




















Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
This lecture was delivered by Prof. Adityavardhana Gavde at Ankit Institute of Technology and Science. It is part of series lecture on Network Security course. It includes: Network, Security, Key Management, Distribution, Public, Encryption, Announcements, Certificates, Authority
Typology: Slides
1 / 28
This page cannot be seen from the preview
Don't miss anything!





















One^ of
the^ major
roles^ of^ public‐key
encryption
has^ been
to^ address
the^ problems
of^ key
distribution. Two^ distinct
aspects^
of^ public
key^ cryptography:
The^ distribution
of^ public^ keys The^ use^
of^ public^ key
encryption
to^ distribute
secret
keys
Any^ participant
can^ send
his^ public
key^ to^ any
other^ participant
or^ broadcast
the^ key^ to
the
community
at^ large. Example^ :^ PGP^ that
uses^ RSA^ has
adopted^ the
practice
of^ appending
their^ public
key^ to^ messages
that^ they^ send
to^ public^ forums
such^ as^ newsgroups
and^ internet
mailing
lists. Seems^ to^ be
convenient,
has^ major
weaknesses.
Anyone^ can
forge,^ That
is^ some^ user
pretend^ to
be
user^ A^ and
broadcast
its^ public
key.^ Until
noticed^ ,
forger^ can
able^ to^ read
encrypted
messages
intended^
for^ A^ and
can^ use^ keys
for^ authentication.
The^ authority
maintains
a^ directory
with^ a
{name,^ public
key}^ entry
for^ each
participant.
Each^ participant
register^
a^ public^ key
with^ the
directory
authority.
Registration
would^ have
to^ be
in^ person
or^ by^ some
form^ of^ secure
authenticated
communication. Participant
may^ replace
the^ existing
key.
Participants
could^ also
access^ the
directory
electronically.
For^ that^
authentication
is
mandatory.
Still^ its^ vulnerable
,^ if^ an^ adversary
succeed^
in
obtaining
the^ private
key^ of^ the
directory
authority,
it
can^ authoritatively
pass^ out^
counterfeit
public^ keys
and
subsequently
impersonate
and^ eavesdrop
any
participant. Another
way^ is^ to
temper^ records
kept^ by^ the
authority.
^ A^ sends^ a
time^ stamped
message^ to
the^ public^
key^ authority
containing^
a^ request^ for
the^ current
public^ key^
of^ B.
The^ authority
responds^ with
the^ message
that^ is^ encrypted
using^ the^ authority’s
private^ key
,^ PR^.^ Thusauth^
A^ is^ able^ to
decrypt^ the
message^ using
the^ authority’s
public^ key.
Therefore^ A
is^ assured^ that
the^ message
originated^
with^ the^ authority.
The^ message
includes: B^ public^ key,
PU,^ which^ b^
A^ can^ use^ to^
encrypt^ messages
destined^ for
B. The^ original
request^ ,^ to^
enable^ A^ to^ match
this^ response
with^ the
corresponding
earlier^ request
and^ verify^ that
original^ request
was^ not
altered^ before
reception^ by
the^ authority. The^ original
timestamp,^ so^ A^ can^ determine
that^ this^ is^ not
an^ old
message^ from
the^ authority
containing^ a
key^ other^ than
B’s^ current
public^ key.
A^ Stores
B’s^ public
key^ and^
also^ uses
it^ to
encrypt^ a
message
to^ B^ containing
an^ identifier
of
A^ (ID)^ andA
a^ nonce^
(N)^ ,^ which^1
is^ used^ to
identify
this^ transaction
uniquely. B^ retrieves
A’s^ public
key^ from
the^ authority
in
the^ same
manner^
as^ A^ retrieves
B’s^ public
key.
At^ this^
point^ ,^ public
key^ has^ been^ securely
delivered
to^ A^ and
B.^ and^ they
may^ begin
there
protected
exchange.
Total^ are
seven^ steps,
the^ initial
four^ steps
are
used^ infrequently
because
both^ A^ and
B^ can^ save
the^ other’s
public^ key
for^ future
use,^ known
as
caching. Periodically
user^ should
request^
fresh^ copies
of
public^ key
to^ ensure
currency.
A^ user^ can
present^ his
public^ key
to^ the^ authority
in
a^ secure^ manner
,^ and^ obtain
a^ certificate.
The^ user
then^ publish
the^ certificate. Any^ one
needed^ this
user^ public
key^ can^ obtain
the
certificate
and^ verify
that^ it^ is^
valid^ by^ way
of^ the
attached^
trusted^ signature. A^ participant
can^ also^ convey^ its
key^ information
to
another^ by
transmitting
its^ certificate. Other^ participants
can^ verify
that^ the^ certificate
was
created^ by
the^ authority.
Any^ participant
can^ read
a^ certificate
to
determine
the^ name
and^ public
key^ of^ the
certificate
owner. Any^ participant
can^ verify
that^ the certificate
originated
from^ the
certificate
authority
and^ is
not^ counterfeit. Only^ the
certificate
authority
can^ create
and
update^ certificate. Any^ participant
can^ verify
the^ currency
of^ the
certificate.
A^ may^ then
pass^ this^ certificate
on^ to^ any^
other^ participant
,^ who^ reads
and^ verifies
the^ certificate as^ follows: The^ recipient
uses^ the^ authority
public^ key,
PU^ ,^ toauth^
decrypt^ the
certificate. Because
the^ certificate
is^ readable
only^ using
authority’s
public^ key,
this^ verifies
authenticity
of^ certificate
authority.
The^ elements
IDand^ PUA^
providesa^
the^ recipient
with^ the
name^ and^
the^ public^
key^ of^ the^
certificate^
holder.
The^ T^ validate
the^ currency
of^ the^ certificate.
A^ private
key^ is^ learned
by^ the^ adversary. A^ generates
a^ new^ private/public
key^ pair^
and
applies^ to
the^ certificate
authority
for^ new
certificate. Meanwhile
,^ the^ adversary
replays^ the
old
certificate
to^ B.^ if^ B
then^ encrypts
messages
using
compromised
old^ public
key,^ the^
adversary
can
read^ those
messages.