prev
next
out of 27

Lec 12 and 13

Embed Size (px)

Citation preview

  • 8/16/2019 Lec 12 and 13

    1/27

    Network Security

    (Key Management)

  • 8/16/2019 Lec 12 and 13

    2/27

    Key Management

    One of the major roles of public-keyencryption has been to address theproblems of key distribution

    !wo distinct aspects of public keycryptography" !he distribution of public keys !he use of public key encryption to

    distribute secret keys

  • 8/16/2019 Lec 12 and 13

    3/27

    #istribution of $ublic keys

    $ublic announcements$ublicly a%ailable directory$ublic key authority

    $ublic key certi&cates

  • 8/16/2019 Lec 12 and 13

    4/27

    $ublic 'nnouncements

    'ny participant can send his public keyto any other participant or broadcast thekey to the community at large

    ample " $*$ that uses +S' has adopted

    the practice of appending their public key tomessages that they send to public forumssuch as newsgroups and internet mailing lists

    Seems to be con%enient, has major

    weaknesses 'nyone can forge, !hat issome user pretend to be user ' andbroadcast its public key ntil noticed ,forger can able to read encrypted

    messages intended for ' and can use keys

  • 8/16/2019 Lec 12 and 13

    5/27

    $ublic 'nnouncements

  • 8/16/2019 Lec 12 and 13

    6/27

    $ublicly '%ailable#irectory

    Some sort of security can be achie%edby maintaining a publicly a%ailabledynamic directory of public keys

    Maintenance and distribution will bethe responsibility of some trusted entityor organi.ation

  • 8/16/2019 Lec 12 and 13

    7/27

    $ublicly '%ailable#irectory

    !he authority maintains a directorywith a /name, public key0 entry foreach participant

    ach participant register a public keywith the directory authority +egistrationwould ha%e to be in person or by someform of secure authenticatedcommunication

    $articipant may replace the e istingkey

    $articipants could also access the

  • 8/16/2019 Lec 12 and 13

    8/27

    u c y %a a e#irectoryStill its %ulnerable , if an ad%ersary

    succeed in obtaining the pri%ate key of thedirectory authority, it can authoritati%elypass out counterfeit public keys andsubse2uently impersonate and ea%esdrop

    any participant'nother way is to temper records kept by

    the authority

  • 8/16/2019 Lec 12 and 13

    9/27

    $ublic Key 'uthority

    Stronger security can be achie%ed bypro%iding tighter control o%erdistribution of public keys from directory

    'ssumes that central authoritymaintains a dynamic directory of publickeys of all participants

    ach participant reliably knows publickey of the authority, with only authorityknows pri%ate key

  • 8/16/2019 Lec 12 and 13

    10/27

    Steps in%ol%ed ' sends a time stamped message to the publickey authority containing a re2uest for the current

    public key of 3 !he authority responds with the message that is

    encrypted using the authority4s pri%ate key , $+ auth !hus ' is able to decrypt the message using theauthority4s public key !herefore ' is assured thatthe message originated with the authority

    !he message includes"3 public key, $ b , which ' can use to encrypt

    messages destined for 3 !he original re2uest , to enable ' to match this

    response with the corresponding earlier re2uest and%erify that original re2uest was not altered beforereception by the authority

    !he original timestamp, so ' can determine that this isnot an old message from the authority containing a key4

  • 8/16/2019 Lec 12 and 13

    11/27

    5ontinued6

    ' Stores 34s public key and also usesit to encrypt a message to 3 containingan identi&er of ' (7# ' ) and a nonce (N 8) ,which is used to identify this transactionuni2uely

    3 retrie%es '4s public key from theauthority in the same manner as 'retrie%es 34s public key

    't this point , public key has beensecurely deli%ered to ' and 3 and theymay begin there protected e change

  • 8/16/2019 Lec 12 and 13

    12/27

    !wo 'dditional Steps3 sends a message to ' encrypted

    with $ a and containing '4s nonce(N 8)as well as a new nonce generated by 3

    (N 9) 3ecause only 3 could ha%edecrypted message (:), the presence ofN8 in message (;) assures ' that the

    corresponding is 3' returns N 9 , encrypted using 34s

    public key , to assure 3 that is

    corresponding is '

  • 8/16/2019 Lec 12 and 13

    13/27

    5ontinued !otal are se%en steps, the initial four

    steps are used infre2uently becauseboth ' and 3 can sa%e the other4spublic key for future use, known as

    caching$eriodically user should re2uest fresh

    copies of public key to ensure currency

  • 8/16/2019 Lec 12 and 13

    14/27

    $ublic Key 'uthority

  • 8/16/2019 Lec 12 and 13

    15/27

    $ublic key certi&cates

  • 8/16/2019 Lec 12 and 13

    16/27

    $ublic key 5erti&cates

    ' user can present his public key to theauthority in a secure manner , and obtain acerti&cate

    !he user then publish the certi&cate'ny one needed this user public key can

    obtain the certi&cate and %erify that it is%alid by way of the attached trusted

    signature' participant can also con%ey its key

    information to another by transmitting its

    certi&cate

  • 8/16/2019 Lec 12 and 13

    17/27

    +e2uirements'ny participant can read a certi&cate

    to determine the name and public keyof the certi&cate owner

    'ny participant can %erify that thecerti&cate originated from thecerti&cate authority and is notcounterfeit

    Only the certi&cate authority cancreate and update certi&cate

    'ny participant can %erify the

    currency of the certi&cate

  • 8/16/2019 Lec 12 and 13

    18/27

    $ublic key 5erti&cates

    ach participant applies to thecerti&cate authority, supplying a publickey and re2uest a certi&cate

    'pplication must be in person or bysome form of secure authenticatedcommunication

    1or participant ', the authoritypro%ides a certi&cate of the form"

    =here $+ auth is the pri%ate key used by

    the authority and ! is the timestamp

  • 8/16/2019 Lec 12 and 13

    19/27

    5ontinued6' may then pass this certi&cate on to any

    other participant , who reads and %eri&es thecerti&cate

    as follows"

    !he recipient uses the authority public key, $auth , to decrypt the certi&cate

    3ecause the certi&cate is readable only usingauthority4s public key, this %eri&es authenticityof certi&cate authority

    !he elements 7# ' and $ a pro%ides therecipient with the name and the public key of

  • 8/16/2019 Lec 12 and 13

    20/27

    !ime Stamp Scenario

    ' pri%ate key is learned by thead%ersary' generates a new pri%ate>public key

    pair and applies to the certi&cateauthority for new certi&cate

    Meanwhile , the ad%ersary replays theold certi&cate to 3 if 3 then encryptsmessages using compromised old publickey, the ad%ersary can read thosemessages

  • 8/16/2019 Lec 12 and 13

    21/27

    $ublic Key 5erti&cate

    f

  • 8/16/2019 Lec 12 and 13

    22/27

    #istribution of Secret Keyusing $ublic Key

    cryptography$ublic key encryption can be usedfor distribution of Secret keys

  • 8/16/2019 Lec 12 and 13

    23/27

    Simple Secret Key#istribution

    ' generates a public>pri%ate keypair/$ a , $+ a 0 and transmits amessage to 3 consisting of $ a andan identi&er of ', 7# '

    3 generates a secret key , K s , andtransmit it to ', encrypted with '4spublic key

    ' computes #($+ a , ($ a , K s)) toreco%er the secret key 3ecause only

    ' can decrypt the message, only '

  • 8/16/2019 Lec 12 and 13

    24/27

    Simple Secret Key#istribution

    ' and 3 can now securelycommunicate using con%entionalencryption and the session Key K s

    't the completion of e change bothdiscard K sNo keys e ist at the start of

    communication and none e ist afterthe completion of communication !hus the risk of keys compromise is

    minimal

  • 8/16/2019 Lec 12 and 13

    25/27

    Simple Secret Key#istribution

    S t k #i t ib ti ith

  • 8/16/2019 Lec 12 and 13

    26/27

    Secret key #istribution withcon&dentiality and

    authentication' uses 34s public key to encrypt a message to 3containing an identi&er of ' (7# ' ) and nonce(N 8),which is used to identify this transaction uni2uely

    3 sends a message to ' encrypted with $ a and

    containing '4s nonce(N 8) as well as a new noncegenerated by 3 (N 9) 3ecause only 3 could ha%edecrypted message(8), the presence of N 8 inmessage(9) assures ' that the correspondent is 3

    ' returns N9, encrypted using 34s public key, to

    assure 3 that its correspondent is '' selects a secret key K s and sends M? ($ b , ($+

    a , K s)) to 3ncryption of this message with 34s public key

    ensures that only 3 can read it@ encryption with ' As

  • 8/16/2019 Lec 12 and 13

    27/27

    #iBe-Cellman Keychange

    'lice and 3ob want to share a secret key using#iBe-Cellman'lice chooses a large prime number p and a largenumber called the generator g which is less than

    p @ these two %alues ( g and p ) are sent to 3ob'lice chooses a number a and calculates A ? g a (mod p )@ the %alue A is sent to 3ob3ob chooses a number b and calculates B ? g b

    (mod p )@ the %alue B is sent to 'lice'lice calculates the shared secret K ? Ba (mod p )3ob calculates the shared secret K ? A b (mod p )


Lec-13 waves

Lec-13 waves

Documents
Lec Corrosion 13

Lec Corrosion 13

Documents
Lec 12 Slides

Lec 12 Slides

Documents
12 lec 12 loop

12 lec 12 loop

Education
2-Lectures LEC 13

2-Lectures LEC 13

Documents
Chem Chapter 13 LEC

Chem Chapter 13 LEC

Documents
Lec 12- Hydropower

Lec 12- Hydropower

Documents
Anatomy - Lec.13

Anatomy - Lec.13

Documents
Lec 13 Revised

Lec 13 Revised

Documents
Bio 151 lec 12 13 cmer & lmi

Bio 151 lec 12 13 cmer & lmi

Documents
Lec 13 Corrosion1

Lec 13 Corrosion1

Documents
Lec 13. MATLAB GUI Programming

Lec 13. MATLAB GUI Programming

Education
Q913 re1 w4 lec 13

Q913 re1 w4 lec 13

Education
Lec 12 lags

Lec 12 lags

Engineering
Gears Lec 12

Gears Lec 12

Documents
Lec 11-12-13 debt; a comprehensive discusssion

Lec 11-12-13 debt; a comprehensive discusssion

Education
Parasitology-Lec 13 Malaria

Parasitology-Lec 13 Malaria

Documents
Cell Biology Lec. 2 Dr: Buthaina H. Al-Sabawi Date:13/12/2011 Cell Biology Lec. 2 Dr: Buthaina H. Al-Sabawi Date:13/12/2011 Lysosomes (Intracellular digestion

Cell Biology Lec. 2 Dr: Buthaina H. Al-Sabawi Date:13/12/2011 Cell Biology Lec. 2 Dr: Buthaina H. Al-Sabawi Date:13/12/2011 Lysosomes (Intracellular digestion

Documents
Principles of the Global Positioning System, Lecture 12 · 3/19/12 12.540 Lec 12 13 . Example of FOGM process. 3/19/12 12.540 Lec 12 14 . Longer correlation time. 3/19/12 12.540 Lec

Principles of the Global Positioning System, Lecture 12 · 3/19/12 12.540 Lec 12 13 . Example of FOGM process. 3/19/12 12.540 Lec 12 14 . Longer correlation time. 3/19/12 12.540 Lec

Documents
Lec.13 Waveguides

Lec.13 Waveguides

Documents
Lec-13 AVL Trees

Lec-13 AVL Trees

Documents
Lec 13 Slides

Lec 13 Slides

Documents
Lec 13 a Graphology

Lec 13 a Graphology

Documents
Requirements ISA CPU Organization (Design) Datapath Designmeseec.ce.rit.edu/eecc550-winter2011/550-12-13-2011.pdf · 2011. 12. 13. · EECC550 - Shaaban #2 Lec # 4 Winter 2011 12-13-2011

Requirements ISA CPU Organization (Design) Datapath Designmeseec.ce.rit.edu/eecc550-winter2011/550-12-13-2011.pdf · 2011. 12. 13. · EECC550 - Shaaban #2 Lec # 4 Winter 2011 12-13-2011

Documents
Lec 13 Sound Insulation

Lec 13 Sound Insulation

Documents
Lec 4 _ Chapter 13

Lec 4 _ Chapter 13

Documents
Lec 13 14 Canine

Lec 13 14 Canine

Documents
Lec 13 - Vestidos de Cristo

Lec 13 - Vestidos de Cristo

Spiritual
Lec 13 BblSORT Mul

Lec 13 BblSORT Mul

Documents
Lec 12 Noise_pollution

Lec 12 Noise_pollution

Documents