Presentation is loading. Please wait.

Presentation is loading. Please wait.

Key Management Network Systems Security

Published byViktor Håkonsen Modified over 5 years ago

Similar presentations

Presentation on theme: "Key Management Network Systems Security"— Presentation transcript:

1 Key Management Network Systems Security
Mort Anvari

2 Key Management Asymmetric encryption helps address key distribution problems Two aspects distribution of public keys use of public-key encryption to distribute secret keys 9/16/2004

3 Distribution of Public Keys
Four alternatives of public key distribution Public announcement Publicly available directory Public-key authority Public-key certificates 9/16/2004

4 Public Announcement Users distribute public keys to recipients or broadcast to community at large E.g. append PGP keys to messages or post to news groups or list Major weakness is forgery anyone can create a key claiming to be someone else and broadcast it can masquerade as claimed user before forgery is discovered 9/16/2004

5 Publicly Available Directory
Achieve greater security by registering keys with a public directory Directory must be trusted with properties: contains {name, public-key} entries participants register securely with directory participants can replace key at any time directory is periodically published directory can be accessed electronically Still vulnerable to tampering or forgery 9/16/2004

6 Public-Key Authority Improve security by tightening control over distribution of keys from directory Has properties of directory Require users to know public key for the directory Users can interact with directory to obtain any desired public key securely require real-time access to directory when keys are needed 9/16/2004

7 Public-Key Authority 9/16/2004

8 Public-Key Certificates
Certificates allow key exchange without real-time access to public-key authority A certificate binds identity to public key usually with other info such as period of validity, authorized rights, etc With all contents signed by a trusted Public-Key or Certificate Authority (CA) Can be verified by anyone who knows the CA’s public key 9/16/2004

9 Public-Key Certificates
9/16/2004

10 Distribute Secret Keys Using Asymmetric Encryption
Can use previous methods to obtain public key of other party Although public key can be used for confidentiality or authentication, asymmetric encryption algorithms are too slow So usually want to use symmetric encryption to protect message contents Can use asymmetric encryption to set up a session key 9/16/2004

11 Simple Secret Key Distribution
Proposed by Merkle in 1979 A generates a new temporary public key pair A sends B the public key and A’s identity B generates a session key Ks and sends encrypted Ks (using A’s public key) to A A decrypts message to recover Ks and both use 9/16/2004

12 Problem with Simple Secret Key Distribution
An adversary can intercept and impersonate both parties of protocol A generates a new temporary public key pair {KUa, KRa} and sends KUa || IDa to B Adversary E intercepts this message and sends KUe || IDa to B B generates a session key Ks and sends encrypted Ks (using E’s public key) E intercepts message, recovers Ks and sends encrypted Ks (using A’s public key) to A A decrypts message to recover Ks and both A and B unaware of existence of E 9/16/2004

13 Distribute Secret Keys Using Asymmetric Encryption
if A and B have securely exchanged public-keys ? 9/16/2004

14 Problem with Previous Scenario
Message (4) is not protected by N2 An adversary can intercept message (4) and replay an old message or insert a fabricated message 9/16/2004

15 Order of Encryption Matters
What can be wrong with the following protocol? AB: N BA: EKUa[EKRb[Ks||N]] An adversary sitting between A and B can get a copy of secret key Ks without being caught by A and B! 9/16/2004

16 Diffie-Hellman Key Exchange
First public-key type scheme proposed By Diffie and Hellman in 1976 along with advent of public key concepts A practical method for public exchange of secret key Used in a number of commercial products 9/16/2004

17 Diffie-Hellman Key Exchange
Use to set up a secret key that can be used for symmetric encryption cannot be used to exchange an arbitrary message Value of key depends on the participants (and their private and public key information) Based on exponentiation in a finite (Galois) field (modulo a prime or a polynomial) - easy Security relies on the difficulty of computing discrete logarithms (similar to factoring) – hard 9/16/2004

18 Primitive Roots From Euler’s theorem: aø(n) mod n=1
Consider am mod n=1, GCD(a,n)=1 must exist for m= ø(n) but may be smaller once powers reach m, cycle will repeat If smallest is m= ø(n) then a is called a primitive root if p is prime, then successive powers of a “generate” the group mod p Not every integer has primitive roots 9/16/2004

19 Primitive Root Example: Power of Integers Modulo 19
9/16/2004

20 Discrete Logarithms Inverse problem to exponentiation is to find the discrete logarithm of a number modulo p Namely find x where ax = b mod p Written as x=loga b mod p or x=inda,p(b) If a is a primitive root then discrete logarithm always exists, otherwise may not 3x = 4 mod 13 has no answer 2x = 3 mod 13 has an answer 4 While exponentiation is relatively easy, finding discrete logarithms is generally a hard problem 9/16/2004

21 Diffie-Hellman Setup All users agree on global parameters
large prime integer or polynomial q α which is a primitive root mod q Each user (e.g. A) generates its key choose a secret key (number): xA < q compute its public key: yA = αxA mod q Each user publishes its public key 9/16/2004

22 Diffie-Hellman Key Exchange
Shared session key for users A and B is KAB: KAB = αxA.xB mod q = yAxB mod q (which B can compute) = yBxA mod q (which A can compute) KAB is used as session key in symmetric encryption scheme between A and B Attacker needs xA or xB, which requires solving discrete log 9/16/2004

23 Diffie-Hellman Example
Given Alice and Bob who wish to swap keys Agree on prime q=353 and α=3 Select random secret keys: A chooses xA=97, B chooses xB=233 Compute public keys: yA=397 mod 353 = 40 (Alice) yB=3233 mod 353 = 248 (Bob) Compute shared session key as: KAB= yBxA mod 353 = = 160 (Alice) KAB= yAxB mod 353 = = 160 (Bob) 9/16/2004

24 Next Class Hashing functions Message digests 9/16/2004

Download ppt "Key Management Network Systems Security"

Similar presentations

Key Management Nick Feamster CS 6262 Spring 2009.

Key Management Nick Feamster CS 6262 Spring 2009.
Cryptography and Network Security Chapter 14

Cryptography and Network Security Chapter 14
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.

Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.
Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.

Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.
Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Chapter3 Public-Key Cryptography and Message Authentication.

Chapter3 Public-Key Cryptography and Message Authentication.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
Computer Science Public Key Management Lecture 5.

Computer Science Public Key Management Lecture 5.
Introduction to Public Key Cryptography

Introduction to Public Key Cryptography
Chapter 5 Digital Signatures MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.

Chapter 5 Digital Signatures MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Key Management and Diffie- Hellman Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther.

Key Management and Diffie- Hellman Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther.
Applied Cryptography (Public Key) RSA. Public Key Cryptography Every Egyptian received two names, which were known respectively as the true name and the.

Applied Cryptography (Public Key) RSA. Public Key Cryptography Every Egyptian received two names, which were known respectively as the true name and the.
Information Security Principles & Applications

Information Security Principles & Applications
10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.

10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.

Similar presentations

Ads by Google