Key Distribution CS 470 Introduction to Applied Cryptography

Slides:



Advertisements
Similar presentations
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Advertisements

Chapter 10 Real world security protocols
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
CS470, A.SelcukNeedham-Schroeder1 Needham-Schroeder Protocol Authentication & Key Establishment CS 470 Introduction to Applied Cryptography Instructor:
Digital Signatures and applications Math 7290CryptographySu07.
CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.
Public Key Algorithms …….. RAIT M. Chatterjee.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Chapter 9: Key Management
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.
CS470, A.SelcukPublic Key Cryptography1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 23 Jonathan Katz.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
Diffie-Hellman Key Exchange
C HAPTER 13 Asymmetric Key Cryptography Slides adapted from "Foundations of Security: What Every Programmer Needs To Know" by Neil Daswani, Christoph Kern,
Computer Science Public Key Management Lecture 5.
Introduction to Public Key Cryptography
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
1 Lecture 14: Real-Time Communication Security real-time communication – two parties interact in real time (as opposed to delayed communication like )
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
Cyrtographic Security Identity-based Encryption 1Dennis Kafura – CS5204 – Operating Systems.
Overview of Key Establishment Techniques: Key Distribution, Key Agreement and PKI Wade Trappe.
1 Chapter 9: Key Management All algorithms we have introduced are based on one assumption: keys have been distributed. But how to do that? Key generation,
10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.
Using Cryptography for Network Security Common problems: –Authentication - A and B want to prove their identities to one another –Key-distribution - A.
Cryptography and Network Security (CS435) Part Eight (Key Management)
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Fall 2010/Lecture 321 CS 426 (Fall 2010) Key Distribution & Agreement.
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Chapter 4 Using Encryption in Cryptographic Protocols & Practices.
Digital Signatures, Message Digest and Authentication Week-9.
1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz
1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,
The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Authentication Protocols (I): Secure Handshake.
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
CS 4803 Fall 04 Public Key Algorithms. Modular Arithmetic n Public key algorithms are based on modular arithmetic. n Modular addition. n Modular multiplication.
Key Management Network Systems Security Mort Anvari.
1 Authenticated Key Exchange Rocky K. C. Chang 20 March 2007.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Secure Key Exchange: Diffie-Hellman Exchange Dr. Rocky K. C. Chang 19 February, 2002.
Fall 2006CS 395: Computer Security1 Key Management.
1 Chapter 3-3 Key Distribution. 2 Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution.
Diffie-Hellman Key Exchange first public-key type scheme proposed by Diffie & Hellman in 1976 along with the exposition of public key concepts – note:
Key Management and Distribution Anand Seetharam CST 312.
Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.
@Yuan Xue CS 285 Network Security Key Distribution and Management Yuan Xue Fall 2012.
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
CS480 Cryptography and Information Security
Presentation transcript:

Key Distribution CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk CS470, A.Selcuk Key Distribution

Key Distribution/Establishment How to have two parties agree on an encryption key securely? Public key encryption: Solves the problem against passive attackers. E.g. DH Key Exchange: Trudy can’t get gab mod p. Bob Alice ga mod p gb mod p K = gab mod p CS470, A.Selcuk Key Distribution

Active Attacks Attacker can intercept, modify, insert, delete messages on the network. E.g., Man-in-the-Middle attack against DH: Trudy can translate messages between Alice & Bob without being noticed Similar attacks possible on RSA & other PKC protocols. Bob Alice ga mod p gb’ mod p K’ = gab’ mod p ga’ mod p gb mod p Trudy K’’ = ga’b mod p CS470, A.Selcuk Key Distribution

Trusted Third Parties Solution against active attackers: “Trusted Third Parties” (TTPs) Symmetric key solution: KDC Everyone registers with the KDC, shares a secret key. When A & B want to communicate, they contact the KDC & obtain a session key. Public key solution: CA Everyone registers with the CA, obtains a “certificate” for his/her public key. Certificate: A document signed by the CA, including the ID and the public key of the subject. People obtain each other’s certificates thru a repository, a webpage, or at the beginning of the protocol, and use the certified public keys in the protocols. CS470, A.Selcuk Key Distribution

KDC vs. CA KDC faster (being based on symmetric keys) has to be online CA doesn’t have to be online if crashes, doesn’t disable the network much simpler scales better certificates are not disclosure-sensitive a compromised CA can’t decrypt conversations KDCs are preferred for LANs, CAs for WANs (e.g., the Internet). CS470, A.Selcuk Key Distribution

Key Distribution with KDC A simple protocol: KA, KB: Long-term secret keys of Alice, Bob. KA{m}: Encryption of m with KA. Problems with this protocol: possible delayed delivery of KB{A,B,KAB}. No freshness guarantee for B (i.e., Trudy can replay KB{A,B,KAB} for a previously compromised KAB). (Both problems can be fixed easily.) B A A, B KA{A,B,KAB} KDC KB{A,B,KAB} KAB CS470, A.Selcuk Key Distribution

Key Distribution with CA A simple protocol: certificates are obtained in advance session key transport with public key encryption: {m}X: Encryption of message m with the public key of X [m]X: Signature on message m with the public key of X Problems with this protocol: B doesn’t authenticate A. No freshness guarantee for B. B A { [ A, B, r, KAB ]A }B KAB{r} CS470, A.Selcuk Key Distribution

“Station-to-Station” Protocol Authenticated DH protocol; basis for many real-life app’s. Certified PKs are used for signing the public DH parameters. A slightly simplified version: where x = ga mod p, y = gb mod p, k = gab mod p. STS vs. encrypted key transport: STS (DH) provides “perfect forward secrecy”. (In encrypted transport, if the long-term RSA key is compromised, the session keys are also compromised.) Bob Alice x cert(B), y, [x,y]B cert(A), [x,y]A CS470, A.Selcuk Key Distribution

Multiple Domains with KDC B A KDCA KDCB A to talk to B: contacts KDCA KDCA contacts KDCB, or tells A how to contact KDCB (e.g. generates a session key for A & KDCB) KDCB generates a session key for A & B, passes it to them. CS470, A.Selcuk Key Distribution

Multiple Domains with CA B A CAA CAB certify each other A, to authenticate the public key of B, verifies B’s cert. issued by CAB, verifies CAB’s cert. issued by CAA, B does vice versa to authenticate A’s key CS470, A.Selcuk Key Distribution

ID-Based Crypto Idea: Is a scheme possible where Alice’s public key is her ID? Would solve the problem of authenticating a public key received. Q: But if anyone can derive the public key from the ID, can’t they derive the private key as well? Support from a trusted “private key generator”. Private keys are generated from a unique secret S known by PKG. Users know a one-way function of S, sufficient for public key generation. Practical schemes exist for signature (Shamir) and encryption (Boneh-Franklin). CS470, A.Selcuk Key Distribution

ID-Based Crypto Advantages: Disadvantages: “Feature”: There is no need for Alice to retrieve Bob’s certificate to send him an encrypted message. Alice can send Bob an encrypted message even before he gets his decryption key. Disadvantages: Key revocation is (almost) impossible. It is not so significant in interactive protocols. “Feature”: Inherent key escrow. CS470, A.Selcuk Key Distribution

Crypto-Based ID Similar to ID-based crypto, ID and PK are inherently related. But instead of generating PK from ID, do the opposite: IDA = h(PKA). Useful in pseudonym systems where (part of) the ID can be given a random value. P2P systems IPv6 “cryptographically generated address” No “big brother” is necessary. CS470, A.Selcuk Key Distribution

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.