Presentation is loading. Please wait.

Presentation is loading. Please wait.

Key Management Celia Li Computer Science and Engineering York University.

Published byPaul Howard Modified over 9 years ago

Similar presentations

Presentation on theme: "Key Management Celia Li Computer Science and Engineering York University."— Presentation transcript:

1 Key Management Celia Li Computer Science and Engineering York University

2 2 Outline Fundamental concept Key management based on symmetric key cryptography  Key transport protocol  Key agreement protocol Key management based on public key cryptography  Key transport protocol  Key agreement protocol

3 3 Outline Fundamental concept Key management based on symmetric key cryptography  Key transport protocol  Key agreement protocol Key management based on public key cryptography  Key transport protocol  Key agreement protocol

4 4 Fundamental Concept Key Management  Provides shared key between two or more parties, typically for subsequent use as symmetric key for a variety of cryptographic purposes including encryption and authentication.  Many protocols involve a centralized or trusted third party  Broadly subdivided into two categories: key transport key agreement

5 5 Fundamental Concept Key Transport Protocol  One party creates a shared key and securely transfers it to the other(s) Key Agreement Protocol  A shared key is derived by two (or more) parties as a function of information contributed by each of these, such that no party can predetermine the key value

6 6 Key Management based on Symmetric Key Cryptography  Key Transport  Key Agreement Key Management based on Public Key Cryptography  Key Transport  Key Agreement Key Management Classification

7 7 Outline Fundamental concept Key management based on symmetric key cryptography  Key transport protocol  Key agreement protocol Key management based on public key cryptography  Key transport protocol  Key agreement protocol

8 8 Symmetric Key Transport without a Server  (1.1) Key transfer using symmetric encryption  (1.2) Key transfer using hash function  (1.3) Key transport without a priori shared keys Server-based Protocols o (2.1) Kerberos o (2.2) NS (Needham – Schroeder) shared-key protocol Key Transport based on Symmetric Key Cryptography

9 9 (1.1) Key transfer using symmetric encryption  Key transfer with one pass or  r A : a random number  t A : timestamp  n A : sequence number  The shared key: K=r A  E: symmetric encryption algorithm  * : optional message fields Key Transport based on Symmetric Key Cryptography

10 10 (1.1) Key transfer using symmetric encryption  Key transfer with challenge-response  If it is required that the key K be a function (such as hash function) of input from both parties  The shared key K=f(r A, r B ) Key Transport based on Symmetric Key Cryptography

11 11 (1.2) Key transport using hash functions  // A authenticates B // B authenticates A  K, K’: A and B shared symmetric keys  h K, h’ K’ : a keyed one-way hash function used for authentication  W: final symmetric key Key Transport based on Symmetric Key Cryptography

12 12 (1.3) Key transport without a priori shared keys  A and B select a prime p  A and B choose random number a and b seperately  A chooses a key K sent to B in message 1  A calculate a -1 based on a x a -1 = 1mod p  K mod p : the shared key for A and B  A know K mod p.  B can calculate b -1 based on b x b -1 = 1mod p  (3) = K b mod p  (K b mod p) = K mod p Key Transport based on Symmetric Key Cryptography b -1

13 13 Server-based protocols (2.1) Kerberos  Message 1 & 2: C gets the shared key Kcg generated by A  Message 3 & 4: C gets the shared key Kcs generated by G Key Transport based on Symmetric Key Cryptography

14 14 (2.2) NS (Needham–Schroeder) shared-key protocol Key Transport based on Symmetric Key Cryptography  Message2:  A gets a shared key Kab generated by S  Message 3:  B gets shared key Kab generated by S

15 15 Outline Fundamental concept Key management based on symmetric key cryptography  Key transport protocol  Key agreement protocol Key management based on public key cryptography  Key transport protocol  Key agreement protocol

16 16 Key Agreement Protocol  A shared secret is derived by two (or more) parties as a function of information contributed by, or associated with, each of these, such that no party can predetermine the resulting value.  Example: Blom’s symmetric key system Key Agreement on Symmetric Key Cryptography

17 17 Blom’s symmetric key system Key Agreement on Symmetric Key Cryptography  Let M be a matrix of size (h+1)*N  N: the number of nodes in the network  h: a value chosen by a trusted third party  Matrix M is a public information shared among the participants.  In the key generation phase, trusted third party  Creates a random symmetric matrix D of size (h+1)*(h+1)  Computes an matrix A = (D * M) T where (D * M) T is the transpose of D*M.  Matrix A must be kept securely.

18 18 Blom’s symmetric key system Key Agreement on Symmetric Key Cryptography  If we let K = A*M, we know that K is a symmetric matrix of size N*N because of the symmetric property of D. Prove: (1) K=A*M = (D*M) T *M = M T * D T *M = M T * D * M (D is a symmetric matrix) (2) (A*M) T = (((D*M) T *M) T = M T * ((D * M) T ) T = M T * D * M Thus, K = K T

19 19 Blom’s symmetric key system Key Agreement on Symmetric Key Cryptography How the shared key is generated?  Private information of participant i and j  A(i) and A(j) rows of matrix A  Public information of participant i and j  M(i) & M(j) columns of matrix M  Shared key of i and j  exchange their columns M(i) and M(j)  participant i computes: Kij= A(i)*M(j)  participant j computes: Kji= A(j)*M(i)  Kij = Kji  K is symmetric.

20 20 Outline Fundamental concept Key management based on symmetric key cryptography  Key transport protocol  Key agreement protocol Key management based on public key cryptography  Key transport protocol  Key agreement protocol

21 21 One party chooses a key and transfers it to a second party using that party’s public key.  (3.1) Key transport using public key encryption without signatures  (3.2) Key transport using public key encryption with signatures Key Transport based on Public Key Cryptography

22 22 (3.1) Key transport using public key encryption without signatures  One pass key transport by public key encryption Kb : public key of B K: A encrypts a randomly generated key k, and sends the result to B. Key Transport based on Public Key Cryptography

23 23 (3.2) Key transport protocols using public key encryption with signature  (3.2.1) Sign the key, encrypt the signed key using public key  (3.2.2) Sign the key, encrypt the unsigned key using public key  (3.2.3) Encrypt the key using public key, sign the encrypted key Key Transport based on Public Key Cryptography

24 24 Notation For data input y,  S A (y) : Signature operation on y using A’s private key, Kb: public key of B Key Transport based on Public Key Cryptography

25 25 (3.2.1) Encrypt signed key (3.2.2) Encrypt and Sign separately The asterisk denotes that the timestamp t A of A is optional Key Transport based on Public Key Cryptography

26 26 (3.2.3) Sign the encrypted key Key Transport based on Public Key Cryptography

27 27 Outline Fundamental concept Key management based on symmetric key cryptography  Key transport protocol  Key agreement protocol Key management based on public key cryptography  Key transport protocol  Key agreement protocol

28 28 Diffie-Hellman  A protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared key over an insecure communications channel.  This key can be used to encrypt subsequent communications using a symmetric key encryption algorithm. Key Agreement based on Public Key Cryptography

29 29 Diffie-Hellman Alice and Bob agree on two prime numbers, g and p. Alice Bob Key Agreement based on Public Key Cryptography

30 30 [1] R. Blom, "An optimal class of symmetric key generation systems", Report LiTH-ISY-I-. 0641, Linköping University, 1984. [2] Krawczyk H.: HMQV: A high-performance secure Diffie-Hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546-566. Springer, Heidelberg (2005). Full version available at http://eprint.iacr.org/2005/176. Reference

Download ppt "Key Management Celia Li Computer Science and Engineering York University."

Similar presentations

The Diffie-Hellman Algorithm

The Diffie-Hellman Algorithm
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
COS 461 Fall 1997 Todays Lecture u intro to security in networking –confidentiality –integrity –authentication –authorization u orientation for assignment.

COS 461 Fall 1997 Todays Lecture u intro to security in networking –confidentiality –integrity –authentication –authorization u orientation for assignment.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Kerberos Short presentation Protocol run Ressources By Artur Hecker, ENST Paris, 11/01/2002.

Kerberos Short presentation Protocol run Ressources By Artur Hecker, ENST Paris, 11/01/2002.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
95-712 OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.

OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Network Security – Part 2 Public Key Cryptography Spring 2007 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 Public Key Cryptography Spring 2007 V.T. Raja, Ph.D., Oregon State University.
G22.3250-001 Robert Grimm New York University Using Encryption for Authentication in Computer Networks.

G Robert Grimm New York University Using Encryption for Authentication in Computer Networks.
Modelling and Analysing of Security Protocol: Lecture 1 Introductions to Modelling Protocols Tom Chothia CWI.

Modelling and Analysing of Security Protocol: Lecture 1 Introductions to Modelling Protocols Tom Chothia CWI.
More on AuthenticationCS-4513 D-term 20081 More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Chapter 9 Cryptographic Protocol Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li.

Chapter 9 Cryptographic Protocol Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.

Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.

Similar presentations

Ads by Google