Upload
rohfollower
View
221
Download
0
Embed Size (px)
Citation preview
8/16/2019 Lec 12 and 13
1/27
Network Security
(Key Management)
8/16/2019 Lec 12 and 13
2/27
Key Management
One of the major roles of public-keyencryption has been to address theproblems of key distribution
!wo distinct aspects of public keycryptography" !he distribution of public keys !he use of public key encryption to
distribute secret keys
8/16/2019 Lec 12 and 13
3/27
#istribution of $ublic keys
$ublic announcements$ublicly a%ailable directory$ublic key authority
$ublic key certi&cates
8/16/2019 Lec 12 and 13
4/27
$ublic 'nnouncements
'ny participant can send his public keyto any other participant or broadcast thekey to the community at large
ample " $*$ that uses +S' has adopted
the practice of appending their public key tomessages that they send to public forumssuch as newsgroups and internet mailing lists
Seems to be con%enient, has major
weaknesses 'nyone can forge, !hat issome user pretend to be user ' andbroadcast its public key ntil noticed ,forger can able to read encrypted
messages intended for ' and can use keys
8/16/2019 Lec 12 and 13
5/27
$ublic 'nnouncements
8/16/2019 Lec 12 and 13
6/27
$ublicly '%ailable#irectory
Some sort of security can be achie%edby maintaining a publicly a%ailabledynamic directory of public keys
Maintenance and distribution will bethe responsibility of some trusted entityor organi.ation
8/16/2019 Lec 12 and 13
7/27
$ublicly '%ailable#irectory
!he authority maintains a directorywith a /name, public key0 entry foreach participant
ach participant register a public keywith the directory authority +egistrationwould ha%e to be in person or by someform of secure authenticatedcommunication
$articipant may replace the e istingkey
$articipants could also access the
8/16/2019 Lec 12 and 13
8/27
u c y %a a e#irectoryStill its %ulnerable , if an ad%ersary
succeed in obtaining the pri%ate key of thedirectory authority, it can authoritati%elypass out counterfeit public keys andsubse2uently impersonate and ea%esdrop
any participant'nother way is to temper records kept by
the authority
8/16/2019 Lec 12 and 13
9/27
$ublic Key 'uthority
Stronger security can be achie%ed bypro%iding tighter control o%erdistribution of public keys from directory
'ssumes that central authoritymaintains a dynamic directory of publickeys of all participants
ach participant reliably knows publickey of the authority, with only authorityknows pri%ate key
8/16/2019 Lec 12 and 13
10/27
Steps in%ol%ed ' sends a time stamped message to the publickey authority containing a re2uest for the current
public key of 3 !he authority responds with the message that is
encrypted using the authority4s pri%ate key , $+ auth !hus ' is able to decrypt the message using theauthority4s public key !herefore ' is assured thatthe message originated with the authority
!he message includes"3 public key, $ b , which ' can use to encrypt
messages destined for 3 !he original re2uest , to enable ' to match this
response with the corresponding earlier re2uest and%erify that original re2uest was not altered beforereception by the authority
!he original timestamp, so ' can determine that this isnot an old message from the authority containing a key4
8/16/2019 Lec 12 and 13
11/27
5ontinued6
' Stores 34s public key and also usesit to encrypt a message to 3 containingan identi&er of ' (7# ' ) and a nonce (N 8) ,which is used to identify this transactionuni2uely
3 retrie%es '4s public key from theauthority in the same manner as 'retrie%es 34s public key
't this point , public key has beensecurely deli%ered to ' and 3 and theymay begin there protected e change
8/16/2019 Lec 12 and 13
12/27
!wo 'dditional Steps3 sends a message to ' encrypted
with $ a and containing '4s nonce(N 8)as well as a new nonce generated by 3
(N 9) 3ecause only 3 could ha%edecrypted message (:), the presence ofN8 in message (;) assures ' that the
corresponding is 3' returns N 9 , encrypted using 34s
public key , to assure 3 that is
corresponding is '
8/16/2019 Lec 12 and 13
13/27
5ontinued !otal are se%en steps, the initial four
steps are used infre2uently becauseboth ' and 3 can sa%e the other4spublic key for future use, known as
caching$eriodically user should re2uest fresh
copies of public key to ensure currency
8/16/2019 Lec 12 and 13
14/27
$ublic Key 'uthority
8/16/2019 Lec 12 and 13
15/27
$ublic key certi&cates
8/16/2019 Lec 12 and 13
16/27
$ublic key 5erti&cates
' user can present his public key to theauthority in a secure manner , and obtain acerti&cate
!he user then publish the certi&cate'ny one needed this user public key can
obtain the certi&cate and %erify that it is%alid by way of the attached trusted
signature' participant can also con%ey its key
information to another by transmitting its
certi&cate
8/16/2019 Lec 12 and 13
17/27
+e2uirements'ny participant can read a certi&cate
to determine the name and public keyof the certi&cate owner
'ny participant can %erify that thecerti&cate originated from thecerti&cate authority and is notcounterfeit
Only the certi&cate authority cancreate and update certi&cate
'ny participant can %erify the
currency of the certi&cate
8/16/2019 Lec 12 and 13
18/27
$ublic key 5erti&cates
ach participant applies to thecerti&cate authority, supplying a publickey and re2uest a certi&cate
'pplication must be in person or bysome form of secure authenticatedcommunication
1or participant ', the authoritypro%ides a certi&cate of the form"
=here $+ auth is the pri%ate key used by
the authority and ! is the timestamp
8/16/2019 Lec 12 and 13
19/27
5ontinued6' may then pass this certi&cate on to any
other participant , who reads and %eri&es thecerti&cate
as follows"
!he recipient uses the authority public key, $auth , to decrypt the certi&cate
3ecause the certi&cate is readable only usingauthority4s public key, this %eri&es authenticityof certi&cate authority
!he elements 7# ' and $ a pro%ides therecipient with the name and the public key of
8/16/2019 Lec 12 and 13
20/27
!ime Stamp Scenario
' pri%ate key is learned by thead%ersary' generates a new pri%ate>public key
pair and applies to the certi&cateauthority for new certi&cate
Meanwhile , the ad%ersary replays theold certi&cate to 3 if 3 then encryptsmessages using compromised old publickey, the ad%ersary can read thosemessages
8/16/2019 Lec 12 and 13
21/27
$ublic Key 5erti&cate
f
8/16/2019 Lec 12 and 13
22/27
#istribution of Secret Keyusing $ublic Key
cryptography$ublic key encryption can be usedfor distribution of Secret keys
8/16/2019 Lec 12 and 13
23/27
Simple Secret Key#istribution
' generates a public>pri%ate keypair/$ a , $+ a 0 and transmits amessage to 3 consisting of $ a andan identi&er of ', 7# '
3 generates a secret key , K s , andtransmit it to ', encrypted with '4spublic key
' computes #($+ a , ($ a , K s)) toreco%er the secret key 3ecause only
' can decrypt the message, only '
8/16/2019 Lec 12 and 13
24/27
Simple Secret Key#istribution
' and 3 can now securelycommunicate using con%entionalencryption and the session Key K s
't the completion of e change bothdiscard K sNo keys e ist at the start of
communication and none e ist afterthe completion of communication !hus the risk of keys compromise is
minimal
8/16/2019 Lec 12 and 13
25/27
Simple Secret Key#istribution
S t k #i t ib ti ith
8/16/2019 Lec 12 and 13
26/27
Secret key #istribution withcon&dentiality and
authentication' uses 34s public key to encrypt a message to 3containing an identi&er of ' (7# ' ) and nonce(N 8),which is used to identify this transaction uni2uely
3 sends a message to ' encrypted with $ a and
containing '4s nonce(N 8) as well as a new noncegenerated by 3 (N 9) 3ecause only 3 could ha%edecrypted message(8), the presence of N 8 inmessage(9) assures ' that the correspondent is 3
' returns N9, encrypted using 34s public key, to
assure 3 that its correspondent is '' selects a secret key K s and sends M? ($ b , ($+
a , K s)) to 3ncryption of this message with 34s public key
ensures that only 3 can read it@ encryption with ' As
8/16/2019 Lec 12 and 13
27/27
#iBe-Cellman Keychange
'lice and 3ob want to share a secret key using#iBe-Cellman'lice chooses a large prime number p and a largenumber called the generator g which is less than
p @ these two %alues ( g and p ) are sent to 3ob'lice chooses a number a and calculates A ? g a (mod p )@ the %alue A is sent to 3ob3ob chooses a number b and calculates B ? g b
(mod p )@ the %alue B is sent to 'lice'lice calculates the shared secret K ? Ba (mod p )3ob calculates the shared secret K ? A b (mod p )