1 / 24

Key Distribution and Management

Key Distribution and Management. Yuan Xue. Outline. Secret Key Distribution Introduction Using key distribution center (KDC) Decentralized Using public-key Public Key Management Public-key Announcement Publicly Available Directory Public-key Certificate Web of Trust (GnuPG).

davin
Download Presentation

Key Distribution and Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Key Distribution and Management Yuan Xue

  2. Outline • Secret Key Distribution • Introduction • Using key distribution center (KDC) • Decentralized • Using public-key • Public Key Management • Public-key Announcement • Publicly Available Directory • Public-key Certificate • Web of Trust (GnuPG)

  3. Secret Key Distribution • Message Encryption • Secret key encryption vs. public key encryption • Both encryption algorithms can provide confidentiality • Secret Key Encryption is more efficient and faster • To use secret key encryption • Communicating peers must share the same key • The key must be protected from access by others Key Distribution

  4. Key Hierarchy • A secret key becomes insecure when used for a long time, since more ciphertext encrypted using this key is available to the attacker, making it easies to derive the key. • Keys that are used to encrypt the data need to be renewed frequently • Solution – Key Hierarchy • Session key – encrypt data, renewed each session • Master key – distribute session keys, renewed infrequently using non-cryptographic approach

  5. Secret Key Distribution Approaches • Now the questions are • What are master keys? • secret key or public key? • Who should share master keys? • who needs to be trusted a priory? • How to get session keys from master keys? • key distribution protocol • Three approaches • Via key distribution center (KDC) • KDC needs to share a secret key with each of the communication parties • Decentralized • The communication parties need to share a master key • Via public key • Using public key encryption • Using Diffie-Hellman key exchange

  6. Key Distribution based on KDC • Initially • A and B both trust KDC • KUA -- shared secret key between A and KDC • KUB -- shared secret key between B and KDC • Goal • A and B trust each other • A and B share a secret key KS KDC KUA, KUB KDC KUA, KUB KUA KS ,KUA A B KUB A B KS ,KUB

  7. KDC-based Key Distribution Protocol Nonce guarantee the reply (the secret key) from KDC is fresh Ticket to B Match the KDC reply with the request, in case A issued multiple requests to KDC

  8. Decentralized Key Distribution • Initially • A and B trust each other • A and B share a master secret key Km • Goal • A and B share a session secret key KS Km KS ,Km A B Km A B KS ,Km

  9. Decentralized Key Distribution

  10. Secret Key Distribution Via Public Key • Using public key encryption • RSA Algorithm • Using Diffie-Hellman key exchange • We will discuss about this approach later

  11. Simple Secret Key Distribution • Problem: Man-in-the-middle-attack

  12. Man-in-the-middle Attack KUA||IDA KUD||IDA A B D E[KUD, Ks] E[KUA, Ks]

  13. Secret Key Distribution with Confidentiality and Authentication

  14. Diffie-Hellman Key Exchange a is a primitive root of prime number p then a mod p, a2 mod p, …, ap-1 mod p are distinct and consist of the integers from 1 through p-1 For any b and a primitive root a of p, unique exponent I can be found such that b = ai mod p (0<=i <= p-1)

  15. Key Management • Distribution of Public Key • Public-key Announcement • Publicly Available Directory • Public-key Certificate • Web of Trust (GnuPG)

  16. Public Announcement • No Authentication Key Issue: Binding ID <-> Public key

  17. Publicly Available Directory • Directory [ID, public key] • A securely registers its public key • In person • Secure communication • The entire directory is published periodically • B can access the directory via secure authenticated communication

  18. Public-Key Certificate • Certificate CA = E[KRauth, T||IDA||KUA]

  19. KDC-based Announcement In A Nutshell Decentralized (Web of Trust) Decentralized Directory Public-key-based RSA, Diffei-Hellman Certificate Public-key management Secret Key Distribution Public Keys Message Encryption Message Authentication Session Keys

  20. Placement of Encryption Function Yuan Xue

  21. Placement of Encryption Function • What to encrypt • Message format • Where the encryption function should be located? • Network stack • Link vs. End-to-end • Where each layer is located and how it may get attacked • Aspects to consider • Message security • Number of keys required • Number of encryption/decryptions • Transparency to users/end hosts

  22. Potential Locations of Attacks Alice Bob Darth Application Application TCP/UDP TCP/UDP IP IP IP IP Link Link Link Link Internet

  23. Link vs. End-to-End Encryption

  24. Message format

More Related