Introduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution

Similar documents
Cryptography and Network Security Chapter 14

Key Management and Distribution

Key Management and Distribution

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms

Network Security Essentials

X.509. CPSC 457/557 10/17/13 Jeffrey Zhu

CT30A8800 Secured communications

Introduction to Network Security Missouri S&T University CPE 5420 Network Access Control

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Lecture Note 6 KEY MANAGEMENT. Sourav Mukhopadhyay

Acknowledgments. CSE565: Computer Security Lectures 16 & 17 Authentication & Applications

Kerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos

Public Key Infrastructure

Public-Key Infrastructure NETS E2008

Cryptography and Network Security

Certificates, Certification Authorities and Public-Key Infrastructures

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

KEY DISTRIBUTION AND USER AUTHENTICATION

Overview. SSL Cryptography Overview CHAPTER 1

Server-based Certificate Validation Protocol

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

CSE 565 Computer Security Fall 2018

PKI-An Operational Perspective. NANOG 38 ARIN XVIII October 10, 2006

Public Key Establishment

Lecture 13. Public Key Distribution (certification) PK-based Needham-Schroeder TTP. 3. [N a, A] PKb 6. [N a, N b ] PKa. 7.

Security Digital Certificate Manager

Chapter 9: Key Management

ICS 180 May 4th, Guest Lecturer: Einar Mykletun

User Authentication. Modified By: Dr. Ramzi Saifan

Datasäkerhetsmetoder föreläsning 7

Key management. Required Reading. Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E

IBM. Security Digital Certificate Manager. IBM i 7.1

Information Security CS 526

ECE 646 Lecture 3. Key management

CS Computer Networks 1: Authentication

Elliptic Curve Cryptography (ECC) based. Public Key Infrastructure (PKI) Kunal Abhishek Society for Electronic Transactions & Security (SETS), Chennai

T Cryptography and Data Security

Certificateless Public Key Cryptography

Overview of Authentication Systems

Understanding HTTPS CRL and OCSP

IBM i Version 7.2. Security Digital Certificate Manager IBM

Background. Network Security - Certificates, Keys and Signatures - Digital Signatures. Digital Signatures. Dr. John Keeney 3BA33

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to share so many secrets?!?

AeroMACS Public Key Infrastructure (PKI) Users Overview

ECE 646 Lecture 3. Key management. Required Reading. Using the same key for multiple messages

Cryptographic Protocols 1

Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Digital Certificates Demystified

Cryptography and Network Security

INF3510 Information Security University of Oslo Spring Lecture 3 Key Management and PKI. Audun Jøsang

Topics. Dramatis Personae Cathy, the Computer, trusted 3 rd party. Cryptographic Protocols

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

PKI Services. Text PKI Definition. PKI Definition #1. Public Key Infrastructure. What Does A PKI Do? Public Key Infrastructures

Fall 2010/Lecture 32 1

UNIT - IV Cryptographic Hash Function 31.1

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

Lecture 15 Public Key Distribution (certification)

Cryptology Part 1. Terminology. Basic Approaches to Cryptography. Basic Approaches to Cryptography: (1) Transposition (continued)

CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure

Ten Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier

by Amy E. Smith, ShiuFun Poon, and John Wray

T Cryptography and Data Security

Key management. Pretty Good Privacy

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

Verteilte Systeme (Distributed Systems)

Diffie-Hellman. Part 1 Cryptography 136

Crypto meets Web Security: Certificates and SSL/TLS

Intruders, Human Identification and Authentication, Web Authentication

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

CSC 482/582: Computer Security. Security Protocols

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Bart Preneel PKI. February Public Key Establishment. PKI Overview. Keys and Lifecycle Management. How to establish public keys?

Cryptography and Network Security Chapter 13. Digital Signatures & Authentication Protocols

Authentication in Distributed Systems

CS549: Cryptography and Network Security

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1

CS 425 / ECE 428 Distributed Systems Fall 2017

Managing SSL certificates in the ServerView Suite

Introduction to Cryptography Lecture 10

Lecture 1: Introduction to Security Architecture. for. Open Systems Interconnection

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Network Security. Chapter 8. MYcsvtu Notes.

Cryptography and Network Security Chapter 10. Fourth Edition by William Stallings

Cryptography and Network Security Chapter 13. Fourth Edition by William Stallings. Lecture slides by Lawrie Brown

Some Lessons Learned from Designing the Resource PKI

But where'd that extra "s" come from, and what does it mean?

Lecture 2 Applied Cryptography (Part 2)

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to talk so much?!? Content taken from the following:

ECE 646 Lecture 3. Key management. Required Reading. Using Session Keys & Key Encryption Keys. Using the same key for multiple messages

Authentication and Secure Communication. Jeff Chase Duke University

Authentication Part IV NOTE: Part IV includes all of Part III!

PKI Credentialing Handbook

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

Introduction to SSL. Copyright 2005 by Sericon Technology Inc.

Introduction to Network Security Missouri S&T University CPE 5420 Exam 2 Logistics

CIS 5373 Systems Security

Apple Inc. Certification Authority Certification Practice Statement

Transcription:

Introduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science and Technology cetinkayae@mst.edu http://web.mst.edu/~cetinkayae/teaching/cpe5420fall2016 23 September 2016 rev. 16.0 2014 2016 Egemen K. Çetinkaya

Key Management and Distribution Outline Symmetric key distribution Public key distribution X.509 certificates PKI 23 September 2016 MST CPE 5420 Key Management and Distribution 2

Key Management and Distribution Symmetric Key Distribution Symmetric key distribution using symmetric key encryption using asymmetric encryption Public key distribution X.509 certificates PKI 23 September 2016 MST CPE 5420 Key Management and Distribution 3

Key Management and Distribution Overview Delivery of a key to two parties Frequent key changes are desirable to limit amount of data compromised if attacker learns key For symmetric encryption to work two parties exchange share the same key key must be protected from access by others 23 September 2016 MST CPE 5420 Key Management and Distribution 4

Symmetric Key Distribution Methods Key exchange between the sender and receiver sender and receiver physically exchange the key sender and receiver use a recent (old) key to decrypt and exchange the new key Key distribution via third party third party selects key and physically deliver to end systems third party delivers the key via encrypted links Scale is an issue how would you distribute many keys physically? Third party against the very basic principle of security 23 September 2016 MST CPE 5420 Key Management and Distribution 5

Symmetric Key Distribution Scale How many keys are needed in n node comm.? Egemen K. Çetinkaya 23 September 2016 MST CPE 5420 Key Management and Distribution 6

Symmetric Key Distribution Scale Egemen K. Çetinkaya Number of keys needed: n (n 1)/2 23 September 2016 MST CPE 5420 Key Management and Distribution 7

Symmetric Key Distribution Key Hierarchy Egemen K. Çetinkaya Hierarchy reduces number of keys exchanged 23 September 2016 MST CPE 5420 Key Management and Distribution 8

Symmetric Key Distribution Centralized Scenario Egemen K. Çetinkaya Key exchange involves distribution and authentication 23 September 2016 MST CPE 5420 Key Management and Distribution 9

Symmetric Key Distribution Centralized Scenario Steps Step 1: initiator requests session key using initiator id, responder id, nonce nonce: random number that prevents masquerading Step 2: KDC responds session key encrypted using initiator's master key Step 3: initiator forwards session key to responder encrypted using responder s master key Step 4: responder sends a nonce validating session key using a different nonce Step 5: initiator responds to nonce validating identity completes authentication between initiator and responder 23 September 2016 MST CPE 5420 Key Management and Distribution 10

Hierarchical Key Distribution Overview What are the issues using one KDC? Egemen K. Çetinkaya 23 September 2016 MST CPE 5420 Key Management and Distribution 11

Hierarchical Key Distribution Architecture Using one KDC does not scale Uses local KDC for local domain communication If two entities in different domains desire shared key corresponding local KDCs communicate through global KDC Scheme minimizes effort in master key distribution most master keys shared by local KDC and its local entities limits range of faulty or subverted KDC to its local area only Hierarchical can be extended to three or more layers 23 September 2016 MST CPE 5420 Key Management and Distribution 12

Symmetric Key Distribution Decentralized Scenario Key exchange does not involve KDC Session key exchanged between initiator & responder This eliminates concern about KDC trustworthiness Not practical for larger networks 23 September 2016 MST CPE 5420 Key Management and Distribution 13

Symmetric Key Distribution Decentralized Scenario Steps Step 1: initiator requests session key from responder using initiator id, nonce nonce: random number that prevents masquerading Step 2: responder responds session key encrypted using master key (between two parties) responder also send a second nonce Step 3: initiator responds to nonce validating identity completes authentication between initiator and responder 23 September 2016 MST CPE 5420 Key Management and Distribution 14

Key Usage Lifetime and Control Session key lifetime has tradeoffs more frequent the session keys, more secure communication more frequent session keys delays start of communication exchange overhead of key exchange reduces network capacity Connection-oriented protocols key length time during session Connectionless protocols key length time for a fixed period of time Keys should be controlled/separated master and session keys should be separate 23 September 2016 MST CPE 5420 Key Management and Distribution 15

Key Management and Distribution Symmetric Key Distribution Symmetric key distribution using symmetric key encryption using asymmetric encryption Public key distribution X.509 certificates PKI 23 September 2016 MST CPE 5420 Key Management and Distribution 16

Symmetric Key Distribution Using Public-key Encryption Step 1: initiator requests session key from responder using initiator id and public-key Step 2: responder responds session key encrypted using public-key only A can decrypt using A s private-key What is the security risk? 23 September 2016 MST CPE 5420 Key Management and Distribution 17

Symmetric Key Distribution Man-in-the-Middle Attack Egemen K. Çetinkaya D can eavesdrop & capture session key, alternative? 23 September 2016 MST CPE 5420 Key Management and Distribution 18

Symmetric Key Distribution Using Public-key Encryption Key exchange does not involve KDC Session key exchanged between initiator & responder Uses two separate public-keys 23 September 2016 MST CPE 5420 Key Management and Distribution 19

Symmetric Key Distribution Using Public-key Encryption Step 1: initiator requests session key from responder using initiator id, nonce A encrypted with B s public key Step 2: responder responds two nonce: nonce A and nonce B encrypted using A s public-key Step 3: initiator responds to nonce B encrypted using B s public-key this step confirms A is intended initiator from B s perspective Step 4: initiator sends session key encrypted with A s private key and B s public-key 23 September 2016 MST CPE 5420 Key Management and Distribution 20

Key Management and Distribution Public Key Distribution Symmetric key distribution Public key distribution X.509 certificates PKI 23 September 2016 MST CPE 5420 Key Management and Distribution 21

Public-Key Distribution Methods Egemen K. Çetinkaya What are the methods for public-key distribution? 23 September 2016 MST CPE 5420 Key Management and Distribution 22

Public-Key Distribution Methods Public announcement Publicly available directory Public-key authority Public-key certificates 23 September 2016 MST CPE 5420 Key Management and Distribution 23

Public-Key Distribution Public Announcement Users broadcast their public-key Disadvantage? 23 September 2016 MST CPE 5420 Key Management and Distribution 24

Public-Key Distribution Public Announcement Users broadcast their public-key User forgery anyone can claim to be A and encrypt/decrypt messages use of network resources for broadcasting 23 September 2016 MST CPE 5420 Key Management and Distribution 25

Public-Key Distribution Publicly Available Directory Authority maintains directory with {name, public-key} Participants register, replace, access directory Disadvantage? 23 September 2016 MST CPE 5420 Key Management and Distribution 26

Public-Key Distribution Publicly Available Directory Authority maintains directory with {name, public-key} Participants register, replace, access directory Single point of attack 23 September 2016 MST CPE 5420 Key Management and Distribution 27

Public-Key Distribution Public-key Authority Authority distributes public-keys using encrypted messages Public-keys can be cached in end-users memory Disadvantage? 23 September 2016 MST CPE 5420 Key Management and Distribution 28

Public-Key Distribution Public-key Authority Authority distributes public-keys using encrypted messages Public-keys can be cached in end-users memory Single point of attack and 7 steps 23 September 2016 MST CPE 5420 Key Management and Distribution 29

Public-Key Distribution Public-key Certificates Public-key authority could be bottleneck in system users contact authority for a public key for every other user Authority is vulnerable to tampering Certificates can be used to exchange keys without contacting a public-key authority without sacrificing security A certificate consists of: a public key an identifier of the key owner the whole block signed by a trusted third party 23 September 2016 MST CPE 5420 Key Management and Distribution 30

Public-Key Distribution Certificate Authority The trusted third party is a certificate authority trusted by the user community a government agency or a financial institution A user presents public key to obtain a certificate The user can then publish the certificate anyone can obtain the certificate and verify its validity Requirements: any participant can read a certificate any participant can verify that the certificate is authentic only certificate authority can create and update certificates any participant can verify the currency of the certificate 23 September 2016 MST CPE 5420 Key Management and Distribution 31

Public-Key Certificates Obtaining Certificates Users supply public-key to obtain certificate Application must be in person or some secure way Certification includes timestamp, id, public-key encrypted using private key of the authority 23 September 2016 MST CPE 5420 Key Management and Distribution 32

Public-Key Certificates Exchanging Certificates Initiator A sends the certificate to responder B Responder B decrypts the message using private-key of the authority Users have id, timestamp, and public-key Timestamp prevents replay attack timestamp serves as an expiration date 23 September 2016 MST CPE 5420 Key Management and Distribution 33

Key Management and Distribution X.509 Certificates Symmetric key distribution Public key distribution X.509 certificates PKI 23 September 2016 MST CPE 5420 Key Management and Distribution 34

X.509 Certificates Overview Recommendation International Standard ITU-T X.509 ISO/IEC 9594-8 Defines a framework for: public-key certificates attribute certificates These frameworks used by applications: Public Key Infrastructures (PKI) Privilege Management Infrastructures (PMI) Defines a framework that defines directory services directory is, in effect, a server or distributed set of servers that maintains a database of information about users 23 September 2016 MST CPE 5420 Key Management and Distribution 35

1988 1993 1997 2000 2005 2008 X.509 Certificates History 2012 http://www.itu.int/rec/t-rec-x.509 Latest version is V3 23 September 2016 MST CPE 5420 Key Management and Distribution 36

X.509 Certificates Usage X.509 defines framework for authentication services based on public-key cryptography and digital signatures does not dictate a specific algorithm but recommends RSA does not dictate a specific hash algorithm Each certificate contains the public key of a user key signed with private key of trusted certification authority Used in S/MIME, IPsec, SSL/TLS protocols 23 September 2016 MST CPE 5420 Key Management and Distribution 37

X.509 Certificates Generation of Public-key Certificate Egemen K. Çetinkaya 23 September 2016 MST CPE 5420 Key Management and Distribution 38

X.509 Certificates Certificate Creation Public-key certificates associated with each user User certificates created by Certification Authority, CA Placed in the directory by the CA or by the user Directory server itself is not responsible for creation of public keys certificate creation Directory provides certificates to users 23 September 2016 MST CPE 5420 Key Management and Distribution 39

X.509 Certificates Certificate Fields 1 CA<<A>> = CA {V, SN, AI, CA, UCA, A, UA, Ap, T A } Version Serial Number Algorithm ID Issuer Validity not before not after 23 September 2016 MST CPE 5420 Key Management and Distribution 40

Subject Subject Public Key Info public key algorithm subject public key X.509 Certificates Certificate Fields 2 Issuer Unique Identifier (optional) Subject Unique Identifier (optional) Extensions (optional)... Certificate Signature Algorithm Certificate Signature 23 September 2016 MST CPE 5420 Key Management and Distribution 41

X.509 Certificates Formats 23 September 2016 MST CPE 5420 Key Management and Distribution 42

X.509 Certificates Obtaining Certificate User certificates have the following characteristics: any user can verify the user public key that was certified with access to the public key of the CA only CA can modify certificate without this being detected Certificates are unforgeable they can be placed in a directory without protection Many CAs serving a fraction of users Chaining possible: suppose X 1 <<A>>, X 2 <<B>> CAs X 1 and X 2 exchanged their public keys; then X 1 <<X 2 >> X 1 <<X 2 >> X 2 <<B>> 23 September 2016 MST CPE 5420 Key Management and Distribution 43

X.509 Certificates Hierarchy Example A can obtain B s public key via the following path: X<<W>> W<<V>> V<<Y>> Y<<Z>> Z<<B>> 23 September 2016 MST CPE 5420 Key Management and Distribution 44

X.509 Certificates Certificate Revocation Each certificate includes a period of validity typically a new certificate is issued before old one expires Certificate revocation reasons: the user s private key is assumed to be compromised the user is no longer certified by this CA the CA s certificate is assumed to be compromised Each CA maintains a list of revoked certificates these lists should be posted on the directory 23 September 2016 MST CPE 5420 Key Management and Distribution 45

X.509 Certificates Certificate Revocation List Users maintain local cache of certificates and CRL 23 September 2016 MST CPE 5420 Key Management and Distribution 46

Certificates Practical Aspects Client browsers include a set of CA certificates Customers of a CA are server administrators e.g. financial institutions Important CAs Symantec bought Verisign Comodo SSL Go Daddy GlobalSign What are the issues in this model? [ref: Symantec.com] 23 September 2016 MST CPE 5420 Key Management and Distribution 47

Example scenario: Certificates Practical Aspects players: realbank, fakebank, user, CA fakebank applies CA obtains a certificate claiming to be realbank fakebank sends user e-mail asking credentials (phishing) Google fraudulent certificates for more cases Certification of CAs www.webtrust.org Certificate Authority Security Council (CASC) Common Computing Security Standards Forum (CCSF) CA/Browser Forum 23 September 2016 MST CPE 5420 Key Management and Distribution 48

Key Management and Distribution PKI Symmetric key distribution Public key distribution X.509 certificates PKI 23 September 2016 MST CPE 5420 Key Management and Distribution 49

Public-key Infrastructure Overview Public-key infrastructure (PKI): set of hardware, software, people, policies, and procedures create, manage, store, distribute, and revoke certificates based on asymmetric cryptography PKI aims to: secure, convenient, and efficient acquisition of public keys PKI based on X.509 is called PKIX by IETF; more on https://tools.ietf.org/html/draft-ietf-pkix-roadmap-09 PKIX key five elements: end entity, CA, RA: registration authority CRL issuer, repository 23 September 2016 MST CPE 5420 Key Management and Distribution 50

PKIX Architecture PKI mgmt. functions: reg, ini, cer, kpr, kpu, rr, cc 23 September 2016 MST CPE 5420 Key Management and Distribution 51

References and Further Reading [KPS2002] Charlie Kaufman, Radia Perlman, and Mike Speciner, Network Security: Private Communication in a Public World, 2nd edition, Prentice Hall, 2002. [S2017] William Stallings, Cryptography and Network Security: Principles and Practice, 7th edition, Prentice Hall, 2017. RFC 5280, RFC 3647 NIST SP 800-57 part 1: http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf part 2: http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-part2.pdf part 3: http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part3_key-management_dec2009.pdf ITU-T X.509 unpublished version: http://www.ietf.org/mail-archive/web/wpkops/current/pdf9ygpivtdwl.pdf 23 September 2016 MST CPE 5420 Key Management and Distribution 52

End of Foils 23 September 2016 MST CPE 5420 Key Management and Distribution 53

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback