Presentation is loading. Please wait.

Presentation is loading. Please wait.

Symmetric Key Infrastructure Karel Masarik, Daniel Cvrcek Faculty of Information Technology Brno University of Technology

Published byLucinda Watkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Symmetric Key Infrastructure Karel Masarik, Daniel Cvrcek Faculty of Information Technology Brno University of Technology"— Presentation transcript:

1 Symmetric Key Infrastructure Karel Masarik, Daniel Cvrcek Faculty of Information Technology Brno University of Technology xmasar01@stud.fit.vutbr.cz, cvrcek@fit.vutbr.cz

2 Security and Protection of Information 2003 2 Current State there is no TTP / CA generally trusted large amount of CAs standards for name structure - uniqueness complicated mutual certificate verification is it possible to transfer trust? see Farrell’s presentation from yesterday (XML) commercial pressure to use certificates as often as possible – everywhere certificate structure becomes complicated

3 Security and Protection of Information 2003 3 Certificate Verification signature verification certificate validity verification certificate attributes verification cross-check with list of revoked certificates all the steps several times verification of root-certificate hash

4 Security and Protection of Information 2003 4 PKI - Summary there is a TTP + simple key management - when broken, one can not even verify a signature signature verification + in-site (original idea) - access to actual CRL -> on-line access to TTP unique identification + each CA (certificate service provider) takes care of it - is the recipient able to perform the same (never seen an ID card) non-repudiation the biggest advantage of … not PKI but asymmetric crypto

5 Security and Protection of Information 2003 5 The Facts asymmetric cryptography simple key-agreement non-repudiation when a shared key exists, all the subsequent communication the same as with the symmetric key management X.509-based PKI fails very serious problem is to keep actual information about public keys the assumptions leading to X.509 definition

6 Security and Protection of Information 2003 6 Communication Schemes a) 1:n – server with clients how big problem is to have a shared symmetric key with the server and use for generation of short-term public key certificates b) m:n, m=n, network (equivalent nodes) server – the one running its own key management a) intranet – one server b) e-business –small number of servers c) e-mail - peers >1 server => mutual trust

7 Security and Protection of Information 2003 7 Eliminating PKI Problems Tiny PKI Local Key Infrastructure entry point – X.509 certificate (link to PKI) our own local shared keys symmetric or asymmetric validity of local keys is short / one-time key we do not need CRL revocation is automatic or on peer-to-peer basis

8 Security and Protection of Information 2003 8 Local Scheme CA X. 509 certificates client CA client PKI Lokální KI authentication key SDSI names attributes server client Example AK – certificate and shared secret hash AK is the index into databases of shared keys

9 Security and Protection of Information 2003 9 Properties minimal dependance on PKI (enrollment) complete certificate verification done only once certificate make link name – public key exploring PKI’s unique identification of users CRL is replaced with other mechanisms short-time keys, one-time tickets, direct revocation in n:a communication model client complexity grows categories signer – verifier disappear

10 Security and Protection of Information 2003 10 Symmetric Key Infrastructure 2000 - Christianson, Crispo, Malcolm Proc. of Security Protocols basis for a project solved as M.Sc. thesis forward secrecy K i =H(S i-1 |1) and S i =H(S i-1 |0) S i – shared secret K i – symmetric key valid for just one message S i and K i are updated with each message exchange

11 Security and Protection of Information 2003 11 Non-Repudiation we want to transfer messages secured with symmetric crypto exploiting mutually mistrusting parties for non-repudiation E AT (M), E AB (M) – E TB (M), E AB (M) A, T, B – mutually mistrusting S – e.g. firewalls ATB

12 Security and Protection of Information 2003 12 Trusted Third Party it is needed shared keys with all users or other TTPs key distribution or translation center – very powerful use of DH key agreement protocol DH does not ensure authentication we do trust TTP to ensure authentication TTP does not posses enough information to follows client communication sessions

13 Security and Protection of Information 2003 13 Authentication Protocol just an example of how to do it (Denning-Sacco variant of Needham-Schroeder protocol) Alice, Bob, and TTP a common generator g and modulus N A  B: g Xa mod N B  A: g Xb mod N A  T: ID A, ID B, H 2 (g XaXb ) T  A: {ID A, K AB, H 2 (g XaXb ), {ID A, K AB, H 2 (g XaXb )}K BT }K AT A  B: {ID A, K AB, H 2 (g XaXb )}K BT B  A: {H(g XaXb )}K AB

14 Security and Protection of Information 2003 14 Messages mirrors M Ksm1, M Ksr M Km1m2, M Ksr M Km2m3, M Ksr M Km3r, M Ksr

15 Security and Protection of Information 2003 15 Messages mirrors M Ksm1, M Ksr M Km1m2, M Ksr M Km2m3, M Ksr M Km3r <> M Ksr

16 Security and Protection of Information 2003 16 What We Can Do create new relations between “anonymous” entities decrease importance of TTP into authentication and control (arbiter) functions offer mechanisms for ensuring non-repudiation in the case of any dispute detect unauthorized changes of messages and detect their originator compromise of TTP does not break the whole scheme – users can still work

17 Security and Protection of Information 2003 17 What is the cost each principal needs a hardware security module (smart card at least) PKI expects the same from you each principal generates and keeps logs it is for all principals and all messages they send/receive/transmit there must be a TTP for principal enrolment and dispute solving PKI needs a TTP with much more power

18 Security and Protection of Information 2003 18 Conclusions PKI is not universal and problem-free key management should be designed with taking care of environment we do not need X.509v3, v4 in most applications less options requirements must be made mandatory

Download ppt "Symmetric Key Infrastructure Karel Masarik, Daniel Cvrcek Faculty of Information Technology Brno University of Technology"

Similar presentations

Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Cryptography and Network Security Chapter 14

Cryptography and Network Security Chapter 14
Certificates Last Updated: Aug 29, 2013. A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.

Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Authentication & Kerberos

Authentication & Kerberos
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

Similar presentations

Ads by Google