@Yuan Xue CS 285 Network Security Key Distribution and Management Yuan Xue Fall 2012.

Slides:

Advertisements

Similar presentations

Chapter 10 Real world security protocols

Advertisements

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

AUTHENTICATION APPLICATIONS - Chapter 14 Kerberos X.509 Directory Authentication (S/MIME)

Authentication & Kerberos

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)

Slide 1 Vitaly Shmatikov CS 378 Key Establishment Pitfalls.

CMSC 414 Computer and Network Security Lecture 23 Jonathan Katz.

Chapter3 Public-Key Cryptography and Message Authentication.

Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.

Key Distribution CS 470 Introduction to Applied Cryptography

Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Computer Science Public Key Management Lecture 5.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 3 Public-Key Cryptography and Key Management.

Key Management and Diffie- Hellman Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther.

1 Lecture 14: Real-Time Communication Security real-time communication – two parties interact in real time (as opposed to delayed communication like )

Cyrtographic Security Identity-based Encryption 1Dennis Kafura – CS5204 – Operating Systems.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.

Cryptography and Network Security (CS435) Part Eight (Key Management)

15.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Key Management.

Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings.

Fall 2010/Lecture 321 CS 426 (Fall 2010) Key Distribution & Agreement.

PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.

Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.

6 June Lecture 2 1 TU Dresden - Ws on Proof Theory and Computation Formal Methods for Security Protocols Catuscia Palamidessi Penn State University,

Topic 14: Secure Communication1 Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication.

1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption.

AUTHENTICATION APPLICATIONS - Chapter 14 Kerberos X.509 Directory Authentication (S/MIME)

Understanding Cryptography by Christof Paar and Jan Pelzl Chapter 13 – Key Establishment ver. Jan 7, 2010 These slides were prepared.

Computer and Network Security - Message Digests, Kerberos, PKI –

Protocol Analysis. CSCE Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.

Key Management Network Systems Security Mort Anvari.

User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.

1 Authenticated Key Exchange Rocky K. C. Chang 20 March 2007.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

1 Secure Key Exchange: Diffie-Hellman Exchange Dr. Rocky K. C. Chang 19 February, 2002.

Fall 2006CS 395: Computer Security1 Key Management.

1 Chapter 3-3 Key Distribution. 2 Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution.

Diffie-Hellman Key Exchange first public-key type scheme proposed by Diffie & Hellman in 1976 along with the exposition of public key concepts – note:

Key Management and Distribution Anand Seetharam CST 312.

Security. Cryptography (1) Intruders and eavesdroppers in communication.

Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.

@Yuan Xue CS 285 Network Security Placement of Security Function and Security Service Yuan Xue Fall 2013.

@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.

@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.

Key Management public-key encryption helps address key distribution problems have two aspects of this: – distribution of public keys – use of public-key.

Fourth Edition by William Stallings Lecture slides by Lawrie Brown

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

@Yuan Xue 285: Network Security CS 285 Network Security Digital Signature Yuan Xue Fall 2012.

Presentation transcript:

@Yuan Xue CS 285 Network Security Key Distribution and Management Yuan Xue Fall 2012

@Yuan Xue Overview Secret Key Distribution Introduction Using key distribution center (KDC) Decentralized Using public-key Public Key Management Public-key Announcement Publicly Available Directory Public-key Certificate Web of Trust (GnuPG)

@Yuan Xue Secret Key Distribution Message Encryption Secret key encryption vs. public key encryption  Both encryption algorithms can provide confidentiality  Secret Key Encryption is more efficient and faster To use secret key encryption  Communicating peers must share the same key  The key must be protected from access by others Key Distribution

@Yuan Xue Key Hierarchy A secret key becomes insecure when used for a long time, since more ciphertext encrypted using this key is available to the attacker, making it easies to derive the key. Keys that are used to encrypt the data need to be renewed frequently Solution – Key Hierarchy Session key – encrypt data, renewed each session Master key – distribute session keys, renewed infrequently using non- cryptographic approach

@Yuan Xue Secret Key Distribution Now the questions are What are master keys?  secret key or public key? Who should share master keys?  who needs to be trusted a priori? How to get session keys from master keys?  key distribution protocol

@Yuan Xue Secret Key Distribution Approaches Three approaches Via key distribution center (KDC)  KDC needs to share a secret key with each of the communication parties Decentralized  The communication parties need to share a master key Via public key  The communication parties need to have the public keys of each other Using public key encryption Using Diffie-Hellman key exchange

@Yuan Xue Key Distribution based on KDC Initially A and B both trust KDC KU A -- shared secret key between A and KDC KU B -- shared secret key between B and KDC Goal A and B trust each other A and B share a secret key K S KDC AB KU A, KU B KU A KU B KDC AB KU A, KU B K S, KU A K S, KU B

@Yuan Xue Overview Secret Key Distribution Introduction Using key distribution center (KDC) Decentralized Using public-key Public Key Management Public-key Announcement Publicly Available Directory Public-key Certificate Web of Trust (GnuPG)

@Yuan Xue KDC-based Key Distribution Protocol Ticket to B Nonce  guarantee the reply (the secret key) from KDC is fresh Match the KDC reply with the request, in case A issued multiple requests to KDC The Needham–Schroeder Symmetric Key Protocol Any math func, e.g., N+1 Vulnerable to Replay attack

@Yuan Xue Decentralized Key Distribution Initially A and B trust each other A and B share a master secret key K m Goal A and B share a session secret key K S AB KmKm KmKm AB K S, K m

@Yuan Xue Decentralized Key Distribution

@Yuan Xue Secret Key Distribution Approaches Three approaches Via key distribution center (KDC)  KDC needs to share a secret key with each of the communication parties Decentralized  The communication parties need to share a master key Via public key  The communication parties need to have the public keys of each other Using public key encryption Using Diffie-Hellman key exchange

@Yuan Xue Secret Key Distribution Via Public Key Using public key encryption RSA Algorithm Using Diffie-Hellman key exchange

@Yuan Xue Simple Secret Key Distribution Problem: Man-in-the-middle-attack

@Yuan Xue Man-in-the-middle Attack A D B KU A ||ID A KU D ||ID A E[KU D, K s ] E[KU A, K s ] Key Issue: Binding between public key and the ID. Solution: public key management Provides authenticated association between the public key and the ID

@Yuan Xue Public Key Management Distribution of Public Key Public-key Announcement Publicly Available Directory Public-key Certificate (focus) Others  Fingerprint (GnuPG)  Web of Trust (covered in HW2 and the class on GnuPG)

@Yuan Xue Public Announcement No Authentication Key Issue: Binding ID Public key

@Yuan Xue Publicly Available Directory Directory [ID, public key] A securely registers its public key In person Secure communication The entire directory is published periodically B can access the directory via secure authenticated communication

@Yuan Xue Public-Key Certificate Certificate C A = E[KR auth, T||ID A ||KU A ]

@Yuan Xue Put into practice Let’s take a look at a real certificate How to generate OpenSSL ek/openssl/

@Yuan Xue AB I want to talk to you Certificate E(KU bob,S) Now – Use Public key to distribute secret key No assurance that the key is fresh

@Yuan Xue K = Hash (S, R Alice, R Bob ) Nonce Pre-master Secret K = Hash (S, R Alice, R Bob ) Secret Key AB I want to talk to you, R Alice Certificate, R Bob E(KU bob,S) Solution from SSL Nonce

@Yuan Xue a is a primitive root of prime number p then a mod p, a 2 mod p, …, a p-1 mod p are distinct and consist of the integers from 1 through p-1 For any b and a primitive root a of p, unique exponent I can be found such that b = a i mod p (0<=i <= p-1) Diffie-Hellman Key Exchange

@Yuan Xue More on D-H Key Exchange Basic Version -- Anonymous Diffie-Hellman: no authentication, vulnerable to man-in-the- middle attacks Fixed Diffie-Hellman: based on public parameter in server’s CA; fixed secret key Ephemeral Diffie-Hellman: one time secret key; most secure D-H options

@Yuan Xue In A Nutshell KDC-based Decentralized Secret Key Distribution Message Encryption Message Authentication Public-key-based RSA, Diffie-Hellman Public-key-based RSA, Diffie-Hellman Announcement Directory Certificate Public-key management Session Keys Public Keys Decentralized (Web of Trust) Decentralized (Web of Trust)