Public-Key Encryption and Key Management in Cryptography and Network Security, Study notes of Design and Analysis of Algorithms

The importance of public-key encryption in addressing key distribution problems in cryptography and network security. It covers the distribution of public keys through methods like public announcement, publicly available directories, and public-key authorities, and the use of public-key certificates. The document also introduces the concept of key exchange protocols, such as diffie-hellman key exchange, and their vulnerabilities to attacks.

Typology: Study notes

2010/2011

Uploaded on 09/01/2011

visir66
visir66 🇮🇳

4.4

(74)

97 documents

1 / 22

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Cryptography and
Cryptography and
Network Security
Network Security
Chapter 10
Chapter 10
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16

Partial preview of the text

Download Public-Key Encryption and Key Management in Cryptography and Network Security and more Study notes Design and Analysis of Algorithms in PDF only on Docsity!

Cryptography and

Cryptography and

Network Security

Network Security

Chapter 10

Chapter 10

Key Management

Key Management

public-key encryption helps address

public-key encryption helps address

key

key

distribution problems

distribution problems

have two aspects of this:

have two aspects of this:

distribution of public keys

distribution of public keys

use of public-key encryption to

use of public-key encryption to distribute

distribute

secret keys

secret keys

Public Announcement

Public Announcement

users distribute public keys to recipients or

users distribute public keys to recipients or

broadcast to community at large

broadcast to community at large

eg. append PGP keys to email messages or

eg. append PGP keys to email messages or

post to news groups or email list

post to news groups or email list

major weakness is forgery

major weakness is forgery

anyone can create a key claiming to be

anyone can create a key claiming to be

someone else and broadcast it

someone else and broadcast it

until forgery is discovered can masquerade as

until forgery is discovered can masquerade as

claimed user

claimed user

Publicly Available Directory

Publicly Available Directory

can obtain greater security by registering

can obtain greater security by registering

keys with a public directory

keys with a public directory

directory must be trusted with properties:

directory must be trusted with properties:

contains {name,public-key} entries

contains {name,public-key} entries

participants register securely with directory

participants register securely with directory

participants can replace key at any time

participants can replace key at any time

directory is periodically published

directory is periodically published

directory can be accessed electronically

directory can be accessed electronically

still vulnerable to tampering or forgery

still vulnerable to tampering or forgery

Public-Key Authority

Public-Key Authority

Public-Key Certificates

Public-Key Certificates

certificates allow key exchange without

certificates allow key exchange without

real-time access to

real-time access to

public-key authority

public-key authority

a certificate

a certificate

binds

binds

identity

identity

to

to

public key

public key

usually with other info such as period of

usually with other info such as period of

validity, rights of use etc

validity, rights of use etc

with all contents

with all contents

signed

signed

by a trusted

by a trusted

Public-Key or Certificate Authority (CA)

Public-Key or Certificate Authority (CA)

can be verified by anyone who knows the

can be verified by anyone who knows the

public-key authorities public-key

public-key authorities public-key

Public-Key D

Public-Key D

istribution of Secret

istribution of Secret

Keys

Keys

use previous methods to obtain public-key

use previous methods to obtain public-key

can use for secrecy or authentication

can use for secrecy or authentication

but public-key algorithms are slow

but public-key algorithms are slow

so usually want to use private-key

so usually want to use private-key

encryption to protect message contents

encryption to protect message contents

hence need a session key

hence need a session key

have several alternatives for negotiating a

have several alternatives for negotiating a

suitable session

suitable session

Simple Secret Key

Simple Secret Key

Distribution

Distribution

proposed by Merkle in 1979

proposed by Merkle in 1979

A generates a new temporary public key pair

A generates a new temporary public key pair

A sends B the public key and their identity

A sends B the public key and their identity

B generates a session key K sends it to A

B generates a session key K sends it to A

encrypted using the supplied public key

encrypted using the supplied public key

A decrypts the session key and both use

A decrypts the session key and both use

problem is that an opponent can intercept

problem is that an opponent can intercept

and impersonate both halves of protocol

and impersonate both halves of protocol

Hybrid Key Distribution

Hybrid Key Distribution

retain use of private-key KDC

retain use of private-key KDC

shares secret master key with each user

shares secret master key with each user

distributes session key using master key

distributes session key using master key

public-key used to distribute master keys

public-key used to distribute master keys

especially useful with widely distributed users

especially useful with widely distributed users

rationale

rationale

performance

performance

backward compatibility

backward compatibility

Diffie-Hellman Key Exchange

Diffie-Hellman Key Exchange

first public-key type scheme proposed

first public-key type scheme proposed

by Diffie & Hellman in 1976 along with the

by Diffie & Hellman in 1976 along with the

exposition of public key concepts

exposition of public key concepts

note: now know that

note: now know that

Williamson

Williamson

(UK CESG)

(UK CESG)

secretly proposed the concept in 1970

secretly proposed the concept in 1970

is a practical method for public exchange

is a practical method for public exchange

of a secret key

of a secret key

used in a number of commercial products

used in a number of commercial products

Diffie-Hellman Setup

Diffie-Hellman Setup

all users agree on global parameters:

all users agree on global parameters:

large prime integer or polynomial

large prime integer or polynomial

q

q

a

a being a primitive root mod

being a primitive root mod q

q

each user (eg. A) generates their key

each user (eg. A) generates their key

chooses a secret key (number):

chooses a secret key (number): x

x

A

A

< q

< q

compute their

compute their public key

public key :

y

y

AA

a

a

x

x

A

A

mod q

mod q

each user makes public that key

each user makes public that key

y

y

A

A

Diffie-Hellman Key Exchange

Diffie-Hellman Key Exchange

shared session key for users A & B is K

shared session key for users A & B is K

AB

AB

K

K

AB

AB

=

=

a

a

x

x

A.A.

x

x

BB

mod q

mod q

= y

= y

A

A

x

x

B

B

mod q (which

mod q (which B

B can compute)

can compute)

= y

= y

BB

xx

AA

mod q (which

mod q (which A

A can compute)

can compute)

K

K

AB

AB

is used as session key in private-key

is used as session key in private-key

encryption scheme between Alice and Bob

encryption scheme between Alice and Bob

if Alice and Bob subsequently communicate,

if Alice and Bob subsequently communicate,

they will have the

they will have the same

same key as before, unless

key as before, unless

they choose new public-keys

they choose new public-keys

attacker needs an x, must solve discrete log

attacker needs an x, must solve discrete log

Key Exchange Protocols

Key Exchange Protocols

users could create random private/public

users could create random private/public

D-H keys each time they communicate

D-H keys each time they communicate

users could create a known private/public

users could create a known private/public

D-H key and publish in a directory, then

D-H key and publish in a directory, then

consulted and used to securely

consulted and used to securely

communicate with them

communicate with them

both of these are vulnerable to a meet-in-

both of these are vulnerable to a meet-in-

the-Middle Attack

the-Middle Attack

authentication of the keys is needed

authentication of the keys is needed

Weakness

Weakness

In this simple example, it would be possible by brute force to

In this simple example, it would be possible by brute force to

determine the secret key 160. In particular, an attacker E can

determine the secret key 160. In particular, an attacker E can

determine the determine the

common key by discovering a solution to the equation 3

common key by discovering a solution to the equation 3

a

a

mod 353 = 40 or the equation 3

mod 353 = 40 or the equation 3

b

b

mod 353 = 248. The brute-force approach is to

mod 353 = 248. The brute-force approach is to

calculate powers of 3 modulo 353, stopping when the result equals

calculate powers of 3 modulo 353, stopping when the result equals

either 40 or 248. The desired answer is reached with the exponent

either 40 or 248. The desired answer is reached with the exponent

value of 97, which provides 3

value of 97, which provides 3

97

97

mod 353 = 40.

mod 353 = 40.

With larger numbers, the problem becomes impractical.

With larger numbers, the problem becomes impractical.