SlideShare une entreprise Scribd logo

DNSSEC Tutorial: Public/Private Keys, Hashes and Digital Signatures

AFRINIC
AFRINIC

This document provides an overview of key concepts in DNSSEC including public/private keys, message digests or hashes, and digital signatures. It explains that public/private key pairs are used, where the private key is kept secret and the public key can be freely distributed. It also describes how one-way hashing functions work to generate fixed-length hashes from variable-length data, and how digital signatures are created by encrypting a message hash with a private key. These three concepts of public/private keys, hashes, and digital signatures form the basis of cryptographic techniques used in DNSSEC.

Internet
1  sur  16
Télécharger pour lire hors ligne
DNSSEC Tutorial Public / Private Keys
DNSSec and Cryptography Three Key Concepts l  Public / Private keys l  Message digests, checksums, hashes l  Digital signatures Are at the core of DNSSEC. If these do not make sense, then DNSSEC will not make sense.
Ciphertext l  We start with plaintext. Something you can read. l  We apply a mathematical algorithm to the plaintext. l  The algorithm is the cipher. l  The plaintext is turned in to ciphertext. l  Creating a secure cipher is a difficult process. l  The standardization process for AES, the replacement for the aging DES protocol, took 5 years
Keys l  In symmetric cryptography, a plaintext is transformed into a ciphertext, and back into plaintext using a key to the cipher (the algorithm used) on both ends. l  Assuming that the cipher method is known, the security of the ciphertext rests with the key. This is a critical point. If someone obtains your key, your plaintext is compromised.
Symmetric Cipher The quick brown fox jumped over the... Single Key/Symmetric Ciphers The quick brown fox jumped over the... clear text clear text ciphertext K K The same key is used to encrypt the document before sending and to decrypt it once it is received 7&T% $#@! PoViuz-)~ sddaX23 Dqpir
The Big Question... + Issue: how do you securely distribute the key to the intended receiving party or parties ?
Public / Private Keys l  We generate a cipher key pair. One key is the private key, the other is the public key. l  The private key remains secret and should be protected. l  The public key is freely distributable. It is related mathematically to the private key, but you cannot (easily) derive the private key from the public key. l  Use the public key to encrypt data. Only someone with the private key can decrypt the encrypted data.
Example Public / Private Key Pair The quick brown fox jumped over the... clear textk1 (public key) k2 (private key) One key is used to encrypt the document, a different key is used to decrypt it. This is an important aspect! The quick brown fox jumped over the... 7&T% $#@! PoViuz-)~ sddaX23 Dqpir clear text clear text ciphertext
Issues l  For larger data transmissions than used in DNSSEC we use hybrid systems. l  Symmetric ciphers (single key) are much more efficient than public key algorithms for data transmission! l  Attack on the public key is possible via chosen-plaintext attacks. Thus, the public/private key pair need to be large (2048 bits). l  For instance, SSH uses public/private cryptography to setup the initial session, and exchange the dynamically calculated symmetric session-key.
One-Way Hashing Functions l  A mathematical function that generates a fixed length result regardless of the amount of data you pass through it. Generally very fast. l  You cannot generate the original data from the fixed- length result, thus the term “one-way”. l  Hopefully you cannot find two sets of data that produce the same fixed-length result. If you do, this is called a collision. (Example, md5). l  The fixed length result is known as a Message Digest or a checksum or a hash.
One-Way Hashing Functions cont. l  The fixed-length result of a hashing function is referred to as a checksum, message digest or hash. l  Some popular hashing functions include: è  md5: Outputs 128 bit result. Fast. Collisions found. http://www.mscs.dal.ca/~selinger/md5collision/ è  sha-1: Outputs 160 bits. Slower. Collisions in 263. è  sha-2: Outputs 224-512 bits. Slower. Collisions expected (280 attack). è  sha-3: TBA: Currently in development via a new NIST Hash Function Competition: http://csrc.nist.gov/groups/ST/hash/sha-3/
Hashing 
 another example Note the significant change in the hash sum for minor changes in the input. Note that the hash sum is the same length for varying input sizes. This is extremely useful. *Image courtesy Wikipedia.org.
What use is this? There are several: l  Passwords encryption (in Linux, Unix and Windows), using multiple rounds of hashing (MD5 or other) l  You can run many megabytes of data through a hashing function, but only have to check a fixed number of bits of information (160-512 bits). This is used to create a digital signature.
Digital Signatures Reverse the role of public and private keys. To create a digital signature on a document do: è  Hash a document, producing a message digest 1.  Encrypt the message digest with your private key. è  Send the document plus the encrypted message digest. è  On the other end hash the document and decrypt the encrypted message digest with the person's public key. 1.  If the results match, the document is authenticated. This process creates a digital signature.
When Authenticating: Take a hash of the document and encrypt only that. An encrypted hash is called a "digital signature" The quick brown fox jumped over the... The quick brown fox jumped over the... k2 k1 digital signature COMPARE hash hash (public)(private)
Conclusion l  Public / Private keys l  Message digests, checksums, hashes l  Digital signatures Are at the core of DNSSEC.

Recommandé

Introduction DNSSec
Introduction DNSSecIntroduction DNSSec
Introduction DNSSecAFRINIC
 
DNS Security
DNS SecurityDNS Security
DNS Securityjohnmcclure00
 
An Overview of DNSSEC
An Overview of DNSSECAn Overview of DNSSEC
An Overview of DNSSECCarlos Martinez Cagnazzo
 
Signing DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsSigning DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsAPNIC
 
Encrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPSEncrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPSAlex Mayrhofer
 
IPv6 Threat Presentation
IPv6 Threat PresentationIPv6 Threat Presentation
IPv6 Threat Presentationjohnmcclure00
 
DNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security ExtensionsDNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security ExtensionsPeter R. Egli
 
Understanding the DNS & DNSSEC
Understanding the DNS & DNSSECUnderstanding the DNS & DNSSEC
Understanding the DNS & DNSSECICANN
 

Recommandé

Introduction DNSSec
Introduction DNSSecIntroduction DNSSec
Introduction DNSSecAFRINIC
 
DNS Security
DNS SecurityDNS Security
DNS Securityjohnmcclure00
 
An Overview of DNSSEC
An Overview of DNSSECAn Overview of DNSSEC
An Overview of DNSSECCarlos Martinez Cagnazzo
 
Signing DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsSigning DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsAPNIC
 
Encrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPSEncrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPSAlex Mayrhofer
 
IPv6 Threat Presentation
IPv6 Threat PresentationIPv6 Threat Presentation
IPv6 Threat Presentationjohnmcclure00
 
DNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security ExtensionsDNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security ExtensionsPeter R. Egli
 
Understanding the DNS & DNSSEC
Understanding the DNS & DNSSECUnderstanding the DNS & DNSSEC
Understanding the DNS & DNSSECICANN
 
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)Dan York
 
Understanding DNS Security
Understanding DNS SecurityUnderstanding DNS Security
Understanding DNS SecurityNihal Pasham, CISSP
 
DNS DDoS Attack and Risk
DNS DDoS Attack and RiskDNS DDoS Attack and Risk
DNS DDoS Attack and RiskSukbum Hong
 
getdns PyCon presentation
getdns PyCon presentationgetdns PyCon presentation
getdns PyCon presentationMelinda Shore
 
CNIT 40: 2: DNS Protocol and Architecture
CNIT 40: 2: DNS Protocol and ArchitectureCNIT 40: 2: DNS Protocol and Architecture
CNIT 40: 2: DNS Protocol and ArchitectureSam Bowne
 
DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013Shumon Huque
 
DNS Cache Poisoning
DNS Cache PoisoningDNS Cache Poisoning
DNS Cache PoisoningChristiaan Ottow
 
DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017
DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017
DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017APNIC
 
CNIT 40: 1: The Importance of DNS Security
CNIT 40: 1: The Importance of DNS SecurityCNIT 40: 1: The Importance of DNS Security
CNIT 40: 1: The Importance of DNS SecuritySam Bowne
 
Ricardo de Oliveria Schmidt - DDoS Attacks on the Root DNS
Ricardo de Oliveria Schmidt - DDoS Attacks on the Root DNSRicardo de Oliveria Schmidt - DDoS Attacks on the Root DNS
Ricardo de Oliveria Schmidt - DDoS Attacks on the Root DNSMichiel Cazemier
 
CNIT 40: 6: DNSSEC and beyond
CNIT 40: 6: DNSSEC and beyondCNIT 40: 6: DNSSEC and beyond
CNIT 40: 6: DNSSEC and beyondSam Bowne
 
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS AttacksDNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS AttacksFindWhitePapers
 
ION Hangzhou - How to Deploy DNSSEC
ION Hangzhou - How to Deploy DNSSECION Hangzhou - How to Deploy DNSSEC
ION Hangzhou - How to Deploy DNSSECDeploy360 Programme (Internet Society)
 
DoH, DoT and ESNI
DoH, DoT and ESNIDoH, DoT and ESNI
DoH, DoT and ESNIJisc
 
DNS-OARC 34: Measuring DNS Flag Day 2020
DNS-OARC 34: Measuring DNS Flag Day 2020DNS-OARC 34: Measuring DNS Flag Day 2020
DNS-OARC 34: Measuring DNS Flag Day 2020APNIC
 
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruption
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruptionCNIT 40: 5: Prevention, protection, and mitigation of DNS service disruption
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruptionSam Bowne
 
DNS Cache White Paper
DNS Cache White PaperDNS Cache White Paper
DNS Cache White PaperRyan Ellingson
 
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruption
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruptionCNIT 40: 5: Prevention, protection, and mitigation of DNS service disruption
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruptionSam Bowne
 
Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140) Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140) Bangladesh Network Operators Group
 
Cryptography - Overview
Cryptography - OverviewCryptography - Overview
Cryptography - OverviewMohammed Adam
 
Cryptography
CryptographyCryptography
CryptographyRohan04
 
Seminar on Encryption and Authenticity
Seminar on Encryption and AuthenticitySeminar on Encryption and Authenticity
Seminar on Encryption and AuthenticityHardik Manocha
 

Contenu connexe

Tendances

Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)Dan York
 
DNS DDoS Attack and Risk
DNS DDoS Attack and RiskDNS DDoS Attack and Risk
DNS DDoS Attack and RiskSukbum Hong
 
getdns PyCon presentation
getdns PyCon presentationgetdns PyCon presentation
getdns PyCon presentationMelinda Shore
 
CNIT 40: 2: DNS Protocol and Architecture
CNIT 40: 2: DNS Protocol and ArchitectureCNIT 40: 2: DNS Protocol and Architecture
CNIT 40: 2: DNS Protocol and ArchitectureSam Bowne
 
DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013Shumon Huque
 
DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017
DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017
DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017APNIC
 
CNIT 40: 1: The Importance of DNS Security
CNIT 40: 1: The Importance of DNS SecurityCNIT 40: 1: The Importance of DNS Security
CNIT 40: 1: The Importance of DNS SecuritySam Bowne
 
Ricardo de Oliveria Schmidt - DDoS Attacks on the Root DNS
Ricardo de Oliveria Schmidt - DDoS Attacks on the Root DNSRicardo de Oliveria Schmidt - DDoS Attacks on the Root DNS
Ricardo de Oliveria Schmidt - DDoS Attacks on the Root DNSMichiel Cazemier
 
CNIT 40: 6: DNSSEC and beyond
CNIT 40: 6: DNSSEC and beyondCNIT 40: 6: DNSSEC and beyond
CNIT 40: 6: DNSSEC and beyondSam Bowne
 
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS AttacksDNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS AttacksFindWhitePapers
 
DoH, DoT and ESNI
DoH, DoT and ESNIDoH, DoT and ESNI
DoH, DoT and ESNIJisc
 
DNS-OARC 34: Measuring DNS Flag Day 2020
DNS-OARC 34: Measuring DNS Flag Day 2020DNS-OARC 34: Measuring DNS Flag Day 2020
DNS-OARC 34: Measuring DNS Flag Day 2020APNIC
 
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruption
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruptionCNIT 40: 5: Prevention, protection, and mitigation of DNS service disruption
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruptionSam Bowne
 
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruption
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruptionCNIT 40: 5: Prevention, protection, and mitigation of DNS service disruption
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruptionSam Bowne
 
Cryptography - Overview
Cryptography - OverviewCryptography - Overview
Cryptography - OverviewMohammed Adam
 

Tendances (20)

Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)
 
Understanding DNS Security
Understanding DNS SecurityUnderstanding DNS Security
Understanding DNS Security
 
DNS DDoS Attack and Risk
DNS DDoS Attack and RiskDNS DDoS Attack and Risk
DNS DDoS Attack and Risk
 
getdns PyCon presentation
getdns PyCon presentationgetdns PyCon presentation
getdns PyCon presentation
 
CNIT 40: 2: DNS Protocol and Architecture
CNIT 40: 2: DNS Protocol and ArchitectureCNIT 40: 2: DNS Protocol and Architecture
CNIT 40: 2: DNS Protocol and Architecture
 
DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013DNSSEC Tutorial; USENIX LISA 2013
DNSSEC Tutorial; USENIX LISA 2013
 
DNS Cache Poisoning
DNS Cache PoisoningDNS Cache Poisoning
DNS Cache Poisoning
 
DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017
DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017
DNSSEC Deployment for .VN and share information of DNSSEC's plan in 2017
 
CNIT 40: 1: The Importance of DNS Security
CNIT 40: 1: The Importance of DNS SecurityCNIT 40: 1: The Importance of DNS Security
CNIT 40: 1: The Importance of DNS Security
 
Ricardo de Oliveria Schmidt - DDoS Attacks on the Root DNS
Ricardo de Oliveria Schmidt - DDoS Attacks on the Root DNSRicardo de Oliveria Schmidt - DDoS Attacks on the Root DNS
Ricardo de Oliveria Schmidt - DDoS Attacks on the Root DNS
 
CNIT 40: 6: DNSSEC and beyond
CNIT 40: 6: DNSSEC and beyondCNIT 40: 6: DNSSEC and beyond
CNIT 40: 6: DNSSEC and beyond
 
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS AttacksDNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
 
ION Hangzhou - How to Deploy DNSSEC
ION Hangzhou - How to Deploy DNSSECION Hangzhou - How to Deploy DNSSEC
ION Hangzhou - How to Deploy DNSSEC
 
DoH, DoT and ESNI
DoH, DoT and ESNIDoH, DoT and ESNI
DoH, DoT and ESNI
 
DNS-OARC 34: Measuring DNS Flag Day 2020
DNS-OARC 34: Measuring DNS Flag Day 2020DNS-OARC 34: Measuring DNS Flag Day 2020
DNS-OARC 34: Measuring DNS Flag Day 2020
 
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruption
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruptionCNIT 40: 5: Prevention, protection, and mitigation of DNS service disruption
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruption
 
DNS Cache White Paper
DNS Cache White PaperDNS Cache White Paper
DNS Cache White Paper
 
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruption
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruptionCNIT 40: 5: Prevention, protection, and mitigation of DNS service disruption
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruption
 
Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140) Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140)
 
Cryptography - Overview
Cryptography - OverviewCryptography - Overview
Cryptography - Overview
 

Similaire à DNSSEC Tutorial: Public/Private Keys, Hashes and Digital Signatures

Cryptography
CryptographyCryptography
CryptographyRohan04
 
Seminar on Encryption and Authenticity
Seminar on Encryption and AuthenticitySeminar on Encryption and Authenticity
Seminar on Encryption and AuthenticityHardik Manocha
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographySeema Goel
 
Secure Encryption Technique (SET): A Private Key Cryptosystem
Secure Encryption Technique (SET): A Private Key CryptosystemSecure Encryption Technique (SET): A Private Key Cryptosystem
Secure Encryption Technique (SET): A Private Key CryptosystemAvishek Datta
 
Cryptography Lecture by Sam Bowne
Cryptography Lecture by Sam BowneCryptography Lecture by Sam Bowne
Cryptography Lecture by Sam BowneSecurityTube.Net
 
Ch12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.comCh12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.comphanleson
 
6. cryptography
6. cryptography6. cryptography
6. cryptography7wounders
 
Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...Mazin Alwaaly
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI TechnologySylvain Maret
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securityNagendra Um
 
Applying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryApplying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryPriyank Kapadia
 
Survey of Hybrid Encryption Algorithm for Mobile Communication
Survey of Hybrid Encryption Algorithm for Mobile CommunicationSurvey of Hybrid Encryption Algorithm for Mobile Communication
Survey of Hybrid Encryption Algorithm for Mobile Communicationijsrd.com
 
Encryption technology
Encryption technologyEncryption technology
Encryption technologyNeha Bhambu
 
How does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen OomsHow does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen OomsAjay Ohri
 
Hybrid Encryption for Database Security
Hybrid Encryption for Database SecurityHybrid Encryption for Database Security
Hybrid Encryption for Database SecurityIRJET Journal
 

Similaire à DNSSEC Tutorial: Public/Private Keys, Hashes and Digital Signatures (20)

Cryptography
CryptographyCryptography
Cryptography
 
Seminar on Encryption and Authenticity
Seminar on Encryption and AuthenticitySeminar on Encryption and Authenticity
Seminar on Encryption and Authenticity
 
Encryption
EncryptionEncryption
Encryption
 
Cryptography
CryptographyCryptography
Cryptography
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Secure Encryption Technique (SET): A Private Key Cryptosystem
Secure Encryption Technique (SET): A Private Key CryptosystemSecure Encryption Technique (SET): A Private Key Cryptosystem
Secure Encryption Technique (SET): A Private Key Cryptosystem
 
Cryptography Lecture by Sam Bowne
Cryptography Lecture by Sam BowneCryptography Lecture by Sam Bowne
Cryptography Lecture by Sam Bowne
 
Ch12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.comCh12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.com
 
6. cryptography
6. cryptography6. cryptography
6. cryptography
 
Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...
 
Moein
MoeinMoein
Moein
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI Technology
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
Applying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryApplying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto library
 
Nwc rsa
Nwc rsaNwc rsa
Nwc rsa
 
Survey of Hybrid Encryption Algorithm for Mobile Communication
Survey of Hybrid Encryption Algorithm for Mobile CommunicationSurvey of Hybrid Encryption Algorithm for Mobile Communication
Survey of Hybrid Encryption Algorithm for Mobile Communication
 
Elementry Cryptography
Elementry CryptographyElementry Cryptography
Elementry Cryptography
 
Encryption technology
Encryption technologyEncryption technology
Encryption technology
 
How does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen OomsHow does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen Ooms
 
Hybrid Encryption for Database Security
Hybrid Encryption for Database SecurityHybrid Encryption for Database Security
Hybrid Encryption for Database Security
 

Plus de AFRINIC

AIS19 - Policies under discussion
AIS19 - Policies under discussionAIS19 - Policies under discussion
AIS19 - Policies under discussionAFRINIC
 
AIS19 Newcomers Session (EN)
AIS19 Newcomers Session (EN)AIS19 Newcomers Session (EN)
AIS19 Newcomers Session (EN)AFRINIC
 
AFRINIC 101 2017
AFRINIC 101 2017AFRINIC 101 2017
AFRINIC 101 2017AFRINIC
 
AFRINIC 101 2016 (Fr)
AFRINIC 101 2016 (Fr)AFRINIC 101 2016 (Fr)
AFRINIC 101 2016 (Fr)AFRINIC
 
Internet development in Africa: a content use, hosting and distribution persp...
Internet development in Africa: a content use, hosting and distribution persp...Internet development in Africa: a content use, hosting and distribution persp...
Internet development in Africa: a content use, hosting and distribution persp...AFRINIC
 
Insight Into Africa’s Country-level Latencies
Insight Into Africa’s Country-level LatenciesInsight Into Africa’s Country-level Latencies
Insight Into Africa’s Country-level LatenciesAFRINIC
 
Deep Diving into Africa’s Inter-Country Latencies
Deep Diving into Africa’s Inter-Country LatenciesDeep Diving into Africa’s Inter-Country Latencies
Deep Diving into Africa’s Inter-Country LatenciesAFRINIC
 
Studying performance barriers to cloud services in Africa's public sector
Studying performance barriers to cloud services in Africa's public sectorStudying performance barriers to cloud services in Africa's public sector
Studying performance barriers to cloud services in Africa's public sectorAFRINIC
 
Routing security and implications for NRENs
Routing security and implications for NRENsRouting security and implications for NRENs
Routing security and implications for NRENsAFRINIC
 
APRICOT Latency Clustering
APRICOT Latency ClusteringAPRICOT Latency Clustering
APRICOT Latency ClusteringAFRINIC
 
Latency clustering AfPIF2017
Latency clustering AfPIF2017Latency clustering AfPIF2017
Latency clustering AfPIF2017AFRINIC
 
AFRINIC RIA MoU
AFRINIC RIA MoUAFRINIC RIA MoU
AFRINIC RIA MoUAFRINIC
 
DNS Measurements
DNS MeasurementsDNS Measurements
DNS MeasurementsAFRINIC
 
AFRINIC DNSSEC Infrastructure and Signer Migration
AFRINIC DNSSEC Infrastructure and Signer MigrationAFRINIC DNSSEC Infrastructure and Signer Migration
AFRINIC DNSSEC Infrastructure and Signer MigrationAFRINIC
 
Tampering With the Open Internet: Experiences From Africa
Tampering With the Open Internet: Experiences From AfricaTampering With the Open Internet: Experiences From Africa
Tampering With the Open Internet: Experiences From AfricaAFRINIC
 
Assessing Internet Freedom and the Digital Resilience
Assessing Internet Freedom and the Digital ResilienceAssessing Internet Freedom and the Digital Resilience
Assessing Internet Freedom and the Digital ResilienceAFRINIC
 
Measuring quality of Internet links in NRENs
Measuring quality of Internet links in NRENsMeasuring quality of Internet links in NRENs
Measuring quality of Internet links in NRENsAFRINIC
 
State of Internet measurement Infrastructure/tools in Africa
State of Internet measurement Infrastructure/tools in AfricaState of Internet measurement Infrastructure/tools in Africa
State of Internet measurement Infrastructure/tools in AfricaAFRINIC
 
TraceMON - a new RIPE Atlas tool
TraceMON - a new RIPE Atlas tool TraceMON - a new RIPE Atlas tool
TraceMON - a new RIPE Atlas toolAFRINIC
 
Measuring the complexity of the Internet: indexes and indicators
Measuring the complexity of the Internet: indexes and indicatorsMeasuring the complexity of the Internet: indexes and indicators
Measuring the complexity of the Internet: indexes and indicatorsAFRINIC
 

Plus de AFRINIC (20)

AIS19 - Policies under discussion
AIS19 - Policies under discussionAIS19 - Policies under discussion
AIS19 - Policies under discussion
 
AIS19 Newcomers Session (EN)
AIS19 Newcomers Session (EN)AIS19 Newcomers Session (EN)
AIS19 Newcomers Session (EN)
 
AFRINIC 101 2017
AFRINIC 101 2017AFRINIC 101 2017
AFRINIC 101 2017
 
AFRINIC 101 2016 (Fr)
AFRINIC 101 2016 (Fr)AFRINIC 101 2016 (Fr)
AFRINIC 101 2016 (Fr)
 
Internet development in Africa: a content use, hosting and distribution persp...
Internet development in Africa: a content use, hosting and distribution persp...Internet development in Africa: a content use, hosting and distribution persp...
Internet development in Africa: a content use, hosting and distribution persp...
 
Insight Into Africa’s Country-level Latencies
Insight Into Africa’s Country-level LatenciesInsight Into Africa’s Country-level Latencies
Insight Into Africa’s Country-level Latencies
 
Deep Diving into Africa’s Inter-Country Latencies
Deep Diving into Africa’s Inter-Country LatenciesDeep Diving into Africa’s Inter-Country Latencies
Deep Diving into Africa’s Inter-Country Latencies
 
Studying performance barriers to cloud services in Africa's public sector
Studying performance barriers to cloud services in Africa's public sectorStudying performance barriers to cloud services in Africa's public sector
Studying performance barriers to cloud services in Africa's public sector
 
Routing security and implications for NRENs
Routing security and implications for NRENsRouting security and implications for NRENs
Routing security and implications for NRENs
 
APRICOT Latency Clustering
APRICOT Latency ClusteringAPRICOT Latency Clustering
APRICOT Latency Clustering
 
Latency clustering AfPIF2017
Latency clustering AfPIF2017Latency clustering AfPIF2017
Latency clustering AfPIF2017
 
AFRINIC RIA MoU
AFRINIC RIA MoUAFRINIC RIA MoU
AFRINIC RIA MoU
 
DNS Measurements
DNS MeasurementsDNS Measurements
DNS Measurements
 
AFRINIC DNSSEC Infrastructure and Signer Migration
AFRINIC DNSSEC Infrastructure and Signer MigrationAFRINIC DNSSEC Infrastructure and Signer Migration
AFRINIC DNSSEC Infrastructure and Signer Migration
 
Tampering With the Open Internet: Experiences From Africa
Tampering With the Open Internet: Experiences From AfricaTampering With the Open Internet: Experiences From Africa
Tampering With the Open Internet: Experiences From Africa
 
Assessing Internet Freedom and the Digital Resilience
Assessing Internet Freedom and the Digital ResilienceAssessing Internet Freedom and the Digital Resilience
Assessing Internet Freedom and the Digital Resilience
 
Measuring quality of Internet links in NRENs
Measuring quality of Internet links in NRENsMeasuring quality of Internet links in NRENs
Measuring quality of Internet links in NRENs
 
State of Internet measurement Infrastructure/tools in Africa
State of Internet measurement Infrastructure/tools in AfricaState of Internet measurement Infrastructure/tools in Africa
State of Internet measurement Infrastructure/tools in Africa
 
TraceMON - a new RIPE Atlas tool
TraceMON - a new RIPE Atlas tool TraceMON - a new RIPE Atlas tool
TraceMON - a new RIPE Atlas tool
 
Measuring the complexity of the Internet: indexes and indicators
Measuring the complexity of the Internet: indexes and indicatorsMeasuring the complexity of the Internet: indexes and indicators
Measuring the complexity of the Internet: indexes and indicators
 

Dernier

Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxeditsforyah
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationNSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationMarko4394
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleanscorenetworkseo
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 

Dernier (20)

Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptx
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationNSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentation
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleans
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 

DNSSEC Tutorial: Public/Private Keys, Hashes and Digital Signatures

  • 2. DNSSec and Cryptography Three Key Concepts l  Public / Private keys l  Message digests, checksums, hashes l  Digital signatures Are at the core of DNSSEC. If these do not make sense, then DNSSEC will not make sense.
  • 3. Ciphertext l  We start with plaintext. Something you can read. l  We apply a mathematical algorithm to the plaintext. l  The algorithm is the cipher. l  The plaintext is turned in to ciphertext. l  Creating a secure cipher is a difficult process. l  The standardization process for AES, the replacement for the aging DES protocol, took 5 years
  • 4. Keys l  In symmetric cryptography, a plaintext is transformed into a ciphertext, and back into plaintext using a key to the cipher (the algorithm used) on both ends. l  Assuming that the cipher method is known, the security of the ciphertext rests with the key. This is a critical point. If someone obtains your key, your plaintext is compromised.
  • 5. Symmetric Cipher The quick brown fox jumped over the... Single Key/Symmetric Ciphers The quick brown fox jumped over the... clear text clear text ciphertext K K The same key is used to encrypt the document before sending and to decrypt it once it is received 7&T% $#@! PoViuz-)~ sddaX23 Dqpir
  • 6. The Big Question... + Issue: how do you securely distribute the key to the intended receiving party or parties ?
  • 7. Public / Private Keys l  We generate a cipher key pair. One key is the private key, the other is the public key. l  The private key remains secret and should be protected. l  The public key is freely distributable. It is related mathematically to the private key, but you cannot (easily) derive the private key from the public key. l  Use the public key to encrypt data. Only someone with the private key can decrypt the encrypted data.
  • 8. Example Public / Private Key Pair The quick brown fox jumped over the... clear textk1 (public key) k2 (private key) One key is used to encrypt the document, a different key is used to decrypt it. This is an important aspect! The quick brown fox jumped over the... 7&T% $#@! PoViuz-)~ sddaX23 Dqpir clear text clear text ciphertext
  • 9. Issues l  For larger data transmissions than used in DNSSEC we use hybrid systems. l  Symmetric ciphers (single key) are much more efficient than public key algorithms for data transmission! l  Attack on the public key is possible via chosen-plaintext attacks. Thus, the public/private key pair need to be large (2048 bits). l  For instance, SSH uses public/private cryptography to setup the initial session, and exchange the dynamically calculated symmetric session-key.
  • 10. One-Way Hashing Functions l  A mathematical function that generates a fixed length result regardless of the amount of data you pass through it. Generally very fast. l  You cannot generate the original data from the fixed- length result, thus the term “one-way”. l  Hopefully you cannot find two sets of data that produce the same fixed-length result. If you do, this is called a collision. (Example, md5). l  The fixed length result is known as a Message Digest or a checksum or a hash.
  • 11. One-Way Hashing Functions cont. l  The fixed-length result of a hashing function is referred to as a checksum, message digest or hash. l  Some popular hashing functions include: è  md5: Outputs 128 bit result. Fast. Collisions found. http://www.mscs.dal.ca/~selinger/md5collision/ è  sha-1: Outputs 160 bits. Slower. Collisions in 263. è  sha-2: Outputs 224-512 bits. Slower. Collisions expected (280 attack). è  sha-3: TBA: Currently in development via a new NIST Hash Function Competition: http://csrc.nist.gov/groups/ST/hash/sha-3/
  • 12. Hashing 
 another example Note the significant change in the hash sum for minor changes in the input. Note that the hash sum is the same length for varying input sizes. This is extremely useful. *Image courtesy Wikipedia.org.
  • 13. What use is this? There are several: l  Passwords encryption (in Linux, Unix and Windows), using multiple rounds of hashing (MD5 or other) l  You can run many megabytes of data through a hashing function, but only have to check a fixed number of bits of information (160-512 bits). This is used to create a digital signature.
  • 14. Digital Signatures Reverse the role of public and private keys. To create a digital signature on a document do: è  Hash a document, producing a message digest 1.  Encrypt the message digest with your private key. è  Send the document plus the encrypted message digest. è  On the other end hash the document and decrypt the encrypted message digest with the person's public key. 1.  If the results match, the document is authenticated. This process creates a digital signature.
  • 15. When Authenticating: Take a hash of the document and encrypt only that. An encrypted hash is called a "digital signature" The quick brown fox jumped over the... The quick brown fox jumped over the... k2 k1 digital signature COMPARE hash hash (public)(private)
  • 16. Conclusion l  Public / Private keys l  Message digests, checksums, hashes l  Digital signatures Are at the core of DNSSEC.