Key Management And Key Distribution Key Management And Key Distribution The essential problems addressed by all cryptosystems is how to safely exchange keys and how to easily manage the keys while enabling reliable authentication, authorization and revocation. Simple symmetric distributed key systems – encrypted keys are distributed once physically by SA or by manufacturing. In Dynamic Distributed Key Infrastructures, distributed keys in turn exchange more device/person specific distributed keys, sizing a secure network in much the same way that DNS sizes the Internet. [email protected]
7
Embed
Key Management And Key Distribution The essential problems addressed by all cryptosystems is how to safely exchange keys and how to easily manage the.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Key Management And Key DistributionKey Management And Key Distribution
The essential problems addressed by all cryptosystems is how to safely exchange keys and how to easily manage the keys while enabling reliable authentication, authorization and revocation.
Simple symmetric distributed key systems – encrypted keys are distributed once physically by SA or by manufacturing.
In Dynamic Distributed Key Infrastructures, distributed keys in turn exchange more device/person specific distributed keys, sizing a secure network in much the same way that DNS sizes the Internet.
“Its security depends on a new key being generated and used each time a new message is encrypted; this means that the total number of key bits is too large to be practical”
“A large key-space comes at the price of longer keys, however, and these make the encryption and decryption processes slower. Thus the encryption system designer must trade off speed of operation against resistance to exhaustive search attacks.”
“Anyone using a symmetric-key encryption system must deal with the key exchange problem: if 1 or more recipients are to be able to decrypt a message, they must get the key, and they must be the only ones to get it. … Key exchange is thus a high-overhead operation.”
As much key material needs to be transmitted as the data to be encrypted.
DDKI are systems utilizing distributed keys to safely create and distribute more distributed keys, dynamically and electronically, to scale large secure communities of interest in much the same way that DNS allows the Internet to size itself.
Self provisioning enables clients to generate their own session keys, encrypt their own content and authenticate themselves – this eliminates the majority of server overhead in massive networks and adds little overhead to the client.
Expanding a secure community of interest like DNS does
This is a simple secure closed distributed systemDynamic elements
• dynamic session keys and addresses
• dynamically authenticate session with DIVA
How do we dynamically, electronically and securely expand to add the millions of existing appliances and to build new secure networks users?
Networks
Clients or appliances like routers and switching
Secure Network Server
In existing DDKI
1. Server sends serial number read utilty to new applianceas a firmware patch.
2. New appliance sends MAC#, serial #, NAM, UID to server
3. Server generates unique keys and unique startingoffset from serial #, updates itself with UID, offset,
key info, encrypts private key with application key, andsends package with encrypted private key(s) and secure
application to the new device. New client, router, switch etc.
Coming in from the cold
1. Expand secure networks in 3 steps electronically
2. Secure legacy networks and hardware with software/firmware patches – MFG acceptance is helpful
3. Device receives secure distributed key pair
4. All legacy hardware with MAC# etc. and firmware are quickly and inexpensively added to DDKI
5. Persons can add password for access and two factor authentication