Key Management in Cryptography

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Cryptography and Network Security Chapter 14
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Network Security Essentials Chapter 4
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Chapter 1 – Introduction
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Applied Cryptography for Network Security
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.
Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.
Key Management Lifecycle. Cryptographic key management encompasses the entire lifecycle of cryptographic keys and other keying material. Basic key management.
Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus
Cryptography and Network Security
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.
General Key Management Guidance. Key Management Policy  Governs the lifecycle for the keying material  Hope to minimize additional required documentation.
1 Welcome: To the second learning sequence “ Data Base (DB) and Data Base Management System (DBMS) “ Recap : In the previous learning sequence, we discussed.
Key Management Workshop November 1-2, Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.
Practices in Security Bruhadeshwar Bezawada. Key Management Set of techniques and procedures supporting the establishment and maintenance of keying relationships.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Cryptography, Authentication and Digital Signatures
1 Boundary Control Chapter Materi: Boundary controls:  Cryptographic controls  Access controls  Personal identification numbers  Digital signatures.
Cryptography Chapter 14. Learning Objectives Understand the basics of algorithms and how they are used in modern cryptography Identify the differences.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.
Chapter 21 Distributed System Security Copyright © 2008.
Cryptography and Network Security (CS435) Part One (Introduction)
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Cryptography and Network Security Chapter 14
Protocol Analysis. CSCE Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.
By Team Trojans -1 Arjun Ashok Priyank Mohan Balaji Thirunavukkarasu.
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
Key Management and Distribution Anand Seetharam CST 312.
By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
Fundamentals of Network Security Ravi Mukkamala SCI 101 October 6, 2003.
Cryptography and Network Security
Cryptography and Network Security
Presentation transcript:

Key Management in Cryptography What is key management? Why are we talking about key management? Key management techniques Key management life cycle

What is key management? Definition: Key management is the set of techniques and procedures supporting the establishment and maintenance of keying relationships between authorized parties. A keying relationship is the state wherein communicating entities share common data(keying material) to facilitate cryptography techniques. This data may include public or secret keys, initialization values, and additional non-secret parameters.

What is key management (cont.)? Key management encompasses techniques and procedures supporting: 1. initialization of systems users within a domain; 2. generation, distribution, and installation of keying material; 3. controlling the use of keying material; 4. update, revocation, and destruction of keying material; and 5. storage, backup/recovery, and archival of keying material.

Why are we talking about key management? Most attacks aimed at key management level rather than cryptographic algorithm itself? Key management objectives, threats, and policy

Why are we talking about key management?  Objectives The objective of key management is to maintain keying relationships and keying material in a manner that counters relevant threats In practice an additional objective is conformance to a relevant security policy

Why are we talking about key management?  Threats 1. compromise of confidentiality of secret keys 2. compromise of authenticity of secret or public keys. 3. unauthorized use of public or secret keys

Why are we talking about key management?  Security policy Security policy explicitly or implicitly defines the threats a system is intended to address Security policy may affect the stringency of cryptographic requirements, depending on the susceptibility of the environment in questions to various types of attack.

Why are we talking about key management? Security policies also typically specify: 1. practices and procedures to followed in carrying out technical and administrative aspects of key management, both automated and manual; 2. The responsibilities and accountability of each party involved; and 3. The types of tecords to be kept, to support subsequent reports or reviews of security-related events.

Key management techniques Public-key vs. symmetric-key techniques Primary advantages offered by public-key (vs. symmetric-key) techniques for applications related to key management include: 1. simplified key management 2. on-line trusted server not required 3. enhanced functionality

Key management techniques Symmetric-key encryption plaintext ciphertext plaintext encryption decryption secret key secret key symmetric key generator

Key management techniques b) public-key encryption plaintext plaintext ciphertext encryption decryption public key private key asymmetric key pair generation secure channel (private and authentication) secure channel (authentication only) unsecured channel (no protection)

Key management techniques Techniques for distributing confidential keys - Key layering and symmetric-key certificates Key layering: 1. master keys – keys at the highest level in the hierarchy 2. key-encrypting keys – symmetric keys or encryption public keys used for key transport or storage of other keys 3. data keys – used to provide cryptographic operations on user data

Key management techniques symmetric-key certificates: Symmetric-key certificates provide a means for a KTC(Key Translation Center) to avoid the requirement of either maintaining a secure database of user secrets (or duplicating such a database for multiple servers), or retrieving such keys from a database upon translation requests.

Key management techniques Techniques for distributing public keys - Authentication trees Authentication trees provide a method for making public data available with verifiable authenticity, by using a tree structure in conjunction with a suitable hash function, and authenticating the root value. - Public-key certificates Public-key certificates are a vehicle by which public keys may be stored, distributed or forwarded over unsecured media without danger of undetectable manipulation

Key management techniques - Two public-key systems a) Identity-based system b) asymmetric system with implicitly-certified public keys

Key management techniques Techniques for controlling key usage - Key separation and constraints on key usage Information that may be associated with cryptographic keys includes both attributes which restrict their use, and other information of operational use.These include: 1. owner of key 2. validity period 3. key identifier 4. intended use 5. specific algorithm 6. system or environment of intended use, or authorized users of key 7. names of entries associated with key generation, registration, and certification 8. integrity checksum on key

Key management techniques - Key separation and threat of key misuse The principle of key separation is that keys for different purposes should be cryptographically separated. The threat of key misuse may be addressed by techniques which ensure that keys are used only for those purposes pre-authorized at the time of key creation. Techniques for controlling use of symmetric keys The main technique is the use of control vectors: Control vectors provide a method for controlling the use of keys, by combing the idea of key tags with the mechanism of simple key notarization.

Key management techniques Key management involving multiple domains - Definition A security domain is defined as a (sub)system under the control of a single authority which the entities therein trust. Trusted between two domains Two parties A and B, belonging to distinct security domains DA and DB with respectively authorities TA and TB, may wish to communicate securely. This can be reduced to the requirement that A and B either: a) Share a symmetric key b) share trusted public keys

Key management life cycle Key management is simplest when all cryptographic keys are fixed for all time. Cryptoperiods necessitate the update of keys. Key update necessitates additional procedures and protocols, often including communications with third parties in public-key systems. The sequence of states which keying material progresses through overt its lifetime is called the key management life cycle. Life cycle stages may include:

Key management life cycle 1. user registration 2. user initialization 3. key generation 4. key installation 5. key registration 6. normal use 7. key backup 8. key update 9. archival 10. key de-registration and destruction 11. key recovery 12. key revocation