Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture."— Presentation transcript:

1 Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture 12: Key Management in Wired Networks Dr. Kemal Akkaya E-mail: kemal@cs.siu.edu

2 Kemal AkkayaWireless & Network Security 2 Key Management  Key management is the set of techniques and procedures supporting the establishment and maintenance of keying relationships between authorized parties.  Key management encompasses techniques and procedures supporting:  initialization of systems users within a domain;  generation, distribution, and installation of keying material;  controlling the use of keying material;  update, revocation, and destruction of keying material;  storage, backup/recovery, and archival of keying material.

3 Kemal AkkayaWireless & Network Security 3 Key Distribution/Establishment  How to have two parties agree on an encryption key securely? 1.A can select key and physically deliver to B 2.third party can select & deliver key to A & B 3.if A & B have communicated previously can use previous key to encrypt a new key 4.if A & B have secure communications with a third party C, C can relay key between A & B  Public key encryption: Solves the problem against passive attackers. e.g. DH Key Exchange: Trudy can’t get g ab mod p. BobAlice g a mod p g b mod p K = g ab mod p

4 Kemal AkkayaWireless & Network Security 4 Active Attacks  Attacker can intercept, modify, insert, delete messages on the network.  E.g., Man-in-the-Middle attack against DH: Trudy can translate messages between Alice & Bob without being noticed  Similar attacks possible on RSA & other PKC protocols. BobAlice g a mod p g b’ mod p K’ = g ab’ mod p g a mod p g b’ mod p Trudy K’’ = g a’b mod p

5 Kemal AkkayaWireless & Network Security 5 Trusted Third Parties  Solution against active attackers: “Trusted Third Parties” (TTPs)  Symmetric key solution: KDC  Everyone registers with the KDC, shares a secret key.  When A & B want to communicate, they contact the KDC & obtain a session key.  Public key solution: CA  Everyone registers with the CA, obtains a “certificate” for his/her public key.  Certificate: A document signed by the CA, including the ID and the public key of the subject.  People obtain each other’s certificates thru a repository, a webpage, or at the beginning of the protocol,  and use the certified public keys in the protocols.

6 Kemal AkkayaWireless & Network Security 6 KDC vs. CA  KDC  faster (being based on symmetric keys)  has to be online  Preferred for LANs  CA  doesn’t have to be online  if crashes, doesn’t disable the network  much simpler  scales better  certificates are not disclosure-sensitive  a compromised CA can’t decrypt conversations  Preferred for WANs (e.g., the Internet).

7 Kemal AkkayaWireless & Network Security 7 Key Distribution with KDC  A simple protocol:  K A, K B : Long-term secret keys of Alice, Bob. K A {m}: Encryption of m with K A.  Problems with this protocol:  possible delayed delivery of K B {A,B,K AB }.  No freshness guarantee for B (i.e., Trudy can replay K B {A,B,K AB } for a previously compromised K AB ). BA A, B K A {A,B,K AB } KDC K B {A,B,K AB } K AB

8 Kemal AkkayaWireless & Network Security 8 Key Distribution with CA  A simple protocol:  certificates are obtained in advance  session key transport with public key encryption:  {m} X : Encryption of message m with the public key of X  [m] X : Signature on message m with the public key of X  Problems with this protocol:  B doesn’t authenticate A  No freshness guarantee for B BA { [ A, B, r, K AB ] A } B K AB {r}

9 Kemal AkkayaWireless & Network Security 9 “Station-to-Station” Protocol  Authenticated DH protocol; basis for many real-life app’s.  Certified PKs are used for signing the public DH parameters. A slightly simplified version: where x = g a mod p, y = g b mod p, k = g ab mod p.  STS vs. encrypted key transport: STS (DH) provides “perfect forward secrecy”. (In encrypted transport, if the long-term RSA key is compromised, the session keys are also compromised.) BobAlice x cert(B), y, [x,y] B cert(A), [x,y] A

10 Kemal AkkayaWireless & Network Security 10 Multiple Domains with KDC A to talk to B:  contacts KDC A  KDC A contacts KDC B, or tells A how to contact KDC B (e.g. generates a session key for A & KDC B )  KDC B generates a session key for A & B, passes it to them. B A KDC A KDC B

11 Kemal AkkayaWireless & Network Security 11 Multiple Domains with CA  A, to authenticate the public key of B,  verifies B’s cert. issued by CA B,  verifies CA B ’s cert. issued by CA A,  B does vice versa to authenticate A’s key B A CA A CA B certify each other

Download ppt "Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture."

Similar presentations

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CS470, A.SelcukNeedham-Schroeder1 Needham-Schroeder Protocol Authentication & Key Establishment CS 470 Introduction to Applied Cryptography Instructor:

CS470, A.SelcukNeedham-Schroeder1 Needham-Schroeder Protocol Authentication & Key Establishment CS 470 Introduction to Applied Cryptography Instructor:
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:

CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.

1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Chapter 9: Key Management

Chapter 9: Key Management
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Similar presentations

Ads by Google