1 / 32

10. Key Management

10. Key Management. Contents. Key Management Public-key distribution Secret-key distribution via public-key cryptography. Key Management. Public-key distribution Public announcement Public available directory Public-key authority Public-key certificates. Public Announcement.

chloe
Download Presentation

10. Key Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 10. Key Management

  2. Contents • Key Management • Public-key distribution • Secret-key distribution via public-key cryptography

  3. Key Management • Public-key distribution • Public announcement • Public available directory • Public-key authority • Public-key certificates

  4. Public Announcement • Public announcement of public keys • Any participant can send his/her public key to any participants or broadcast to the community.

  5. Public Announcement • Weakness • Anyone can forge a public announcement • Some user could pretend to be user A and send a public key to another participant or broadcast such a public key. C

  6. Public Available Directory • Publicly available directory • A trusted authority maintains a directory with a {name, public key} entry for each participants. • Each participant registers a public key with the directory authority.

  7. Public Available Directory • A participant may replace the existing key with a new some at any time. • Periodically, the authority publishes the entire directory or updates to the directory.

  8. Public Available Directory • Participants could also access the directory electrically. For this purpose, secure, authenticated communication from the authority to the participant is mandatory.

  9. Public Available Directory • This scheme is more secure, but still has vulnerabilities. • If an opponent get the private key of the directory authority, the opponent could counterfeit public keys in the directory.

  10. Public-key Authority • Public-key Authority • Stronger security for public-key distribution can be achieved by providing tighter control over the distribution of public keys from the directory.

  11. Public-key Authority • A sends a timestamped message to the public-key authority containing a request for the current public key of B.

  12. Public-key Authority • The authority responds with a message that is encrypted using the authority’s private key, KRauth.

  13. Public-key Authority • A stores B’s public key and also use it to encrypt a message to B containing an identifier of A(IDA) and a nonce(N1).

  14. Public-key Authority 4,5 B retrieves A’s public key from the authority in the same manner as A retrieved B’s public key.

  15. Public-key Authority • B sends a message to A encrypted with KUa and containing A’s nonce(N1) as well as a new nonce generated by B(N2).

  16. Public-key Authority • A returns N2, encrypted using B’s public key, to assure B that is correspondent is A.

  17. Public-key Authority • Drawbacks • A total of seven messages are required. • However, the initial four messages need be used only infrequently because both A and B can save the other’s public key for future use. • Public-key authority could be a bottleneck in the system, because a user must access the authority for the public key for every other user that it wishes to contact. • As before, the directory is vulnerable to tampering.

  18. Public-key Certificates • Public-key certificates • Certificates are used to exchange keys without contacting a public-key authority. • A certificate consists of a public key, an identifier of the key owner, and more information with the signature of the whole block signed by a trusted third party.

  19. Public-key Certificates • Certificate generation • Each user sends his/her public key to a certificate authority (CA) in a secure manner. • The CA generates a certificate for the user using his/her private key.

  20. Public-key Certificates • Public-key exchange • A and B sends their certificates to each other. • Each verify the certificate using the CA’s public key.

  21. Secret-Key Distribution • Secret-key distribution via public-key cryptography • Simple secret key distribution • Secret key distribution with confidentiality and authentication • A hybrid scheme

  22. Simple Secret Key Distribution • Simple Secret Key Distribution • If A wishes to communicate with B, • A generates a public/private key pair {KUa, KRa} and transmits a message to B consisting of KUa and an identifier of A, IDA. • B generates a secret key, Ks, and transmits it to A, encrypted with A’s public key. • A computes DKRa[EKUa[Ks]] to recover the secret key. • A discards KUa and KRa and B discards KUa.

  23. Simple Secret Key Distribution • A and B can now securely communicate using conventional encryption and the session key Ks. • However, this protocol is vulnerable to an active attack. • Man-in-the-middle attack • An opponent E can compromise the communication without being detected.

  24. (1) KUa||IDA (2) KUe||IDA A E B (4) EKUa[Ks] (3) EKUe[Ks] Simple Secret Key Distribution • Man-in-the-middle attack • A generates a public/private key pair {KUa, KRa} and transmits a message intended for B consisting of KUa and IDA. • E intercepts the message, creates its own public/private key pair {KUe, KRe} and transmits KUe||IDA to B.

  25. (1) KUa||IDA (2) KUe||IDA A E B (4) EKUa[Ks] (3) EKUe[Ks] Simple Secret Key Distribution • Man-in-the-middle attack • B generates a secret key Ks, and transmits EKUe[Ks]. • E intercepts the message and learns Ks by computing DKRe[EKUe[Ks]]. • E transmits EKUa[Ks] to A.

  26. Simple Secret Key Distribution • Man-in-the-middle attack • Both A and B know Ks and are unaware that E knows Ks. • Knowing Ks, E can decrypt all encrypted messages between A and B.

  27. Secret Key distribution with Confidentiality and Authentication • Secret Key Distribution with Confidentiality and Authentication • Assume that A and B have exchanged public key

  28. Secret Key distribution with Confidentiality and Authentication • A uses B’s public key to encrypt a message to B obtaining an identifier of A (IDA) and a nonce (N1), used to identify this transaction uniquely. • B sends a message to A encrypted with KUa and obtaining A’s nonce(N1) as well as a now nonce generated by B(N2).

  29. Secret Key distribution with Confidentiality and Authentication • A returns N2, encrypted using B’s public key, to assure B that its correspondent is A. • A selects a secret key Ks and sends M = EKUb[EKRa[Ks]] to B. Encryption of this message with B’s public key ensures that only B can read it; Encryption with A’s private key ensures that only A could have sent it. • B computes DKUa[DKRb[M]] to recover the secret key.

  30. Secret Key distribution with Confidentiality and Authentication • This approach provides protection against both active and passive attacks. • Note that the first 3 step of this scheme are the same as that last 3 steps of Public-key authority scheme. • This scheme ensures both confidentiality and authentication in the exchange of a secret key.

  31. Hybrid Scheme • A Hybrid Scheme • The use of a key distribution center (KDC) that shares a secret master key with each user and distributes secret session keys encrypted with the master key. • A public key scheme is used to distribute the master keys.

  32. Hybrid Scheme • Performance • Distribution of session key by public-key encryption could degrade overall system performance. • With a 3-level hierarchy, public-key encryption is used only occasionally to update the master key between a user and the KDC. • Backward Compatibility • The hybrid scheme is easily overlaid on an existing KDC scheme, with minimal disruption or software changes.

More Related