key management network systems security n.
Skip this Video
Loading SlideShow in 5 Seconds..
Key Management Network Systems Security PowerPoint Presentation
Download Presentation
Key Management Network Systems Security

Key Management Network Systems Security

67 Vues Download Presentation
Télécharger la présentation

Key Management Network Systems Security

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Key ManagementNetwork Systems Security Mort Anvari

  2. Key Management • Asymmetric encryption helps address key distribution problems • Two aspects • distribution of public keys • use of public-key encryption to distribute secret keys

  3. Distribution of Public Keys • Four alternatives of public key distribution • Public announcement • Publicly available directory • Public-key authority • Public-key certificates

  4. Public Announcement • Users distribute public keys to recipients or broadcast to community at large • E.g. append PGP keys to email messages or post to news groups or email list • Major weakness is forgery • anyone can create a key claiming to be someone else and broadcast it • can masquerade as claimed user before forgery is discovered

  5. Publicly Available Directory • Achieve greater security by registering keys with a public directory • Directory must be trusted with properties: • contains {name, public-key} entries • participants register securely with directory • participants can replace key at any time • directory is periodically published • directory can be accessed electronically • Still vulnerable to tampering or forgery

  6. Public-Key Authority • Improve security by tightening control over distribution of keys from directory • Has properties of directory • Require users to know public key for the directory • Users can interact with directory to obtain any desired public key securely • require real-time access to directory when keys are needed

  7. Public-Key Authority

  8. Public-Key Certificates • Certificates allow key exchange without real-time access to public-key authority • A certificate binds identity to public key • usually with other info such as period of validity, authorized rights, etc • With all contents signed by a trusted Public-Key or Certificate Authority (CA) • Can be verified by anyone who knows the CA’s public key

  9. Public-Key Certificates

  10. Distribute Secret KeysUsing Asymmetric Encryption • Can use previous methods to obtain public key of other party • Although public key can be used for confidentiality or authentication, asymmetric encryption algorithms are too slow • So usually want to use symmetric encryption to protect message contents • Can use asymmetric encryption to set up a session key

  11. Simple Secret Key Distribution • Proposed by Merkle in 1979 • A generates a new temporary public key pair • A sends B the public key and A’s identity • B generates a session key Ks and sends encrypted Ks (using A’s public key) to A • A decrypts message to recover Ks and both use

  12. Problem with Simple Secret Key Distribution • An adversary can intercept and impersonate both parties of protocol • A generates a new temporary public key pair {KUa, KRa} and sends KUa || IDa to B • Adversary E intercepts this message and sends KUe || IDa to B • B generates a session key Ks and sends encrypted Ks (using E’s public key) • E intercepts message, recovers Ks and sends encrypted Ks (using A’s public key) to A • A decrypts message to recover Ks and both A and B unaware of existence of E

  13. Distribute Secret KeysUsing Asymmetric Encryption • if A and B have securely exchanged public-keys ?

  14. Problem with Previous Scenario • Message (4) is not protected by N2 • An adversary can intercept message (4) and replay an old message or insert a fabricated message

  15. Order of Encryption Matters • What can be wrong with the following protocol? AB: N BA: EKUa[EKRb[Ks||N]] • An adversary sitting between A and B can get a copy of secret key Ks without being caught by A and B!

  16. Diffie-Hellman Key Exchange • First public-key type scheme proposed • By Diffie and Hellman in 1976 along with advent of public key concepts • A practical method for public exchange of secret key • Used in a number of commercial products

  17. Diffie-Hellman Key Exchange • Use to set up a secret key that can be used for symmetric encryption • cannot be used to exchange an arbitrary message • Value of key depends on the participants (and their private and public key information) • Based on exponentiation in a finite (Galois) field (modulo a prime or a polynomial) - easy • Security relies on the difficulty of computing discrete logarithms (similar to factoring) – hard

  18. Primitive Roots • From Euler’s theorem: aø(n) mod n=1 • Consider am mod n=1, GCD(a,n)=1 • must exist for m= ø(n) but may be smaller • once powers reach m, cycle will repeat • If smallest is m= ø(n) then a is called a primitive root • if p is prime, then successive powers of a “generate” the group mod p • Not every integer has primitive roots

  19. Primitive Root Example: Power of Integers Modulo 19

  20. Discrete Logarithms • Inverse problem to exponentiation is to find the discrete logarithm of a number modulo p • Namely find x where ax = b mod p • Written as x=loga b mod p or x=inda,p(b) • If a is a primitive root then discrete logarithm always exists, otherwise may not • 3x = 4 mod 13 has no answer • 2x = 3 mod 13 has an answer 4 • While exponentiation is relatively easy, finding discrete logarithms is generally a hard problem

  21. Diffie-Hellman Setup • All users agree on global parameters • large prime integer or polynomial q • α which is a primitive root mod q • Each user (e.g. A) generates its key • choose a secret key (number): xA < q • compute its public key: yA = αxA mod q • Each user publishes its public key

  22. Diffie-Hellman Key Exchange • Shared session key for users A and B is KAB: KAB = αxA.xB mod q = yAxB mod q (which B can compute) = yBxA mod q (which A can compute) • KAB is used as session key in symmetric encryption scheme between A and B • Attacker needs xA or xB, which requires solving discrete log

  23. Diffie-Hellman Example • Given Alice and Bob who wish to swap keys • Agree on prime q=353 and α=3 • Select random secret keys: • A chooses xA=97, B chooses xB=233 • Compute public keys: • yA=397 mod 353 = 40 (Alice) • yB=3233 mod 353 = 248 (Bob) • Compute shared session key as: KAB= yBxA mod 353 = 24897 = 160 (Alice) KAB= yAxB mod 353 = 40233 = 160 (Bob)

  24. Next Class • Hashing functions • Message digests