Ch14: Key Distribution (Computer and Network Security)

8/17/2019 Ch14: Key Distribution (Computer and Network Security)

1/37

Chapter 14:

Key Distribution


2/37

Agenda

Symmetric Key distribution using symmetric techniques Symmetric Key distribution using Asymmetric techniques

Symmetric Key distribution using hybrid techniques

Asymmetric Key distribution

Certifcate Example


3/37

Defnition

Link encryption (link or physical layer encryption): is an appcommunications security that encrypts and decrypts all trac at eaa communications line

End-to-end encryption (Application encryption) : messages aencrypted by the sender at the point o! origin and only decrypted bintended recei#er$


4/37

%o& to share a Secret Key?

1.A

can select a 'ey and physically deli#er it toB

$ 2. A third party can select the 'ey and physically deli#er it to A

3. (! A and B ha#e pre#iously and recently used a 'ey) one party cathe ne& 'ey to the other) encrypted using the old key$

4. (! A and B each has an encrypted connection to a third partydeli#er a 'ey on the encrypted lin's to A and B $

*hich one+s, are more appropriate !or -in' encryption . *hich onemore appropriate !or end/to/end encryption .


5/37

Symmetric Keydistribution using

symmetric technique


6/37

Defnition

A session key is a temporary encryption 'ey used bet&een t&o prA aster key is a long/lasting 'ey that is used bet&een a 'ey distcenter and a principal !or the purpose o! encoding the transmission'eys$ 0ypically) the master 'eys are distributed by noncryptograpmeans$

A nonce is an arbitrary number used only once in a cryptographic

communication) in the spirit o! a nonce &ord +

23 5678,$ 0he nona timestamp) a counter) or a random number9 the minimum requirethat it diers &ith each request$

*e &ill al&ays tal' about distributing session 'eys or public '


7/37

using Symmetric encryptionexample

%o& &ould A ma'esure that ; is the onereplying.

%o& &ould ; be surethat A is the one

replying.

%o& &ould A


8/37

using Symmetric encryptionexample

%o& &ould A ma'esure that ; is the onereplying.

%o& &ould ; be surethat A is the one

replying.

%o& &ould A


9/37

A 0ransparent Key ControlScheme

0he sender doesn=tha#e to &orry or e#enbe a&are by theencryption


10/37

%ierarchical Key Control

>ne KDC !or all the &orld . Each host is lin'ed to one KDC

KDCs lin' together to !or a tree !or communication

0he tree decrease the o#erhead o#er each KDC) and minimi?e the a !aulty KDC$


11/37

!ession "ey Li#etie

$hen !hould % e&change a ne' session key *hen the old 'ey is exploit$ *hen it is used too much by number o! messages or time$ +to pre#ent a

predictions,$

(n connection oriented approach) it could be used !or e#ery ne& connect

it is ore secure to change session key #re*uently+, $hy duse a ne' session key #or each essage

0he 'ey exchange induce extra o#erhead +delay, on the connection$ *e need to decide &isely bet&een security and o#erhead$


12/37

0ypes o! session 'eys

ata-encrypting 'ey) !or general communication across a net&o /%0-encrypting 'ey) !or personal identifcation numbers +@(s, uselectronic !unds trans!er and point/o!/sale applications

ile-encrypting 'ey) !or encrypting fles stored in publicly accesslocations$

B$ Etc

*hy do &e ha#e dierent types o! 'eys.

%o& do you 'no& &hat is the type o! the 'ey.


13/37

DES control schema

seE!

!or encrypting 'ey a'es use o! the extra bits in each F4/bit DES +or GDES, 'ey$ +re&as HF/bit,

ype o# in#oration in this e&tra its : sed !or Encryption

sed !or Decryption

Session Key< aster Key

Liitation : 0he tag length is limited to bits) limiting its Iexibility and !unctionality

;ecause the tag is not transmitted in clear !orm) it can be used only at tdecryption) limiting the &ays in &hich 'ey use can be controlled$


14/37

Control Jector schema

(t defes the limitation o! the-ast schema:

Si?e o! control #ector is#ariable and Iexible

Control #ector are sent in aclear !orm


15/37

Key distribution usinAsymmetric techniqu


16/37

using Asymmetric encryptionexample

an in the iddle Attac'

Solution?


17/37

using Asymmetric encryptionexample

Confdentiality Authentication) $$ ;ut ho& it got the @ublic 'ey o! th


18/37

%ybrid Key distributioS(L SME0N(C AD ASME0N(C 0EC%(O


19/37

%ybrid approachDistribute session 'ey using master 'ey +symmetric Encryption,

Distribute aster 'eys using + @ublic Encryption,

National . /er#orance +public/pri#ate encryption is computational costy,

Back'ard copatiility


20/37

Distribution o! @ubl'ey


21/37

Distribution o! public 'eys

@ublic announcement easy to masquerade #ery high o#erhead


22/37


@ublic announcement @ublic A#ailable directory

directory ha#e to be trusted contains Pname)public/'eyQ entries participants register securely &ith directory participants can replace 'ey at any time directory is periodically published directory can be accessed electronically Still easy to masquerade +an/in/the B,


23/37


@ublic announcement @ublic A#ailable directory @ublic/'ey authority


24/37

@ublic/Key Authority

-i'e @ublic directory but &ith Authentication


25/37


@ublic announcement @ublic A#ailable directory @ublic/'ey authority @ublic/'ey Certifcate

certifcates allo& 'ey exchange &ithout real/time access to'ey authority

a certifcate binds identity to public 'ey usually &ith othe

such as period o! #alidity) rights o! use etc &ith all contents signed by a trusted @ublic/Key or Certifca

Authority +CA, can e eri5ed by anyone &ho 'no&s the public/'ey aut

public/'ey


26/37

@ublic/Key Certifcates1$ Any participant can read acertifcate to determine thename and public 'ey o! thecertifcate=s o&ner$

2. Any participant can #eri!ythat the certifcate originated!rom the certifcate authority

and is not counter!eit$

3. >nly the certifcateauthority can create andupdate certifcates$

4. Any participant can #eri!ythe currency o! the

certifcate$


27/37

@ublic/Key Certifcates -imitation:

(t ta'es time) in case o!certifcate change$

sers might use oldcertifcates$


28/37

T$HUV CEN0(W(CA0E


29/37

@ublic/Key Certifcate se


30/37

T$HUV certifcate contents

6eeer7 @ublic Ke


31/37

6eeer7 @ublic/KeyCertifcates Neq.

1$ Any participant can read a certifcate to determine the name and public certifcate=s o&ner$

2. Any participant can #eri!y that the certifcate originated !rom the certifcand is not counter!eit$

3. >nly the certifcate authority can create and update certifcates$

4. Any participant can #eri!y the currency o! the certifcate$

;ecause certifcates are un!orgeable) they can be placed in a directory &it!or the directory to ma'e special eorts to protect them$


32/37

Chain o! CA (s there only >ne CA in the &orld .

%nitially A has certifcate !rom CA T1$ A securely 'no&s T1=s public 'ey$

; has certifcate !rom CA TR$ ; securely 'no&s TR=s public 'ey$

CAs ha#e securely exchanged their o&n public 'eys

A 'ants to eri#y Bs certi5cate signed y 82

A obtains !rom the directory the certifcate o! TR signed by T1$ A can obtain TR=s public 'ey !rom its certifcate and #eri!y it by means o!

signature on the certifcate$

A then goes bac' to the directory and obtains the certifcate o! ; signed

;ecause A no& has a trusted copy o! TR=s public 'ey)A can #eri!y the sig

securely obtain ;=s public 'ey$


33/37

Chain o! CA 0otation 7 T1 has certifcate o! TR T1 XXTRYY

/reious e&aple7 T1 XXTRYY TR XX;YY +&hat doesmean.,

A chain o! CAs T1 XXTRYY TRXXTGYY TG XXT4YY BB

require that each pair Ti ) TiZ1 to secretly share their public 'ey in ad

%o& to determine the chain o! CAs that contains the certifcate.


34/37

Determine the chain o! CAs Each CAs has t&o types o! certifcates or'ard certi5cates: Certifcates o! T

generated by other CAs

6eerse certi5cates7 Certifcatesgenerated by T that are the certifcates o!other CAs$

%o& to fnd the path in the tree is beyondour scope

A acquires ; certifcate using chain:TXX*YY*XXJYYJXXMYYMXX[YY[XX;YY

; acquires A certifcate using chain:[XXMYYMXXJYYJXX*YY*XXTYYTXXAYY

C tif t N ti


35/37

Certifcate Ne#ocation+in#alidating,$hy

0he user=s pri#ate 'ey is assumed to be compromised$ 0he user is no longer certifed by this CA$ Neasons !or this include that the sub\ect=s nam

changed) the certifcate is superseded) or the certifcate &as not issued in con!ormance policies$

0he CA=s certifcate is assumed to be compromised$

Each CA must maintain a list (C6L) consisting o! all re#o'ed but not expired certissued by that CA

Each certifcate re#ocation list +CN-, posted to the directory is signed by the issue

CN- includes the issuer=s name)

the date the list &as created)

the date the next CN- is scheduled to be issued

An entry !or each re#o'ed certifcate$ +Certifcate is identifed by its serial number,


36/37

@ublic Key (n!rastructure


37/37

0han' Mou

Ch14: Key Distribution (Computer and Network Security)

Documents