Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
E-mail and Encryption Ensuring secure communications in a distributed corporate environment.
The Problem <ul><li>The Internet is a distributed network. </li></ul><ul><ul><li>No one machine controls access to all oth...
Threat Assessment <ul><li>Anyone with access to any of the servers through which our e-mail passes can read it. </li></ul>...
Negating the Threat <ul><li>Public Key (or Asymmetric) Encryption: </li></ul><ul><ul><li>Permits only the intended recipie...
Public Key Encryption <ul><li>Users generate a key pair: </li></ul><ul><ul><li>A Public Key that is widely distributed (th...
Public Key Protocol <ul><li>Alice and Bob meet to exchange public keys. </li></ul><ul><ul><li>Alice “locks” messages for B...
Cryptographic Signatures <ul><li>Messages “locked” with a public key are encrypted to the recipient. </li></ul><ul><li>Mes...
Key Management <ul><li>People cannot always meet to swap keys. </li></ul><ul><ul><li>Vulnerable to “man in the middle” att...
Conferring Trust with a Signature <ul><li>Exchange keys through a mutually trusted third party: </li></ul><ul><ul><li>Char...
Key Distribution <ul><li>Key servers on the Internet are free public key repositories. </li></ul><ul><li>Users upload thei...
The Good News ... <ul><li>You don’t have to remember much of this. </li></ul><ul><li>SMSI has selected and will purchase f...
The Bad News <ul><li>Encryption systems fail their users because of poor key management. </li></ul><ul><li>Pick a good pas...
Has it ever been cracked? <ul><li>Yes. Two RSA-encrypted messages have been cracked publicly. </li></ul><ul><li>The first ...
If you really want to know ... <ul><li>Find two very large primes, p and q. </li></ul><ul><li>Find n=pq (the public modulu...
Nächste SlideShare
Wird geladen in …5
×
Nächste SlideShare
C:\Fakepath\Viviendas Bioclimaticas
Weiter
Herunterladen, um offline zu lesen und im Vollbildmodus anzuzeigen.

0

Teilen

Herunterladen, um offline zu lesen

E-mail and Encryption

Herunterladen, um offline zu lesen

An old presentation describing one possible implementation of public key or asymmetric cryptography to secure e-mail traffic across public networks.

  • Gehören Sie zu den Ersten, denen das gefällt!

E-mail and Encryption

  1. 1. E-mail and Encryption Ensuring secure communications in a distributed corporate environment.
  2. 2. The Problem <ul><li>The Internet is a distributed network. </li></ul><ul><ul><li>No one machine controls access to all others. </li></ul></ul><ul><ul><li>E-mail travels through several servers before arriving at its destination. </li></ul></ul><ul><ul><li>Every e-mail is stored for a time on every server it passes through. </li></ul></ul><ul><ul><li>E-mail between the same recipients may never take the same route. </li></ul></ul>
  3. 3. Threat Assessment <ul><li>Anyone with access to any of the servers through which our e-mail passes can read it. </li></ul><ul><li>Anyone with a minimum of technical expertise can forge e-mail to impersonate any sender (or a fictitious sender). </li></ul><ul><li>We are vulnerable to data theft, data vandals, and electronic imposters. </li></ul>
  4. 4. Negating the Threat <ul><li>Public Key (or Asymmetric) Encryption: </li></ul><ul><ul><li>Permits only the intended recipient to recover the message, no matter who sees the e-mail. </li></ul></ul><ul><ul><li>Allows positive authentication, so that the recipient can verify the sender’s identity. </li></ul></ul><ul><ul><li>“ Conferable Trust” extends these benefits to any two parties that need to exchange secure e-mail, even if they have never met . </li></ul></ul>
  5. 5. Public Key Encryption <ul><li>Users generate a key pair: </li></ul><ul><ul><li>A Public Key that is widely distributed (the wider the better); </li></ul></ul><ul><ul><li>A Private Key that is never revealed. </li></ul></ul><ul><ul><li>Each key in the pair is the inverse cryptographic function of its mate. </li></ul></ul><ul><ul><li>It is impossible to deduce the private key by analysis of the public key. </li></ul></ul>
  6. 6. Public Key Protocol <ul><li>Alice and Bob meet to exchange public keys. </li></ul><ul><ul><li>Alice “locks” messages for Bob with her copy of Bob’s public key. </li></ul></ul><ul><ul><li>Bob uses his private key to “unlock” the message encrypted with his public key. </li></ul></ul>Alice Eve Bob
  7. 7. Cryptographic Signatures <ul><li>Messages “locked” with a public key are encrypted to the recipient. </li></ul><ul><li>Messages “locked” with a private key are digitally signed by the sender. </li></ul><ul><li>Encrypted messages are recovered with recipient’s private key. </li></ul><ul><li>Signatures are verified with sender’s public key. </li></ul>
  8. 8. Key Management <ul><li>People cannot always meet to swap keys. </li></ul><ul><ul><li>Vulnerable to “man in the middle” attack: </li></ul></ul><ul><ul><li>Eve intercepts keys and substitutes her own; </li></ul></ul><ul><ul><li>Eve can recover messages intended for Alice and Charlie, and still evade detection. </li></ul></ul>Alice Charlie Eve
  9. 9. Conferring Trust with a Signature <ul><li>Exchange keys through a mutually trusted third party: </li></ul><ul><ul><li>Charlie and Alice each hold a copy of Trent’s public key; </li></ul></ul><ul><ul><li>Trent signs Charlie’s and Alice’s public key with his private key; </li></ul></ul><ul><ul><li>Charlie and Alice each verify Trent’s signature using Trent’s public key. </li></ul></ul>Alice Charlie Trent Eve
  10. 10. Key Distribution <ul><li>Key servers on the Internet are free public key repositories. </li></ul><ul><li>Users upload their public keys so they can receive secure e-mail from others </li></ul><ul><li>Users can download keys for sending secure e-mail to the keys’ owners. </li></ul><ul><li>Users can download keys with which to authenticate signatures. </li></ul>
  11. 11. The Good News ... <ul><li>You don’t have to remember much of this. </li></ul><ul><li>SMSI has selected and will purchase for you software that handles all of these tasks almost automatically. </li></ul><ul><li>Today, Andrew will hand you a copy of SMSI’s corporate public key, which will act as “Trent” in our example. </li></ul><ul><li>The software can harvest the keys of SMSI employees and associates off of the key servers. </li></ul><ul><li>Ensure each key you download is signed by SMSI. Verify the SMSI signature using the key Andrew gives you. </li></ul>
  12. 12. The Bad News <ul><li>Encryption systems fail their users because of poor key management. </li></ul><ul><li>Pick a good pass phrase. </li></ul><ul><li>Always verify signatures. </li></ul><ul><li>Encrypt your private key when you’re not using it. </li></ul><ul><li>Keep a back-up of your keys in a safe place! </li></ul><ul><li>If possible, try and limit physical access to your computer. </li></ul>
  13. 13. Has it ever been cracked? <ul><li>Yes. Two RSA-encrypted messages have been cracked publicly. </li></ul><ul><li>The first took an estimated 5000 MIPS-years of computing time. The second took about 1300. </li></ul><ul><li>Both compromised keys were extremely weak, consisting of fewer than 500 bits. </li></ul><ul><li>Today we use 2,048 bit keys (or stronger), and a more secure algorithm, called Diffie-Hellmann. </li></ul><ul><li>These efforts each cracked only a single RSA key. Nothing was discovered that could cause any other keys to become less secure. </li></ul>
  14. 14. If you really want to know ... <ul><li>Find two very large primes, p and q. </li></ul><ul><li>Find n=pq (the public modulus). </li></ul><ul><li>Choose e, such that e < n and relatively prime to (p-1)(q-1). </li></ul><ul><li>Compute d such that ed=1[mod (p-1)(q-1)]. </li></ul><ul><li>e is the public exponent and d is the private one. </li></ul><ul><li>The public key is (n,e), and the private key is (n,d). </li></ul><ul><li>To encrypt, divide the target message into blocks smaller than n and perform modular exponentiation: c=m^e mod n </li></ul><ul><li>Decryption is the inverse operation: m=c^d mod n </li></ul><ul><li>… et Voila! </li></ul>

An old presentation describing one possible implementation of public key or asymmetric cryptography to secure e-mail traffic across public networks.

Aufrufe

Aufrufe insgesamt

598

Auf Slideshare

0

Aus Einbettungen

0

Anzahl der Einbettungen

5

Befehle

Downloads

22

Geteilt

0

Kommentare

0

Likes

0

×