strong cryptographic infrastructure and its applications dr lucas hui center for information...
TRANSCRIPT
![Page 1: Strong Cryptographic Infrastructure and its Applications Dr Lucas Hui Center for Information Security & Cryptography Department of Computer Science & Information](https://reader036.vdocuments.mx/reader036/viewer/2022082817/56649ddb5503460f94ad2a9d/html5/thumbnails/1.jpg)
Strong Cryptographic Infrastructureand its Applications
Dr Lucas Hui
Center for Information Security & Cryptography
Department of Computer Science & Information Systems
The University of Hong Kong
Tel: 2859-2190
Fax: 2559-8447
Workshop on Strong Cryptographic Infrastructure
December 17, 1998
![Page 2: Strong Cryptographic Infrastructure and its Applications Dr Lucas Hui Center for Information Security & Cryptography Department of Computer Science & Information](https://reader036.vdocuments.mx/reader036/viewer/2022082817/56649ddb5503460f94ad2a9d/html5/thumbnails/2.jpg)
Content
1. Use of Cryptography (in electronic commerce activities, Internet services)
2. Cryptographic Library
3. Public Key Infrastructure
4. Applications
5. Cryptographic Infrastructure
6. Relations of 2,3,4,5
7. The SCI project in HKUCSIS
![Page 3: Strong Cryptographic Infrastructure and its Applications Dr Lucas Hui Center for Information Security & Cryptography Department of Computer Science & Information](https://reader036.vdocuments.mx/reader036/viewer/2022082817/56649ddb5503460f94ad2a9d/html5/thumbnails/3.jpg)
Use of Cryptography (in E.C. etc)
• Hash functions (SHA, MD5)
• Symmetric key crypto-system (DES, DES3)
• Public Key Crypto-system– Digital signature– Data Encryption– Advanced usage : double hashing, group
signature
• In real usage, techniques are combined
![Page 4: Strong Cryptographic Infrastructure and its Applications Dr Lucas Hui Center for Information Security & Cryptography Department of Computer Science & Information](https://reader036.vdocuments.mx/reader036/viewer/2022082817/56649ddb5503460f94ad2a9d/html5/thumbnails/4.jpg)
Public Key Crypto-system• A has public key Apub, & private key Aprv
• From Apub, almost impossible to find Aprv
• Apub is known to all; Aprv is secret to A
A : Aprv
Aprv
Apub
M MC
Apub
ApubAprv
MC'M
![Page 5: Strong Cryptographic Infrastructure and its Applications Dr Lucas Hui Center for Information Security & Cryptography Department of Computer Science & Information](https://reader036.vdocuments.mx/reader036/viewer/2022082817/56649ddb5503460f94ad2a9d/html5/thumbnails/5.jpg)
Digital Signature using Public Key Crypto-systems
• A sends a signed message M to B– A sends Aprv(M) to B, B decrypts with Apub
A : M BC
Apub
Aprv
MCB :
![Page 6: Strong Cryptographic Infrastructure and its Applications Dr Lucas Hui Center for Information Security & Cryptography Department of Computer Science & Information](https://reader036.vdocuments.mx/reader036/viewer/2022082817/56649ddb5503460f94ad2a9d/html5/thumbnails/6.jpg)
Data Encryption using Public Key Crypto-systems
• A sends a confidential message M to B– A sends Bpub(M) to B, B decrypts with Bprv
A : M BC
Bprv
Bpub
MCB :
![Page 7: Strong Cryptographic Infrastructure and its Applications Dr Lucas Hui Center for Information Security & Cryptography Department of Computer Science & Information](https://reader036.vdocuments.mx/reader036/viewer/2022082817/56649ddb5503460f94ad2a9d/html5/thumbnails/7.jpg)
Cryptographic Library• Provide cryptographic algorithms such as
RSA
• Provide interface to add new cryptographic algorithms easily
• Provide other functions
• Q : How to set up/manage the private/public keys?
• A : Using a Public Key Infrastructure
![Page 8: Strong Cryptographic Infrastructure and its Applications Dr Lucas Hui Center for Information Security & Cryptography Department of Computer Science & Information](https://reader036.vdocuments.mx/reader036/viewer/2022082817/56649ddb5503460f94ad2a9d/html5/thumbnails/8.jpg)
Problem with Pub Key distribution• A talks to B, Hacker H attacks as follows:
– To A, H pretends B. To B, H pretends A– H sees secrets between A and B, and can
modify the messages
A
B
Hpub "B' public key"
H
HH'pub"A's public key"
![Page 9: Strong Cryptographic Infrastructure and its Applications Dr Lucas Hui Center for Information Security & Cryptography Department of Computer Science & Information](https://reader036.vdocuments.mx/reader036/viewer/2022082817/56649ddb5503460f94ad2a9d/html5/thumbnails/9.jpg)
Solution to Pub Key distribution• Need : when B gives Bpub to A, a trusted
third party (Certification Authority, CA) is needed to endorse Bpub is correct
A
H
"B's public key"
B
A Hpub
CAprv
CAprv
Bpub Bcert: B'sPublic KeyCertificate
"B's public key"
![Page 10: Strong Cryptographic Infrastructure and its Applications Dr Lucas Hui Center for Information Security & Cryptography Department of Computer Science & Information](https://reader036.vdocuments.mx/reader036/viewer/2022082817/56649ddb5503460f94ad2a9d/html5/thumbnails/10.jpg)
Certification Authority• A wants to get B’s public key Bpub. How?
• Method 1 : use a repository
• Method 2 : B gives Bpub to A, which is endorsed by a trusted-third-party, the CA (Certification Authority). This is B’s public key certificate BCert, which is Bpub signed by CA’s private key CAprv
• CA’s public key, CApub, is known to all
• A use CApub to verify that BCert is correct
![Page 11: Strong Cryptographic Infrastructure and its Applications Dr Lucas Hui Center for Information Security & Cryptography Department of Computer Science & Information](https://reader036.vdocuments.mx/reader036/viewer/2022082817/56649ddb5503460f94ad2a9d/html5/thumbnails/11.jpg)
X.509 Public Key Infrastructure (PKIX)
• Set up, manage, and terminate usage of keys (private/public), & public key certificates– Registration & Initialization– Certification (signing of a certificate)– Key pair recovery– Key Generation, Update– Cross-certification– Key Revocation (managing CRLs)
Note: Make use of Cryptographic functions
![Page 12: Strong Cryptographic Infrastructure and its Applications Dr Lucas Hui Center for Information Security & Cryptography Department of Computer Science & Information](https://reader036.vdocuments.mx/reader036/viewer/2022082817/56649ddb5503460f94ad2a9d/html5/thumbnails/12.jpg)
Cross Certification
CA1
BA"B's public key"
CA2pub
CA1prv CA2prv
Bpub
XCert: CA1issues to
CA2
CA2BCert: CA2issues to B
![Page 13: Strong Cryptographic Infrastructure and its Applications Dr Lucas Hui Center for Information Security & Cryptography Department of Computer Science & Information](https://reader036.vdocuments.mx/reader036/viewer/2022082817/56649ddb5503460f94ad2a9d/html5/thumbnails/13.jpg)
Cross-Certification
• 2 CAs: CA1, CA2, & 2 persons: A, B.
• CA2 issues a public key Cert BCert to B (Bpub signed by CA2’s private key)
• CA1 issues a Cross-Cert, XCert, to CA2 (CA2’s public key signed by CA1’s private key)
• A trusts CA1 (A knows CA1’s public key)
• B sends BCert and XCert to A
• A can now verify B’s public key in 2 steps.
![Page 14: Strong Cryptographic Infrastructure and its Applications Dr Lucas Hui Center for Information Security & Cryptography Department of Computer Science & Information](https://reader036.vdocuments.mx/reader036/viewer/2022082817/56649ddb5503460f94ad2a9d/html5/thumbnails/14.jpg)
Applications• Examples: E. Commerce, E. Banking,
Secure Email, Secure Workflow (in schools, etc)
• Using a transaction protocol which makes use of cryptographic algorithms from a Cryptographic Library
• Use PKIX for subject (customers, etc) identity and encryption key management
![Page 15: Strong Cryptographic Infrastructure and its Applications Dr Lucas Hui Center for Information Security & Cryptography Department of Computer Science & Information](https://reader036.vdocuments.mx/reader036/viewer/2022082817/56649ddb5503460f94ad2a9d/html5/thumbnails/15.jpg)
Cryptographic InfrastructureApplication
CryptographicInfrastructure
Interface toDatabase/TransactionSystems
NetworkCommunicationInterface
Public KeyCertificateAuthority SCL
AdvancedCryptographicModules
(Application Part)
Security Protocol
(Basic Part)
![Page 16: Strong Cryptographic Infrastructure and its Applications Dr Lucas Hui Center for Information Security & Cryptography Department of Computer Science & Information](https://reader036.vdocuments.mx/reader036/viewer/2022082817/56649ddb5503460f94ad2a9d/html5/thumbnails/16.jpg)
Strong Cryptographic Infrastructure Project (SCI) in HKUCSIS
• What does Strong mean?– Algorithms are “Strong” (e.g. RSA-1024)– “Strong” in implementation (e.g. Random No.)– New encryption paradigm (elliptic curves)
• supported by ISF
• available to users in HK
• Start with Strong Cryptographic Library (SCL)
• Beta version expected in March 1999
![Page 17: Strong Cryptographic Infrastructure and its Applications Dr Lucas Hui Center for Information Security & Cryptography Department of Computer Science & Information](https://reader036.vdocuments.mx/reader036/viewer/2022082817/56649ddb5503460f94ad2a9d/html5/thumbnails/17.jpg)
SCI project team• Dr Lucas Hui (Chief Designer)
• Dr K.P. Chow (Project Manager)
• Dr W.W. Tsang, Prof Francis Chin, Prof G. Marsaglia
• Dr C.F. Chong, Dr H.W. Chan
• Ms Vivien Chan, Mr Marcus Lee, Mr K.M. Chan
• Mr Doug Kwan, Mr Luke Lam, Mr Henry Fung, Ms Taellus Lo