Presentation is loading. Please wait.

Presentation is loading. Please wait.

Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.

Published byJemimah O’Brien’ Modified over 9 years ago

Similar presentations

Presentation on theme: "Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B."— Presentation transcript:

1 Key Management

2 Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B (R B )  What if K B + is faked?

3 Security Management  Problem: how do you get keys in the first place?  Key distribution: securely associate an entity with a key -Example: Public Key Infrastructure (PKI), a system that manages public key distribution on a wide-scale  Key establishment: establish session keys -Use public key cryptography (we already know how to do it)

4 Components of a PKI

5 Digital Certificate  Signed data structure that binds an entity (E) with its corresponding public key (K E + ) -Signed by a recognized and trusted authority, i.e., Certification Authority (CA) -Provide assurance that a particular public key belongs to a specific entity  How? -CA generates K CA - (E, K E + ) -Everyone can verify signature using K CA +

6 Certification Authority (CA)  People, processes responsible for creation, delivery and management of digital certificates  Organized in a hierarchy (use delegation – see next) CA-1CA-2 Root CA

7 Registration Authority  People, processes and/or tools that are responsible for -Authenticating the identity of new entities (users or computing devices) -Requiring certificates from CA’s.

8 Certificate Repository  A database which is accessible to all users of a PKI, contains: -Digital certificates, -Certificate revocation information -Policy information

9 Example  Alice generates her own key pair. public key Alice private key Alice  Bob generates his own key pair.  Both sent their public key to a CA and receive a digital certificate public key Bob private key Bob

10 Example  Alice gets Bob’s public key from the CA private key Alice public key Bob private key Bob public key Alice  Bob gets Alice’s public key from the CA

11 Certificate Revocation  Process of publicly announcing that a certificate has been revoked and should no longer be used.  Approaches: -Use certificates that automatically time out -Use certificate revocation list

12 Authorization Management

13  Granting authorization rights  Related with access control which verifies access rights

14 Capabilities (1)  How to grant a capability?  How to verify a capability?

15 Capabilities (2)  Capability: -Unforgeable data structure for a specific resource R -Specify access right the holder has with respect to R  An example: 48 bits24 bits8 bits48 bits Server portObjectRightsCheck

16 Capabilities (3)  Generation of a restricted capability from an owner capability Owner

17 Delegation: Motivation Example  A user Alice has read-only access rights on a large file F  Alice wants to print F on printer P no earlier than 2am -Method A: Alice sends the entire file F to the printer P; -Method B: Alice passes the file name to P and printer P copies the file F to its spooling directory when F is actually needed. -For method B, Alice needs to delegate her read-only access rights on F to printer P

18 Delegation: Neuman Scheme  The general structure of a proxy as used for delegation:

19 Delegation: Neuman Scheme  Using a proxy to delegate and prove ownership of access rights  In practice S + proxy, S - proxy can be a public-private key pair and N can be a nonce

Download ppt "Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B."

Similar presentations

Introduction of Grid Security

Introduction of Grid Security
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication (Part B)

Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication (Part B)
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Report on Attribute Certificates By Ganesh Godavari.

Report on Attribute Certificates By Ganesh Godavari.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Similar presentations

Ads by Google