1 / 7

Understanding Key Distribution and Secrets in Public Key Infrastructure (PKI)

This lecture covers the key distribution problem in systems where multiple users can communicate. It explores various schemes, such as the Key Distribution Center (KDC) model, where a central authority assists users in securely exchanging keys. The lecture highlights the challenges of inter-organizational communication, realm hierarchies for scalability, and the roles of Certification Authorities (CAs) in signing certificates. It discusses the implications of KDC and CA compromises, strategies for trust in CA hierarchies, and how to maintain secure communications in a decentralized environment.

tovi
Télécharger la présentation

Understanding Key Distribution and Secrets in Public Key Infrastructure (PKI)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 7: Key Distribution secret keys public keys

  2. Secret Keys Distribution Problem • in the system where there are n users and potentially any user can communicate with any other? • one scheme: each user knows the keys of all the others • needs n2 keys • Key Distribution Center • each user has a key • The KDC has all keys • The KDC assigns a (new) key to any pair who need to talk

  3. Using KDC, variant 1 KDC Bob Alice A wants to talk to B Randomly choose Kab {“B”, Kab}Ka {“A”, Kab}Kb {Message}Kab

  4. A Common Variant KDC Bob Alice A wants to talk to B Randomly choose Kab {“B”, Kab}Ka ,{“A”, Kab}Kb {“A”, Kab}Kb ,{Message}Kab

  5. Interorganizational KDC Lotus KDC SUN KDC MIT KDC F G D E A B C KDC Realms • KDC hierarchy – a way to provide scalability • KDC realm: a KDC and the users of that KDC • issues with KDC • how would you talk to someone in another realm? • how would you know what realm? • how would you know a path to follow? • what can bad KDCs do?

  6. Public Key Distribution • Certification Authority (CA) signs “Certificates” • Certificate: a signed message saying “I, the CA, vouch that 489024729 is Mikhail’s public key” • If everyone has a certificate, a private key, and the CA’s public key, they can authenticate • CA vs. KDC • what if KDC database is stolen? CA private key? • what needs to be done if CA compromised? If KDC compromised? • What if KDC or CA down temporarily?

  7. Strategies for CA Hierarchies • strategies • One universally trusted organization • Top-Down, starting from a universally trusted organization’s well-known key • No rules. Anyone signs anything. End users decide who to trust • Many independent CA’s. Configure which ones to trust • more on that later when we cover PKI

More Related