Key Management Network Systems Security Mort Anvari.

Slides:



Advertisements
Similar presentations
Key Management Nick Feamster CS 6262 Spring 2009.
Advertisements

Cryptography and Network Security Chapter 14
Lecture 12 Overview.
Public Key Algorithms …….. RAIT M. Chatterjee.
Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.
Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.
Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.
Chapter3 Public-Key Cryptography and Message Authentication.
Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
Diffie-Hellman Key Exchange
C HAPTER 13 Asymmetric Key Cryptography Slides adapted from "Foundations of Security: What Every Programmer Needs To Know" by Neil Daswani, Christoph Kern,
Computer Science Public Key Management Lecture 5.
Introduction to Public Key Cryptography
Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall
Chapter 5 Digital Signatures MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Key Management and Diffie- Hellman Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther.
Applied Cryptography (Public Key) RSA. Public Key Cryptography Every Egyptian received two names, which were known respectively as the true name and the.
Lecture 3: Cryptography Support Services: Key Management
Information Security Principles & Applications
Cyrtographic Security Identity-based Encryption 1Dennis Kafura – CS5204 – Operating Systems.
10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.
Private-Key Cryptography  traditional private/secret/single key cryptography uses one key  shared by both sender and receiver  if this key is disclosed.
Cryptography and Network Security (CS435) Part Eight (Key Management)
Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
1 Public-Key Cryptography and Message Authentication.
Computer and Network Security Rabie A. Ramadan Lecture 6.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Cryptography and Network Security Chapter 10
Cryptography and Network Security Key Management and Other Public Key Cryptosystems.
PUBLIC KEY CRYPTOGRAPHY ALGORITHM Concept and Example 1IT352 | Network Security |Najwa AlGhamdi.
Scott CH Huang COM 5336 Lecture 7 Other Public-Key Cryptosystems Scott CH Huang COM 5336 Cryptography Lecture 7.
ECE509 Cyber Security : Concept, Theory, and Practice Key Management Spring 2014.
Chapter 3 – Public Key Cryptography and RSA (A). Private-Key Cryptography traditional private/secret/single-key cryptography uses one key shared by both.
Chapter 9 Public Key Cryptography and RSA. Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender.
1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,
Public Key Algorithms Lesson Introduction ●Modular arithmetic ●RSA ●Diffie-Hellman.
Cryptography and Network Security Chapter 14
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Fall 2006CS 395: Computer Security1 Key Management.
1 Chapter 3-3 Key Distribution. 2 Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution.
CIM3681: PKI 02 - Key Management1 Key Management Ch 10 of Cryptography and Network Security Third Edition by William Stallings Modified from lecture slides.
Diffie-Hellman Key Exchange first public-key type scheme proposed by Diffie & Hellman in 1976 along with the exposition of public key concepts – note:
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Key Management public-key encryption helps address key distribution problems have two aspects of this: – distribution of public keys – use of public-key.
Cryptography and Network Security Chapter 13
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Information Security Lab. Dept. of Computer Engineering 251/ 278 PART II Asymmetric Ciphers Key Management; Other CHAPTER 10 Key Management; Other Public.
CSCE 715: Network Systems Security
Chapter 10 – Key Management; Other Public Key Cryptosystems
Chapter 10: Key Management (Again) and other Public Key Systems
Key Management Network Systems Security
CSCE 715: Network Systems Security
CSCE 715: Network Systems Security
CSCE 715: Network Systems Security
Presentation transcript:

Key Management Network Systems Security Mort Anvari

9/16/20042 Key Management Asymmetric encryption helps address key distribution problems Two aspects distribution of public keys use of public-key encryption to distribute secret keys

9/16/20043 Distribution of Public Keys Four alternatives of public key distribution Public announcement Publicly available directory Public-key authority Public-key certificates

9/16/20044 Public Announcement Users distribute public keys to recipients or broadcast to community at large E.g. append PGP keys to messages or post to news groups or list Major weakness is forgery anyone can create a key claiming to be someone else and broadcast it can masquerade as claimed user before forgery is discovered

9/16/20045 Publicly Available Directory Achieve greater security by registering keys with a public directory Directory must be trusted with properties: contains {name, public-key} entries participants register securely with directory participants can replace key at any time directory is periodically published directory can be accessed electronically Still vulnerable to tampering or forgery

9/16/20046 Public-Key Authority Improve security by tightening control over distribution of keys from directory Has properties of directory Require users to know public key for the directory Users can interact with directory to obtain any desired public key securely require real-time access to directory when keys are needed

9/16/20047 Public-Key Authority

9/16/20048 Public-Key Certificates Certificates allow key exchange without real- time access to public-key authority A certificate binds identity to public key usually with other info such as period of validity, authorized rights, etc With all contents signed by a trusted Public- Key or Certificate Authority (CA) Can be verified by anyone who knows the CA’s public key

9/16/20049 Public-Key Certificates

9/16/ Distribute Secret Keys Using Asymmetric Encryption Can use previous methods to obtain public key of other party Although public key can be used for confidentiality or authentication, asymmetric encryption algorithms are too slow So usually want to use symmetric encryption to protect message contents Can use asymmetric encryption to set up a session key

9/16/ Simple Secret Key Distribution Proposed by Merkle in 1979 A generates a new temporary public key pair A sends B the public key and A’s identity B generates a session key K s and sends encrypted K s (using A’s public key) to A A decrypts message to recover K s and both use

9/16/ Problem with Simple Secret Key Distribution An adversary can intercept and impersonate both parties of protocol A generates a new temporary public key pair {KU a, KR a } and sends KU a || ID a to B Adversary E intercepts this message and sends KU e || ID a to B B generates a session key K s and sends encrypted K s (using E’s public key) E intercepts message, recovers K s and sends encrypted K s (using A’s public key) to A A decrypts message to recover K s and both A and B unaware of existence of E

9/16/ Distribute Secret Keys Using Asymmetric Encryption if A and B have securely exchanged public-keys ?

9/16/ Problem with Previous Scenario Message (4) is not protected by N 2 An adversary can intercept message (4) and replay an old message or insert a fabricated message

9/16/ Order of Encryption Matters What can be wrong with the following protocol? A  B:N B  A:E KUa [E KRb [K s ||N]] An adversary sitting between A and B can get a copy of secret key K s without being caught by A and B!

9/16/ Diffie-Hellman Key Exchange First public-key type scheme proposed By Diffie and Hellman in 1976 along with advent of public key concepts A practical method for public exchange of secret key Used in a number of commercial products

9/16/ Diffie-Hellman Key Exchange Use to set up a secret key that can be used for symmetric encryption cannot be used to exchange an arbitrary message Value of key depends on the participants (and their private and public key information) Based on exponentiation in a finite (Galois) field (modulo a prime or a polynomial) - easy Security relies on the difficulty of computing discrete logarithms (similar to factoring) – hard

9/16/ Primitive Roots From Euler’s theorem: a ø(n) mod n=1 Consider a m mod n=1, GCD(a,n)=1 must exist for m= ø(n) but may be smaller once powers reach m, cycle will repeat If smallest is m= ø(n) then a is called a primitive root if p is prime, then successive powers of a “generate” the group mod p Not every integer has primitive roots

9/16/ Primitive Root Example: Power of Integers Modulo 19

9/16/ Discrete Logarithms Inverse problem to exponentiation is to find the discrete logarithm of a number modulo p Namely find x where a x = b mod p Written as x=log a b mod p or x=ind a,p (b) If a is a primitive root then discrete logarithm always exists, otherwise may not 3 x = 4 mod 13 has no answer 2 x = 3 mod 13 has an answer 4 While exponentiation is relatively easy, finding discrete logarithms is generally a hard problem

9/16/ Diffie-Hellman Setup All users agree on global parameters large prime integer or polynomial q α which is a primitive root mod q Each user (e.g. A) generates its key choose a secret key (number): x A < q compute its public key: y A = α x A mod q Each user publishes its public key

9/16/ Diffie-Hellman Key Exchange Shared session key for users A and B is K AB : K AB = α x A. x B mod q = y A x B mod q (which B can compute) = y B x A mod q (which A can compute) K AB is used as session key in symmetric encryption scheme between A and B Attacker needs x A or x B, which requires solving discrete log

9/16/ Diffie-Hellman Example Given Alice and Bob who wish to swap keys Agree on prime q=353 and α=3 Select random secret keys: A chooses x A =97, B chooses x B =233 Compute public keys: y A =3 97 mod 353 = 40 (Alice) y B =3 233 mod 353 = 248 (Bob) Compute shared session key as: K AB = y B x A mod 353 = = 160 (Alice) K AB = y A x B mod 353 = = 160 (Bob)

9/16/ Next Class Hashing functions Message digests