# 1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.

## Presentation on theme: "1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution."— Presentation transcript:

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution center (KDC) acting as intermediary between entities Public key problem: When Bob obtains Alice’s public key (from web site, e-mail, diskette), how does he know it is Alice’s public key, not Trudy’s? Solution: trusted certification authority (CA)

2 Deffie-Hellman Key Exchange prime number p, base g g a mod p secret integer a secret integer b g b mod p (g b mod p) a mod p (g a mod p) b mod p Key: (g b mod p) a mod p= (g a mod p) b mod p

3 Deffie-Hellman Key Exchange: Example Prime number p=23, base g=5. Alice: a=6 Send Bob: g^a mod 23 = 8. Bob: b=15 Send Alice: g^b mod 23 = 19. Alice compute: 19^6 mod 23 = 2 Bob computer: 8^15 mod 23 = 2

4 Key Distribution Center (KDC) KDC: server shares different secret key with each registered user (many users) Alice shares a key with KDC: K A-KDC Bob shares a key with KDC: K B-KDC K B-KDC K X-KDC K Y-KDC K Z-KDC K P-KDC K B-KDC K A-KDC K P-KDC KDC

5 Key Distribution Center (KDC) Alice knows R1 Bob knows to use R1 to communicate with Alice Alice and Bob communicate: using R1 as session key for shared symmetric encryption Q: How does KDC allow Bob, Alice to determine shared symmetric secret key to communicate with each other? KDC generates R1 K B-KDC (A,R1) K A-KDC (A,B) K A-KDC (R1, K B-KDC (A,R1) )

6 Deffie-Hellman v.s. KDC Deffie-Hellman +: no infrastructure support -: computation load on users KDC -: need infrastructure support -: single bottleneck, single point of failure +: computation load centered at KDC

7 Certification Authorities Certification authority (CA): binds public key to particular entity, E. E registers its public key with CA. E provides “proof of identity” to CA. CA creates certificate binding E to its public key. certificate containing E’s public key digitally signed by CA – CA says “this is E’s public key” Bob’s public key K B + Bob’s identifying information digital signature (encrypt) CA private key K CA - K B + certificate for Bob’s public key, signed by CA

8 Certification Authorities When Alice wants Bob’s public key: gets Bob’s certificate (Bob or elsewhere). apply CA’s public key to Bob’s certificate, get Bob’s public key Bob’s public key K B + digital signature (decrypt) CA public key K CA + K B +

9 A Certificate Contains: Serial number (unique to issuer) info about certificate owner, including algorithm and key value itself (not shown) info about certificate issuer valid dates digital signature by issuer

Download ppt "1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution."

Similar presentations