Key Management Asymmetric encryption helps address key distribution problems Two aspects distribution of public keys use of public-key encryption to distribute secret keys... 9/16
Trang 1Key Management
Network Systems Security
Mort Anvari
Trang 2Key Management
Asymmetric encryption helps address key
distribution problems
Two aspects
distribution of public keys
use of public-key encryption to distribute secret keys
Trang 39/16/2004 3
Distribution of Public Keys
Four alternatives of public key distribution
Public announcement
Publicly available directory
Public-key authority
Public-key certificates
Trang 4Public Announcement
Users distribute public keys to recipients or
broadcast to community at large
E.g append PGP keys to email messages or post to news groups or email list
Major weakness is forgery
anyone can create a key claiming to be someone
else and broadcast it
can masquerade as claimed user before forgery is discovered
Trang 59/16/2004 5
Publicly Available Directory
Achieve greater security by registering keys with a public directory
Directory must be trusted with
properties:
contains {name, public-key} entries
participants register securely with directory
participants can replace key at any time
directory is periodically published
directory can be accessed electronically
Still vulnerable to tampering or forgery
Trang 6Public-Key Authority
Improve security by tightening control over distribution of keys from directory
Has properties of directory
Require users to know public key for the directory
Users can interact with directory to
obtain any desired public key securely
require real-time access to directory when keys are needed
Trang 79/16/2004 7
Public-Key Authority
Trang 8Public-Key Certificates
real-time access to public-key authority
key
usually with other info such as period of
validity, authorized rights, etc
Public-Key or Certificate Authority (CA)
the CA’s public key
Trang 99/16/2004 9
Public-Key Certificates
Trang 10Distribute Secret Keys
Using Asymmetric Encryption
Can use previous methods to obtain
public key of other party
Although public key can be used for
confidentiality or authentication,
asymmetric encryption algorithms are
too slow
So usually want to use symmetric
encryption to protect message contents
Can use asymmetric encryption to set up
a session key
Trang 119/16/2004 11
Simple Secret Key
Distribution
A generates a new temporary public key pair
A sends B the public key and A’s identity
B generates a session key K s and sends
encrypted K s (using A’s public key) to A
A decrypts message to recover K s and both use
Trang 12Problem with
Simple Secret Key
Distribution
An adversary can intercept and
impersonate both parties of protocol
A generates a new temporary public key pair {KU a ,
KR a } and sends KU a || ID a to B
Adversary E intercepts this message and sends KU e ||
ID a to B
B generates a session key K s and sends encrypted K s
(using E’s public key)
E intercepts message, recovers K s and sends
encrypted K s (using A’s public key) to A
A decrypts message to recover K s and both A and B unaware of existence of E
Trang 139/16/2004 13
Distribute Secret Keys
Using Asymmetric Encryption
if A and B have securely exchanged public-keys
?
Trang 14Problem with Previous
Scenario
by N2
An adversary can intercept
message (4) and replay an old
message or insert a fabricated
message
Trang 159/16/2004 15
Order of Encryption Matters
What can be wrong with the following
protocol?
AB: N
BA: E KUa [E KRb [K s ||N]]
An adversary sitting between A and B can get
a copy of secret key Ks without being caught
by A and B!
Trang 16Diffie-Hellman Key
Exchange
First public-key type scheme proposed
By Diffie and Hellman in 1976 along with
advent of public key concepts
A practical method for public exchange of
secret key
Used in a number of commercial products
Trang 17 cannot be used to exchange an arbitrary message
Value of key depends on the participants (and their private and public key information)
Based on exponentiation in a finite (Galois)
field (modulo a prime or a polynomial) - easy
Security relies on the difficulty of computing discrete logarithms (similar to factoring) – hard
Trang 18Primitive Roots
From Euler’s theorem: aø(n) mod n=1
Consider am mod n=1, GCD(a,n)=1
must exist for m= ø(n) but may be smaller
once powers reach m, cycle will repeat
If smallest is m= ø(n) then a is called a
primitive root
if p is prime, then successive powers of
a “generate” the group mod p
Not every integer has primitive roots
Trang 199/16/2004 19Primitive Root Example:
Power of Integers Modulo 19
Trang 20Discrete Logarithms
Inverse problem to exponentiation is to find the
discrete logarithm of a number modulo p
Namely find x where a x = b mod p
Written as x=log a b mod p or x=ind a,p (b)
If a is a primitive root then discrete logarithm
always exists, otherwise may not
3 x = 4 mod 13 has no answer
2 x = 3 mod 13 has an answer 4
While exponentiation is relatively easy, finding
discrete logarithms is generally a hard problem
Trang 219/16/2004 21
Diffie-Hellman Setup
All users agree on global parameters
large prime integer or polynomial q
α which is a primitive root mod q
Each user (e.g A) generates its key
choose a secret key (number): x A < q
compute its public key: y A = α xA mod q
Each user publishes its public key
Trang 22= yA xB mod q (which B can compute)
= yB xA mod q (which A can compute)
KAB is used as session key in symmetric encryption scheme between A and B
Attacker needs xA or xB, which requires solving discrete log
Trang 239/16/2004 23
Diffie-Hellman Example
Trang 24Next Class
Hashing functions
Message digests