Presentation is loading. Please wait.

Presentation is loading. Please wait.

Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.

Published byJunior Williams Modified over 8 years ago

Similar presentations

Presentation on theme: "Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption."— Presentation transcript:

1 Key Management and Distribution

2 YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption to work, the two parties of an exchange must share the same key and that key must be protected. Frequent key changes may be desirable to limit the amount of data compromised. The strength of a cryptographic system rests with the technique for solving the key distribution problem -- delivering a key to the two parties of an exchange. The scale of the problem depends on the number of communication pairs.

3 YSL3 Approaches to Symmetric Key Distribution Let A (Alice) and B (Bob) be the two parties. A key can be selected by A and physically delivered to B. A third party can select the key and physically deliver it to A and B. If A and B have previously and recently used a key, one party can transmit the new key to the other, encrypted using the old key. If A and B each has an encrypted connection to a third party C, C can deliver a key on the encrypted links to A and B. Information Security – Mutual Trust

4 Symmetric Key Distribution Task Information Security – Mutual Trust4YSL

5 Symmetric Key Hierarchy Typically a hierarchy structure of keys is adopted. Session keys – temporary key – used for encryption of data between users – for one logical session then discarded Master keys – used to encrypt session keys – shared by each user & the key distribution center Information Security – Mutual Trust5YSL

6 Symmetric Key Hierarchy Information Security – Mutual Trust6YSL

7 Symmetric Key Distribution Scenario Information Security – Mutual Trust7YSL

8 Symmetric Key Distribution Issues Hierarchies of KDC’s required for large networks, but must trust each other Session key lifetimes should be limited for greater security Use of automatic key distribution on behalf of users, but must trust system Use of decentralized key distribution Controlling key usage Information Security – Mutual Trust8YSL

9 Symmetric Key Distribution Using Public Keys Public key cryptosystems are inefficient. –almost never used for direct data encryption –rather used to encrypt secret keys for distribution Information Security – Mutual Trust9YSL

10 Simple Secret Key Distribution Merkle proposed this very simple scheme –allows secure communications –no keys before/after exist Information Security – Mutual Trust10YSL

11 11 Simple Secret Key Distribution (cont’d) Simple secret key distribution (cont’d) –advantages simplicity no keys stored before and after the communication security against eavesdropping –disadvantages lack of authentication mechanism between participants vulnerability to an active attack as described in the next slide leak of the secret key upon such active attacks Information Security – Mutual Trust

12 Man-in-the-Middle Attacks This very simple scheme is vulnerable to an active man-in-the-middle attack. Information Security – Mutual Trust12YSL

13 Secret Key Distribution with Confidentiality & Authentication Information Security – Mutual Trust13YSL

14 14 Secret Key Distribution with Confidentiality & Authentication (cont’d) Provision of protection against both active and passive attacks Assurance of both confidentiality and authentication in the exchange of a secret key Availability of public keys a priori Complexity Information Security – Mutual Trust

15 YSL15 Public Key Distribution The distribution of public keys –public announcement –publicly available directory –public-key authority –public-key certificates The use of public-key encryption to distribute secret keys –simple secret key distribution –secret key distribution with confidentiality and authentication Information Security – Mutual Trust

16 YSL16 Public Key Distribution (cont’d) Information Security – Mutual Trust Public announcement

17 YSL17 Public Key Distribution (cont’d) Public announcement (cont’d) –advantages: convenience –disadvantages: forgery of such a public announcement by anyone Information Security – Mutual Trust

18 YSL18 Public Key Distribution (cont’d) Information Security – Mutual Trust Publicly available directory

19 YSL19 Public Key Distribution (cont’d) Publicly available directory (cont’d) –elements of the scheme {name, public key} entry for each participant in the directory in-person or secure registration on-demand entry update periodic publication of the directory availability of secure electronic access from the directory to participants –advantages: greater degree of security Information Security – Mutual Trust

20 YSL20 Public Key Distribution (cont’d) Publicly available directory (cont’d) –disadvantages need of a trusted entity or organization need of additional security mechanism from the directory authority to participants vulnerability of the private key of the directory authority (global-scaled disaster if the private key of the directory authority is compromised) vulnerability of the directory records Information Security – Mutual Trust

21 YSL21 Public Key Distribution (cont’d) Information Security – Mutual Trust Public-key authority

22 YSL22 Public Key Distribution (cont’d) Public-key authority (cont’d) –stronger security for public-key distribution can be achieved by providing tighter control over the distribution of public keys from the directory –each participant can verify the identity of the authority –participants can verify identities of each other –disadvantages bottleneck effect of the public-key authority vulnerability of the directory records Information Security – Mutual Trust

23 YSL23 Public Key Distribution (cont’d) Information Security – Mutual Trust Public-key certificates

24 YSL24 Public Key Distribution (cont’d) Public-key certificates (cont’d) –to use certificates that can be used by participants to exchange keys without contacting a public-key authority –requirements on the scheme any participant can read a certificate to determine the name and public key of the certificate’s owner any participant can verify that the certificate originated from the certificate authority and is not counterfeit only the certificate authority can create & update certificates any participant can verify the currency of the certificate Information Security – Mutual Trust

25 YSL25 Public Key Distribution (cont’d) Public-key certificates (cont’d) –advantages to use certificates that can be used by participants to exchange keys without contacting a public-key authority in a way that is as reliable as if the key were obtained directly from a public-key authority no on-line bottleneck effect –disadvantages: need of a certificate authority Information Security – Mutual Trust

Download ppt "Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption."

Similar presentations

SCSC 455 Computer Security

SCSC 455 Computer Security
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
By Md Emran Mazumder Ottawa University Student no: 6282845.

By Md Emran Mazumder Ottawa University Student no:
Cryptography and Network Security Chapter 14

Cryptography and Network Security Chapter 14
Fall 2008CS 334: Computer Security1 Crypto Conclusion Message Authentication Codes Key Management.

Fall 2008CS 334: Computer Security1 Crypto Conclusion Message Authentication Codes Key Management.
Key Distribution/Management and Authentication Mert ÖZARAR Bilkent University

Key Distribution/Management and Authentication Mert ÖZARAR Bilkent University
Confidentiality using Symmetric Encryption traditionally symmetric encryption is used to provide message confidentiality consider typical scenario –workstations.

Confidentiality using Symmetric Encryption traditionally symmetric encryption is used to provide message confidentiality consider typical scenario –workstations.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.

Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Public Key Distribution and X.509 Wade Trappe. Distribution of Public Keys There are several techniques proposed for the distribution of public keys:

Public Key Distribution and X.509 Wade Trappe. Distribution of Public Keys There are several techniques proposed for the distribution of public keys:
Cryptography1 CPSC 3730 Cryptography Chapter 7 Confidentiality Using Symmetric Encryption.

Cryptography1 CPSC 3730 Cryptography Chapter 7 Confidentiality Using Symmetric Encryption.
Key Distribution CS 470 Introduction to Applied Cryptography

Key Distribution CS 470 Introduction to Applied Cryptography
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
Key Management in Cryptography

Key Management in Cryptography
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.

Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
Network and Communications Network Security Department of Computer Science Virginia Commonwealth University.

Network and Communications Network Security Department of Computer Science Virginia Commonwealth University.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Key Management and Diffie- Hellman Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther.

Key Management and Diffie- Hellman Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther.

Similar presentations

Ads by Google