Key Management-Network Security-Lecture Slides, Slides of Cryptography and System Security

This lecture was delivered by Prof. Adityavardhana Gavde at Ankit Institute of Technology and Science. It is part of series lecture on Network Security course. It includes: Network, Security, Key Management, Distribution, Public, Encryption, Announcements, Certificates, Authority

Typology: Slides

2011/2012

Uploaded on 07/23/2012

pararijka
pararijka 🇮🇳

4.5

(4)

90 documents

1 / 28

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
NetworkSecurity
(Lec 14&15)
(KeyManagement)
docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c

Partial preview of the text

Download Key Management-Network Security-Lecture Slides and more Slides Cryptography and System Security in PDF only on Docsity!

Network

Security(Lec 14^ &^ 15)

(Key^ Management)

Key^ Management

One^ of

the^ major

roles^ of^ public‐key

encryption

has^ been

to^ address

the^ problems

of^ key

distribution. Two^ distinct

aspects^

of^ public

key^ cryptography:

The^ distribution

of^ public^ keys The^ use^

of^ public^ key

encryption

to^ distribute

secret

keys

Public^

Announcements

Any^ participant

can^ send

his^ public

key^ to^ any

other^ participant

or^ broadcast

the^ key^ to

the

community

at^ large. Example^ :^ PGP^ that

uses^ RSA^ has

adopted^ the

practice

of^ appending

their^ public

key^ to^ messages

that^ they^ send

to^ public^ forums

such^ as^ newsgroups

and^ internet

mailing

lists. Seems^ to^ be

convenient,

has^ major

weaknesses.

Anyone^ can

forge,^ That

is^ some^ user

pretend^ to

be

user^ A^ and

broadcast

its^ public

key.^ Until

noticed^ ,

forger^ can

able^ to^ read

encrypted

messages

intended^

for^ A^ and

can^ use^ keys

for^ authentication.

Public^

Announcements

Publicly

Available

Directory

The^ authority

maintains

a^ directory

with^ a

{name,^ public

key}^ entry

for^ each

participant.

Each^ participant

register^

a^ public^ key

with^ the

directory

authority.

Registration

would^ have

to^ be

in^ person

or^ by^ some

form^ of^ secure

authenticated

communication. Participant

may^ replace

the^ existing

key.

Participants

could^ also

access^ the

directory

electronically.

For^ that^

authentication

is

mandatory.

Publicly

Available

Directory

Still^ its^ vulnerable

,^ if^ an^ adversary

succeed^

in

obtaining

the^ private

key^ of^ the

directory

authority,

it

can^ authoritatively

pass^ out^

counterfeit

public^ keys

and

subsequently

impersonate

and^ eavesdrop

any

participant. Another

way^ is^ to

temper^ records

kept^ by^ the

authority.

Steps^ involved

^ A^ sends^ a

time^ stamped

message^ to

the^ public^

key^ authority

containing^

a^ request^ for

the^ current

public^ key^

of^ B.

The^ authority

responds^ with

the^ message

that^ is^ encrypted

using^ the^ authority’s

private^ key

,^ PR^.^ Thusauth^

A^ is^ able^ to

decrypt^ the

message^ using

the^ authority’s

public^ key.

Therefore^ A

is^ assured^ that

the^ message

originated^

with^ the^ authority.

The^ message

includes: B^ public^ key,

PU,^ which^ b^

A^ can^ use^ to^

encrypt^ messages

destined^ for

B. The^ original

request^ ,^ to^

enable^ A^ to^ match

this^ response

with^ the

corresponding

earlier^ request

and^ verify^ that

original^ request

was^ not

altered^ before

reception^ by

the^ authority. The^ original

timestamp,^ so^ A^ can^ determine

that^ this^ is^ not

an^ old

message^ from

the^ authority

containing^ a

key^ other^ than

B’s^ current

public^ key.

Continued…

A^ Stores

B’s^ public

key^ and^

also^ uses

it^ to

encrypt^ a

message

to^ B^ containing

an^ identifier

of

A^ (ID)^ andA

a^ nonce^

(N)^ ,^ which^1

is^ used^ to

identify

this^ transaction

uniquely. B^ retrieves

A’s^ public

key^ from

the^ authority

in

the^ same

manner^

as^ A^ retrieves

B’s^ public

key.

At^ this^

point^ ,^ public

key^ has^ been^ securely

delivered

to^ A^ and

B.^ and^ they

may^ begin

there

protected

exchange.

Continued..

Total^ are

seven^ steps,

the^ initial

four^ steps

are

used^ infrequently

because

both^ A^ and

B^ can^ save

the^ other’s

public^ key

for^ future

use,^ known

as

caching. Periodically

user^ should

request^

fresh^ copies

of

public^ key

to^ ensure

currency.

Public^

Key^ Authority

Public^

key^ Certificates

A^ user^ can

present^ his

public^ key

to^ the^ authority

in

a^ secure^ manner

,^ and^ obtain

a^ certificate.

The^ user

then^ publish

the^ certificate. Any^ one

needed^ this

user^ public

key^ can^ obtain

the

certificate

and^ verify

that^ it^ is^

valid^ by^ way

of^ the

attached^

trusted^ signature. A^ participant

can^ also^ convey^ its

key^ information

to

another^ by

transmitting

its^ certificate. Other^ participants

can^ verify

that^ the^ certificate

was

created^ by

the^ authority.

Requirements

Any^ participant

can^ read

a^ certificate

to

determine

the^ name

and^ public

key^ of^ the

certificate

owner. Any^ participant

can^ verify

that^ the certificate

originated

from^ the

certificate

authority

and^ is

not^ counterfeit. Only^ the

certificate

authority

can^ create

and

update^ certificate. Any^ participant

can^ verify

the^ currency

of^ the

certificate.

Continued…

A^ may^ then

pass^ this^ certificate

on^ to^ any^

other^ participant

,^ who^ reads

and^ verifies

the^ certificate as^ follows: The^ recipient

uses^ the^ authority

public^ key,

PU^ ,^ toauth^

decrypt^ the

certificate. Because

the^ certificate

is^ readable

only^ using

authority’s

public^ key,

this^ verifies

authenticity

of^ certificate

authority.

The^ elements

IDand^ PUA^

providesa^

the^ recipient

with^ the

name^ and^

the^ public^

key^ of^ the^

certificate^

holder.

The^ T^ validate

the^ currency

of^ the^ certificate.

Time^ Stamp

Scenario

A^ private

key^ is^ learned

by^ the^ adversary. A^ generates

a^ new^ private/public

key^ pair^

and

applies^ to

the^ certificate

authority

for^ new

certificate. Meanwhile

,^ the^ adversary

replays^ the

old

certificate

to^ B.^ if^ B

then^ encrypts

messages

using

compromised

old^ public

key,^ the^

adversary

can

read^ those

messages.