Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Assurance Management Key Management Week 13-1.

Similar presentations

Presentation on theme: "Information Assurance Management Key Management Week 13-1."— Presentation transcript:

1 Information Assurance Management Key Management Week 13-1

2 Key Management In the real world, key management is the hardest part of cryptography –Why spend $10M to build a crypto machine? –Spend $1K and bribe a clerk! It’s not the algorithm, it’s the implementation!

3 Key Management Generating keys –Reduced keyspaces DES has a 56-bit; there are 2^56 possible keys With limitations imposed by DOS on ASCII keyboards… And you end up with only 2^40 possible keys! A 4-byte key can be brute forced in 1.2 hours max

4 Key Management Poor key choices Dictionary attack - tries obvious common keys first – User name, initials, account name, other personal information –Words from various databases Men’s and Woman’s names (16,000) Places, cartoons, titles, locations from movies

5 Key Management Sports, numbers, Chinese syllables (Pinyin) King James Bible, Colloquial and vulgar phrases Abbreviations, machine names, Yiddish words Shakespeare –Variations on the words from the step above First letter uppercase, control character, entire word uppercase, letters to digits, make it plural –Various capitalization variations First letter, second letter, third letter -400K,1.5M, 3M

6 Key Management –Foreign Language words on foreign users 298 Chinese syllables, 150K two-syllable, 16M three-syllable –Word pairs - only using three or four letters generates over 10M possible pairs Dictionary attack used against a file of keys, not a single key Single user may be smart enough to choose good keys,

7 Key Management but a thousand will pick a word from the attackers dictionary Random keys –Important to use a good random-number generator –Far more important to use good encryption algorithms and key management procedures –Random seeds for those generators must be just that: random

8 Key Management –If you have to generate an easy-to-remember key, make it obscure Pass phrases –Shakespeare, dialogue form Star Wars, all available on-line. Transferring keys –Key-Encryption Keys –Data Keys

9 Key Management –Split the key into several parts for transmission Using Keys Software encryption is scary! –Writes to disk in Windows –Hardware device Compromised Keys –Fast notification essential –Use different keys for different applications

10 Key Management Lifetime of keys –The longer it’s used the the greater chance it will be compromised –The longer the key is used, the greater the loss –The longer the key is used, the greater temptation to expend the effort to break it –It is generally easier to do cryptanalysis with more ciphertext encrypted with the same key

11 Key Management Public-key Key Management –Easier…but it has it’s own problems Only one public-key –Public-key certificates Public key signed by someone trustworthy A single pair of keys is not enough Some keys more valuable then others Multiple physical keys, likewise, multiple cryptographic keys

Download ppt "Information Assurance Management Key Management Week 13-1."

Similar presentations

Ads by Google