key management and distribution
play

Key Management and Distribution Class 5 Stallings: Ch 14 1 - PowerPoint PPT Presentation

Key Management and Distribution Class 5 Stallings: Ch 14 1 CIS-5373: 10.February.2020 Announcement Homework 1 due today Still waiting for paper assignments 2 CIS-5373: 10.February.2020 Key Distribution: The Problem 1 C=


  1. Key Management and Distribution Class 5 Stallings: Ch 14 1 CIS-5373: 10.February.2020

  2. Announcement  Homework 1 due today  Still waiting for paper assignments 2 CIS-5373: 10.February.2020

  3. Key Distribution: The Problem 1 C= Encrypt(pubKey B , M) Alice 2 Bob Has message M Intercept C pubKey B - public pubKey B - public privKey B - private Cannot Infer privKey B M= Decrypt(privKey B , C) from pubKey B ! Cannot Obtain M ! Malory 3 CIS-5373: 10.February.2020

  4. Key Distribution: Symmetric Key Scenario  Deliver a key to two parties that need to communicate securely  Delivery needs to be secure: only the two parties have access to the key 4 CIS-5373: 10.February.2020

  5. Symmetric Key Scenario  Two parties A and B  Symmetric encryption: most efficient way to send encrypted data  Both parties need to share a secret  For N parties, this means N(N-1)/2 secrets !  Not all are needed  How to securely and efficiently establish pairwise secrets 5 CIS-5373: 10.February.2020

  6. How To Distribute Keys  Session key distribution with symmetric crypto  Session key distribution with public key crypto  Distribution of authentic public keys  X.509 certificates 6 CIS-5373: 10.February.2020

  7. Symmetric Crypto Notations  Alice shares key K A with KDC  Encryption: E A (M) = E(K A , M) = C  Decryption: D A (M) = D(K A , C) 7 CIS-5373: 10.February.2020

  8. Symmetric Key Based Distribution A and B share secret key A: K A with KDC ! B: K B 1 “Hi”, A, B Trent T (KDC) 2 E A (K AB ), E B (K AB ) 4 E B (K AB ) 6 E AB (M) Alice A Bob B 3 5 D A (E A (K AB )) =K AB D B (E B (K AB )) = K AB 8 CIS-5373: 10.February.2020

  9. Key Distribution Problems  Trent (the KDC) is absolutely trusted  If Malory corrupts KDC, all is gone  Malory can read all user communication  Why ?  Trent is a bottleneck  If Trent fails, the entire system is disrupted 9 CIS-5373: 10.February.2020

  10. How To Distribute Keys  Session key distribution with symmetric crypto  Session key distribution with public key crypto  Distribution of authentic public keys  X.509 certificates 10 CIS-5373: 10.February.2020

  11. Public Key Based Distribution  A and B use public key crypto  To agree on a session key  Session key is used to encrypt communications  How do A and B know each other’s public keys? 11 CIS-5373: 10.February.2020

  12. Public Key Crypto Notations  Alice has key pair (pk A , pr A )  pk A is the public key  pr A is the private key  Encryption/Decryption  C = E A (Msg) = E(pk A , Msg) – anyone can do  D A (C) = D(pr A , C) – only Alice can do this 12 CIS-5373: 10.February.2020

  13. KD with Public Key – Direct Exchange Merkle proposed this very simple scheme 1 Hi, A, pk A 2 E(pk A , K AB ) 3 Alice A E AB (M) Bob B 13 CIS-5373: 10.February.2020

  14. Man-in-the-Middle Attack 1 1 Hi, A, pk A Hi, A, pk A Alice A Bob B 2 Intercept/Block 5 E(pk A , K AM ) 3 “Hi”, A, pk M 6’ E AM (Msg’) 4 E(pk M , K BM ) 6 From then on E BM (Msg) Bob talks to Malory Malory M thinking it is Alice ! 14 CIS-5373: 10.February.2020

  15. Key Distribution with Public Key and KDC A: pk A B: pk B 1 “Hi”, A, B Do you see the problem ? Trent T (KDC) 2 B, pk B 4 E(pk B , K AB ) 6 E AB (M) Alice A Bob B 3 5 Generate session D(pr B , E(pk B , K AB )) = K AB key K AB 15 CIS-5373: 10.February.2020

  16. How To Distribute Keys  Session key distribution with symmetric crypto  Session key distribution with public key crypto  Distribution of authentic public keys  X.509 certificates 16 CIS-5373: 10.February.2020

  17. Distribution of Public Keys !  How are they distributed in the first place ?  Remember Merkle’s solution  … and the Man -in-the-Middle Attack  Need an authentic way to distribute keys !  Alternatives  Public announcement  Publicly available directory  Public-key authority  Public-key certificates 17 CIS-5373: 10.February.2020

  18. Public Announcement  Similar to Merkle’s first step …  Users distribute public keys to recipients or broadcast to community at large  Append keys to email messages  Post to news groups or email list  Major weakness is man-in-the-middle  Anyone can create a key claiming to be someone else and broadcast it  Until forgery is discovered can masquerade as claimed user 18 CIS-5373: 10.February.2020

  19. Publicly Available Directory  Register keys with a public directory  Directory contains {name,public-key} entries  Participants register securely with directory  In person or using secure authentication  Participants can replace key at any time  Directory can be accessed electronically  Needs secure, authentic communication to directory  Vulnerable to tampering or forgery 19 CIS-5373: 10.February.2020

  20. Public Key Authority  Has properties of directory plus  Requires users to know public key of authority  Users interact with directory to obtain any desired public key securely  Requires real-time access to directory when keys are needed  May be vulnerable to tampering 20 CIS-5373: 10.February.2020

  21. Public Key Crypto Notations  Alice has key pair (pk A , pr A )  pk A is the public key  pr A is the private key  Encryption/Decryption  E A (M) = E(pk A ,M) – anyone can do this  D A (M) = D(pr A ,M) – only Alice can do this  Signature/Verification  S A (M) : sign message M with private key of A  V A (M, S) : verify that S is a signature for M  Uses A’s public key 21 CIS-5373: 10.February.2020

  22. Public Key Authority (Needham-Schroeder with Public Keys) T 1 is timestamp A: pk A prevents replay B: pk B attacks ! 5 S T (A, pk A ,T 2 ) 1 Req, B, T 1 4 Req, A, T 2 Trent T (KDC) 2 S T (B, pk B ,T 1 ) == ? 3 E B (A, N A ) 6 E A (N A , N B ) 7 Bob B Alice A E B (N B ) == ? 22 CIS-5373: 10.February.2020

  23. Public Key Authority Use (cont’d)  Why do we need T’s signature ?  A and B can be sure of the other’s public key  Why do we need steps 6 and 7 ?  A makes sure B knows its private key  Makes sure Mallory cannot impersonate B  … and vice -versa 23 CIS-5373: 10.February.2020

  24. How To Distribute Keys  Session key distribution with symmetric crypto  Session key distribution with public key crypto  Distribution of authentic public keys  X.509 certificates 24 CIS-5373: 10.February.2020

  25. Public Key Certificates  Allow key exchange without real-time access to public-key authority  Bind identity to public key  Plus other info: period of validity, rights of use etc  All contents signed by a trusted Public-Key or Certificate Authority (CA)  Can be verified by anyone who knows the public-key authority’s public -key 25 CIS-5373: 10.February.2020

  26. Certificate Requirements  Anyone can read the name and public key from a certificate  Only the CA can create and update certificates  Anyone can verify the validity of the certificate 26 CIS-5373: 10.February.2020

  27. How are Certificates Used ? Using authenticated channel ! 2’ C(B)=S T (B,pk B ,T 2 ) 1 Req, pk A 1’ Req, pk B Trent T (CA) 2 C(A)=S T (A,pk A ,T 1 ) 3 C(A) 4 C(B) Bob B Alice A 27 CIS-5373: 10.February.2020

  28. How are Certificates Used ? (cont’d)  Certificates issued  Over authenticated channels  In person  Certificates are re-issued infrequently  Steps 1 and 2 are done once  Certificates contain timestamp and validity period  User can verify certificate validity  Example CAs: Symantec (VeriSign), Comodo, GoDaddy 28 CIS-5373: 10.February.2020

  29. Symantec (former VeriSign)  For websites  Examines  Traditional documents like articles of incorporation and business licenses  Digital verification of each site operated by the organization 29 CIS-5373: 10.February.2020

  30. WebTrust https://cert.webtrust.org 30 CIS-5373: 10.February.2020

  31. X.509 Certificates  Part of CCITT X.500 directory service standards  Distributed servers maintaining user info database  Defines framework for authentication services  Directory may store public-key certificates  Public key of user signed by certification authority  Defines authentication protocols  Uses public-key crypto & digital signatures  Algorithms not standardised, but RSA recommended  X.509 certificates are widely used  have 3 versions 31 CIS-5373: 10.February.2020

  32. X.509 Certificate Generation CA Priv. Key Alice ID Public Key CA info Alice ID Public Key CA info Hash H Signature Algorithm Alice’s certificate 32 CIS-5373: 10.February.2020

  33. X.509 Certificate Verification Alice ID Public Key Hash H Hash value h 1 CA info CA Pub. Key Valid? Verification Algorithm Alice’s certificate 33 CIS-5373: 10.February.2020

Recommend


More recommend