Créer une présentation
Télécharger la présentation

Télécharger la présentation
## Key Management Network Systems Security

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -

**Key ManagementNetwork Systems Security**Mort Anvari**Key Management**• Asymmetric encryption helps address key distribution problems • Two aspects • distribution of public keys • use of public-key encryption to distribute secret keys**Distribution of Public Keys**• Four alternatives of public key distribution • Public announcement • Publicly available directory • Public-key authority • Public-key certificates**Public Announcement**• Users distribute public keys to recipients or broadcast to community at large • E.g. append PGP keys to email messages or post to news groups or email list • Major weakness is forgery • anyone can create a key claiming to be someone else and broadcast it • can masquerade as claimed user before forgery is discovered**Publicly Available Directory**• Achieve greater security by registering keys with a public directory • Directory must be trusted with properties: • contains {name, public-key} entries • participants register securely with directory • participants can replace key at any time • directory is periodically published • directory can be accessed electronically • Still vulnerable to tampering or forgery**Public-Key Authority**• Improve security by tightening control over distribution of keys from directory • Has properties of directory • Require users to know public key for the directory • Users can interact with directory to obtain any desired public key securely • require real-time access to directory when keys are needed**Public-Key Certificates**• Certificates allow key exchange without real-time access to public-key authority • A certificate binds identity to public key • usually with other info such as period of validity, authorized rights, etc • With all contents signed by a trusted Public-Key or Certificate Authority (CA) • Can be verified by anyone who knows the CA’s public key**Distribute Secret KeysUsing Asymmetric Encryption**• Can use previous methods to obtain public key of other party • Although public key can be used for confidentiality or authentication, asymmetric encryption algorithms are too slow • So usually want to use symmetric encryption to protect message contents • Can use asymmetric encryption to set up a session key**Simple Secret Key Distribution**• Proposed by Merkle in 1979 • A generates a new temporary public key pair • A sends B the public key and A’s identity • B generates a session key Ks and sends encrypted Ks (using A’s public key) to A • A decrypts message to recover Ks and both use**Problem with Simple Secret Key Distribution**• An adversary can intercept and impersonate both parties of protocol • A generates a new temporary public key pair {KUa, KRa} and sends KUa || IDa to B • Adversary E intercepts this message and sends KUe || IDa to B • B generates a session key Ks and sends encrypted Ks (using E’s public key) • E intercepts message, recovers Ks and sends encrypted Ks (using A’s public key) to A • A decrypts message to recover Ks and both A and B unaware of existence of E**Distribute Secret KeysUsing Asymmetric Encryption**• if A and B have securely exchanged public-keys ?**Problem with Previous Scenario**• Message (4) is not protected by N2 • An adversary can intercept message (4) and replay an old message or insert a fabricated message**Order of Encryption Matters**• What can be wrong with the following protocol? AB: N BA: EKUa[EKRb[Ks||N]] • An adversary sitting between A and B can get a copy of secret key Ks without being caught by A and B!**Diffie-Hellman Key Exchange**• First public-key type scheme proposed • By Diffie and Hellman in 1976 along with advent of public key concepts • A practical method for public exchange of secret key • Used in a number of commercial products**Diffie-Hellman Key Exchange**• Use to set up a secret key that can be used for symmetric encryption • cannot be used to exchange an arbitrary message • Value of key depends on the participants (and their private and public key information) • Based on exponentiation in a finite (Galois) field (modulo a prime or a polynomial) - easy • Security relies on the difficulty of computing discrete logarithms (similar to factoring) – hard**Primitive Roots**• From Euler’s theorem: aø(n) mod n=1 • Consider am mod n=1, GCD(a,n)=1 • must exist for m= ø(n) but may be smaller • once powers reach m, cycle will repeat • If smallest is m= ø(n) then a is called a primitive root • if p is prime, then successive powers of a “generate” the group mod p • Not every integer has primitive roots**Discrete Logarithms**• Inverse problem to exponentiation is to find the discrete logarithm of a number modulo p • Namely find x where ax = b mod p • Written as x=loga b mod p or x=inda,p(b) • If a is a primitive root then discrete logarithm always exists, otherwise may not • 3x = 4 mod 13 has no answer • 2x = 3 mod 13 has an answer 4 • While exponentiation is relatively easy, finding discrete logarithms is generally a hard problem**Diffie-Hellman Setup**• All users agree on global parameters • large prime integer or polynomial q • α which is a primitive root mod q • Each user (e.g. A) generates its key • choose a secret key (number): xA < q • compute its public key: yA = αxA mod q • Each user publishes its public key**Diffie-Hellman Key Exchange**• Shared session key for users A and B is KAB: KAB = αxA.xB mod q = yAxB mod q (which B can compute) = yBxA mod q (which A can compute) • KAB is used as session key in symmetric encryption scheme between A and B • Attacker needs xA or xB, which requires solving discrete log**Diffie-Hellman Example**• Given Alice and Bob who wish to swap keys • Agree on prime q=353 and α=3 • Select random secret keys: • A chooses xA=97, B chooses xB=233 • Compute public keys: • yA=397 mod 353 = 40 (Alice) • yB=3233 mod 353 = 248 (Bob) • Compute shared session key as: KAB= yBxA mod 353 = 24897 = 160 (Alice) KAB= yAxB mod 353 = 40233 = 160 (Bob)**Next Class**• Hashing functions • Message digests