Presentation is loading. Please wait.

Presentation is loading. Please wait.

 Key Management  Secure Group Management  Authorization Management  Latest Relevant Knowledge  Future Work  References 2.

Published byOswin Sparks Modified over 9 years ago

Similar presentations

Presentation on theme: " Key Management  Secure Group Management  Authorization Management  Latest Relevant Knowledge  Future Work  References 2."— Presentation transcript:

1

2  Key Management  Secure Group Management  Authorization Management  Latest Relevant Knowledge  Future Work  References 2

3  Key management for symmetric encryption  Key Distribution Center (KDC)  Key management for asymmetric encryption  Distribution of public keys  Session key distribution  Diffie-Hellman Key Exchange 3

4  Alice and Bob need shared symmetric key.  KDC is a server that shares different secret key with each registered user.  Alice and Bob know own symmetric keys K A-KDC and K B-KDC for communicating with KDC. 4

5 K B-KDC K X-KDC K Y-KDC K Z-KDC K P-KDC K B-KDC K A-KDC Alice Bob KDC 5

6 Alice knows R1 Bob knows to use R1 to communicate with Alice KDC generates R1 K B-KDC (A,R1) K A-KDC (A,B) K A-KDC (R1, K B-KDC (A,R1) ) 6

7  Distribution of Public Keys  Public announcement  Publicly available directory  Public-key authority  Public-key certificates 7

8  Users distribute public keys to all  Advantage: Simplicity  Disadvantage: Forgery  Anyone can forge such a announcement  Ex: user B pretends to be A, and publish a key for A  Then all messages sent to A, readable by B! 8

9  Publicly available dynamic directory.  Maintained by trusted organization.  Weakness: If adversary obtains the private key of the directory. 9

10  Encryption is used to exchanged keys.  Stores public keys like directory.  User needs to know the public key of the authority.  Weakness: Authority is the bottleneck just like the directory. 10

11 11

12  Certificate = Public key + identifier + timestamp.  Certificate authority  Govt. agency or trusted financial institution.  User can publish the certificate. 12

13 13

14  Naïve method  Weakness: Man-in-the-middle-attack 14

15 15

16  Only sender and receiver take part.  No involvement of KDC.  Based on the complexity of computing discrete logarithms. 16

17 17

18  When a process asks to join a group G, the integrity of the group must not be compromised.  Each group member has a secret key CK G.  Also the group has a private key- public key pair for communication with nongroup members. 18

19  P  Entity that wants to join the group.  G  The group  Q  A member of the group  RP  Reply pad  K P,G  Secret key between P and G  N  Nonce 19

20  Managing access rights is very important in distributed systems.  Nondistributed system  Account in the machine controls all access rights.  Distributed system  Single account in the central server.  The server is consulted each time the user accesses a certain resource or machine. 20

21  A capability is an unforgeable data structure for a specific resource,  Specifies the access rights that the holder of the capability has with respect to that resource.  128 bit identifier. 21

22  When server wants to give access rights to a certain object, it makes a owner capability (OC).  All right bits are on.  A random check field is chosen and stored in a table. Server PortC11111111Object 22

23  The client creates a bit mask (B) representing his access rights and send it to the server.  Server creates a new capability.  The new capability is called Restricted Capability (RC).  Extracts C from the table for the requested object.  Check field(RC) = f(B XOR C), where f is a one way function.  Right field(RC) = B  Sends the RC to client. 23

24 24

25  When client wants access to the object, it sends the RC to the server.  Server checks:  The right bits are not “all 1s”, so it’s a restricted capability.  IF (check(RC) XOR check(table) == check(OC)) THEN permits the access ELSE blocks the request 25

26  An entity can delegate some of its access rights to another process so that the later can do the job on behalf of him.  A proxy is created by the process who wants to delegate.  Proxy (not proxy server) is a token that gives the bearer of it some privileges that can only be used by the entity which made the proxy. 26

27  Alice delegates some rights to Bob so that he can do some job in the server on behalf of her.  They share a secret key, K A,B.  R  List of rights  S(+)proxy  Security question made by Alice  S(-)proxy  Answer of the security question.  Alice tells the answer only to Bob.  Bob proves his honesty to Alice by answering the security question asked by the server 27

28 28

29  Using biometric data for sharing symmetric key, e.g. fingerprint based Key Distribution Center [3].  Quantum Key Distribution (QKD) [4].  Role Based Access Control (RBAC) [5]. 29

30  Quantum computing, e.g. quantum entanglement might play a big role in secure key management.  For secure group communication, biometric data, e.g. genetic information of each group member can be used. 30

31 [1] W. Stallings, Cryptography and Network Security – Principles and Practices,4 th Ed., Prentice-Hall Inc., Upper Saddle River, New Jersy, USA, 2006. [2] Andrew S. Tanenbaum and Maarten van Steen. 2006. Distributed Systems: Principles and Paradigms (2nd Edition). Prentice-Hall, Inc., Upper Saddle River, NJ, USA. [3] Barman, S.; Chattopadhyay, S.; Samanta, D., "An approach to cryptographic key distribution through fingerprint based key distribution center," in Advances in Computing, Communications and Informatics (ICACCI, 2014 International Conference on, vol., no., pp.1629-1635, 24-27 Sept. 2014 doi: 10.1109/ICACCI.2014.6968299 [4] Xianzhu Cheng; Yongmei Sun; Yuefeng Ji, "A QoS-supported scheme for quantum key distribution," in Advanced Intelligence and Awareness Internet (AIAI 2011), 2011 International Conference on, vol., no., pp.220-224, 28-30 Oct. 2011doi: 10.1049/cp.2011.1461 [5] Qi Li; Mingwei Xu; Xinwen Zhang, "Towards a Group-Based RBAC Model and Decentralized User-Role Administration," in Distributed Computing Systems Workshops, 2008. ICDCS '08. 28th International Conference on, vol., no., pp.441-446, 17-20 June 2008 doi: 10.1109/ICDCS.Workshops.2008.26

Download ppt " Key Management  Secure Group Management  Authorization Management  Latest Relevant Knowledge  Future Work  References 2."

Similar presentations

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Authentication & Kerberos

Authentication & Kerberos
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.

 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
L-13 Security 1. Schedule up to Midterm 2/26 No class (work on project 1, hw3) Review 3/2 Monday 4:30 pm NSH 3002 HW 3 due Midterm 3/3 Tuesday in class.

L-13 Security 1. Schedule up to Midterm 2/26 No class (work on project 1, hw3) Review 3/2 Monday 4:30 pm NSH 3002 HW 3 due Midterm 3/3 Tuesday in class.
More on AuthenticationCS-4513 D-term 20081 More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)
Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.

Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Security Module – Part 1 Spring 2006 V.T. Raja, Ph.D., Oregon State University.

Security Module – Part 1 Spring 2006 V.T. Raja, Ph.D., Oregon State University.
Outline User authentication

Outline User authentication
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 DISTRIBUTED SYSTEMS.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Similar presentations

Ads by Google