Download presentation
Presentation is loading. Please wait.
Published byJunior Williams Modified over 9 years ago
1
Key Management and Distribution
2
YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption to work, the two parties of an exchange must share the same key and that key must be protected. Frequent key changes may be desirable to limit the amount of data compromised. The strength of a cryptographic system rests with the technique for solving the key distribution problem -- delivering a key to the two parties of an exchange. The scale of the problem depends on the number of communication pairs.
3
YSL3 Approaches to Symmetric Key Distribution Let A (Alice) and B (Bob) be the two parties. A key can be selected by A and physically delivered to B. A third party can select the key and physically deliver it to A and B. If A and B have previously and recently used a key, one party can transmit the new key to the other, encrypted using the old key. If A and B each has an encrypted connection to a third party C, C can deliver a key on the encrypted links to A and B. Information Security – Mutual Trust
4
Symmetric Key Distribution Task Information Security – Mutual Trust4YSL
5
Symmetric Key Hierarchy Typically a hierarchy structure of keys is adopted. Session keys – temporary key – used for encryption of data between users – for one logical session then discarded Master keys – used to encrypt session keys – shared by each user & the key distribution center Information Security – Mutual Trust5YSL
6
Symmetric Key Hierarchy Information Security – Mutual Trust6YSL
7
Symmetric Key Distribution Scenario Information Security – Mutual Trust7YSL
8
Symmetric Key Distribution Issues Hierarchies of KDC’s required for large networks, but must trust each other Session key lifetimes should be limited for greater security Use of automatic key distribution on behalf of users, but must trust system Use of decentralized key distribution Controlling key usage Information Security – Mutual Trust8YSL
9
Symmetric Key Distribution Using Public Keys Public key cryptosystems are inefficient. –almost never used for direct data encryption –rather used to encrypt secret keys for distribution Information Security – Mutual Trust9YSL
10
Simple Secret Key Distribution Merkle proposed this very simple scheme –allows secure communications –no keys before/after exist Information Security – Mutual Trust10YSL
11
11 Simple Secret Key Distribution (cont’d) Simple secret key distribution (cont’d) –advantages simplicity no keys stored before and after the communication security against eavesdropping –disadvantages lack of authentication mechanism between participants vulnerability to an active attack as described in the next slide leak of the secret key upon such active attacks Information Security – Mutual Trust
12
Man-in-the-Middle Attacks This very simple scheme is vulnerable to an active man-in-the-middle attack. Information Security – Mutual Trust12YSL
13
Secret Key Distribution with Confidentiality & Authentication Information Security – Mutual Trust13YSL
14
14 Secret Key Distribution with Confidentiality & Authentication (cont’d) Provision of protection against both active and passive attacks Assurance of both confidentiality and authentication in the exchange of a secret key Availability of public keys a priori Complexity Information Security – Mutual Trust
15
YSL15 Public Key Distribution The distribution of public keys –public announcement –publicly available directory –public-key authority –public-key certificates The use of public-key encryption to distribute secret keys –simple secret key distribution –secret key distribution with confidentiality and authentication Information Security – Mutual Trust
16
YSL16 Public Key Distribution (cont’d) Information Security – Mutual Trust Public announcement
17
YSL17 Public Key Distribution (cont’d) Public announcement (cont’d) –advantages: convenience –disadvantages: forgery of such a public announcement by anyone Information Security – Mutual Trust
18
YSL18 Public Key Distribution (cont’d) Information Security – Mutual Trust Publicly available directory
19
YSL19 Public Key Distribution (cont’d) Publicly available directory (cont’d) –elements of the scheme {name, public key} entry for each participant in the directory in-person or secure registration on-demand entry update periodic publication of the directory availability of secure electronic access from the directory to participants –advantages: greater degree of security Information Security – Mutual Trust
20
YSL20 Public Key Distribution (cont’d) Publicly available directory (cont’d) –disadvantages need of a trusted entity or organization need of additional security mechanism from the directory authority to participants vulnerability of the private key of the directory authority (global-scaled disaster if the private key of the directory authority is compromised) vulnerability of the directory records Information Security – Mutual Trust
21
YSL21 Public Key Distribution (cont’d) Information Security – Mutual Trust Public-key authority
22
YSL22 Public Key Distribution (cont’d) Public-key authority (cont’d) –stronger security for public-key distribution can be achieved by providing tighter control over the distribution of public keys from the directory –each participant can verify the identity of the authority –participants can verify identities of each other –disadvantages bottleneck effect of the public-key authority vulnerability of the directory records Information Security – Mutual Trust
23
YSL23 Public Key Distribution (cont’d) Information Security – Mutual Trust Public-key certificates
24
YSL24 Public Key Distribution (cont’d) Public-key certificates (cont’d) –to use certificates that can be used by participants to exchange keys without contacting a public-key authority –requirements on the scheme any participant can read a certificate to determine the name and public key of the certificate’s owner any participant can verify that the certificate originated from the certificate authority and is not counterfeit only the certificate authority can create & update certificates any participant can verify the currency of the certificate Information Security – Mutual Trust
25
YSL25 Public Key Distribution (cont’d) Public-key certificates (cont’d) –advantages to use certificates that can be used by participants to exchange keys without contacting a public-key authority in a way that is as reliable as if the key were obtained directly from a public-key authority no on-line bottleneck effect –disadvantages: need of a certificate authority Information Security – Mutual Trust
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.