240 likes | 409 Views
Key Management Network Systems Security. Mort Anvari. Key Management. Asymmetric encryption helps address key distribution problems Two aspects distribution of public keys use of public-key encryption to distribute secret keys. Distribution of Public Keys.
E N D
Key ManagementNetwork Systems Security Mort Anvari
Key Management • Asymmetric encryption helps address key distribution problems • Two aspects • distribution of public keys • use of public-key encryption to distribute secret keys
Distribution of Public Keys • Four alternatives of public key distribution • Public announcement • Publicly available directory • Public-key authority • Public-key certificates
Public Announcement • Users distribute public keys to recipients or broadcast to community at large • E.g. append PGP keys to email messages or post to news groups or email list • Major weakness is forgery • anyone can create a key claiming to be someone else and broadcast it • can masquerade as claimed user before forgery is discovered
Publicly Available Directory • Achieve greater security by registering keys with a public directory • Directory must be trusted with properties: • contains {name, public-key} entries • participants register securely with directory • participants can replace key at any time • directory is periodically published • directory can be accessed electronically • Still vulnerable to tampering or forgery
Public-Key Authority • Improve security by tightening control over distribution of keys from directory • Has properties of directory • Require users to know public key for the directory • Users can interact with directory to obtain any desired public key securely • require real-time access to directory when keys are needed
Public-Key Certificates • Certificates allow key exchange without real-time access to public-key authority • A certificate binds identity to public key • usually with other info such as period of validity, authorized rights, etc • With all contents signed by a trusted Public-Key or Certificate Authority (CA) • Can be verified by anyone who knows the CA’s public key
Distribute Secret KeysUsing Asymmetric Encryption • Can use previous methods to obtain public key of other party • Although public key can be used for confidentiality or authentication, asymmetric encryption algorithms are too slow • So usually want to use symmetric encryption to protect message contents • Can use asymmetric encryption to set up a session key
Simple Secret Key Distribution • Proposed by Merkle in 1979 • A generates a new temporary public key pair • A sends B the public key and A’s identity • B generates a session key Ks and sends encrypted Ks (using A’s public key) to A • A decrypts message to recover Ks and both use
Problem with Simple Secret Key Distribution • An adversary can intercept and impersonate both parties of protocol • A generates a new temporary public key pair {KUa, KRa} and sends KUa || IDa to B • Adversary E intercepts this message and sends KUe || IDa to B • B generates a session key Ks and sends encrypted Ks (using E’s public key) • E intercepts message, recovers Ks and sends encrypted Ks (using A’s public key) to A • A decrypts message to recover Ks and both A and B unaware of existence of E
Distribute Secret KeysUsing Asymmetric Encryption • if A and B have securely exchanged public-keys ?
Problem with Previous Scenario • Message (4) is not protected by N2 • An adversary can intercept message (4) and replay an old message or insert a fabricated message
Order of Encryption Matters • What can be wrong with the following protocol? AB: N BA: EKUa[EKRb[Ks||N]] • An adversary sitting between A and B can get a copy of secret key Ks without being caught by A and B!
Diffie-Hellman Key Exchange • First public-key type scheme proposed • By Diffie and Hellman in 1976 along with advent of public key concepts • A practical method for public exchange of secret key • Used in a number of commercial products
Diffie-Hellman Key Exchange • Use to set up a secret key that can be used for symmetric encryption • cannot be used to exchange an arbitrary message • Value of key depends on the participants (and their private and public key information) • Based on exponentiation in a finite (Galois) field (modulo a prime or a polynomial) - easy • Security relies on the difficulty of computing discrete logarithms (similar to factoring) – hard
Primitive Roots • From Euler’s theorem: aø(n) mod n=1 • Consider am mod n=1, GCD(a,n)=1 • must exist for m= ø(n) but may be smaller • once powers reach m, cycle will repeat • If smallest is m= ø(n) then a is called a primitive root • if p is prime, then successive powers of a “generate” the group mod p • Not every integer has primitive roots
Discrete Logarithms • Inverse problem to exponentiation is to find the discrete logarithm of a number modulo p • Namely find x where ax = b mod p • Written as x=loga b mod p or x=inda,p(b) • If a is a primitive root then discrete logarithm always exists, otherwise may not • 3x = 4 mod 13 has no answer • 2x = 3 mod 13 has an answer 4 • While exponentiation is relatively easy, finding discrete logarithms is generally a hard problem
Diffie-Hellman Setup • All users agree on global parameters • large prime integer or polynomial q • α which is a primitive root mod q • Each user (e.g. A) generates its key • choose a secret key (number): xA < q • compute its public key: yA = αxA mod q • Each user publishes its public key
Diffie-Hellman Key Exchange • Shared session key for users A and B is KAB: KAB = αxA.xB mod q = yAxB mod q (which B can compute) = yBxA mod q (which A can compute) • KAB is used as session key in symmetric encryption scheme between A and B • Attacker needs xA or xB, which requires solving discrete log
Diffie-Hellman Example • Given Alice and Bob who wish to swap keys • Agree on prime q=353 and α=3 • Select random secret keys: • A chooses xA=97, B chooses xB=233 • Compute public keys: • yA=397 mod 353 = 40 (Alice) • yB=3233 mod 353 = 248 (Bob) • Compute shared session key as: KAB= yBxA mod 353 = 24897 = 160 (Alice) KAB= yAxB mod 353 = 40233 = 160 (Bob)
Next Class • Hashing functions • Message digests