Chapter 8: Key Management
advertisement
Chapter 8: Key Management Dulal C Kar Based on Bruce Schneier Introduction • Hardest part of cryptography • Keeping keys secret is hard • Cryptanalysts often attack key management protocols and algorithms Generating Keys • Security rests on keys • Key generation algorithm can be under attack • Reduced key spaces – DES has a 56-bit key – Fixing some of the bits reduces key space – Example: Key for Norton Discreet for MSDOS actually reduces to a 40-bit key, 10000 times easier to break Generating Keys (cont’d) • Poor Key Choices – Same as poor password choices – Subject to dictionary attack – Dictionary attack is much more effective when used against a key of files and not a single key Generating Keys (cont’d) • Random Keys – Best keys but how to generate them – Use reliable random source such as noise from audio or radioactive decay or cryptographically secure pseudo random-bit generator – Discard weak keys. DES has only 16 weak keys. – Generating keys for public-key cryptography is harder due to math Generating Keys (cont’d) • Pass Phrases – Use easy to remember phrase – Then use a one-way hash function to obtain a pseudo-random-bit string from the phrase – Information theory • About 1.3 bits of info per character in standard English • For 64-bit key, a pass phrase of about 49 characters should be sufficient Generating Keys (cont’d) • ANSI X9.17 Key generation – – – – “Not east to remember” keys Suitable for sessions Uses triple-DES to generate keys Algorithm Let EK(X) be triple-DES encryption of X with key K. K: special key reserved for key generation V0: secret 64-bit seed T: timestamp To generate random key Ri, calculate Ri = EK(EK(Ti) xor Vi) To generate Vi+1, calculate Vi+1 = EK(EK(Ti) xor Ri) To turn Ri into DES key, simply adjust every eight bit for parity. Generating Keys (cont’d) • DoD Key generation – Recommends using DES in OFB (output feedback) mode – Generate a DES key from system interrupt vectors, system status registers, and system counters – Generate an initialization vector from the system clock, system ID, and date and time – For plaintext, use an externally generated 64-bit quantity (or type eight characters) – Use the output as your key Transferring Keys • Public key cryptography solves the problem • Some systems use alternate channels known to be secure • Two types of keys by X9.17 standard – Data keys (distributed more often) – Key encryption keys (manually distributed, tamper proof smart card) • Key distribution – Split key using secret splitting scheme – Send each share over a different channel Transferring Keys (cont’d) • Key distribution in large networks – Total number key exchanges for n-users is n(n-1)/2 – Better to create a central key server (or servers) Verifying Keys • When Bob receives a key, how does he know it came from Alice and not from some-one pretending to be Alice? • Alice can use a digital signature protocol to sign the key • Bob has to trust public-key database to verify Alice’s signature • KDC can sign Alice’s public key • Bob has to trust KDC’s public key he has • In this sense, some people argue that public-key cryptography is useless Verifying Keys (cont’d) • Error detection during key transmission – Send key as well as a known constant 2 to 4 bytes encrypted by the key – At the receiving do the same to verify • Key-error detection during decryption – For ASCII plaintext, decrypt and see whether you can read – For random plaintext • Attach a verification block header, a known header encrypted by the key • Decrypt at the receiver to verify
