Key Management and Distribution Major Issues Involved in Symmetric Key Distribution • For symmetric encryption to work, the two parties of an exchange must share the same key and that key must be protected. • Frequent key changes may be desirable to limit the amount of data compromised. • The strength of a cryptographic system rests with the technique for solving the key distribution problem -delivering a key to the two parties of an exchange. • The scale of the problem depends on the number of communication pairs. YSL Information Security – Mutual Trust 2 Approaches to Symmetric Key Distribution Let A (Alice) and B (Bob) be the two parties. • A key can be selected by A and physically delivered to B. • A third party can select the key and physically deliver it to A and B. • If A and B have previously and recently used a key, one party can transmit the new key to the other, encrypted using the old key. • If A and B each has an encrypted connection to a third party C, • C can deliver a key on the encrypted links to A and B. YSL Information Security – Mutual Trust 3 Symmetric Key Distribution Task YSL Information Security – Mutual Trust 4 Symmetric Key Hierarchy Typically a hierarchy structure of keys is adopted. Session keys – – – Master keys – – YSL temporary key used for encryption of data between users for one logical session then discarded used to encrypt session keys shared by each user & the key distribution center Information Security – Mutual Trust 5 Symmetric Key Hierarchy YSL Information Security – Mutual Trust 6 Symmetric Key Distribution Scenario YSL Information Security – Mutual Trust 7 Symmetric Key Distribution Issues • Hierarchies of KDC’s required for large networks, but must trust each other • Session key lifetimes should be limited for greater security • Use of automatic key distribution on behalf of users, but must trust system • Use of decentralized key distribution • Controlling key usage YSL Information Security – Mutual Trust 8 Symmetric Key Distribution Using Public Keys Public key cryptosystems are inefficient. – almost never used for direct data encryption – rather used to encrypt secret keys for distribution YSL Information Security – Mutual Trust 9 Simple Secret Key Distribution • Merkle proposed this very simple scheme – allows secure communications – no keys before/after exist YSL Information Security – Mutual Trust 10 Simple Secret Key Distribution (cont’d) • Simple secret key distribution (cont’d) – advantages • simplicity • no keys stored before and after the communication • security against eavesdropping – disadvantages • lack of authentication mechanism between participants • vulnerability to an active attack as described in the next slide • leak of the secret key upon such active attacks YSL Information Security – Mutual Trust 11 Man-in-the-Middle Attacks YSL This very simple scheme is vulnerable to an active man-in-the-middle attack. Information Security – Mutual Trust 12 Secret Key Distribution with Confidentiality & Authentication YSL Information Security – Mutual Trust 13 Secret Key Distribution with Confidentiality & Authentication (cont’d) • Provision of protection against both active and passive attacks • Assurance of both confidentiality and authentication in the exchange of a secret key • Availability of public keys a priori • Complexity YSL Information Security – Mutual Trust 14 Public Key Distribution • The distribution of public keys – – – – public announcement publicly available directory public-key authority public-key certificates • The use of public-key encryption to distribute secret keys – simple secret key distribution – secret key distribution with confidentiality and authentication YSL Information Security – Mutual Trust 15 Public Key Distribution (cont’d) • Public announcement YSL Information Security – Mutual Trust 16 Public Key Distribution (cont’d) • Public announcement (cont’d) – advantages: convenience – disadvantages: forgery of such a public announcement by anyone YSL Information Security – Mutual Trust 17 Public Key Distribution (cont’d) • Publicly available directory YSL Information Security – Mutual Trust 18 Public Key Distribution (cont’d) • Publicly available directory (cont’d) – elements of the scheme • {name, public key} entry for each participant in the directory • in-person or secure registration • on-demand entry update • periodic publication of the directory • availability of secure electronic access from the directory to participants – advantages: greater degree of security YSL Information Security – Mutual Trust 19 Public Key Distribution (cont’d) • Publicly available directory (cont’d) – disadvantages • need of a trusted entity or organization • need of additional security mechanism from the directory authority to participants • vulnerability of the private key of the directory authority (global-scaled disaster if the private key of the directory authority is compromised) • vulnerability of the directory records YSL Information Security – Mutual Trust 20 Public Key Distribution (cont’d) • Public-key authority YSL Information Security – Mutual Trust 21 Public Key Distribution (cont’d) • Public-key authority (cont’d) – stronger security for public-key distribution can be achieved by providing tighter control over the distribution of public keys from the directory – each participant can verify the identity of the authority – participants can verify identities of each other – disadvantages • bottleneck effect of the public-key authority • vulnerability of the directory records YSL Information Security – Mutual Trust 22 Public Key Distribution (cont’d) • Public-key certificates YSL Information Security – Mutual Trust 23 Public Key Distribution (cont’d) • Public-key certificates (cont’d) – to use certificates that can be used by participants to exchange keys without contacting a public-key authority – requirements on the scheme • any participant can read a certificate to determine the name and public key of the certificate’s owner • any participant can verify that the certificate originated from the certificate authority and is not counterfeit • only the certificate authority can create & update certificates • any participant can verify the currency of the certificate YSL Information Security – Mutual Trust 24 Public Key Distribution (cont’d) • Public-key certificates (cont’d) – advantages • to use certificates that can be used by participants to exchange keys without contacting a public-key authority • in a way that is as reliable as if the key were obtained directly from a public-key authority • no on-line bottleneck effect – disadvantages: need of a certificate authority YSL Information Security – Mutual Trust 25