1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.

Slides:



Advertisements
Similar presentations
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Advertisements

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Public Key Management and X.509 Certificates
Public Key Cryptography & Message Authentication By Tahaei Fall 2012.
Outline User authentication
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Outline User authentication –Password authentication, salt –Challenge-response authentication protocols –Biometrics –Token-based authentication Authentication.
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Authentication Digital Signature Key distribution.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
8: Network Security – Integrity, Firewalls.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Outline User authentication
Outline User authentication –Password authentication, salt –Challenge-response authentication protocols –Biometrics –Token-based authentication Authentication.
Network Security understand principles of network security:
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)
Outline User authentication –Password authentication, salt –Challenge-response authentication protocols –Biometrics –Token-based authentication Authentication.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
Outline User authentication
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
Security Management.
Secure Communication with an Insecure Internet Infrastructure.
Computer Science Public Key Management Lecture 5.
Objectives Understand the challenge-response authentication protocol and its attacks Understand the basic mechanisms of trusted intermediaries for distributed.
Secure Communication with an Insecure Internet Infrastructure Lecture Nov. 21 st 2006 Dan Wendlandt.
Chapter 31 Network Security
Chapter 5 Digital Signatures MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Behzad Akbari Spring In the Name of the Most High.
Computer Networking Lecture 4 – Applications DNS, SSL.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Key Management and Diffie- Hellman Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther.
Network Security7-1 Chapter 7 Network Security Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley,
ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Lecture 12 Network Security (2)
8: Network Security8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents  sender encrypts.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.
Fall 2010/Lecture 321 CS 426 (Fall 2010) Key Distribution & Agreement.
Network Security Understand principles of network security:
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Upper OSI Layers Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.
Network Security7-1 CAP6135: Malware and Software Vulnerability Analysis Basic Knowledge on Computer Network Security Cliff Zou Spring 2011.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz
1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption.
Computer and Network Security - Message Digests, Kerberos, PKI –
Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.
Chapter 10: Network Security Chapter goals: r understand principles of network security: m cryptography and its many uses beyond “confidentiality” m authentication.
Key Management Network Systems Security Mort Anvari.
Network Security7-1 Chapter 7: Network Security Chapter goals: r understand principles of network security: m cryptography and its many uses beyond “confidentiality”
 Key Management  Secure Group Management  Authorization Management  Latest Relevant Knowledge  Future Work  References 2.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
1 Chapter 3-3 Key Distribution. 2 Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution.
8: Network Security8-1 Chapter 8 Network Security (some reviews and security protocols) These ppt slides are originally from the Kurose and Ross’s book.
NWEN 243 Networked Applications Lecture 5: The Key Problem & Asymmetric Cyphers © , Kris Bubendorfer.
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
Basic Network Encryption
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
Message Security, User Authentication, and Key Management
Public Key Infrastructure
Protocol ap1.0: Alice says “I am Alice”
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
Basic Network Encryption
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
Chapter 8 roadmap 8.1 What is network security?
Presentation transcript:

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution center (KDC) acting as intermediary between entities Public key problem: When Bob obtains Alice’s public key (from web site, , diskette), how does he know it is Alice’s public key, not Trudy’s? Solution: trusted certification authority (CA)

2 Deffie-Hellman Key Exchange prime number p, base g g a mod p secret integer a secret integer b g b mod p (g b mod p) a mod p (g a mod p) b mod p Key: (g b mod p) a mod p= (g a mod p) b mod p

3 Deffie-Hellman Key Exchange: Example Prime number p=23, base g=5. Alice: a=6 Send Bob: g^a mod 23 = 8. Bob: b=15 Send Alice: g^b mod 23 = 19. Alice compute: 19^6 mod 23 = 2 Bob computer: 8^15 mod 23 = 2

4 Key Distribution Center (KDC) KDC: server shares different secret key with each registered user (many users) Alice shares a key with KDC: K A-KDC Bob shares a key with KDC: K B-KDC K B-KDC K X-KDC K Y-KDC K Z-KDC K P-KDC K B-KDC K A-KDC K P-KDC KDC

5 Key Distribution Center (KDC) Alice knows R1 Bob knows to use R1 to communicate with Alice Alice and Bob communicate: using R1 as session key for shared symmetric encryption Q: How does KDC allow Bob, Alice to determine shared symmetric secret key to communicate with each other? KDC generates R1 K B-KDC (A,R1) K A-KDC (A,B) K A-KDC (R1, K B-KDC (A,R1) )

6 Deffie-Hellman v.s. KDC Deffie-Hellman +: no infrastructure support -: computation load on users KDC -: need infrastructure support -: single bottleneck, single point of failure +: computation load centered at KDC

7 Certification Authorities Certification authority (CA): binds public key to particular entity, E. E registers its public key with CA. E provides “proof of identity” to CA. CA creates certificate binding E to its public key. certificate containing E’s public key digitally signed by CA – CA says “this is E’s public key” Bob’s public key K B + Bob’s identifying information digital signature (encrypt) CA private key K CA - K B + certificate for Bob’s public key, signed by CA

8 Certification Authorities When Alice wants Bob’s public key: gets Bob’s certificate (Bob or elsewhere). apply CA’s public key to Bob’s certificate, get Bob’s public key Bob’s public key K B + digital signature (decrypt) CA public key K CA + K B +

9 A Certificate Contains: Serial number (unique to issuer) info about certificate owner, including algorithm and key value itself (not shown) info about certificate issuer valid dates digital signature by issuer

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.