Presentation is loading. Please wait.

Presentation is loading. Please wait.

Practices in Security Bruhadeshwar Bezawada. Key Management Set of techniques and procedures supporting the establishment and maintenance of keying relationships.

Published byCameron Gibson Modified over 8 years ago

Similar presentations

Presentation on theme: "Practices in Security Bruhadeshwar Bezawada. Key Management Set of techniques and procedures supporting the establishment and maintenance of keying relationships."— Presentation transcript:

1 Practices in Security Bruhadeshwar Bezawada

2 Key Management Set of techniques and procedures supporting the establishment and maintenance of keying relationships between authorized parties Set of techniques and procedures supporting the establishment and maintenance of keying relationships between authorized parties Initialization of system users within a domain Initialization of system users within a domain Generation, distribution, and installation of keying material Generation, distribution, and installation of keying material Controlling the use of keying material Controlling the use of keying material Update, revocation and destruction of keying material Update, revocation and destruction of keying material Storage, backup/recovery, and archival of keying material Storage, backup/recovery, and archival of keying material

3 Types Key Management Automated Key Management Automated Key Management More than N^2 Keys More than N^2 Keys Stream cipher Stream cipher Initialization vectors are used Initialization vectors are used Large amount of data needs to be encrypted in short amount of time Large amount of data needs to be encrypted in short amount of time Long term session keys are used in multicast sessions Long term session keys are used in multicast sessions Frequent change in session key is expected Frequent change in session key is expected Manual key management Manual key management Environment has limited bandwidth or high RTT Environment has limited bandwidth or high RTT Information has low value Information has low value Total volume of traffic is very low Total volume of traffic is very low Scale of each deployment is very limited Scale of each deployment is very limited

4 Cryptographic Primitives Hash Functions Hash Functions Symmetric key algorithms Symmetric key algorithms Asymmetric key algorithms Asymmetric key algorithms

5 Cryptographic primitives Hash functions do not require keys, provide Hash functions do not require keys, provide data authentication and integrity services data authentication and integrity services compression of messages for digital signature and verification compression of messages for digital signature and verification derivation of keys in key establishment algorithms derivation of keys in key establishment algorithms generate deterministic random numbers generate deterministic random numbers

6 Cryptographic primitives Symmetric key algorithms require the same key across all operations, provide Symmetric key algorithms require the same key across all operations, provide data confidentiality data confidentiality authentication and integrity in the form of MACs authentication and integrity in the form of MACs key establishment key establishment generation of deterministic random numbers generation of deterministic random numbers

7 Cryptographic primitives Asymmetric key, public key algorithms, enable Asymmetric key, public key algorithms, enable digital signatures digital signatures establish cryptographic keying material establish cryptographic keying material generate random numbers generate random numbers Exercise : Enumerate all hash functions, all symmetric key ciphers and all public-key crypto systems available currently. Differentiate between commercially available and non- commercial algorithms Exercise : Enumerate all hash functions, all symmetric key ciphers and all public-key crypto systems available currently. Differentiate between commercially available and non- commercial algorithms

8 Types of keys Private signature key (public-private keys) Private signature key (public-private keys) Public signature verification keys Public signature verification keys Symmetric authentication key Symmetric authentication key Private authentication key Private authentication key Public authentication keys Public authentication keys Symmetric data encryption key Symmetric data encryption key

9 Types Symmetric and asymmetric random number generation keys Symmetric and asymmetric random number generation keys Symmetric master key Symmetric master key Private key transport key Private key transport key Public key transport key Public key transport key Symmetric key agreement key (also, key wrapping key) Symmetric key agreement key (also, key wrapping key)

10 Types Private ephemeral key agreement key Private ephemeral key agreement key Public ephemeral key agreement key Public ephemeral key agreement key Symmetric authorization keys Symmetric authorization keys Private authorization key Private authorization key Public authorization key Public authorization key

11 General Terms in Key Management Key registration Key registration Key revocation Key revocation Key transport Key transport Key update Key update Key derivation Key derivation Key confirmation Key confirmation Key establishment Key establishment Key agreement Key agreement

12 Terms Registration authority Registration authority Security domain Security domain Self-signed certificate Self-signed certificate

13 Valuable Information in Addition to Cryptographic Keys Domain parameters Domain parameters Initialization vectors, shared secrets, RNG seeds, nonces, random numbers Initialization vectors, shared secrets, RNG seeds, nonces, random numbers Intermediate results Intermediate results Key control information Key control information Passwords Passwords Audit information Audit information

14 Cryptoperiods Time span during which a specific key is authorized for use by legitimate entities, or the keys for a given system will remain in effect. A good cryptoperiod Time span during which a specific key is authorized for use by legitimate entities, or the keys for a given system will remain in effect. A good cryptoperiod Limits amount of information protected by a given key from disclosure Limits amount of information protected by a given key from disclosure Limits amount of exposure if a single key is compromised Limits amount of exposure if a single key is compromised Limits use of particular algorithm to its estimated effective lifetime Limits use of particular algorithm to its estimated effective lifetime limits time available to penetrate physical, procedural, and logical access mechanisms that protect a key limits time available to penetrate physical, procedural, and logical access mechanisms that protect a key

15 Risk Factors to Consider for Cryptoperiods Strength of cryptographic implementations Strength of cryptographic implementations Operating environment, secure limited access, open office or public terminal Operating environment, secure limited access, open office or public terminal Volume of information or transactions Volume of information or transactions Security objective Security objective Re-keying method Re-keying method Number of nodes sharing the key/copies of the key Number of nodes sharing the key/copies of the key Threat to information Threat to information

16 Other Factors Affecting Cryptoperiods Communication vs Storage Communication vs Storage E.g., keys used for online transactions are likely to have smaller cryptoperiods E.g., keys used for online transactions are likely to have smaller cryptoperiods Keys used for storage will have higher, as cost of re- encryption is high Keys used for storage will have higher, as cost of re- encryption is high Cost of Key Revocation and Replacement Cost of Key Revocation and Replacement Changing keys can be an expensive process Changing keys can be an expensive process Encryption of large databases Encryption of large databases Revocation of large number of keys Revocation of large number of keys Expensive security measures are justified for such cases as the cryptoperiod can be made high Expensive security measures are justified for such cases as the cryptoperiod can be made high

17 Factors Affecting Public Keys Private keys may have longer cryptoperiods than public-keys when used for confidentiality Private keys may have longer cryptoperiods than public-keys when used for confidentiality When used for challenge (dynamic) authentication both public and private keys can have the same cryptoperiod When used for challenge (dynamic) authentication both public and private keys can have the same cryptoperiod When used for digital signatures public keys can have longer cryptoperiods than private keys as they will be necessary to verify certificates When used for digital signatures public keys can have longer cryptoperiods than private keys as they will be necessary to verify certificates

18 Cryptoperiods for Different Keys Private signature key (public-private keys) Private signature key (public-private keys) 1-3years 1-3years Public signature verification keys Public signature verification keys Symmetric authentication key Symmetric authentication key 2-3 years 2-3 years Private authentication key Private authentication key 1-2years 1-2years Public authentication keys Public authentication keys 1-2years 1-2years Symmetric data encryption key Symmetric data encryption key 3years 3years

19 Cryptoperiods for Different Keys Symmetric and asymmetric random number generation keys Symmetric and asymmetric random number generation keys Depends on the RNG technique Depends on the RNG technique Symmetric master key Symmetric master key 1 year 1 year Private and Public key transport keys Private and Public key transport keys Private 2years, public 1-2 years Private 2years, public 1-2 years Symmetric key agreement key (also, key wrapping key) Symmetric key agreement key (also, key wrapping key) 1-2years 1-2years

20 Cryptoperiods for Different Keys Private and public ephemeral key agreement key Private and public ephemeral key agreement key Time required to complete the key agreement protocol Time required to complete the key agreement protocol Symmetric authorization keys Symmetric authorization keys 2years 2years Private and Public authorization keys Private and Public authorization keys 2years 2years

21 Other Parameters Domain parameters stay for the cryptoperiod Domain parameters stay for the cryptoperiod IV is associated with the information and stays as long as the information is held IV is associated with the information and stays as long as the information is held Shared secrets are destroyed as soon as the necessary key derivations are complete Shared secrets are destroyed as soon as the necessary key derivations are complete RNG seeds are destroyed immediately RNG seeds are destroyed immediately Intermediate results are destroyed immediately Intermediate results are destroyed immediately

22 Algorithms, Key Sizes and Strengths

23 Factors to be Considered For Design of New System Sensitivity of information and system lifetime Sensitivity of information and system lifetime Algorithm selection Algorithm selection System design wrt performance and security System design wrt performance and security Pre-implementation evaluation Pre-implementation evaluation Testing Testing Training Training System implementation and transition System implementation and transition Post-implementation evaluation Post-implementation evaluation

Download ppt "Practices in Security Bruhadeshwar Bezawada. Key Management Set of techniques and procedures supporting the establishment and maintenance of keying relationships."

Similar presentations

TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Core Web Service Security Patterns

Core Web Service Security Patterns
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.

Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.
Chapter 8 Web Security.

Chapter 8 Web Security.
Information Security. Information Security Requirements Confidentiality: Protection from disclosure to unauthorised persons Access control: Unauthorised.

Information Security. Information Security Requirements Confidentiality: Protection from disclosure to unauthorised persons Access control: Unauthorised.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Key Management in Cryptography

Key Management in Cryptography

Similar presentations

Ads by Google