Presentation is loading. Please wait.

Presentation is loading. Please wait.

Key Distribution CS 470 Introduction to Applied Cryptography

Published byLambert Curtis Modified over 8 years ago

Similar presentations

Presentation on theme: "Key Distribution CS 470 Introduction to Applied Cryptography"— Presentation transcript:

1 Key Distribution CS 470 Introduction to Applied Cryptography
Instructor: Ali Aydin Selcuk CS470, A.Selcuk Key Distribution

2 Key Distribution/Establishment
How to have two parties agree on an encryption key securely? Public key encryption: Solves the problem against passive attackers. E.g. DH Key Exchange: Trudy can’t get gab mod p. Bob Alice ga mod p gb mod p K = gab mod p CS470, A.Selcuk Key Distribution

3 Active Attacks Attacker can intercept, modify, insert, delete messages on the network. E.g., Man-in-the-Middle attack against DH: Trudy can translate messages between Alice & Bob without being noticed Similar attacks possible on RSA & other PKC protocols. Bob Alice ga mod p gb’ mod p K’ = gab’ mod p ga’ mod p gb mod p Trudy K’’ = ga’b mod p CS470, A.Selcuk Key Distribution

4 Trusted Third Parties Solution against active attackers: “Trusted Third Parties” (TTPs) Symmetric key solution: KDC Everyone registers with the KDC, shares a secret key. When A & B want to communicate, they contact the KDC & obtain a session key. Public key solution: CA Everyone registers with the CA, obtains a “certificate” for his/her public key. Certificate: A document signed by the CA, including the ID and the public key of the subject. People obtain each other’s certificates thru a repository, a webpage, or at the beginning of the protocol, and use the certified public keys in the protocols. CS470, A.Selcuk Key Distribution

5 KDC vs. CA KDC faster (being based on symmetric keys) has to be online CA doesn’t have to be online if crashes, doesn’t disable the network much simpler scales better certificates are not disclosure-sensitive a compromised CA can’t decrypt conversations KDCs are preferred for LANs, CAs for WANs (e.g., the Internet). CS470, A.Selcuk Key Distribution

6 Key Distribution with KDC
A simple protocol: KA, KB: Long-term secret keys of Alice, Bob. KA{m}: Encryption of m with KA. Problems with this protocol: possible delayed delivery of KB{A,B,KAB}. No freshness guarantee for B (i.e., Trudy can replay KB{A,B,KAB} for a previously compromised KAB). (Both problems can be fixed easily.) B A A, B KA{A,B,KAB} KDC KB{A,B,KAB} KAB CS470, A.Selcuk Key Distribution

7 Key Distribution with CA
A simple protocol: certificates are obtained in advance session key transport with public key encryption: {m}X: Encryption of message m with the public key of X [m]X: Signature on message m with the public key of X Problems with this protocol: B doesn’t authenticate A. No freshness guarantee for B. B A { [ A, B, r, KAB ]A }B KAB{r} CS470, A.Selcuk Key Distribution

8 “Station-to-Station” Protocol
Authenticated DH protocol; basis for many real-life app’s. Certified PKs are used for signing the public DH parameters. A slightly simplified version: where x = ga mod p, y = gb mod p, k = gab mod p. STS vs. encrypted key transport: STS (DH) provides “perfect forward secrecy”. (In encrypted transport, if the long-term RSA key is compromised, the session keys are also compromised.) Bob Alice x cert(B), y, [x,y]B cert(A), [x,y]A CS470, A.Selcuk Key Distribution

9 Multiple Domains with KDC
B A KDCA KDCB A to talk to B: contacts KDCA KDCA contacts KDCB, or tells A how to contact KDCB (e.g. generates a session key for A & KDCB) KDCB generates a session key for A & B, passes it to them. CS470, A.Selcuk Key Distribution

10 Multiple Domains with CA
B A CAA CAB certify each other A, to authenticate the public key of B, verifies B’s cert. issued by CAB, verifies CAB’s cert. issued by CAA, B does vice versa to authenticate A’s key CS470, A.Selcuk Key Distribution

11 ID-Based Crypto Idea: Is a scheme possible where Alice’s public key is her ID? Would solve the problem of authenticating a public key received. Q: But if anyone can derive the public key from the ID, can’t they derive the private key as well? Support from a trusted “private key generator”. Private keys are generated from a unique secret S known by PKG. Users know a one-way function of S, sufficient for public key generation. Practical schemes exist for signature (Shamir) and encryption (Boneh-Franklin). CS470, A.Selcuk Key Distribution

12 ID-Based Crypto Advantages: Disadvantages: “Feature”:
There is no need for Alice to retrieve Bob’s certificate to send him an encrypted message. Alice can send Bob an encrypted message even before he gets his decryption key. Disadvantages: Key revocation is (almost) impossible. It is not so significant in interactive protocols. “Feature”: Inherent key escrow. CS470, A.Selcuk Key Distribution

13 Crypto-Based ID Similar to ID-based crypto, ID and PK are inherently related. But instead of generating PK from ID, do the opposite: IDA = h(PKA). Useful in pseudonym systems where (part of) the ID can be given a random value. P2P systems IPv6 “cryptographically generated address” No “big brother” is necessary. CS470, A.Selcuk Key Distribution

Download ppt "Key Distribution CS 470 Introduction to Applied Cryptography"

Similar presentations

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
CS470, A.SelcukNeedham-Schroeder1 Needham-Schroeder Protocol Authentication & Key Establishment CS 470 Introduction to Applied Cryptography Instructor:

CS470, A.SelcukNeedham-Schroeder1 Needham-Schroeder Protocol Authentication & Key Establishment CS 470 Introduction to Applied Cryptography Instructor:
Digital Signatures and applications Math 7290CryptographySu07.

Digital Signatures and applications Math 7290CryptographySu07.
CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:

CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.

1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Similar presentations

Ads by Google