Key Management And Key Distribution The essential problems addressed by all cryptosystems is how to safely exchange keys and how to easily manage the.

Slides:

Advertisements

Similar presentations

Securing the Worlds Information Secure Dynamic Credit and Debit Cards Stop Credit Card and Identity Theft Andre Brisson Stephen Boren Co founders/ Co.

Advertisements

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

Lecture 23 Internet Authentication Applications

DESIGNING A PUBLIC KEY INFRASTRUCTURE

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Cryptographic Technologies

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System interfaces Updated: November 2014.

Chapter 20: Network Security Business Data Communications, 4e.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

Computer Science Public Key Management Lecture 5.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.

1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.

CSCI 6962: Server-side Design and Programming

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Chapter 31 Network Security

Public Key Cryptography July Topics  Symmetric and Asymmetric Cryptography  Public Key Cryptography  Digital Signatures  Digital Certificates.

Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

Wireless and Security CSCI 5857: Encoding and Encryption.

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

Information Security Fundamentals Major Information Security Problems and Solutions Department of Computer Science Southern Illinois University Edwardsville.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Types of Electronic Infection

ITIS 1210 Introduction to Web-Based Information Systems Chapter 50 Cryptography, Privacy, and Digital Certificates.

Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.

Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.

1 Information Security Practice I Lab 5. 2 Cryptography and security Cryptography is the science of using mathematics to encrypt and decrypt data.

INFORMATION SYSTEM : SECURITY MEASURES Nurul Filzah Bt Hussain Muhammad Lokman Nurhakim Bin Hamin Nor Afina Binti Nor Aziz

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz

Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.

Secure Messenger Protocol using AES (Rijndael) Sang won, Lee

© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.

Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.

1 Certification Issue : how do we confidently know the public key of a given user? Authentication : a process for confirming or refuting a claim of identity.

Fall 2006CS 395: Computer Security1 Key Management.

 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.

Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.

Information Systems Design and Development Security Precautions Computing Science.

1 Example security systems n Kerberos n Secure shell.

Introduction to z/OS Security Lesson 4: There’s more to it than RACF

Install AD Certificate Services

ONLINE SECURE DATA SERVICE

Public-Key, Digital Signatures, Management, Security

Fluency with Information Technology Lawrence Snyder

Presentation transcript:

Key Management And Key Distribution The essential problems addressed by all cryptosystems is how to safely exchange keys and how to easily manage the keys while enabling reliable authentication, authorization and revocation. Simple symmetric distributed key systems – encrypted keys are distributed once physically by SA or by manufacturing. In Dynamic Distributed Key Infrastructures, distributed keys in turn exchange more device/person specific distributed keys, sizing a secure network in much the same way that DNS sizes the Internet.

Traditional objections to symmetric systems Its security depends on a new key being generated and used each time a new message is encrypted; this means that the total number of key bits is too large to be practical A large key-space comes at the price of longer keys, however, and these make the encryption and decryption processes slower. Thus the encryption system designer must trade off speed of operation against resistance to exhaustive search attacks. Anyone using a symmetric-key encryption system must deal with the key exchange problem: if 1 or more recipients are to be able to decrypt a message, they must get the key, and they must be the only ones to get it. … Key exchange is thus a high-overhead operation. As much key material needs to be transmitted as the data to be encrypted. Key storage is onerous. These objections are no longer valid.

What are the attributes of DDKI? Dynamic Distributed Key system – what is it? DDKI are systems utilizing distributed keys to safely create and distribute more distributed keys, dynamically and electronically, to scale large secure communities of interest in much the same way that DNS allows the Internet to size itself. Self provisioning enables clients to generate their own session keys, encrypt their own content and authenticate themselves – this eliminates the majority of server overhead in massive networks and adds little overhead to the client.

Expanding a secure community of interest like DNS does This is a simple secure closed distributed system Dynamic elements dynamic session keys and addresses dynamically authenticate session with DIVA How do we dynamically, electronically and securely expand to add the millions of existing appliances and to build new secure networks users? Networks Clients or appliances like routers and switching

Secure Network Server In existing DDKI 1. Server sends serial number read utilty to new appliance as a firmware patch. 2. New appliance sends MAC#, serial #, NAM, UID to server 3. Server generates unique keys and unique starting offset from serial #, updates itself with UID, offset, key info, encrypts private key with application key, and sends package with encrypted private key(s) and secure application to the new device. New client, router, switch etc. Coming in from the cold 1.Expand secure networks in 3 steps electronically 2.Secure legacy networks and hardware with software/firmware patches – MFG acceptance is helpful 3.Device receives secure distributed key pair 4.All legacy hardware with MAC# etc. and firmware are quickly and inexpensively added to DDKI 5.Persons can add password for access and two factor authentication

Unlike encryption, digital signature technology is not encumbered by export restrictions. 1.Utilizing new symmetrical identity management keys reinforces the usefulness AES algorithms and keys 2.Utilizing trans-encryption makes huge networks using AES fast 3.Utilizing super strength authentication keys comply with standards that many enterprises and governments are required to use.

SENDER AESWN DISTRIBUTED AES – WN KEY PAIR 1 TIME PHYSICALLY BY SYSTEM ADMINISTRATOR ELECTRONICALLY WITH KEY GENERATED TO SPECIFIC DEVICE WN KEY MULTI-FUNCTION RNG FOR SESSION KEY – NO FAILURES NIST AUTHENTICATION – ID MANAGEMENT GENERATE SESSION KEY WITH WN RNG ENCRYPT DOC WITH AES ALGORITH AND SESSION KEY ENCRYPT SESSION KEY WITH DISTRIBUTED AES KEY AUTHENTICATE ENCRYPTED SESSION KEY WITH WN EMBED IN HEADER OF ENCRYPTED DOC TRANS-ENCRYPT AUTHENTICATED SESSION KEY FROM SENDER TO RECEIVER ALL KEY PAIRS STORED MINIMAL BECAUSE OF MULTIPLICITY KEY STORAGE IS CHEAP CHOOSE WHETHER TO STORE OR FORWARD DOCS TRANSFER ENCRYPTED DOC RECEIVER AESWN ABOVE PROCESS = NO KEY EXCHANGE SIMPLE SYMMETRIC DISTRIBUTED KEY SYSTEM