the possible keys. But adding just one bit to the length of a symmetric key doubles the number of possible keys and the amount of time that is needed to find the right one. For example, the number of possible keys in a 56-bit encrypted message is about 72 quadrillion keys, or 72,057,594,037,927,936. Symmetric keys typically have lengths between 40 and 128 bits. Public keys typically have lengths between 512 and 2048 bits. Both the symmetric and public keys need to be long enough to withstand an attack. (from RSA Security)
  • 26. So We’ve Seen… • Symmetric Crypto – Fast, but hard to share secret • Asymmetric Crypto – Slow but easier to set up • Digital Signatures – Uses Asymmetric, Digests, Chains of Trust • Secure Socket Layer – Uses all three of the above techniques to allow people to authenticate the sender of a web page and conduct secure business with it without having to use a lot of slow asymmetric cryptography.