Presentation is loading. Please wait.

Presentation is loading. Please wait.

Key Management And Key Distribution The essential problems addressed by all cryptosystems is how to safely exchange keys and how to easily manage the.

Published byJonas Codrington Modified over 10 years ago

Similar presentations

Presentation on theme: "Key Management And Key Distribution The essential problems addressed by all cryptosystems is how to safely exchange keys and how to easily manage the."— Presentation transcript:

1

2 Key Management And Key Distribution The essential problems addressed by all cryptosystems is how to safely exchange keys and how to easily manage the keys while enabling reliable authentication, authorization and revocation. Simple symmetric distributed key systems – encrypted keys are distributed once physically by SA or by manufacturing. In Dynamic Distributed Key Infrastructures, distributed keys in turn exchange more device/person specific distributed keys, sizing a secure network in much the same way that DNS sizes the Internet. abrisson@wnlabs.com

3 Traditional objections to symmetric systems Its security depends on a new key being generated and used each time a new message is encrypted; this means that the total number of key bits is too large to be practical A large key-space comes at the price of longer keys, however, and these make the encryption and decryption processes slower. Thus the encryption system designer must trade off speed of operation against resistance to exhaustive search attacks. Anyone using a symmetric-key encryption system must deal with the key exchange problem: if 1 or more recipients are to be able to decrypt a message, they must get the key, and they must be the only ones to get it. … Key exchange is thus a high-overhead operation. As much key material needs to be transmitted as the data to be encrypted. Key storage is onerous. These objections are no longer valid. http://fermat.nap.edu/html/digital_dilemma/appE.html

4 What are the attributes of DDKI? Dynamic Distributed Key system – what is it? DDKI are systems utilizing distributed keys to safely create and distribute more distributed keys, dynamically and electronically, to scale large secure communities of interest in much the same way that DNS allows the Internet to size itself. Self provisioning enables clients to generate their own session keys, encrypt their own content and authenticate themselves – this eliminates the majority of server overhead in massive networks and adds little overhead to the client.

5 Expanding a secure community of interest like DNS does This is a simple secure closed distributed system Dynamic elements dynamic session keys and addresses dynamically authenticate session with DIVA How do we dynamically, electronically and securely expand to add the millions of existing appliances and to build new secure networks users? Networks Clients or appliances like routers and switching

6 Secure Network Server In existing DDKI 1. Server sends serial number read utilty to new appliance as a firmware patch. 2. New appliance sends MAC#, serial #, NAM, UID to server 3. Server generates unique keys and unique starting offset from serial #, updates itself with UID, offset, key info, encrypts private key with application key, and sends package with encrypted private key(s) and secure application to the new device. New client, router, switch etc. Coming in from the cold 1.Expand secure networks in 3 steps electronically 2.Secure legacy networks and hardware with software/firmware patches – MFG acceptance is helpful 3.Device receives secure distributed key pair 4.All legacy hardware with MAC# etc. and firmware are quickly and inexpensively added to DDKI 5.Persons can add password for access and two factor authentication

7 http://fermat.nap.edu/html/digital_dilemma/appE.html Unlike encryption, digital signature technology is not encumbered by export restrictions. 1.Utilizing new symmetrical identity management keys reinforces the usefulness AES algorithms and keys 2.Utilizing trans-encryption makes huge networks using AES fast 3.Utilizing super strength authentication keys comply with standards that many enterprises and governments are required to use.

8 SENDER AESWN DISTRIBUTED AES – WN KEY PAIR 1 TIME PHYSICALLY BY SYSTEM ADMINISTRATOR ELECTRONICALLY WITH KEY GENERATED TO SPECIFIC DEVICE WN KEY MULTI-FUNCTION RNG FOR SESSION KEY – NO FAILURES NIST AUTHENTICATION – ID MANAGEMENT ------ GENERATE SESSION KEY WITH WN RNG ENCRYPT DOC WITH AES ALGORITH AND SESSION KEY ENCRYPT SESSION KEY WITH DISTRIBUTED AES KEY AUTHENTICATE ENCRYPTED SESSION KEY WITH WN EMBED IN HEADER OF ENCRYPTED DOC TRANS-ENCRYPT AUTHENTICATED SESSION KEY FROM SENDER TO RECEIVER ALL KEY PAIRS STORED MINIMAL BECAUSE OF MULTIPLICITY KEY STORAGE IS CHEAP CHOOSE WHETHER TO STORE OR FORWARD DOCS TRANSFER ENCRYPTED DOC RECEIVER AESWN ABOVE PROCESS = NO KEY EXCHANGE SIMPLE SYMMETRIC DISTRIBUTED KEY SYSTEM

Download ppt "Key Management And Key Distribution The essential problems addressed by all cryptosystems is how to safely exchange keys and how to easily manage the."

Similar presentations

Securing the Worlds Information Secure Dynamic Credit and Debit Cards Stop Credit Card and Identity Theft Andre Brisson Stephen Boren Co founders/ Co.

Securing the Worlds Information Secure Dynamic Credit and Debit Cards Stop Credit Card and Identity Theft Andre Brisson Stephen Boren Co founders/ Co.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Cryptographic Technologies

Cryptographic Technologies
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System interfaces Updated: November 2014.

Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System interfaces Updated: November 2014.
Chapter 20: Network Security Business Data Communications, 4e.

Chapter 20: Network Security Business Data Communications, 4e.
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Computer Science Public Key Management Lecture 5.

Computer Science Public Key Management Lecture 5.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Masud Hasan 03-60-475 Secure Email Project 1. Secure Email It uses Digital Certificate combined with S/MIME capable email clients to digitally sign and.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.

Similar presentations

Ads by Google