 Key Management  Secure Group Management  Authorization Management  Latest Relevant Knowledge  Future Work  References 2

 Key management for symmetric encryption  Key Distribution Center (KDC)  Key management for asymmetric encryption  Distribution of public keys  Session key distribution  Diffie-Hellman Key Exchange 3

 Alice and Bob need shared symmetric key.  KDC is a server that shares different secret key with each registered user.  Alice and Bob know own symmetric keys K A-KDC and K B-KDC for communicating with KDC. 4

K B-KDC K X-KDC K Y-KDC K Z-KDC K P-KDC K B-KDC K A-KDC Alice Bob KDC 5

Alice knows R1 Bob knows to use R1 to communicate with Alice KDC generates R1 K B-KDC (A,R1) K A-KDC (A,B) K A-KDC (R1, K B-KDC (A,R1) ) 6

 Distribution of Public Keys  Public announcement  Publicly available directory  Public-key authority  Public-key certificates 7

 Users distribute public keys to all  Advantage: Simplicity  Disadvantage: Forgery  Anyone can forge such a announcement  Ex: user B pretends to be A, and publish a key for A  Then all messages sent to A, readable by B! 8

 Publicly available dynamic directory.  Maintained by trusted organization.  Weakness: If adversary obtains the private key of the directory. 9

 Encryption is used to exchanged keys.  Stores public keys like directory.  User needs to know the public key of the authority.  Weakness: Authority is the bottleneck just like the directory. 10

11

 Certificate = Public key + identifier + timestamp.  Certificate authority  Govt. agency or trusted financial institution.  User can publish the certificate. 12

13

 Naïve method  Weakness: Man-in-the-middle-attack 14

15

 Only sender and receiver take part.  No involvement of KDC.  Based on the complexity of computing discrete logarithms. 16

17

 When a process asks to join a group G, the integrity of the group must not be compromised.  Each group member has a secret key CK G.  Also the group has a private key- public key pair for communication with nongroup members. 18

 P  Entity that wants to join the group.  G  The group  Q  A member of the group  RP  Reply pad  K P,G  Secret key between P and G  N  Nonce 19

 Managing access rights is very important in distributed systems.  Nondistributed system  Account in the machine controls all access rights.  Distributed system  Single account in the central server.  The server is consulted each time the user accesses a certain resource or machine. 20

 A capability is an unforgeable data structure for a specific resource,  Specifies the access rights that the holder of the capability has with respect to that resource.  128 bit identifier. 21

 When server wants to give access rights to a certain object, it makes a owner capability (OC).  All right bits are on.  A random check field is chosen and stored in a table. Server PortC Object 22

 The client creates a bit mask (B) representing his access rights and send it to the server.  Server creates a new capability.  The new capability is called Restricted Capability (RC).  Extracts C from the table for the requested object.  Check field(RC) = f(B XOR C), where f is a one way function.  Right field(RC) = B  Sends the RC to client. 23

24

 When client wants access to the object, it sends the RC to the server.  Server checks:  The right bits are not “all 1s”, so it’s a restricted capability.  IF (check(RC) XOR check(table) == check(OC)) THEN permits the access ELSE blocks the request 25

 An entity can delegate some of its access rights to another process so that the later can do the job on behalf of him.  A proxy is created by the process who wants to delegate.  Proxy (not proxy server) is a token that gives the bearer of it some privileges that can only be used by the entity which made the proxy. 26

 Alice delegates some rights to Bob so that he can do some job in the server on behalf of her.  They share a secret key, K A,B.  R  List of rights  S(+)proxy  Security question made by Alice  S(-)proxy  Answer of the security question.  Alice tells the answer only to Bob.  Bob proves his honesty to Alice by answering the security question asked by the server 27

28

 Using biometric data for sharing symmetric key, e.g. fingerprint based Key Distribution Center [3].  Quantum Key Distribution (QKD) [4].  Role Based Access Control (RBAC) [5]. 29

 Quantum computing, e.g. quantum entanglement might play a big role in secure key management.  For secure group communication, biometric data, e.g. genetic information of each group member can be used. 30

[1] W. Stallings, Cryptography and Network Security – Principles and Practices,4 th Ed., Prentice-Hall Inc., Upper Saddle River, New Jersy, USA, [2] Andrew S. Tanenbaum and Maarten van Steen Distributed Systems: Principles and Paradigms (2nd Edition). Prentice-Hall, Inc., Upper Saddle River, NJ, USA. [3] Barman, S.; Chattopadhyay, S.; Samanta, D., "An approach to cryptographic key distribution through fingerprint based key distribution center," in Advances in Computing, Communications and Informatics (ICACCI, 2014 International Conference on, vol., no., pp , Sept doi: /ICACCI [4] Xianzhu Cheng; Yongmei Sun; Yuefeng Ji, "A QoS-supported scheme for quantum key distribution," in Advanced Intelligence and Awareness Internet (AIAI 2011), 2011 International Conference on, vol., no., pp , Oct. 2011doi: /cp [5] Qi Li; Mingwei Xu; Xinwen Zhang, "Towards a Group-Based RBAC Model and Decentralized User-Role Administration," in Distributed Computing Systems Workshops, ICDCS '08. 28th International Conference on, vol., no., pp , June 2008 doi: /ICDCS.Workshops