ECE 646 Lecture 3. Key management. Required Reading. Using Session Keys & Key Encryption Keys. Using the same key for multiple messages

Transcription

1 ECE 646 Lecture 3 Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E management Chapter 14 Management and Distribution Using the same for multiple messages Using Session s & Encryption s K 1 K 2 K 3 M 1 M 2 M 3 M 4 M 5 E KEK E KEK (K 1 ) E KEK (K 2 ) E KEK (K 3 ) E K M 1 M 2 M 3 M 4 M 5 E K1 E K2 E K3 C 1 C 2 C 3 C 4 C 5 C 1 C 2 C 3 C 4 C 5 Control Vector Master Session Control Vector Master Encrypted Session Distribution Center (KDC) Hashing Hashing K -KDC C Encryption Encrypted Session Plaintext (a) Control Vector Encryption Decryption Session (b) Control Vector Decryption Ciphertext Control Figure Vector 14.6 Control Encryption Vector and Decryption Decryption K -KDC KDC E K E-KDC D 1

2 Simple establishment protocol based on KDC establishment protocol based on KDC KDC K -KDC... KDC K -KDC... (1) let me talk with (2b) (, K ) (1) let me talk with (2a) K -KDC (, K ) (2) K -KDC (, K, ticket ) (3) ticket = (, K ) K -KDC K -KDC agreement Diffie-Hellman agreement scheme s s x a, q - global public elements x s s y = a x mod q y = a x mod q x x S = y mod q S = y mod q of and of and K K Man-in-the-middle attack s s Does cryptography have an chilles heel? s s, send me your, C s public C s public s, message encrypted using s of and C of and C 2

3 Does cryptography have an chilles heel? Does cryptography have an chilles heel?, send me your,, send me your, s, s, s s message encrypted using s s message encrypted using s s message reencrypted using s Directory of s (1) Directory of s (2), s, s, s, s Dave, Dave s Eve, Eve s, s s, s, s, s Dave, Dave s Eve, Eve s message encrypted using s message encrypted using s s Directory of s (3) PGP: Flow of trust, s s message encrypted using s, s, s, s Dave, Dave s Eve, Eve s message reencrypted using s Manual exchange of s: (Washington) Las Vegas Û David David (New York) David, send me etty s etty s signed by David Edinburgh David Û etty message encrypted using etty s etty (London) 3

4 Certification uthority Loren Kohnfelder, Towards a Practical Public- Cryptosystem, achelor s Thesis, MIT, May Subject name Subject s Certificate Subject s Credentials Proof of identity Public of Certification uthority Certificate Public of Certification uthority Serial number Issuer (C) name Period of validity Signature algorithm identifier C s signature The exact X.509 Certificate Format Distinguished Name (DN) according to X.500 Example: Common name (CN) = Kris Gaj Country name (C) = US State or province name (ST) = V Locality name (L) = Fairfax Organization name (O) = George Mason University Organizational unit name (OU) = ECE [Stallings, 2010] Other fields permitted: Street address (S) Post office box (PO ox) Postal code (PC) Title (T) Description (D) Telephone number (TN) Serial number (SN) Examples of X.509 version extensions usage: Restrictions on the use of a given, e.g., digital signature, encryption, data encryption, agreement. Subject identifier: subject may have different pairs for different purposes (e.g., digital signature, agreement). Private usage period: Period of use of the corresponding. Subject alternative name: pplication specific name, e.g. address. asic constraints: Identifies if the subject may act as a C. 4

5 Non-repudiation only M, SGN (M), Cert C (, KU ) s - KR C s - KU C Cert C (, KU ) Confidentiality only Cert C (, KU ) Cert C (, KU ) Cert C (C, KU C ) Cert C (D, KU D ) Notation: KU X - of X KR X - of X SGN X (M) - signature of X for the message M Cert Y (X, KU X ) - certificate issued by Y for the user X K (M), KU (K ) C s - KU C s - KR Confidentiality and Non-repudiation Cert C (, KU ) Cert C (, KU ) Cert C (, KU ) Cert C (C, KU C ) Cert C (D, KU D ) Public Infrastructure with Reverse Certificates Fairfax US V M C Herndon Worcester oston Santa Clara San Jose SGN (M), Cert C (, KU ), K (M), KU (K ) s - KR C s - KU C s - KR C s - KU C GMU MIT knows KU GMU knows KU MIT M, SGN (M), Cert GMU (, KU ), Cert Fairfax (GMU, KU GMU ), Cert V (Fairfax, KU Fairfax ), Cert US (V, KU V ), Cert M (US, KU US ), Cert oston (M, KU M ), Cert MIT (oston, KU oston ) Public Infrastructure with Strict Hierarchy Public Infrastructure with Cross-Certificates US V M C Cert GMU (MIT, KU MIT ) Cert MIT (GMU, KU GMU ) Fairfax GMU Herndon Worcester oston MIT Santa Clara San Jose GMU knows KU GMU MIT knows KU MIT ll users know KU US M, SGN (M), Cert GMU (, KU ), Cert Fairfax (GMU, KU GMU ), Cert V (Fairfax, KU Fairfax ), Cert US (V, KU V ), M, SGN (M), Cert GMU (, KU ), Cert MIT (GMU, KU GMU ) 5

6 Certificate Revocation Lists (CRLs) This update date Next update date Issuer (C) name List of revoked certificates (serial number + revocation date) Signature algorithm C s signature The exact X.509 CRL Format Certificate is valid if it has a valid signature of C did not expire is not listed in the C s most recent CRL [Stallings, 2006] dvantages of Certification uthorities over Distribution Centers C does not need to be on-line C is relatively easy to implement C crash = no new users in the network but all old users operate normally certificates are not security sensitive, they can be stored in a public, and transmitted over a public network compromised C cannot decrypt messages (without first impersonating one of the users) only active attacks can be mounted using Cs s static s ephemeral uthenticated agreement s ephemeral s static certificates s static s ephemeral s static s ephemeral s static x s ephemeral uthenticated agreement s ephemeral r s static s static y certificates y p x Z = y p r p x r Z = y p r x s ephemeral s static s ephemeral Station-to-Station (STS) Protocol uthenticated agreement with confirmation y y, K (SGN (y, y )), Cert C (, KU )) K (SGN (y, y )), Cert C (, KU )) KR static of KU C static of C Cert C (, KU )) certificate of issued by C Notation: KU Z static of Z KR Z static of Z x Z ephemeral of Z y Z ephemeral of Z KR static of KU C static of C Cert C (, KU )) certificate of issued by C SGN Z (M) - signature of Z for the message M Cert C (Z, KU Z ) certificate of Z issued by C 6