Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview of Key Establishment Techniques: Key Distribution, Key Agreement and PKI Wade Trappe.

Published byBrianna Greene Modified over 8 years ago

Similar presentations

Presentation on theme: "Overview of Key Establishment Techniques: Key Distribution, Key Agreement and PKI Wade Trappe."— Presentation transcript:

1 Overview of Key Establishment Techniques: Key Distribution, Key Agreement and PKI Wade Trappe

2 Lecture Overview We now begin our look at building protocols using the basic tools that we have discussed. The discussion in this lecture will focus on issues of key establishment and the associated notion of authentication These protocols are not real, but instead are meant to serve just as a high-level survey Later lectures will go into specific protocols and will uncover practical challenges faced when implementing these protocols

3 Key Establishment: The problem Securing communication requires that the data is encrypted before being transmitted. Associated with encryption and decryption are keys that must be shared by the participants. The problem of securing the data then becomes the problem of securing the establishment of keys. Task: If the participants do not physically meet, then how do the participants establish a shared key? Two types of key establishment: –Key Agreement –Key Distribution

4 Key Distribution Key Agreement protocols: the key isn’t determined until after the protocol is performed. Key Distribution protocols: one party generates the key and distributes it to Bob and/or Alice (Shamir’s 3pass, Kerberos). Shamir’s Three-Pass Protocol: –Alice generates and Bob generates. –A key K is distributed by: AliceBob Bob Calculates:

5 Basic TTP Key Distribution KDC KaKa KbKb Step 1 Step 2 1. A Sends: {Request || ID A || ID B || N 1 } 2. KDC Sends: E Ka [ K AB || {Request || ID A || ID B || N 1 }||E Kb (K AB, ID A )] Step 3 Step 4 3. A Sends: E Kb (K AB, ID A ) Step 5 4. B Sends: E KAB (N 2 ) 5. A Sends: E KAB (f(N 2 ))

6 Key Agreement In many scenarios, it is desirable for two parties to exchange messages in order to establish a shared secret that may be used to generate a key. The Diffie-Hellman (DH) protocol is a basic tool used to establish shared keys in two-party communication. Two parties, A and B, establish a shared secret by: The security of the DH scheme is based upon the intractibility of the Diffie-Hellman Problem: The Diffie-Hellman scheme can be extended to work on arbitrary groups (e.g. Elliptic Curves). Given a prime p, a generator g of, and elements and, it is computationally difficult to find.

7 Intruder In The Middle The Intruder-in-the-Middle attack on Diffie-Hellman is based upon the following strategy to improve one’s chess ranking: –Eve challenges two grandmasters, and uses GM1’s moves against GM2. Eve can either win one game, or tie both games. Eve has and can perform the Intruder-in-the-Middle attack by: AliceBob Eve Calculates Decrypts data with K BE Decrypts data with K AE, uses data and encrypts with K BE Encrypts data with K AE Begins DH

8 Station-to-Station Protocol Digital signatures can be used to prevent this protocol failure (STS Protocol). A digital signature is a scheme that ties a message and its author together. –Private sig( ) function and Public ver( ) function. AliceBob Calculates Decrypts to get: Verifies sig

9 N-to-N Group Key Establishment Many group scenarios require contributory key establishment protocols. 1-to-1 Key Establishment: Diffie-Hellman (DH) protocol Two parties, A and B, establish a shared secret by: Extensions to multi-user scenarios: –Ingemarsson: Requires N-1 rounds and O(N 2 ) exponentiations –Burmester-Desmedt: Requires 2 rounds but full broadcast –GDH (Steiner et al.): Requires N rounds and O(N) exp.

10 Butterfly Group Diffie-Hellman u1u1 u2u2 u3u3 u4u4 u5u5 u6u6 u7u7 u8u8 Example: Can be extended to arbitrary radix b using Ingemarsson as the basic building block. Total Rounds: Total Messages: Optimal radix in both cases is 2.

11 The Conference Tree Group key formation procedure is described by: –Communication flow diagram –Conference Tree Conference tree describes the subgroups and subgroup keys. K 000 K 001 K 010 K 011 K 100 K 101 K 110 K 111 K 00 K 01 K 10 K 11 u2u2 u3u3 u4u4 u5u5 u6u6 u7u7 u8u8 u1u1 K0K0 K1K1 KK

12 Distribution of Public Keys There are several techniques proposed for the distribution of public keys: –Public announcement –Publicly available directory –Public key authority –Public key certificates

13 Public Announcement Idea: Each person can announce or broadcast their public key to the world. Example: People attach their PGP or RSA keys at the end of their emails. Weakness: –No authenticity: Anyone can forge such an announcement –User B could pretend to be User A, but really announce User B’s public key.

14 Public Directory Service Idea: Have a public directory or “phone book” of public keys. This directory is under the control/maintenance of a trusted third party (e.g. the government). Involves: –Authority maintains a directory of {name, PK} –Each user registers public key. Registration should involve authentication. –A user may replace or update keys. –Authority periodically publishes directory or updates to directory. –Participants can access directory through secure channel. Weaknesses: –If private key of directory service is compromised, then opponent can pretend to be directory service. –Directory is a single point of failure.

15 Public Key Authority Idea: More security is achieved if the authority has tighter control over who gets the keys. Assumptions: –Central authority maintains a dynamic directory of public keys of all users. –Central authority only gives keys out based on requests. –Each user knows the public key of the authority. Weaknesses: –Public Key Authority is a single point of failure. –User has to contact PK Authority, thus the PK Authority can be a bottleneck for service.

16 Public Key Authority, protocol PK Auth A B Step 1 Step 2 1. A Sends: {Request || Time1} 2. PK Auth: E dAuth [ e B || {Request || Time1}] Step 3 Step 6 3. A Sends B: E eB (ID A ||N 1 ) Step 7 4 and 5. B does steps 1 and 2. 6. B Sends: E eA (N 1 ||N 2 ) Step 4 Step 5 7. A Sends: E eB (N 2 )

17 Public Key Certificates Idea: Use certificates! Participants exchange keys without contacting a PK Authority in a way that is reliable. Certificates contain: –A public key (created/verified by a certificate authority). –Other information. Certificates are given to a participant using the authority’s private key. A participant conveys its key information to another by transmitting its certificate. Other parties can verify that the certificate was created/verified by the authority. Weakness: –Requires secure time synchronization.

18 Public Key Certificates, overview Cert Auth A B Give e A securely to CA CertA = E dAuth {Time1||ID A ||e A } CertA Cert B Securely give e B to CA CertB = E dAuth {Time2||ID B ||e B } Requirements: Any participant can read a certificate to determine the name and public key of the certificate’s owner. Any participant can verify that the certificate originated from the certificate authority and is not counterfeit. Only the certificate authority can create and update certificates. Any participant can verify the currency of the certificate.

19 X.509 PK Certificates X.509 is a very commonly used public key certificate framework. The certificate structure and authentication protocols are used in: –IP SEC –SSL –SET X.509 Certificate Format: –Version 1/2/3 –Serial is unique within the CA –First and last time of validity Version Cert Serial # Algorithm & Parms Issuer Name Validity Time: Not before/after Subject Name PK Info: Algorithm, Parms, Key... Signature (w/ hash)

20 X.509 Certificate Chaining Its not feasible to have one CA for a large group of users. Suppose A knows CA X 1, B knows CA X 2. If A does not know X 2 ’s PK then Cert X2 (B) is useless to A. If X1 and X2 have certified each other then A can get B’s PK by: –A obtains CertX1(X2) –A obtains CertX2(B) –Because B has a trusted copy of X2’s PK, A can verify B’s certificate and get B’s PK. Certificate Chain: –{CertX1(X2)|| CertX2(B)} Procedure can be generalized to more levels. AB X1X1 X2X2 {Cert X1 (X2)|| Cert X2 (B)} Cert X1 (X2) Cert X2 (X1)

Download ppt "Overview of Key Establishment Techniques: Key Distribution, Key Agreement and PKI Wade Trappe."

Similar presentations

Key Management Nick Feamster CS 6262 Spring 2009.

Key Management Nick Feamster CS 6262 Spring 2009.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.

PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.
Cryptography and Network Security Chapter 14

Cryptography and Network Security Chapter 14
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.

Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Computer Security Key Management

Computer Security Key Management
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.

1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.
Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.

Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.

Similar presentations

Ads by Google