Title: Key Management Network Systems Security
1Key Management Network Systems Security
2Key Management
- Asymmetric encryption helps address key
distribution problems - Two aspects
- distribution of public keys
- use of public-key encryption to distribute secret
keys
3Distribution of Public Keys
- Four alternatives of public key distribution
- Public announcement
- Publicly available directory
- Public-key authority
- Public-key certificates
4Public Announcement
- Users distribute public keys to recipients or
broadcast to community at large - E.g. append PGP keys to email messages or post to
news groups or email list - Major weakness is forgery
- anyone can create a key claiming to be someone
else and broadcast it - can masquerade as claimed user before forgery is
discovered
5Publicly Available Directory
- Achieve greater security by registering keys with
a public directory - Directory must be trusted with properties
- contains name, public-key entries
- participants register securely with directory
- participants can replace key at any time
- directory is periodically published
- directory can be accessed electronically
- Still vulnerable to tampering or forgery
6Public-Key Authority
- Improve security by tightening control over
distribution of keys from directory - Has properties of directory
- Require users to know public key for the
directory - Users can interact with directory to obtain any
desired public key securely - require real-time access to directory when keys
are needed
7Public-Key Authority
8Public-Key Certificates
- Certificates allow key exchange without real-time
access to public-key authority - A certificate binds identity to public key
- usually with other info such as period of
validity, authorized rights, etc - With all contents signed by a trusted Public-Key
or Certificate Authority (CA) - Can be verified by anyone who knows the CAs
public key
9Public-Key Certificates
10Distribute Secret KeysUsing Asymmetric Encryption
- Can use previous methods to obtain public key of
other party - Although public key can be used for
confidentiality or authentication, asymmetric
encryption algorithms are too slow - So usually want to use symmetric encryption to
protect message contents - Can use asymmetric encryption to set up a session
key
11Simple Secret Key Distribution
- Proposed by Merkle in 1979
- A generates a new temporary public key pair
- A sends B the public key and As identity
- B generates a session key Ks and sends encrypted
Ks (using As public key) to A - A decrypts message to recover Ks and both use
12Problem with Simple Secret Key Distribution
- An adversary can intercept and impersonate both
parties of protocol - A generates a new temporary public key pair KUa,
KRa and sends KUa IDa to B - Adversary E intercepts this message and sends KUe
IDa to B - B generates a session key Ks and sends encrypted
Ks (using Es public key) - E intercepts message, recovers Ks and sends
encrypted Ks (using As public key) to A - A decrypts message to recover Ks and both A and B
unaware of existence of E
13Distribute Secret KeysUsing Asymmetric Encryption
- if A and B have securely exchanged public-keys
?
14Problem with Previous Scenario
- Message (4) is not protected by N2
- An adversary can intercept message (4) and replay
an old message or insert a fabricated message
15Order of Encryption Matters
- What can be wrong with the following protocol?
- A?B N
- B?A EKUaEKRbKsN
- An adversary sitting between A and B can get a
copy of secret key Ks without being caught by A
and B!
16Diffie-Hellman Key Exchange
- First public-key type scheme proposed
- By Diffie and Hellman in 1976 along with advent
of public key concepts - A practical method for public exchange of secret
key - Used in a number of commercial products
17Diffie-Hellman Key Exchange
- Use to set up a secret key that can be used for
symmetric encryption - cannot be used to exchange an arbitrary message
- Value of key depends on the participants (and
their private and public key information) - Based on exponentiation in a finite (Galois)
field (modulo a prime or a polynomial) - easy - Security relies on the difficulty of computing
discrete logarithms (similar to factoring) hard
18Primitive Roots
- From Eulers theorem aø(n) mod n1
- Consider am mod n1, GCD(a,n)1
- must exist for m ø(n) but may be smaller
- once powers reach m, cycle will repeat
- If smallest is m ø(n) then a is called a
primitive root - if p is prime, then successive powers of a
generate the group mod p - Not every integer has primitive roots
19Primitive Root Example Power of Integers Modulo
19
20Discrete Logarithms
- Inverse problem to exponentiation is to find the
discrete logarithm of a number modulo p - Namely find x where ax b mod p
- Written as xloga b mod p or xinda,p(b)
- If a is a primitive root then discrete logarithm
always exists, otherwise may not - 3x 4 mod 13 has no answer
- 2x 3 mod 13 has an answer 4
- While exponentiation is relatively easy, finding
discrete logarithms is generally a hard problem
21Diffie-Hellman Setup
- All users agree on global parameters
- large prime integer or polynomial q
- a which is a primitive root mod q
- Each user (e.g. A) generates its key
- choose a secret key (number) xA lt q
- compute its public key yA axA mod q
- Each user publishes its public key
22Diffie-Hellman Key Exchange
- Shared session key for users A and B is KAB
- KAB axA.xB mod q
- yAxB mod q (which B can compute)
- yBxA mod q (which A can compute)
- KAB is used as session key in symmetric
encryption scheme between A and B - Attacker needs xA or xB, which requires solving
discrete log
23Diffie-Hellman Example
- Given Alice and Bob who wish to swap keys
- Agree on prime q353 and a3
- Select random secret keys
- A chooses xA97, B chooses xB233
- Compute public keys
- yA397 mod 353 40 (Alice)
- yB3233 mod 353 248 (Bob)
- Compute shared session key as
- KAB yBxA mod 353 24897 160 (Alice)
- KAB yAxB mod 353 40233 160 (Bob)
24Next Class
- Hashing functions
- Message digests