Key management. Required Reading. Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E

Similar documents
ECE 646 Lecture 3. Key management

ECE 646 Lecture 3. Key management. Required Reading. Using the same key for multiple messages

ECE 646 Lecture 3. Key management. Required Reading. Using Session Keys & Key Encryption Keys. Using the same key for multiple messages

Key management. Pretty Good Privacy

Key Management and Distribution

Cryptography and Network Security Chapter 14

T Cryptography and Data Security

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Key Management and Distribution

T Cryptography and Data Security

Overview of Authentication Systems

Diffie-Hellman. Part 1 Cryptography 136

X.509. CPSC 457/557 10/17/13 Jeffrey Zhu

Acknowledgments. CSE565: Computer Security Lectures 16 & 17 Authentication & Applications

Cryptography and Network Security

Lecture Notes 14 : Public-Key Infrastructure

Cryptographic Protocols 1

Chapter 9: Key Management

Key Agreement Schemes

Cryptography and Network Security

ECE 646 Lecture 4. Pretty Good Privacy PGP

Public Key Algorithms

Lecture 13. Public Key Distribution (certification) PK-based Needham-Schroeder TTP. 3. [N a, A] PKb 6. [N a, N b ] PKa. 7.

Network Security Essentials

Cryptology Part 1. Terminology. Basic Approaches to Cryptography. Basic Approaches to Cryptography: (1) Transposition (continued)

Pretty Good Privacy PGP. Required Reading. Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E

KEY AGREEMENT PROTOCOLS. CIS 400/628 Spring 2005 Introduction to Cryptography. This is based on Chapter 13 of Trappe and Washington

UNIT - IV Cryptographic Hash Function 31.1

Lecture 15 Public Key Distribution (certification)

Authentication in Distributed Systems

KEY DISTRIBUTION AND USER AUTHENTICATION

What did we talk about last time? Public key cryptography A little number theory

Lecture 2 Applied Cryptography (Part 2)

Digital Certificates Demystified

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

CT30A8800 Secured communications

CSC 482/582: Computer Security. Security Protocols

Topics. Dramatis Personae Cathy, the Computer, trusted 3 rd party. Cryptographic Protocols

Introduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution

Total points: 71. Total time: 75 minutes. 9 problems over 7 pages. No book, notes, or calculator

ECE 646 Lecture 4A. Pretty Good Privacy PGP. Short History of PGP based on the book Crypto by Steven Levy. Required Reading

Course Administration

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Lecture Note 6 KEY MANAGEMENT. Sourav Mukhopadhyay

Spring 2010: CS419 Computer Security

Digital Signatures. Public-Key Signatures. Arbitrated Signatures. Digital Signatures With Encryption. Terminology. Message Authentication Code (MAC)

Lecture 4: Cryptography III; Security. Course Administration

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

CSE 565 Computer Security Fall 2018

Lecture 15 PKI & Authenticated Key Exchange. COSC-260 Codes and Ciphers Adam O Neill Adapted from

Background. Network Security - Certificates, Keys and Signatures - Digital Signatures. Digital Signatures. Dr. John Keeney 3BA33

Datasäkerhetsmetoder föreläsning 7

Security Handshake Pitfalls

Authentication Part IV NOTE: Part IV includes all of Part III!

Other Uses of Cryptography. Cryptography Goals. Basic Problem and Terminology. Other Uses of Cryptography. What Can Go Wrong? Why Do We Need a Key?

ICS 180 May 4th, Guest Lecturer: Einar Mykletun

ECE 646 Fall 2008 Multiple-choice test

Verteilte Systeme (Distributed Systems)

Overview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation

CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure

1. Diffie-Hellman Key Exchange

CIS 6930/4930 Computer and Network Security. Final exam review

Certificates, Certification Authorities and Public-Key Infrastructures

Public-Key Infrastructure NETS E2008

INF3510 Information Security University of Oslo Spring Lecture 3 Key Management and PKI. Audun Jøsang

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

Public Key Algorithms

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to share so many secrets?!?

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh

PKI Services. Text PKI Definition. PKI Definition #1. Public Key Infrastructure. What Does A PKI Do? Public Key Infrastructures

CIS 4360 Secure Computer Systems Applied Cryptography

Chapter 10: Key Management

CSC/ECE 774 Advanced Network Security

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

Public-key Cryptography: Theory and Practice

X.509 CERTIFICATE X.509 CERTIFICATE PUBLIC-KEY CERTIFICATES THE CERTIFICATE TRIANGLE CERTIFICATE TRUST. INFS 766 Internet Security Protocols

Kurose & Ross, Chapters (5 th ed.)

Cryptography and Network Security Chapter 10. Fourth Edition by William Stallings

Session key establishment protocols

Key Management CS461/ECE422

Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Overview. SSL Cryptography Overview CHAPTER 1

Session key establishment protocols

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

Computer Security 3e. Dieter Gollmann. Chapter 15: 1

Network Security Chapter 8

PUBLIC-KEY CERTIFICATES

Distributed Systems Principles and Paradigms. Chapter 09: Security

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

Cryptographic Concepts

Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems

(2½ hours) Total Marks: 75

Authentication and Key Distribution

Crypto meets Web Security: Certificates and SSL/TLS

Security and Privacy in Computer Systems. Lecture 7 The Kerberos authentication system. Security policy, security models, trust Access control models

Transcription:

ECE 646 Lecture 3 Key management Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E Chapter 14 Key Management and Distribution 1

Using the same key for multiple messages M 1 M 2 M 3 M 4 M 5 time E K time C 1 C 2 C 3 C 4 C 5 Using Session Keys & Key Encryption Keys K 1 K 2 K 3 time E KEK time E KEK (K 1 ) E KEK (K 2 ) E KEK (K 3 ) M 1 M 2 M 3 M 4 M 5 time E K1 E K2 E K3 time C 1 C 2 C 3 C 4 C 5 2

Control Vector Master Key Session Key Control Vector Master Key Encrypted Session Key Hashing Function Hashing Function Key input Plaintext input Key input Ciphertext input Encryption Function Decryption Function Encrypted Session Key Session Key (a) Control Vector Encryption (b) Control Vector Decryption Figure 14.6 Control Vector Decryption Control Vector Encryption and Decryption Key Distribution Center (KDC) B K B-KDC K A-KDC A C K C-KDC K A-KDC K B-KDC K C-KDC K D-KDC KDC E K E-KDC D K D-KDC 3

Simple key establishment protocol based on KDC KDC K A-KDC K B-KDC K C-KDC K D-KDC... (1) let me talk with (2b) K B-KDC (, K AB ) (2a) K A-KDC (, K AB ) A K A-KDC K B-KDC B Key establishment protocol based on KDC KDC K A-KDC K B-KDC K C-KDC K D-KDC... (1) let me talk with (2) K A-KDC (, K AB, ticket ) (3) ticket = K B-KDC (, K AB ) A B K A-KDC K B-KDC 4

A s private key Key agreement B s private key A s B s Secret derivation Secret derivation Key of A and B Key of A and B x A Diffie-Hellman key agreement scheme a, q - global public elements x B y A = a x A mod q y B = a x B mod q x A x B S AB = y B mod q S AB = y A mod q Key K AB Key K AB 5

Man-in-the-middle attack A s private key B s private key A s B s Charlie Secret derivation C s public key C s public key Secret derivation Key of A and C Key of B and C Does cryptography have an Achilles heel?, send me your, s, message encrypted using s Charlie 6

Does cryptography have an Achilles heel?, send me your, s, Charlie s message encrypted using s Charlie Charlie s Does cryptography have an Achilles heel?, send me your, s, Charlie s message encrypted using Charlies s Charlie message reencrypted using s 7

Directory of s (1) On-line database, s, s, s Charlie, Charlie s Dave, Dave s Eve, Eve s. message encrypted using s Charlie Directory of s (2) On-line database, s Charlie s, s, s Charlie, Charlie s Dave, Dave s Eve, Eve s. message encrypted using s Charlie s Charlie 8

Directory of s (3) On-line database, s Charlie s, s, s Charlie, Charlie s Dave, Dave s Eve, Eve s. message encrypted using Charlie s Charlie message reencrypted using s PGP: Flow of trust Manual exchange of s: Las Vegas Û David Edinburgh David Û Betty (Washington) David (New York) Betty (London) David, send me Betty s Betty s signed by David message encrypted using Betty s 9

Certification Authority Loren Kohnfelder, Towards a Practical Public-Key Cryptosystem, Bachelor s Thesis, MIT, May 1978 http://groups.csail.mit.edu/cis/theses/kohnfelder-bs.pdf Proof of identity Public key of Certification Authority Certificate Public key of Certification Authority Certificate Subject name Subject s Subject s Credentials Serial number Issuer (CA) name Period of validity Signature algorithm identifier CA s signature 10

The exact X.509 Certificate Format [Stallings, 2010] Distinguished Name (DN) according to X.500 Example: Common name (CN) = Kris Gaj Country name (C) = US State or province name (ST) = VA Locality name (L) = Fairfax Organization name (O) = George Mason University Organizational unit name (OU) = ECE Other fields permitted: Street address (SA) Post office box (PO Box) Postal code (PC) Title (T) Description (D) Telephone number (TN) Serial number (SN) 11

Examples of X.509 version extensions Key usage: Restrictions on the use of a given key, e.g., digital signature, key encryption, data encryption, key agreement. Subject key identifier: A subject may have different key pairs for different purposes (e.g., digital signature, key agreement). Private key usage period: Period of use of the corresponding private key. Subject alternative name: Application specific name, e.g. e-mail address. Basic constraints: Identifies if the subject may act as a CA. 12

Non-repudiation only M, SGN A (M), Cert CA (A, KU A ) s private key - KR A CA s - KU CA Notation: KU X - of X KR X - private key of X SGN X (M) - signature of X for the message M Cert Y (X, KU X ) - certificate issued by Y for the user X Cert CA (B, KU B ) Confidentiality only Cert CA (A, KU A ) Cert CA (B, KU B ) Cert CA (C, KU C ) Cert CA (D, KU D ). On-line database K AB (M), KU B (K AB ) CA s - KU CA s private key - KR B 13

Confidentiality and Non-repudiation Cert CA (B, KU B ) Cert CA (A, KU A ) Cert CA (B, KU B ) Cert CA (C, KU C ) Cert CA (D, KU D ). On-line database SGN A (M), Cert CA (A, KU A ), K AB (M), KU B (K AB ) s private key - KR A CA s - KU CA s private key - KR B CA s - KU CA Public Key Infrastructure with Reverse Certificates US VA MA CA Fairfax Herndon Worcester Boston Santa Clara San Jose GMU MIT A knows KU GMU B knows KU B MIT A M, SGN A (M), Cert GMU (A, KU A ), Cert Fairfax (GMU, KU GMU ), Cert VA (Fairfax, KU Fairfax ), Cert US (VA, KU VA ), Cert MA (US, KU US ), Cert Boston (MA, KU MA ), Cert MIT (Boston, KU Boston ) 14

Public Key Infrastructure with Strict Hierarchy US VA MA CA Fairfax Herndon Worcester Boston Santa Clara San Jose GMU MIT A M, SGN A (M), All users know KU US Cert GMU (A, KU A ), Cert Fairfax (GMU, KU GMU ), Cert VA (Fairfax, KU Fairfax ), Cert US (VA, KU VA ), B Public Key Infrastructure with Cross-Certificates Cert GMU (MIT, KU MIT ) Cert MIT (GMU, KU GMU ) GMU MIT A A knows KU GMU B B knows KU MIT M, SGN A (M), Cert GMU (A, KU A ), Cert MIT (GMU, KU GMU ) 15

Certificate Revocation Lists (CRLs) This update date Next update date Issuer (CA) name List of revoked certificates (serial number + revocation date) Signature algorithm CA s signature Certificate is valid if it has a valid signature of CA did not expire is not listed in the CA s most recent CRL The exact X.509 CRL Format [Stallings, 2006] 16

Advantages of Certification Authorities over Key Distribution Centers CA does not need to be on-line CA is relatively easy to implement CA crash = no new users in the network but all old users operate normally certificates are not security sensitive, they can be stored in a public database, and transmitted over a public network compromised CA cannot decrypt messages (without first impersonating one of the users) only active attacks can be mounted using CAs private key A s static private key A s ephemeral private key Authenticated key agreement A s ephemeral A s static certificates B s static B s ephemeral B s static private key B s ephemeral private key Secret derivation key Secret derivation key 17

A s static private key Authenticated key agreement x A A s ephemeral private key r A A s ephemeral A s static y A p A certificates B s static p B y B r B x B B s ephemeral B s static private key B s ephemeral private key Secret derivation key Z = y B x A p B r A x B r B Z = y A p A Secret derivation key Station-to-Station (STS) Protocol Authenticated key agreement with key confirmation y A 1 2 3 y B, K AB (SGN B (y B, y A )), Cert CA (B, KU B )) K AB (SGN A (y A, y B )), Cert CA (A, KU A )) KR A static private key of A KU CA static of CA Cert CA (A, KU A )) certificate of A issued by CA Notation: KU Z static of Z KR Z static private key of Z x Z ephemeral private key of Z y Z ephemeral of Z KR B static private key of B KU CA static of CA Cert CA (B, KU B )) certificate of B issued by CA SGN Z (M) - signature of Z for the message M Cert CA (Z, KU Z ) certificate of Z issued by CA 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback