Information_Security..

advertisement
Key Management and
Distribution
Major Issues Involved in Symmetric
Key Distribution
• For symmetric encryption to work, the two parties of an
exchange must share the same key and that key must be
protected.
• Frequent key changes may be desirable to limit the amount
of data compromised.
• The strength of a cryptographic system rests with the
technique for solving the key distribution problem -delivering a key to the two parties of an exchange.
• The scale of the problem depends on the number of
communication pairs.
YSL
Information Security – Mutual Trust
2
Approaches to Symmetric Key
Distribution
Let A (Alice) and B (Bob) be the two parties.
• A key can be selected by A and physically delivered to B.
• A third party can select the key and physically deliver it to
A and B.
• If A and B have previously and recently used a key, one
party can transmit the new key to the other, encrypted
using the old key.
• If A and B each has an encrypted connection to a third
party C,
• C can deliver a key on the encrypted links to A and B.
YSL
Information Security – Mutual Trust
3
Symmetric Key Distribution Task
YSL
Information Security – Mutual Trust
4
Symmetric Key Hierarchy


Typically a hierarchy structure of keys is adopted.
Session keys
–
–
–

Master keys
–
–
YSL
temporary key
used for encryption of data between users
for one logical session then discarded
used to encrypt session keys
shared by each user & the key distribution center
Information Security – Mutual Trust
5
Symmetric Key Hierarchy
YSL
Information Security – Mutual Trust
6
Symmetric Key Distribution Scenario
YSL
Information Security – Mutual Trust
7
Symmetric Key Distribution Issues
• Hierarchies of KDC’s required for large
networks, but must trust each other
• Session key lifetimes should be limited for
greater security
• Use of automatic key distribution on behalf
of users, but must trust system
• Use of decentralized key distribution
• Controlling key usage
YSL
Information Security – Mutual Trust
8
Symmetric Key Distribution Using
Public Keys

Public key cryptosystems are inefficient.
– almost never used for direct data encryption
– rather used to encrypt secret keys for distribution
YSL
Information Security – Mutual Trust
9
Simple Secret Key Distribution
• Merkle proposed this very simple scheme
– allows secure communications
– no keys before/after exist
YSL
Information Security – Mutual Trust
10
Simple Secret Key Distribution (cont’d)
• Simple secret key distribution (cont’d)
– advantages
• simplicity
• no keys stored before and after the communication
• security against eavesdropping
– disadvantages
• lack of authentication mechanism between participants
• vulnerability to an active attack as described in the next
slide
• leak of the secret key upon such active attacks
YSL
Information Security – Mutual Trust
11
Man-in-the-Middle Attacks

YSL
This very simple scheme is vulnerable to an
active man-in-the-middle attack.
Information Security – Mutual Trust
12
Secret Key Distribution with
Confidentiality & Authentication
YSL
Information Security – Mutual Trust
13
Secret Key Distribution with
Confidentiality & Authentication (cont’d)
• Provision of protection against both active
and passive attacks
• Assurance of both confidentiality and
authentication in the exchange of a secret
key
• Availability of public keys a priori
• Complexity
YSL
Information Security – Mutual Trust
14
Public Key Distribution
• The distribution of public keys
–
–
–
–
public announcement
publicly available directory
public-key authority
public-key certificates
• The use of public-key encryption to
distribute secret keys
– simple secret key distribution
– secret key distribution with confidentiality and
authentication
YSL
Information Security – Mutual Trust
15
Public Key Distribution (cont’d)
• Public announcement
YSL
Information Security – Mutual Trust
16
Public Key Distribution (cont’d)
• Public announcement (cont’d)
– advantages: convenience
– disadvantages: forgery of such a public
announcement by anyone
YSL
Information Security – Mutual Trust
17
Public Key Distribution (cont’d)
• Publicly available directory
YSL
Information Security – Mutual Trust
18
Public Key Distribution (cont’d)
• Publicly available directory (cont’d)
– elements of the scheme
• {name, public key} entry for each participant in the
directory
• in-person or secure registration
• on-demand entry update
• periodic publication of the directory
• availability of secure electronic access from the directory
to participants
– advantages: greater degree of security
YSL
Information Security – Mutual Trust
19
Public Key Distribution (cont’d)
• Publicly available directory (cont’d)
– disadvantages
• need of a trusted entity or organization
• need of additional security mechanism from the directory
authority to participants
• vulnerability of the private key of the directory authority
(global-scaled disaster if the private key of the directory
authority is compromised)
• vulnerability of the directory records
YSL
Information Security – Mutual Trust
20
Public Key Distribution (cont’d)
• Public-key authority
YSL
Information Security – Mutual Trust
21
Public Key Distribution (cont’d)
• Public-key authority (cont’d)
– stronger security for public-key distribution can be
achieved by providing tighter control over the
distribution of public keys from the directory
– each participant can verify the identity of the authority
– participants can verify identities of each other
– disadvantages
• bottleneck effect of the public-key authority
• vulnerability of the directory records
YSL
Information Security – Mutual Trust
22
Public Key Distribution (cont’d)
• Public-key certificates
YSL
Information Security – Mutual Trust
23
Public Key Distribution (cont’d)
• Public-key certificates (cont’d)
– to use certificates that can be used by participants to
exchange keys without contacting a public-key
authority
– requirements on the scheme
• any participant can read a certificate to determine the name
and public key of the certificate’s owner
• any participant can verify that the certificate originated from
the certificate authority and is not counterfeit
• only the certificate authority can create & update certificates
• any participant can verify the currency of the certificate
YSL
Information Security – Mutual Trust
24
Public Key Distribution (cont’d)
• Public-key certificates (cont’d)
– advantages
• to use certificates that can be used by participants to
exchange keys without contacting a public-key authority
• in a way that is as reliable as if the key were obtained
directly from a public-key authority
• no on-line bottleneck effect
– disadvantages: need of a certificate authority
YSL
Information Security – Mutual Trust
25
Download