Intro to PKI and authentication (PowerPoint) by dffhrtcv3

VIEWS: 6 PAGES: 46

									HIMA 4160
Fall 2009
   Privacy, Confidentiality and Security
   Cryptography
   Public Key Infrastructure
   PKI application
           Privacy




Security             Confidentiality
vs
 Authentication


 Authorization


 Access   Control

 Audit
 Authentication
 Authorization
 Audit
 Access   Control
 Authentication
 Authorization
 Audit
 Access   Control
   Privacy Rules
    ◦ Rules for protecting patients privacy

   Security Rules
    ◦ Measures for enforce security of patients information
    ◦ Only for electronic health information
Source: HIPAA Academy
Cryptology: the science concerned with data
communication and storage in secure and
usually secret form. It encompasses both
cryptography and cryptanalysis

Cryptography: the science of transforming
information into a form that is impossible or
infeasible le to duplicate or undo without
knowledge of a secret key

Cryptanalysis: the science (and art) of
recovering or forging cryptographically
secured information without knowledge of the
key.
Cryptography




 Encryption



 Decryption
             Algorith
Plain Text   m using    Ciphertext
              keys

   IBM          1        HAL
             Algorithm
Plain Text     using     Ciphertext
               keys
   IBM          1          HAL
   Keys are just mathematically large number

   Symmetric -- use the same key for both
    encryption and decryption
Algorithm – computing methods to combine keys
   and plain text to make it indecipherable for
              people without the key

        Substitution     Transposition
                  Encryption




                                       Ciphertext
Plaintext




                      Key
            and encryption algorithm
                  Decryption
         The adventure of the dancing men
http://www.citsoft.com/holmes/return/dancing.men.t
                   On a computer…
    Example using the Data Encryption
     Standard (DES)
     $> des -e “Mary had a little lamb” output.des
     Enter key: oucskey
     Enter key again: oucskey
     $>

The result:
     $> cat output.des
     !¢ðuýåćßÞf 謶‫׀ ע‬жТφẸỆ≈∞▪‫ﲑ‬
     $>
   Example using the Data Encryption Standard
    (DES) continued…
    To decrypt:

     $> des -d output.des text.des
     Enter key: oucskey
     Enter key again: oucskey
     $>cat text.des
     Mary had a little lamb
     $>
   Example using the Data Encryption Standard
    (DES) continued…

    Trying to decrypt with the wrong key:

     $> des -d output.des text.des
     Enter key: oucsquay
     Enter key again: oucsquay

     Corrupted file or wrong key
     $>cat text.des
     uýåćß#¬`謶‫ ׀‬φẸỆ‫ע‬жТ ‫ע‬жТ
     $>
                 Attacking a cipher
   How safe are encryption algorithms
    anyway?
   Example using (DES) continued…

What about a ‘brute force’ attack?
i.e. ‘guessing’ at the key “oucskey”
DES algorithm has a 56-bit key. Therefore, there
are
256 = 72,057,594,037,900,000 different keys
834 days at a billion keys per second
But for a typed key, effectively 83 days
                Attacking a cipher
   How safe are encryption algorithms anyway?
    ◦ Established algorithms should remain sound
    ◦ Safety is dependent on key length, the longer, the
      safer
                  Some issues
   So you have to have the same key as your
    correspondent – is that a problem?
    ◦ How do you send the key safely?
    ◦ Do I try to exchange keys before I communicate?

   How many keys will I need to communicate with
    everyone?
    ◦ You need a key for everyone!
   Whitfield Diffie and Martin Hellman (1975)
   Ellis and Cox (1973)
   A key pair is constructed using some
    complicated maths (the keys are not the
    same)
   Each party has two keys (public and
    private)
   Anything encrypted with key1 can only be
    decrypted with key2
                Encryption

                 Key 1 and




                                   Ciphertext
Plaintext




            encryption algorithm
                     Decryption
                     Encryption

                      Key 1 and




                                           Ciphertext
     Plaintext




                 encryption algorithm
                      Key 2 and
                 encryption algorithm

                      Decryption
If Key 1 = private, Key2 must be corresponding public
If Key 1 = public, Key2 must be corresponding private
   Keys exist in pairs
    ◦ Keep one private (very secret) and 'publish' one
    ◦ Public keys can exist on certificates
   Encryption can be done by either key
    ◦ If it is your key pair, you can use the private key
    ◦ Anyone else can use the public key to encrypt something
          Demonstration



                          Public key

Complex
 maths!

                          Private key


                                22
   Extremely secret!
   If you send something encrypted by a private
    key, it can be read by everyone, but they know
    it came from you.
    ◦ Authentication
   Not at all secret!
    ◦ Widely available, but must be trusted
    ◦ May be supplied as part of a certificate
   If you send something using a public key, it
    can only be read by the entity to which it is
    addressed.
    ◦ Secure communications
        e.g. SSL
   Someone can use a public key to prove their
    identity to me
    ◦ but only if I trust that public key
   So if someone I trusted endorsed (signed) that
    public key
    ◦ hold that thought for a moment - we’ll come back to
      this...
   Asymmetric keys can be used to sign things
    ◦ encrypt a bit of text with your private key (can be
      attached 'securely' to the 'document')
    ◦ people can de-crypt it with the public key and
      know that it was signed by you

   What?…
   You need to know something about
    hashes…
     Message digests or one way hash functions distil
     the information contained in a file (very small or
     very large) into a single large number (usually
     between 128 and 256 bits in length)
   So, you can actually add the hash value to
    the file somehow and then sign (or
    encrypt) that hash value with your
    private key.
HASH




Append
=
   Put that public key on a certificate

   Get someone you trust to sign the certificate
    ◦ If the certificate is tampered with, the signature is
      broken


   Organizations who sign public keys/certificates
    are called Certification Authorities (CA)
   You create a key pair
   Put one key of the pair on a certificate (which
    one?)
   Send the certificate (request) to the CA
   Present yourself or identify yourself to the
    Registration Authority (RA)
   The RA tells the CA that you are OK
   The CA sends you the signed certificate
   Now you have a signed certificate, people and
    services can trust that you are who you say you are

   Present your certificate to a service

   Tell them something encrypted by your private
    key

   They like your certificate and know it is you
   You keep your private key very secret
    ◦ Obey the rules for this!
   Your public key is on the certificate

   Services must trust the CA

   Your certificate will have an expiry date
    ◦ after which you may have to re-visit the RA
   Your certificate can be revoked at any time
   Asymmetric encryption = public/private keys
   Symmetric encryption is faster
    ◦ but how do you deliver the keys
   Asymmetric encryption is used widely in internet
    communications
    ◦ Secure Sockets Layer, very common
   Also used in client authentication
    (less common, at the moment)
Use PGP to Send Encrypted
           File

								
To top