Download - Key management
![Page 1: Key management](https://reader036.vdocuments.mx/reader036/viewer/2022081604/5870fa3c1a28ab5f528b5785/html5/thumbnails/1.jpg)
Key Managementcryptography
![Page 2: Key management](https://reader036.vdocuments.mx/reader036/viewer/2022081604/5870fa3c1a28ab5f528b5785/html5/thumbnails/2.jpg)
What is Key Management?
★Key management is the management of cryptographic keys in a cryptosystem.
★This includes dealing with the generation, exchange, storage, use, and replacement of keys.
★It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.
★It deals with entire key lifecycle.
![Page 3: Key management](https://reader036.vdocuments.mx/reader036/viewer/2022081604/5870fa3c1a28ab5f528b5785/html5/thumbnails/3.jpg)
Why are we talking about key management?
★With the rise of Cybercrime, companies are investing significant amounts in Information Security in order to protect themselves, their employees and partners, but in the end that might not be enough.
★Threats:○ compromise of confidentiality of secret keys
○ compromise of authenticity of secret or public keys.
○ unauthorized use of public or secret keys
![Page 4: Key management](https://reader036.vdocuments.mx/reader036/viewer/2022081604/5870fa3c1a28ab5f528b5785/html5/thumbnails/4.jpg)
Key management techniques
a)Symmetric-key encryption:
![Page 5: Key management](https://reader036.vdocuments.mx/reader036/viewer/2022081604/5870fa3c1a28ab5f528b5785/html5/thumbnails/5.jpg)
Key management techniques
b)Public-key
encryption:
![Page 6: Key management](https://reader036.vdocuments.mx/reader036/viewer/2022081604/5870fa3c1a28ab5f528b5785/html5/thumbnails/6.jpg)
Key LifeCycle
![Page 7: Key management](https://reader036.vdocuments.mx/reader036/viewer/2022081604/5870fa3c1a28ab5f528b5785/html5/thumbnails/7.jpg)
Distribution of Public Keys
★ Public announcement
★ Publicly available directory
★ Public-key authority ★ Public-key
certificates
![Page 8: Key management](https://reader036.vdocuments.mx/reader036/viewer/2022081604/5870fa3c1a28ab5f528b5785/html5/thumbnails/8.jpg)
Public announcement
![Page 9: Key management](https://reader036.vdocuments.mx/reader036/viewer/2022081604/5870fa3c1a28ab5f528b5785/html5/thumbnails/9.jpg)
Publicly available directory
![Page 10: Key management](https://reader036.vdocuments.mx/reader036/viewer/2022081604/5870fa3c1a28ab5f528b5785/html5/thumbnails/10.jpg)
Public-key authority
![Page 11: Key management](https://reader036.vdocuments.mx/reader036/viewer/2022081604/5870fa3c1a28ab5f528b5785/html5/thumbnails/11.jpg)
Public-key certificates
![Page 12: Key management](https://reader036.vdocuments.mx/reader036/viewer/2022081604/5870fa3c1a28ab5f528b5785/html5/thumbnails/12.jpg)
Diffie Hellman key exchange algorithm
★First public key algorithm proposed by Diffie and Hellman in
1976.
★Used only for key exchange
★Used In many commercial products
![Page 13: Key management](https://reader036.vdocuments.mx/reader036/viewer/2022081604/5870fa3c1a28ab5f528b5785/html5/thumbnails/13.jpg)
All users agree on two parameters 1) large prime number q 2) primitive root a each user (eg. A) generates their key: chooses a secret key(number): xA < q
compute their public key: yA = a^xA mod q
public keys are stored in universal directory
Algorithm:
![Page 14: Key management](https://reader036.vdocuments.mx/reader036/viewer/2022081604/5870fa3c1a28ab5f528b5785/html5/thumbnails/14.jpg)
shared session key for users A & B is KAB: KAB = axA.xB mod q = yA^xB mod q (which B can compute) = yB^xA mod q (which A can compute) KAB is used as session key in private-key encryption scheme between Alice and Bob
if Alice and Bob subsequently communicate, they will have the same key as before, unless they choose new public-keys Disadvantage: 1)man in the middle attack 2) authentication is needed
Algorithm:
![Page 15: Key management](https://reader036.vdocuments.mx/reader036/viewer/2022081604/5870fa3c1a28ab5f528b5785/html5/thumbnails/15.jpg)
Digital Certificate
![Page 16: Key management](https://reader036.vdocuments.mx/reader036/viewer/2022081604/5870fa3c1a28ab5f528b5785/html5/thumbnails/16.jpg)
Digital Certificate
★A digital identity document binding a public key to a specific
person or organization
★Certification Authorities are the digital world’s equivalent to
passport offices. They issue digital certificates and validate
holders’ identity and authority
![Page 17: Key management](https://reader036.vdocuments.mx/reader036/viewer/2022081604/5870fa3c1a28ab5f528b5785/html5/thumbnails/17.jpg)
What is the Process of obtaining a certificate?
![Page 18: Key management](https://reader036.vdocuments.mx/reader036/viewer/2022081604/5870fa3c1a28ab5f528b5785/html5/thumbnails/18.jpg)
How do You Obtain An Individual’s Public Key?
![Page 19: Key management](https://reader036.vdocuments.mx/reader036/viewer/2022081604/5870fa3c1a28ab5f528b5785/html5/thumbnails/19.jpg)
How Digital Certificates are Used for Message Encryption?
![Page 20: Key management](https://reader036.vdocuments.mx/reader036/viewer/2022081604/5870fa3c1a28ab5f528b5785/html5/thumbnails/20.jpg)
X.509 Certificates
![Page 21: Key management](https://reader036.vdocuments.mx/reader036/viewer/2022081604/5870fa3c1a28ab5f528b5785/html5/thumbnails/21.jpg)
In Chrome, Settings->Advanced Setting->Manage Certificates
![Page 22: Key management](https://reader036.vdocuments.mx/reader036/viewer/2022081604/5870fa3c1a28ab5f528b5785/html5/thumbnails/22.jpg)
In Wireshark, SSL packets captured
![Page 23: Key management](https://reader036.vdocuments.mx/reader036/viewer/2022081604/5870fa3c1a28ab5f528b5785/html5/thumbnails/23.jpg)
Thank You