Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.

Key Management and Distribution

YSL Information Security – Mutual Trust 2

Major Issues Involved in Symmetric Key Distribution

• For symmetric encryption to work, the two parties of an exchange must share the same key and that key must be protected.

• Frequent key changes may be desirable to limit the amount of data compromised.

• The strength of a cryptographic system rests with the technique for solving the key distribution problem -- delivering a key to the two parties of an exchange.

• The scale of the problem depends on the number of communication pairs.

YSL 3

Approaches to Symmetric Key Distribution

Let A (Alice) and B (Bob) be the two parties.

• A key can be selected by A and physically delivered to B.

• A third party can select the key and physically deliver it to A and B.

• If A and B have previously and recently used a key, one party can transmit the new key to the other, encrypted using the old key.

• If A and B each has an encrypted connection to a third party C,

• C can deliver a key on the encrypted links to A and B.

Information Security – Mutual Trust

Symmetric Key Distribution Task

Information Security – Mutual Trust 4YSL

Symmetric Key Hierarchy

Typically a hierarchy structure of keys is adopted. Session keys

– temporary key– used for encryption of data between users– for one logical session then discarded

Master keys– used to encrypt session keys– shared by each user & the key distribution center


Symmetric Key Hierarchy


Symmetric Key Distribution Scenario


Symmetric Key Distribution Issues

• Hierarchies of KDC’s required for large networks, but must trust each other

• Session key lifetimes should be limited for greater security

• Use of automatic key distribution on behalf of users, but must trust system

• Use of decentralized key distribution

• Controlling key usageInformation Security – Mutual Trust 8YSL

Symmetric Key Distribution Using Public Keys

Public key cryptosystems are inefficient.– almost never used for direct data encryption– rather used to encrypt secret keys for distribution


Simple Secret Key Distribution

• Merkle proposed this very simple scheme– allows secure communications– no keys before/after exist


YSL 11

Simple Secret Key Distribution (cont’d)

• Simple secret key distribution (cont’d)– advantages

• simplicity

• no keys stored before and after the communication

• security against eavesdropping

– disadvantages• lack of authentication mechanism between participants

• vulnerability to an active attack as described in the next slide

• leak of the secret key upon such active attacks


Man-in-the-Middle Attacks

This very simple scheme is vulnerable to an active man-in-the-middle attack.


Secret Key Distribution with Confidentiality & Authentication


YSL 14

Secret Key Distribution with Confidentiality & Authentication (cont’d)

• Provision of protection against both active and passive attacks

• Assurance of both confidentiality and authentication in the exchange of a secret key

• Availability of public keys a priori

• Complexity


YSL 15

Public Key Distribution

• The distribution of public keys– public announcement– publicly available directory– public-key authority– public-key certificates

• The use of public-key encryption to distribute secret keys– simple secret key distribution– secret key distribution with confidentiality and

authenticationInformation Security – Mutual Trust

YSL 16

Public Key Distribution (cont’d)


• Public announcement

YSL 17


• Public announcement (cont’d)– advantages: convenience– disadvantages: forgery of such a public

announcement by anyone


YSL 18



• Publicly available directory

YSL 19


• Publicly available directory (cont’d)– elements of the scheme

• {name, public key} entry for each participant in the directory

• in-person or secure registration• on-demand entry update• periodic publication of the directory• availability of secure electronic access from the

directory to participants

– advantages: greater degree of security


YSL 20


• Publicly available directory (cont’d)– disadvantages

• need of a trusted entity or organization• need of additional security mechanism from the directory

authority to participants• vulnerability of the private key of the directory authority

(global-scaled disaster if the private key of the directory authority is compromised)

• vulnerability of the directory records


YSL 21



• Public-key authority

YSL 22


• Public-key authority (cont’d)– stronger security for public-key distribution can be

achieved by providing tighter control over the distribution of public keys from the directory

– each participant can verify the identity of the authority– participants can verify identities of each other– disadvantages

• bottleneck effect of the public-key authority

• vulnerability of the directory records


YSL 23



• Public-key certificates

YSL 24


• Public-key certificates (cont’d)– to use certificates that can be used by participants to

exchange keys without contacting a public-key authority

– requirements on the scheme• any participant can read a certificate to determine the name

and public key of the certificate’s owner• any participant can verify that the certificate originated from

the certificate authority and is not counterfeit• only the certificate authority can create & update certificates• any participant can verify the currency of the certificate


YSL 25


• Public-key certificates (cont’d)– advantages

• to use certificates that can be used by participants to exchange keys without contacting a public-key authority

• in a way that is as reliable as if the key were obtained directly from a public-key authority

• no on-line bottleneck effect

– disadvantages: need of a certificate authority


Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.

Documents

key distribution problem

key management

new key

old key

distribution slide

session key lifetimes

frequent key changes

session keys temporary