Download presentation
Presentation is loading. Please wait.
Published byOswin Sparks Modified over 9 years ago
2
Key Management Secure Group Management Authorization Management Latest Relevant Knowledge Future Work References 2
3
Key management for symmetric encryption Key Distribution Center (KDC) Key management for asymmetric encryption Distribution of public keys Session key distribution Diffie-Hellman Key Exchange 3
4
Alice and Bob need shared symmetric key. KDC is a server that shares different secret key with each registered user. Alice and Bob know own symmetric keys K A-KDC and K B-KDC for communicating with KDC. 4
5
K B-KDC K X-KDC K Y-KDC K Z-KDC K P-KDC K B-KDC K A-KDC Alice Bob KDC 5
6
Alice knows R1 Bob knows to use R1 to communicate with Alice KDC generates R1 K B-KDC (A,R1) K A-KDC (A,B) K A-KDC (R1, K B-KDC (A,R1) ) 6
7
Distribution of Public Keys Public announcement Publicly available directory Public-key authority Public-key certificates 7
8
Users distribute public keys to all Advantage: Simplicity Disadvantage: Forgery Anyone can forge such a announcement Ex: user B pretends to be A, and publish a key for A Then all messages sent to A, readable by B! 8
9
Publicly available dynamic directory. Maintained by trusted organization. Weakness: If adversary obtains the private key of the directory. 9
10
Encryption is used to exchanged keys. Stores public keys like directory. User needs to know the public key of the authority. Weakness: Authority is the bottleneck just like the directory. 10
11
11
12
Certificate = Public key + identifier + timestamp. Certificate authority Govt. agency or trusted financial institution. User can publish the certificate. 12
13
13
14
Naïve method Weakness: Man-in-the-middle-attack 14
15
15
16
Only sender and receiver take part. No involvement of KDC. Based on the complexity of computing discrete logarithms. 16
17
17
18
When a process asks to join a group G, the integrity of the group must not be compromised. Each group member has a secret key CK G. Also the group has a private key- public key pair for communication with nongroup members. 18
19
P Entity that wants to join the group. G The group Q A member of the group RP Reply pad K P,G Secret key between P and G N Nonce 19
20
Managing access rights is very important in distributed systems. Nondistributed system Account in the machine controls all access rights. Distributed system Single account in the central server. The server is consulted each time the user accesses a certain resource or machine. 20
21
A capability is an unforgeable data structure for a specific resource, Specifies the access rights that the holder of the capability has with respect to that resource. 128 bit identifier. 21
22
When server wants to give access rights to a certain object, it makes a owner capability (OC). All right bits are on. A random check field is chosen and stored in a table. Server PortC11111111Object 22
23
The client creates a bit mask (B) representing his access rights and send it to the server. Server creates a new capability. The new capability is called Restricted Capability (RC). Extracts C from the table for the requested object. Check field(RC) = f(B XOR C), where f is a one way function. Right field(RC) = B Sends the RC to client. 23
24
24
25
When client wants access to the object, it sends the RC to the server. Server checks: The right bits are not “all 1s”, so it’s a restricted capability. IF (check(RC) XOR check(table) == check(OC)) THEN permits the access ELSE blocks the request 25
26
An entity can delegate some of its access rights to another process so that the later can do the job on behalf of him. A proxy is created by the process who wants to delegate. Proxy (not proxy server) is a token that gives the bearer of it some privileges that can only be used by the entity which made the proxy. 26
27
Alice delegates some rights to Bob so that he can do some job in the server on behalf of her. They share a secret key, K A,B. R List of rights S(+)proxy Security question made by Alice S(-)proxy Answer of the security question. Alice tells the answer only to Bob. Bob proves his honesty to Alice by answering the security question asked by the server 27
28
28
29
Using biometric data for sharing symmetric key, e.g. fingerprint based Key Distribution Center [3]. Quantum Key Distribution (QKD) [4]. Role Based Access Control (RBAC) [5]. 29
30
Quantum computing, e.g. quantum entanglement might play a big role in secure key management. For secure group communication, biometric data, e.g. genetic information of each group member can be used. 30
31
[1] W. Stallings, Cryptography and Network Security – Principles and Practices,4 th Ed., Prentice-Hall Inc., Upper Saddle River, New Jersy, USA, 2006. [2] Andrew S. Tanenbaum and Maarten van Steen. 2006. Distributed Systems: Principles and Paradigms (2nd Edition). Prentice-Hall, Inc., Upper Saddle River, NJ, USA. [3] Barman, S.; Chattopadhyay, S.; Samanta, D., "An approach to cryptographic key distribution through fingerprint based key distribution center," in Advances in Computing, Communications and Informatics (ICACCI, 2014 International Conference on, vol., no., pp.1629-1635, 24-27 Sept. 2014 doi: 10.1109/ICACCI.2014.6968299 [4] Xianzhu Cheng; Yongmei Sun; Yuefeng Ji, "A QoS-supported scheme for quantum key distribution," in Advanced Intelligence and Awareness Internet (AIAI 2011), 2011 International Conference on, vol., no., pp.220-224, 28-30 Oct. 2011doi: 10.1049/cp.2011.1461 [5] Qi Li; Mingwei Xu; Xinwen Zhang, "Towards a Group-Based RBAC Model and Decentralized User-Role Administration," in Distributed Computing Systems Workshops, 2008. ICDCS '08. 28th International Conference on, vol., no., pp.441-446, 17-20 June 2008 doi: 10.1109/ICDCS.Workshops.2008.26
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.