1 / 20

Introduction to Cryptographic Key Management

Introduction to Cryptographic Key Management. Outline. Context Definitions Description Principles Illustrations and Demonstrations Recommendations. Context -- Cryptography is:. use of secret codes to hide and authenticate data suited to open and hostile environments broadly applicable

jkeating
Télécharger la présentation

Introduction to Cryptographic Key Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to Cryptographic Key Management

  2. Outline • Context • Definitions • Description • Principles • Illustrations and Demonstrations • Recommendations

  3. Context -- Cryptography is: • use of secret codes to hide and authenticate data • suited to open and hostile environments • broadly applicable • portable • composable • can emulate any media or environment control • arbitrarily strong • effective • efficient

  4. Context • cost of crypto is low • falling with the cost of computing • relative strength is rising • strong as we need it to be • stronger than other security mechanisms • strong link in the security chain • robust, resilient, not likely to break • very unlikely to collapse • advantage is to the cryptographer

  5. Modern Cryptography - the great inventions • automatic encoding and decoding • the large independent key variable • complexity-based encryption (DES) • asymmetric key • automatic key management

  6. Message DES DES Message Symmetric Key Cryptography Out-of -channel exchange

  7. Key Management • generation • recording • transcription • distribution • installation • storage • change • disposition • and control

  8. Key Management • generation • recording • transcription • distribution • installation • storage • change • disposition • and control

  9. Key Management • is very important • must be rigorous and disciplined • principal point of attack • not intuitive • easy to screw up

  10. Modern Key Management • fully automated, (i.e., no manual operations) • permits frequent key change (e.g., file, session, message, transaction, or other data object) • increases the effective key length or security • balances the interests in the key of multiple parties • application of RSA • and smart cards • may be integrated or stand-alone

  11. Applications of Key Management • increase effective strength • compensate for limitations of algorithm • involve multiple people in sensitive duties • personal security environments

  12. Principles of Key Management • No key may ever appear in the clear • All keys must be randomly generated by a crypto engine • Keys must be chosen evenly from the entire key space • Must not have any (visible) structure • Key-encrypting keys are separate from data keys • Everything encrypted under a key-encrypting key must originate within a crypto engine • Key management must be automated

  13. Asymmetric Key Cryptography • key has two parts • what is encrypted with one part may only be decrypted with the other • only one part need be kept secret • requires a minimum of prearrangement

  14. Public Key Issues • public key need not be kept secret • must be the right key • i.e., association between public key and legal person • encapsulated in a certificate • signed by someone who knows

  15. Message RSA RSA Message Digital Envelope Bob’sPublic Key Bob’sPrivate Key Bob

  16. Message RSA Message RSA Message Digital Signature John’sPrivate Key John’sPublic Key

  17. Characteristic DES RSA Relative Speed Fast Slow Functions Used Transposition Multiplication & Substitution Key - length 56 bits 400-800 bits Least Cost Attack Exhaustion Factoring Cost of Attack Centuries Centuries Time to Generate Micro-seconds Tens of Seconds a Key Key Type Symmetric Asymmetric

  18. RSA DES Message Message DES RSA Message Hybrid Cryptography Jane’sPublic Key Jane’sPrivate Key Jane

  19. Key Management Systems and Protocols • PGP • RSA Secure • Kerberos KDC • Secure Socket Layer (SSL) • XML Key Management System • X509 Certificates/PKIX • BBN SafeKeyper • ISAKMP and Oakley

More Related