ch14 key mgt
TRANSCRIPT
-
7/27/2019 Ch14 Key Mgt
1/34
Cryptography andNetwork Security
Fifth Editionby William Stallings
-
7/27/2019 Ch14 Key Mgt
2/34
Key Management and
Distributiontopics of cryptographic key management /key distribution are complex
cryptographic, protocol, & management issues
symmetric schemes require both parties toshare a common secret keypublic key schemes require parties toacquire valid public keyshave concerns with doing both
-
7/27/2019 Ch14 Key Mgt
3/34
Key Distribution
symmetric schemes require both parties toshare a common secret key
issue is how to securely distribute this keywhilst protecting it from othersfrequent key changes can be desirable
often secure system failure due to a breakin the key distribution scheme
-
7/27/2019 Ch14 Key Mgt
4/34
Key Distribution
given parties A and B have various keydistribution alternatives:
1. A can select key and physically deliver to B2. third party can select & deliver key to A & B3. if A & B have communicated previously can
use previous key to encrypt a new key4. if A & B have secure communications with a
third party C, C can relay key between A & B
-
7/27/2019 Ch14 Key Mgt
5/34
Key Distribution Task
-
7/27/2019 Ch14 Key Mgt
6/34
Key Hierarchy
typically have a hierarchy of keyssession key
temporary keyused for encryption of data between usersfor one logical session then discarded
master keyused to encrypt session keysshared by user & key distribution center
-
7/27/2019 Ch14 Key Mgt
7/34
Key Hierarchy
-
7/27/2019 Ch14 Key Mgt
8/34
Key Distribution Scenario
-
7/27/2019 Ch14 Key Mgt
9/34
Key Distribution Issues
hierarchies of KDCs required for largenetworks, but must trust each other
session key lifetimes should be limited forgreater securityuse of automatic key distribution on behalf
of users, but must trust systemuse of decentralized key distributioncontrolling key usage
-
7/27/2019 Ch14 Key Mgt
10/34
Symmetric Key Distribution
Using Public Keyspublic key cryptosystems are inefficient
so almost never use for direct data encryptionrather use to encrypt secret keys for distribution
-
7/27/2019 Ch14 Key Mgt
11/34
Simple Secret Key Distribution
Merkle proposed this very simple schemeallows secure communications
no keys before/after exist
-
7/27/2019 Ch14 Key Mgt
12/34
Man-in-the-Middle Attack
this very simple scheme is vulnerable toan active man-in-the-middle attack
-
7/27/2019 Ch14 Key Mgt
13/34
Secret Key Distribution withConfidentiality and
Authentication
-
7/27/2019 Ch14 Key Mgt
14/34
Hybrid Key Distribution
retain use of private-key KDCshares secret master key with each user
distributes session key using master keypublic-key used to distribute master keys
especially useful with widely distributed users
rationaleperformancebackward compatibility
-
7/27/2019 Ch14 Key Mgt
15/34
Distribution of Public Keys
can be considered as using one of:public announcementpublicly available directorypublic-key authoritypublic-key certificates
-
7/27/2019 Ch14 Key Mgt
16/34
Public Announcement
users distribute public keys to recipients orbroadcast to community at large
eg. append PGP keys to email messages orpost to news groups or email list
major weakness is forgeryanyone can create a key claiming to besomeone else and broadcast ituntil forgery is discovered can masquerade asclaimed user
-
7/27/2019 Ch14 Key Mgt
17/34
Publicly Available Directory
can obtain greater security by registeringkeys with a public directorydirectory must be trusted with properties:
contains {name,public-key} entriesparticipants register securely with directoryparticipants can replace key at any time
directory is periodically publisheddirectory can be accessed electronically
still vulnerable to tampering or forgery
-
7/27/2019 Ch14 Key Mgt
18/34
Public-Key Authority
improve security by tightening control overdistribution of keys from directoryhas properties of directoryand requires users to know public key forthe directorythen users interact with directory to obtainany desired public key securely
does require real-time access to directorywhen keys are neededmay be vulnerable to tampering
-
7/27/2019 Ch14 Key Mgt
19/34
Public-Key Authority
-
7/27/2019 Ch14 Key Mgt
20/34
Public-Key Certificates
certificates allow key exchange withoutreal-time access to public-key authoritya certificate binds identity to public key
usually with other info such as period ofvalidity, rights of use etc
with all contents signed by a trusted
Public-Key or Certificate Authority (CA)can be verified by anyone who knows thepublic-key authorities public-key
-
7/27/2019 Ch14 Key Mgt
21/34
Public-Key Certificates
-
7/27/2019 Ch14 Key Mgt
22/34
X.509 Authentication Service
part of CCITT X.500 directory service standardsdistributed servers maintaining user info database
defines framework for authentication servicesdirectory may store public-key certificateswith public key of user signed by certification authority
also defines authentication protocols
uses public-key crypto & digital signaturesalgorithms not standardised, but RSA recommended
X.509 certificates are widely usedhave 3 versions
-
7/27/2019 Ch14 Key Mgt
23/34
X.509
CertificateUse
-
7/27/2019 Ch14 Key Mgt
24/34
X.509 Certificates
issued by a Certification Authority (CA), containing:version V (1, 2, or 3)serial number SN (unique within CA) identifying certificatesignature algorithm identifier AI
issuer X.500 name CA)period of validity TA (from - to dates)subject X.500 name A (name of owner)subject public-key info Ap (algorithm, parameters, key)issuer unique identifier (v2+)subject unique identifier (v2+)extension fields (v3)signature (of hash of all fields in certificate)
notation CA denotes certificate for A signed by CA
-
7/27/2019 Ch14 Key Mgt
25/34
X.509 Certificates
-
7/27/2019 Ch14 Key Mgt
26/34
Obtaining a Certificate
any user with access to CA can get anycertificate from it
only the CA can modify a certificatebecause cannot be forged, certificates canbe placed in a public directory
-
7/27/2019 Ch14 Key Mgt
27/34
CA Hierarchy
if both users share a common CA then they areassumed to know its public keyotherwise CA's must form a hierarchy
use certificates linking members of hierarchy tovalidate other CA'seach CA has certificates for clients (forward) andparent (backward)
each client trusts parents certificatesenable verification of any certificate from one CAby users of all other CAs in hierarchy
-
7/27/2019 Ch14 Key Mgt
28/34
CA Hierarchy Use
-
7/27/2019 Ch14 Key Mgt
29/34
Certificate Revocation
certificates have a period of validitymay need to revoke before expiry, eg:
1. user's private key is compromised2. user is no longer certified by this CA3. CA's certificate is compromised
CAs maintain list of revoked certificates
the Certificate Revocation List (CRL)users should check certificates with CAs CRL
-
7/27/2019 Ch14 Key Mgt
30/34
X.509 Version 3
has been recognised that additionalinformation is needed in a certificate
email/URL, policy details, usage constraints
rather than explicitly naming new fieldsdefined a general extension methodextensions consist of:
extension identifiercriticality indicatorextension value
-
7/27/2019 Ch14 Key Mgt
31/34
Certificate Extensions
key and policy informationconvey info about subject & issuer keys, plusindicators of certificate policy
certificate subject and issuer attributessupport alternative names, in alternativeformats for certificate subject and/or issuer
certificate path constraintsallow constraints on use of certificates byother CAs
-
7/27/2019 Ch14 Key Mgt
32/34
Public Key Infrastructure
-
7/27/2019 Ch14 Key Mgt
33/34
PKIX Management
functions:registrationinitialization
certificationkey pair recoverykey pair update
revocation requestcross certification
protocols: CMP, CMC
-
7/27/2019 Ch14 Key Mgt
34/34
Summary
have considered:symmetric key distribution using symmetricencryptionsymmetric key distribution using public-keyencryptiondistribution of public keys
announcement, directory, authrority, CAX.509 authentication and certificatespublic key infrastructure (PKIX)