110 likes | 296 Views
Key Distribution. Reference: Pfleeger, Charles P., Security in Computing, 2nd Edition, Prentice Hall, 1996. Symmetric Key Exchange Without Server. Assume that two users have a copy of a symmetric encryption key K. For a small number of messages, K may be used for encryption.
E N D
Key Distribution Reference: Pfleeger, Charles P., Security in Computing, 2nd Edition, Prentice Hall, 1996. Ref: Pfleeger96, Ch.4
Symmetric Key Exchange Without Server • Assume that two users have a copy of a symmetric encryption key K. • For a small number of messages, K may be used for encryption. • A new key may be generated (Knew) and K can be used to encrypt Knew, which can be sent to the receiver. Ref: Pfleeger96, Ch.4
A Problem with Symmetric Key Exchange Without Server • Each pair of users need to share a key that is unique. • If there are n pairs, then n(n+1)/2 keys are needed. Ref: Pfleeger96, Ch.4
Symmetric Key Exchange with Server • Two users request a key from a central key distribution service. • The number of keys required is reduced, but the flexibility is also reduced. • The key distribution service could also become a bottleneck. Ref: Pfleeger96, Ch.4
Asymmetric Key Distribution Without Server • Asymmetric (public) encryption reduces the need for individual keys. • The vulnerability of the central distribution service is also reduced. • Although the messages could be directly encrypted using the public keys, the algorithms tend to be less efficient than symmetric ones. Ref: Pfleeger96, Ch.4
Asymmetric Key Distribution Without Server (p.2) • Public key authentication could be used to deliver a secret key for efficient symmetric encryption. • A generates a secret symmetric key for communications with B--Ks • A then encrypts Ks with A’s secret key. • A then uses B’s public key to send the encrypted key to A. • A then authenticates Ks by decrypting it with A’s public key. Ref: Pfleeger96, Ch.4
Asymmetric Key Distribution Without Server (p.3) • To verify the key, each side can also send a test message. • A random number could be generated, encrypted and sent. • The other side could decrypted the number, add one, and then encrypt it and send it back. • Finally a distribution center could provide the public keys, in the first place. Ref: Pfleeger96, Ch.4
Asymmetric Key Exchange with Server • A requests B’s public key from the key distribution center. • The distribution center uses its secret key (for authentication) to encrypt B’s public key and identifier and sends it to A. • A decrypts the key using the distribution center’s public key and the result is authenticated. Ref: Pfleeger96, Ch.4
Asymmetric Key Exchange with Server (p.2) • Now A sends can send his identity and a reference encrypted with B’s public key. • B communicates with the key distribution center to receive A’s public key. • B then encrypts his A’s reference and her own reference for authentication. • A then sends a message and B’s reference. Ref: Pfleeger96, Ch.4