Download - Cns 13f Lec09 Keymanagement
-
8/13/2019 Cns 13f Lec09 Keymanagement
1/30
Network SecurityKey Management
-
8/13/2019 Cns 13f Lec09 Keymanagement
2/30
2
Key Management
Public-key encryption helps address keydistribution problems
Have two aspects of this: Distribution of public keys Use of public-key encryption to distribute
secret keys
-
8/13/2019 Cns 13f Lec09 Keymanagement
3/30
3
Distribution of Public Keys
Can be considered as using one offollowing mechanisms: Public announcement:
Publicly available directory
Public-key authority
Public-key certificates
-
8/13/2019 Cns 13f Lec09 Keymanagement
4/30
4
Public Announcement
Users distribute public keys to recipients orbroadcast to community at large e.g.post to news groups or email list
-
8/13/2019 Cns 13f Lec09 Keymanagement
5/30
5
Public AnnouncementWeakness
Major weakness is forgery Anyone can create a key claiming to be
someone else and broadcast it Until forgery is discovered, can masquerade
as claimed user
-
8/13/2019 Cns 13f Lec09 Keymanagement
6/30
6
Publicly Available Directory
Can obtain greater security by registeringkeys with a public directory
Directory must be trusted with properties:
Contains {name, public-key} entries Participants register securely with directory Participants can replace key at any time Directory is periodically published
Directory can be accessed electronically
-
8/13/2019 Cns 13f Lec09 Keymanagement
7/30
7
Publicly Available Directory
More secure than individual publicannouncements
Still vulnerable to tampering or forgery
-
8/13/2019 Cns 13f Lec09 Keymanagement
8/30
8
Public-Key Authority
Improve security by tightening control overdistribution of keys from directory
Has properties of directory
And requires users to know public key for thedirectory Then users interact with directory to obtain
any desired public key securely
Does require real-time access to directory whenkeys are needed
-
8/13/2019 Cns 13f Lec09 Keymanagement
9/30
9
Public-Key Authority
-
8/13/2019 Cns 13f Lec09 Keymanagement
10/30
10
Public-Key AuthorityMessage Exchange
A sends a timestamped message to the publickey authority containing request for Bs publickey
Authority responds with a message encryptedwith its private key. As assured message is generated from authority
Message includes: Bs public key, original requestand original timestamp
-
8/13/2019 Cns 13f Lec09 Keymanagement
11/30
11
Message Exchange
A stores Bs public key and also uses it forencryption of IDAand a nonce This identifies the session uniquely
B gets the public key from authority B sends a message to A encrypted with As
public key Message contains As nonce & new nonce from B As nonce in message tells that the communicator is
B A returns Bs nonce, encrypted using Bs publickey
-
8/13/2019 Cns 13f Lec09 Keymanagement
12/30
12
Public-Key Certificates
Certificates allow key exchange without real-time access to public-key authority
A certificate binds identityto public key
Usually with other information such as period ofvalidity, rights of use, etc.
With all contents signedby a trusted Public-Key or Certificate Authority (CA)
Can be verified by anyone who knows thepublic-key authorities public-key
-
8/13/2019 Cns 13f Lec09 Keymanagement
13/30
13
Public-Key Certificates
-
8/13/2019 Cns 13f Lec09 Keymanagement
14/30
14
Public-Key Certificates
Nodes acquire the certificates from the CA
Each certificate contains a public key andother information, encrypted with CAs
private key Recipient uses CAs public key to decrypt the
certificate
Participant conveys its key information usingthis certificate
-
8/13/2019 Cns 13f Lec09 Keymanagement
15/30
15
Public-Key CertificatesRequirements
Any participant can read a certificate
Any participant can verify that the
certificate originated from CA Only CA can create and update certificates
Any participant can verify the certificate
-
8/13/2019 Cns 13f Lec09 Keymanagement
16/30
16
Public-Key Distribution of SecretKeys
Use previous methods to obtain public-key
Can use for secrecy or authentication
But public-key algorithms are slow
So usually want to use private-key encryptionto protect message contents Hence need a session key
Have several alternatives for negotiating asuitable session
-
8/13/2019 Cns 13f Lec09 Keymanagement
17/30
17
Simple Secret KeyDistribution
Proposed by Merkle in 1979 A generates a new temporary public key
pair
A sends B the public key and their identity B generates a session key K sends it to A
encrypted using the supplied public key
A decrypts the session key and both use
-
8/13/2019 Cns 13f Lec09 Keymanagement
18/30
18
Secret Key Distribution
Problem is that an opponent can intercept andimpersonate both halves of protocol
(1) KUa|| ID
A
(2) EKU
a
[KS]
-
8/13/2019 Cns 13f Lec09 Keymanagement
19/30
19
Secret Key DistributionProblem Scenario
A generates public/private key and transmitsto B
E can intercept a message, create its ownpublic/private key pair and transmits it to B
B generates a secret key and transmits it
encrypted with Es public key
-
8/13/2019 Cns 13f Lec09 Keymanagement
20/30
20
Problem Scenario
E intercepts message and learns the secretkey
E transmits to A the secret key encryptedwith As public key
Now E can intercept all the communication
-
8/13/2019 Cns 13f Lec09 Keymanagement
21/30
21
Distribution of Secret Keys withConfidentiality and Authentication Must have securely exchanged public-keys:
-
8/13/2019 Cns 13f Lec09 Keymanagement
22/30
22
Distribution of Secret Keys
1. A uses Bs public key to encrypt IDAand anonce Used to identify the transaction
2. B sends a message to A encrypted with Apublic key, containing As nonce and Bs nonce3. A returns nonce of B4. A selects a secret key and sends message
M; first encrypting secret key with Aprivate key and then encrypting with Bspublic key
-
8/13/2019 Cns 13f Lec09 Keymanagement
23/30
23
Diffie-Hellman Key Exchange
First public-key type scheme proposed
By Diffie & Hellman in 1976 along with theexposition of public key concepts
Note:James Ellis (UK CESG) secretly proposedthe concept in 1970
Is a practical method for public exchange of asecret key
Used in a number of commercial products
-
8/13/2019 Cns 13f Lec09 Keymanagement
24/30
24
Diffie-Hellman Key Exchange
A public-key distribution scheme Cannot be used to exchange an arbitrary message Rather it can establish a common key Known only to the two participants
Value of key depends on the participants (and theirprivate and public key information)
-
8/13/2019 Cns 13f Lec09 Keymanagement
25/30
25
Diffie-Hellman Setup
Both the communicating parties agree on pand g Alice picks SAat random, Bob picks SB Alice computes TA=g
SA mod p, Bob computes TB=gSB
mod p
They exchange Ts Each raises the number they receive to their secret
number Alice computes TB
SA mod p, Bob computes TA
SBmod p
They come up with same number; because TBSA=(gSB) SA =gSA SB=(gSA) SB= TASBmod p= KAB
-
8/13/2019 Cns 13f Lec09 Keymanagement
26/30
26
Diffie-Hellman Example
Users Alice & Bob who wish to swap keys:
Agree on prime p=353and g =3
Select random secret keys:
A chooses SA=97, B chooses SB=233 Compute public keys:
TA=397
mod 353 = 40 (Alice)
TB=3233
mod 353 = 248 (Bob)
Compute shared session key as:KAB= TB
SAmod 353 = 24897
= 160 (Alice)
KAB= TASBmod 353 = 40
233= 160 (Bob)
-
8/13/2019 Cns 13f Lec09 Keymanagement
27/30
27
Diffie-Hellman Key Exchange
KABis used as session key in private-keyencryption scheme between Alice and Bob
If Alice and Bob subsequently communicate,they will have the samekey as before, unlessthey choose new public-keys
Attacker needs an S, must solve discrete log
-
8/13/2019 Cns 13f Lec09 Keymanagement
28/30
28
The Diffie-Hellman Key ExchangeAlgorithm
-
8/13/2019 Cns 13f Lec09 Keymanagement
29/30
29
Diffie-Hellman Key Exchange
-
8/13/2019 Cns 13f Lec09 Keymanagement
30/30
30
Summary
Have considered: Distribution of public keys
Public-key distribution of secret keys
Diffie-Hellman key exchange