1 / 9

Symmetric Key Management

Symmetric Key Management. CSIS 5857: Encoding and Encryption. Key Management Problems. Symmetric Key Management How can Alice tell Bob a symmetric key value without Darth finding out? Public Key Management How does Bob know where a public key comes from?. “Here is my public key K PU – Alice”.

dunne
Download Presentation

Symmetric Key Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Symmetric Key Management CSIS 5857: Encoding and Encryption

  2. Key Management Problems • Symmetric Key ManagementHow can Alice tell Bob a symmetric key value without Darth finding out? • Public Key ManagementHow does Bob know where a public key comes from? “Here is my public key KPU– Alice” Secure data encrypted with what Bob thinks is Alice’s public key

  3. Trusted Third Party Approach • “Trusted third party” • Known to all users (senders and recipients) • Verifies identities of users • Manages keys for users • Symmetric key management:Key Distribution Center • Public key management:Certificate Authority

  4. Key Distribution Center • Each member has different secret shared key known only to themselves and KDC

  5. Simple KDC Protocol Background: • Alice wants to have confidential communication with Bob • For complete security, want to create one-time session keyKAB • Alice and Bob known to KDC • Alice and KDC share symmetric key KA • Bob and KDC share symmetric key KB

  6. Simple KDC Protocol • Alice sends request to KDC • Contains sender ID (Alice), desired recipient ID (Bob) • KDC creates new session key for Alice and Bob • KDC creates ticket for session • Readable only by Bob since encrypted with KB • Contains session key, ID of sender and recipient

  7. Simple KDC Protocol • KDC sends message to Alice • Encrypted with Alice’s key KAso only Alice can read • Contains session key KAB • Contains ticket (which only Bob can read) • Alice decrypts message to get: • Session key KAB • Encrypted ticket

  8. Simple KDC Protocol • Alice sends encrypted ticket to Bob • Bob decrypts ticket to get: • Identity of sender • Confidential session key KAB • Alice and Bob now both knowKAB • Transmitted securely to both using KA and KB

  9. Needham-Schroeder Protocol • Prevents replay attacks where adversary captures ticket and resends later • Challenge-response protocol to prove sender knows session key • Bob sends nonce RB to Alice, encrypted with session key • Alice decrypts with session key, subtracts 1, re-encrypts with session key, and sends back • Bob decrypts to verify Alice was able to decrypt and compute RB-1

More Related