1 / 21

Symmetric Key Distribution

Symmetric Key Distribution. Network Security. Symmetric Key Distribution. Objectives of the Topic After completing this topic, a student will be able to describe how symmetric key can be distributed with symmetric encryption. Symmetric Key Distribution.

jerrymcdonald
Download Presentation

Symmetric Key Distribution

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Symmetric Key Distribution Network Security

  2. Symmetric Key Distribution Objectives of the Topic • After completing this topic, a student will be able to • describe how symmetric key can be distributed with symmetric encryption.

  3. Symmetric Key Distribution Figures and material in this topic have been adapted from • “Network Security Essentials: Applications and Standards”, 2014 by William Stalling.

  4. Symmetric Key Distribution • For symmetric encryption to work, the two parties to an exchange must share the same key, and that key must be protected from access by others.

  5. Symmetric Key Distribution • Frequent key changes are usually desirable to limit the amount of data compromised if an attacker learns the key.

  6. Symmetric Key Distribution • The strength of any cryptographic system rests with the “key distribution technique” --- the means of delivering a key to two parties that wish to exchange data, without allowing others to see the key.

  7. Symmetric Key Distribution Key Distribution Options • For two parties A and B, there are the following options: • 1.A key could be selected by A and physically delivered to B.

  8. Symmetric Key Distribution • 2. A third party could select the key and physically deliver it to A and B. • 3. If A and B have recently used a key, one party could transmit the new key to the other, using the old key to encrypt the new key.

  9. Symmetric Key Distribution • 4. If A and B each have an encrypted connection to a third party C, C could deliver a key on the encrypted links to A and B.

  10. Symmetric Key Distribution • Options 1 and 2 call for manual delivery of a key. • For link encryption, this is a reasonable requirement, because each link encryption device is only going to be exchanging data with its partner on the other end of the link.

  11. Symmetric Key Distribution • However, for end-to-end encryption over a network, manual delivery is awkward.

  12. Symmetric Key Distribution • In a distributed system, any given host may need to engage in exchanges with many other hosts over time. • Each device needs a number of keys supplied dynamically. • Difficult in a wide-area distributed system.

  13. Symmetric Key Distribution • Option 3 is a possibility for either link encryption or end-to-end encryption, but if an attacker ever succeeds in gaining access to one key, then all subsequent keys are revealed.

  14. Symmetric Key Distribution • To provide keys for end-to-end encryption, option 4 is preferable. • For option 4 , two kinds of keys are used:

  15. Symmetric Key Distribution • Session key: When two end systems wish to communicate, they establish a logical connection. • For the duration of that logical connection, called a session, all user data are encrypted with a one-time session key.

  16. Symmetric Key Distribution • At the conclusion of the session, the session key is destroyed. • Permanent key: is a key used between entities for the purpose of distributing session keys.

  17. Symmetric Key Distribution • A necessary element of option 4 is a key distribution center (KDC) . • The operation of a KDC proceeds as follows:

  18. Symmetric Key Distribution • 1. When host A wishes to set up a connection to host B, it transmits a connection request packet to the KDC. • Communication bet. A and KDC is encrypted using a master key shared only by A and the KDC.

  19. Symmetric Key Distribution • 2. If KDC approves the connection request, it generates a unique one-time session key. • It encrypts the session key using the permanent key it shares with A and delivers the encrypted session key to A.

  20. Symmetric Key Distribution • Similarly, it encrypts the session key using the permanent key it shares with B and delivers the encrypted session key to B.

  21. Symmetric Key Distribution • 3. A and B can now set up a logical connection and exchange messages and data, all encrypted using the temporary session key. End

More Related