Practices in Security Bruhadeshwar Bezawada. Key Management Set of techniques and procedures supporting the establishment and maintenance of keying relationships.

Slides:



Advertisements
Similar presentations
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Advertisements

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Core Web Service Security Patterns
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Applied Cryptography for Network Security
Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.
Chapter 8 Web Security.
Information Security. Information Security Requirements Confidentiality: Protection from disclosure to unauthorised persons Access control: Unauthorised.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Key Management in Cryptography
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.
Key Management Lifecycle. Cryptographic key management encompasses the entire lifecycle of cryptographic keys and other keying material. Basic key management.
Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
General Key Management Guidance. Key Management Policy  Governs the lifecycle for the keying material  Hope to minimize additional required documentation.
Key Management Workshop November 1-2, Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.
COEN 351 E-Commerce Security Essentials of Cryptography.
Cryptography  Why Cryptography  Symmetric Encryption  Key exchange  Public-Key Cryptography  Key exchange  Certification.
Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.
James Higdon, Sameer Sherwani
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
EE515/IS523 Think Like an Adversary Lecture 4 Crypto in a Nutshell Yongdae Kim.
Chapter 21 Distributed System Security Copyright © 2008.
Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
New Cryptographic Techniques for Active Networks Sandra Murphy Trusted Information Systems March 16, 1999.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
Practices in Security Bruhadeshwar Bezawada. Algorithms, Key Sizes and Strengths.
SSL (TLS) Part 2 Generating the Premaster and Master Secrets + Encryption.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
COEN 351 E-Commerce Security
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
Key Management and Distribution Anand Seetharam CST 312.
Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.
 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
The Federal Information Processing Standards (FIPS) Encryption Suite Sean Smith COSC
Mar 18, 2003Mårten Trolin1 Agenda Parts that need to be secured Card authentication Key management.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Fundamentals of Network Security Ravi Mukkamala SCI 101 October 6, 2003.
Web Applications Security Cryptography 1
Symmetric Cryptography
Cryptography and Network Security
Secure Sockets Layer (SSL)
Cryptography Basics and Symmetric Cryptography
SPINS: Security Protocols for Sensor Networks
SSL (Secure Socket Layer)
The Secure Sockets Layer (SSL) Protocol
SPINS: Security Protocols for Sensor Networks
Presentation transcript:

Practices in Security Bruhadeshwar Bezawada

Key Management Set of techniques and procedures supporting the establishment and maintenance of keying relationships between authorized parties Set of techniques and procedures supporting the establishment and maintenance of keying relationships between authorized parties Initialization of system users within a domain Initialization of system users within a domain Generation, distribution, and installation of keying material Generation, distribution, and installation of keying material Controlling the use of keying material Controlling the use of keying material Update, revocation and destruction of keying material Update, revocation and destruction of keying material Storage, backup/recovery, and archival of keying material Storage, backup/recovery, and archival of keying material

Types Key Management Automated Key Management Automated Key Management More than N^2 Keys More than N^2 Keys Stream cipher Stream cipher Initialization vectors are used Initialization vectors are used Large amount of data needs to be encrypted in short amount of time Large amount of data needs to be encrypted in short amount of time Long term session keys are used in multicast sessions Long term session keys are used in multicast sessions Frequent change in session key is expected Frequent change in session key is expected Manual key management Manual key management Environment has limited bandwidth or high RTT Environment has limited bandwidth or high RTT Information has low value Information has low value Total volume of traffic is very low Total volume of traffic is very low Scale of each deployment is very limited Scale of each deployment is very limited

Cryptographic Primitives Hash Functions Hash Functions Symmetric key algorithms Symmetric key algorithms Asymmetric key algorithms Asymmetric key algorithms

Cryptographic primitives Hash functions do not require keys, provide Hash functions do not require keys, provide data authentication and integrity services data authentication and integrity services compression of messages for digital signature and verification compression of messages for digital signature and verification derivation of keys in key establishment algorithms derivation of keys in key establishment algorithms generate deterministic random numbers generate deterministic random numbers

Cryptographic primitives Symmetric key algorithms require the same key across all operations, provide Symmetric key algorithms require the same key across all operations, provide data confidentiality data confidentiality authentication and integrity in the form of MACs authentication and integrity in the form of MACs key establishment key establishment generation of deterministic random numbers generation of deterministic random numbers

Cryptographic primitives Asymmetric key, public key algorithms, enable Asymmetric key, public key algorithms, enable digital signatures digital signatures establish cryptographic keying material establish cryptographic keying material generate random numbers generate random numbers Exercise : Enumerate all hash functions, all symmetric key ciphers and all public-key crypto systems available currently. Differentiate between commercially available and non- commercial algorithms Exercise : Enumerate all hash functions, all symmetric key ciphers and all public-key crypto systems available currently. Differentiate between commercially available and non- commercial algorithms

Types of keys Private signature key (public-private keys) Private signature key (public-private keys) Public signature verification keys Public signature verification keys Symmetric authentication key Symmetric authentication key Private authentication key Private authentication key Public authentication keys Public authentication keys Symmetric data encryption key Symmetric data encryption key

Types Symmetric and asymmetric random number generation keys Symmetric and asymmetric random number generation keys Symmetric master key Symmetric master key Private key transport key Private key transport key Public key transport key Public key transport key Symmetric key agreement key (also, key wrapping key) Symmetric key agreement key (also, key wrapping key)

Types Private ephemeral key agreement key Private ephemeral key agreement key Public ephemeral key agreement key Public ephemeral key agreement key Symmetric authorization keys Symmetric authorization keys Private authorization key Private authorization key Public authorization key Public authorization key

General Terms in Key Management Key registration Key registration Key revocation Key revocation Key transport Key transport Key update Key update Key derivation Key derivation Key confirmation Key confirmation Key establishment Key establishment Key agreement Key agreement

Terms Registration authority Registration authority Security domain Security domain Self-signed certificate Self-signed certificate

Valuable Information in Addition to Cryptographic Keys Domain parameters Domain parameters Initialization vectors, shared secrets, RNG seeds, nonces, random numbers Initialization vectors, shared secrets, RNG seeds, nonces, random numbers Intermediate results Intermediate results Key control information Key control information Passwords Passwords Audit information Audit information

Cryptoperiods Time span during which a specific key is authorized for use by legitimate entities, or the keys for a given system will remain in effect. A good cryptoperiod Time span during which a specific key is authorized for use by legitimate entities, or the keys for a given system will remain in effect. A good cryptoperiod Limits amount of information protected by a given key from disclosure Limits amount of information protected by a given key from disclosure Limits amount of exposure if a single key is compromised Limits amount of exposure if a single key is compromised Limits use of particular algorithm to its estimated effective lifetime Limits use of particular algorithm to its estimated effective lifetime limits time available to penetrate physical, procedural, and logical access mechanisms that protect a key limits time available to penetrate physical, procedural, and logical access mechanisms that protect a key

Risk Factors to Consider for Cryptoperiods Strength of cryptographic implementations Strength of cryptographic implementations Operating environment, secure limited access, open office or public terminal Operating environment, secure limited access, open office or public terminal Volume of information or transactions Volume of information or transactions Security objective Security objective Re-keying method Re-keying method Number of nodes sharing the key/copies of the key Number of nodes sharing the key/copies of the key Threat to information Threat to information

Other Factors Affecting Cryptoperiods Communication vs Storage Communication vs Storage E.g., keys used for online transactions are likely to have smaller cryptoperiods E.g., keys used for online transactions are likely to have smaller cryptoperiods Keys used for storage will have higher, as cost of re- encryption is high Keys used for storage will have higher, as cost of re- encryption is high Cost of Key Revocation and Replacement Cost of Key Revocation and Replacement Changing keys can be an expensive process Changing keys can be an expensive process Encryption of large databases Encryption of large databases Revocation of large number of keys Revocation of large number of keys Expensive security measures are justified for such cases as the cryptoperiod can be made high Expensive security measures are justified for such cases as the cryptoperiod can be made high

Factors Affecting Public Keys Private keys may have longer cryptoperiods than public-keys when used for confidentiality Private keys may have longer cryptoperiods than public-keys when used for confidentiality When used for challenge (dynamic) authentication both public and private keys can have the same cryptoperiod When used for challenge (dynamic) authentication both public and private keys can have the same cryptoperiod When used for digital signatures public keys can have longer cryptoperiods than private keys as they will be necessary to verify certificates When used for digital signatures public keys can have longer cryptoperiods than private keys as they will be necessary to verify certificates

Cryptoperiods for Different Keys Private signature key (public-private keys) Private signature key (public-private keys) 1-3years 1-3years Public signature verification keys Public signature verification keys Symmetric authentication key Symmetric authentication key 2-3 years 2-3 years Private authentication key Private authentication key 1-2years 1-2years Public authentication keys Public authentication keys 1-2years 1-2years Symmetric data encryption key Symmetric data encryption key 3years 3years

Cryptoperiods for Different Keys Symmetric and asymmetric random number generation keys Symmetric and asymmetric random number generation keys Depends on the RNG technique Depends on the RNG technique Symmetric master key Symmetric master key 1 year 1 year Private and Public key transport keys Private and Public key transport keys Private 2years, public 1-2 years Private 2years, public 1-2 years Symmetric key agreement key (also, key wrapping key) Symmetric key agreement key (also, key wrapping key) 1-2years 1-2years

Cryptoperiods for Different Keys Private and public ephemeral key agreement key Private and public ephemeral key agreement key Time required to complete the key agreement protocol Time required to complete the key agreement protocol Symmetric authorization keys Symmetric authorization keys 2years 2years Private and Public authorization keys Private and Public authorization keys 2years 2years

Other Parameters Domain parameters stay for the cryptoperiod Domain parameters stay for the cryptoperiod IV is associated with the information and stays as long as the information is held IV is associated with the information and stays as long as the information is held Shared secrets are destroyed as soon as the necessary key derivations are complete Shared secrets are destroyed as soon as the necessary key derivations are complete RNG seeds are destroyed immediately RNG seeds are destroyed immediately Intermediate results are destroyed immediately Intermediate results are destroyed immediately

Algorithms, Key Sizes and Strengths

Factors to be Considered For Design of New System Sensitivity of information and system lifetime Sensitivity of information and system lifetime Algorithm selection Algorithm selection System design wrt performance and security System design wrt performance and security Pre-implementation evaluation Pre-implementation evaluation Testing Testing Training Training System implementation and transition System implementation and transition Post-implementation evaluation Post-implementation evaluation

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.