Title: Key Management and Distribution
1Key Management and Distribution
2Major Issues Involved in Symmetric Key
Distribution
- For symmetric encryption to work, the two parties
of an exchange must share the same key and that
key must be protected. - Frequent key changes may be desirable to limit
the amount of data compromised. - The strength of a cryptographic system rests with
the technique for solving the key distribution
problem -- delivering a key to the two parties of
an exchange. - The scale of the problem depends on the number of
communication pairs.
3Approaches to Symmetric Key Distribution
- Let A (Alice) and B (Bob) be the two parties.
- A key can be selected by A and physically
delivered to B. - A third party can select the key and physically
deliver it to A and B. - If A and B have previously and recently used a
key, one party can transmit the new key to the
other, encrypted using the old key. - If A and B each has an encrypted connection to a
third party C, - C can deliver a key on the encrypted links to A
and B.
4Symmetric Key Distribution Task
5Symmetric Key Hierarchy
- Typically a hierarchy structure of keys is
adopted. - Session keys
- temporary key
- used for encryption of data between users
- for one logical session then discarded
- Master keys
- used to encrypt session keys
- shared by each user the key distribution center
6Symmetric Key Hierarchy
7Symmetric Key Distribution Scenario
8Symmetric Key Distribution Issues
- Hierarchies of KDCs required for large networks,
but must trust each other - Session key lifetimes should be limited for
greater security - Use of automatic key distribution on behalf of
users, but must trust system - Use of decentralized key distribution
- Controlling key usage
9Symmetric Key Distribution Using Public Keys
- Public key cryptosystems are inefficient.
- almost never used for direct data encryption
- rather used to encrypt secret keys for
distribution
10Simple Secret Key Distribution
- Merkle proposed this very simple scheme
- allows secure communications
- no keys before/after exist
11Simple Secret Key Distribution (contd)
- Simple secret key distribution (contd)
- advantages
- simplicity
- no keys stored before and after the communication
- security against eavesdropping
- disadvantages
- lack of authentication mechanism between
participants - vulnerability to an active attack as described in
the next slide - leak of the secret key upon such active attacks
12Man-in-the-Middle Attacks
- This very simple scheme is vulnerable to an
active man-in-the-middle attack.
13Secret Key Distribution with Confidentiality
Authentication
14Secret Key Distribution with Confidentiality
Authentication (contd)
- Provision of protection against both active and
passive attacks - Assurance of both confidentiality and
authentication in the exchange of a secret key - Availability of public keys a priori
- Complexity
15Public Key Distribution
- The distribution of public keys
- public announcement
- publicly available directory
- public-key authority
- public-key certificates
- The use of public-key encryption to distribute
secret keys - simple secret key distribution
- secret key distribution with confidentiality and
authentication
16Public Key Distribution (contd)
17Public Key Distribution (contd)
- Public announcement (contd)
- advantages convenience
- disadvantages forgery of such a public
announcement by anyone
18Public Key Distribution (contd)
- Publicly available directory
19Public Key Distribution (contd)
- Publicly available directory (contd)
- elements of the scheme
- name, public key entry for each participant in
the directory - in-person or secure registration
- on-demand entry update
- periodic publication of the directory
- availability of secure electronic access from the
directory to participants - advantages greater degree of security
20Public Key Distribution (contd)
- Publicly available directory (contd)
- disadvantages
- need of a trusted entity or organization
- need of additional security mechanism from the
directory authority to participants - vulnerability of the private key of the directory
authority (global-scaled disaster if the private
key of the directory authority is compromised) - vulnerability of the directory records
21Public Key Distribution (contd)
22Public Key Distribution (contd)
- Public-key authority (contd)
- stronger security for public-key distribution can
be achieved by providing tighter control over the
distribution of public keys from the directory - each participant can verify the identity of the
authority - participants can verify identities of each other
- disadvantages
- bottleneck effect of the public-key authority
- vulnerability of the directory records
23Public Key Distribution (contd)
24Public Key Distribution (contd)
- Public-key certificates (contd)
- to use certificates that can be used by
participants to exchange keys without contacting
a public-key authority - requirements on the scheme
- any participant can read a certificate to
determine the name and public key of the
certificates owner - any participant can verify that the certificate
originated from the certificate authority and is
not counterfeit - only the certificate authority can create
update certificates - any participant can verify the currency of the
certificate
25Public Key Distribution (contd)
- Public-key certificates (contd)
- advantages
- to use certificates that can be used by
participants to exchange keys without contacting
a public-key authority - in a way that is as reliable as if the key were
obtained directly from a public-key authority - no on-line bottleneck effect
- disadvantages need of a certificate authority