Key Management and Distribution

Similar documents
Cryptography and Network Security Chapter 14

Acknowledgments. CSE565: Computer Security Lectures 16 & 17 Authentication & Applications

Overview of Authentication Systems

Cryptography and Network Security

Introduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution

KEY DISTRIBUTION AND USER AUTHENTICATION

Key Management and Distribution

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Key management. Required Reading. Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E

Public-Key Infrastructure NETS E2008

ECE 646 Lecture 3. Key management

ECE 646 Lecture 3. Key management. Required Reading. Using the same key for multiple messages

Public Key Infrastructure

User Authentication. Modified By: Dr. Ramzi Saifan

Certificates, Certification Authorities and Public-Key Infrastructures

Cryptology Part 1. Terminology. Basic Approaches to Cryptography. Basic Approaches to Cryptography: (1) Transposition (continued)

Kerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos

Overview. SSL Cryptography Overview CHAPTER 1

Course Administration

Digital Certificates Demystified

Managing Certificates

Key management. Pretty Good Privacy

Digital Signature. Raj Jain

Lecture 13. Public Key Distribution (certification) PK-based Needham-Schroeder TTP. 3. [N a, A] PKb 6. [N a, N b ] PKa. 7.

Network Security Essentials

ECE 646 Lecture 3. Key management. Required Reading. Using Session Keys & Key Encryption Keys. Using the same key for multiple messages

Lecture 15 Public Key Distribution (certification)

Fall 2010/Lecture 32 1

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

UNIT - IV Cryptographic Hash Function 31.1

T Cryptography and Data Security

Kerberos V5. Raj Jain. Washington University in St. Louis

CSE 565 Computer Security Fall 2018

Lecture Note 6 KEY MANAGEMENT. Sourav Mukhopadhyay

Public Key Infrastructures. Using PKC to solve network security problems

Using Cryptography CMSC 414. October 16, 2017

CS Computer Networks 1: Authentication

Security Fundamentals

Lecture 4: Cryptography III; Security. Course Administration

Security PGP / Pretty Good Privacy. SANOGXXX July, 2017 Gurgaon, Haryana, India

Cryptographic Protocols 1

T Cryptography and Data Security

CT30A8800 Secured communications

SECARDEO. certbox. Help-Manual. Secardeo GmbH Release:

Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Chapter 9: Key Management

PKI Services. Text PKI Definition. PKI Definition #1. Public Key Infrastructure. What Does A PKI Do? Public Key Infrastructures

Topics. Dramatis Personae Cathy, the Computer, trusted 3 rd party. Cryptographic Protocols

Cryptography and Network Security

SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security

Diffie-Hellman. Part 1 Cryptography 136

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

Crypto meets Web Security: Certificates and SSL/TLS

1. Digital Signatures 2. ElGamal Digital Signature Scheme 3. Schnorr Digital Signature Scheme 4. Digital Signature Standard (DSS)

Lecture 2 Applied Cryptography (Part 2)

X.509. CPSC 457/557 10/17/13 Jeffrey Zhu

Security Digital Certificate Manager

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure

SSH Communications Tectia SSH

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

IBM. Security Digital Certificate Manager. IBM i 7.1

Lecture 15 PKI & Authenticated Key Exchange. COSC-260 Codes and Ciphers Adam O Neill Adapted from

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

Understanding HTTPS CRL and OCSP

Configuring Funk Odyssey Software, Avaya AP-3 Access Point, and Avaya

CSC 482/582: Computer Security. Security Protocols

Introduction to SSL. Copyright 2005 by Sericon Technology Inc.

Information Security CS 526

PKI Contacts PKI for Fraunhofer Contacts

CS549: Cryptography and Network Security

Certificate implementation The good, the bad, and the ugly

Block Cipher Operation

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

Authentication and Key Distribution

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

Spring 2010: CS419 Computer Security

Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1

Cryptography and Network Security Chapter 10. Fourth Edition by William Stallings

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

CS530 Authentication

But where'd that extra "s" come from, and what does it mean?

Configuring Certificate Authorities and Digital Certificates

Part II. Raj Jain. Washington University in St. Louis

Public Key Algorithms

Send documentation comments to

The most common type of certificates are public key certificates. Such server has a certificate is a common shorthand for: there exists a certificate

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

A comparison between Public key authority and certification authority for distribution of public key

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

PROVING WHO YOU ARE TLS & THE PKI

Access to RTE s Information System by software certificates under Microsoft Windows 7

Implementing Security in Windows 2003 Network (70-299)

Wireless Network Security

Server-based Certificate Validation Protocol

Legacy of Heartbleed: MITM and Revoked Certificates. Alexey Busygin NeoBIT

Transcription:

Key Management and Distribution Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/ 14-1

Overview 1. Distribution of Private Keys 2. Distribution of Public Keys 3. Public Key Infrastructure: PKI and PKIX 4. X.509 Certificates 5. Certificate revocation These slides are based partly on Lawrie Brown Lawrie Brown s slides supplied with William Stallings s book Cryptography and Network Security: Principles and Practice, 6 th Ed, 2013. 14-2

Key Distribution Symmetric schemes require parties to share a secret key n Parties n(n-1)/2 pairs n(n-1)/2 keys Public key schemes require parties to acquire valid public keys. How to trust a public key? Once master secret keys are setup, they are used only to exchange session secret keys. Session keys are used for a short time and then discarded. A B I am A. My nonce is N 1 ID A N 1 Let s use session key K s. My nonce is N 2. E(K m, [K s ID A ID B f(n 1 ) N 2 ]) I am able to decrypt using the key. Here is a fn of your Nonce. Ref: http://en.wikipedia.org/wiki/key_distribution E(K s, f(n 2 )) 14-3 B

Key Distribution Using KDC Central authority: Key Distribution Center (KDC) Everyone has a shared secret key with KDC A Hi I am A. I want to talk to B. My Nonce is N 1. ID A ID B N 1 KDC B Here is the session key and a message for B E(K a, [K s ID A ID B N 1 ]) E(K b, [K s ID A ]) Hi B, I want to talk to you. Here is a ticket from KDC. E(K b, [K s ID A ]) Ok. Here is my nonce. Prove that you can decrypt it. E(K s, N 2 ) Here is a function of your nonce. E(K s, f(n 2 )) Hierarchies of KDC s required for large networks Ref: http://en.wikipedia.org/wiki/key_distribution_center 14-4

Key Distribution Using Public Keys Public key cryptosystems are inefficient So almost never used for direct data encryption Rather used to encrypt secret keys for distribution A B Hi I am A. My public key is PU A PU A ID A Here is the session key K S E(PU A, K S ) This scheme is subject to man in the middle attack Ref: http://en.wikipedia.org/wiki/man-in-the-middle_attack 14-5

Secret Key Distribution with Confidentiality and Authentication A B Hi I am A. My nonce is N 1. E(PU B, [N 1 ID A ]) Here is my nonce. Prove that you have private key for A E(PU A, [N 1 N 2 ]) Here is your nonce. E(PU B, N 2 ) Now that we know each other. Let s use session key K S. E(PU B, E(PR A, K S )) 14-6

Hybrid Key Distribution Retain use of private-key KDC Shares secret master key with each user Distributes session key using master key Public-key used to distribute master keys Especially useful with widely distributed users Rationale Performance Backward compatibility 14-7

Distribution of Public Keys 1. Public announcement: Forgery possible 2. Publicly available directory: Message can be tampered with. 3. Public-key authority: users know public key for the directory A Authority B I want to talk B. Time is T 1 Request T 1 Here is the certified public key for B E(PR auth, [PU B Request T 1 ]) Hi, I am A. My nonce is N 1. E(PU B, [ID A N 1 ]) Time is T 2. What s A s public key? Request T 2 Here is the certified public key for A E(PRauth, [PU A T 2 ]) Here is my nonce. Prove that you are A. E(PU A, [N 1 N 2 ]) I was able to decrypt. Here is your nonce. E(PU B, N 2 ) Requires real-time access to directory when keys are needed 14-8

Public-Key Certificates Certificates allow key exchange without real-time access to public-key authority A certificate binds identity to public key All contents signed by a trusted Public-Key or Certificate Authority (CA) Can be verified by anyone who knows the public-key authorities public-key A Hi I AM A ID A Here is your certificate C A =E(PR auth, [Time 1 ID A PU A ]) CA Hi I AM B ID B Here is your certificate C B =E(PR auth, [Time 2 ID B PU B ]) Here is my certificate with my public key. C A Here is my certificate with my public key C B Ref: http://en.wikipedia.org/wiki/certificate_authority, http://en.wikipedia.org/wiki/public_key_certificate 14-9 B

PKI, PKIX, and X.509 PKI: Infrastructure to find public keys S/MIME, PGP, SSL use asymmetric cryptography and make use of PKI Certificate authorities Standards for certificates X.509: ISO standard for Certificate formats PKIX is the IETF group on PKI PKIX adopted X.509 and a subset of its options PKIX is a "Profile" of X.509 TLS, IPSec, SSH, HTTPS, Smartcard, EAP, CableLabs, use X.509 Ref: http://en.wikipedia.org/wiki/public_key_infrastructure, http://en.wikipedia.org/wiki/ietf_pkix_working_group, http://en.wikipedia.org/wiki/x.509 14-10

Root Certificates Ref: http://en.wikipedia.org/wiki/root_certificate http://en.wikipedia.org/wiki/self-signed_certificate 14-11

Internet Explorer Sample X.509 Certificate 14-12

X.509 Sample (Cont) 14-13

X.509 Certificates Issued by a Certification Authority (CA), containing: Version V (1, 2, or 3) Serial number SN (unique within CA) identifying certificate Signature algorithm identifier AI Issuer X.500 name CA) Period of validity TA (from - to dates) Subject X.500 name A (name of owner) Subject public-key info Ap (algorithm, parameters, key) Issuer unique identifier (v2+) Subject unique identifier (v2+) Extension fields (v3) Signature (of hash of all fields in certificate) Notation CA<<A>> denotes certificate for A signed by CA 14-14

CA Hierarchy CA's must form a hierarchy Each CA has certificates for clients (forward) and parent (backward) Each client trusts parents certificates Enable verification of any certificate from one CA by users of all other CAs in hierarchy 14-15

X.509 Version 3 Additional information is needed in a certificate Email/URL, Policy details, Usage constraints Rather than explicitly naming new fields defined a general extension method Extensions consist of: Extension identifier Criticality indicator Extension value 14-16

X.509 Extensions Authority Key Identifier: Serial # of CA's key Subject Key Identifier: Uniquely identifies the subjects key. Serial # or hash. Key Usage: Allowed usage - email, business,... Private Key Usage Period: Timestamps for when key can be used (similar to validity) Certificate Policies Policy Mappings: from Issuer's domain to subject's domain Subject Alt Name: Alternative name. DNS. Subject Directory Attributes: Other attributes 14-17

http://en.wikipedia.org/wiki/ocsp_stapling Certificate Revocation May need to revoke before expiry, for example, a. User's private key is compromised b. User is no longer certified by this CA c. CA's certificate is compromised CA s maintain list of revoked certificates Certificate Revocation List (CRL) Users should check certificates with CA s CRL Too much traffic on the net Not used On-Line Revocation Server (OLRS): On-line Certificate Status Protocol (OCSP) [RFC 2560] Provides current information Also allows chaining of OCSP responders Ref: http://en.wikipedia.org/wiki/revocation_list, http://en.wikipedia.org/wiki/online_certificate_status_protocol, 14-18

Entrusted Certificates 14-19

Summary 1. Master keys are used to exchange session keys. Session keys are used for a short duration and then discarded. 2. Secret keys are distributed via a KDC or via public keys 3. Public keys are distributed via X.509 based PKI. Browsers have a built-in list of root CAs 4. PKIX is a profile of the X.509 PKI standard 5. X.509 uses X.500 names. DNS names in Alternate Name field. 6. Certificate Revocation Lists (CRLs) are used to revoke a certificate. On-line certification Status Protocol (OCSP) can be used to check revocation 14-20

Homework 14A Study the root certificates in your Internet Explorer Find the certificate for Thawte Premium Server CA a. What is the X.500 name of the CA? b. What version of X.509 does this CA use? c. What are the uses of the public key in this certificate? d. What signature algorithm is used to sign this certificate? e. What are the last 4 bytes of the public key 14-21

Lab Homework 14B You will receive a signed email from the TA with his digital certificate. Import this certificate in your contacts list. (Use help feature on your email software for details. See instructions for Outlook and Gmail). Now send an encrypted signed email to TA with the subject line of Encrypted Signed Mail Homework 14B You will need a certificate for yourself too. 14-22

Lab Homework 14B (Cont) Getting your Certificate: Use Internet Explorer to request and collect a free email certificate from: http://www.comodo.com/home/email-security/free-email-certificate.php After you have collected the certificate, in Internet Explorer go to Tools Internet Options Contents Certificates Personal Select your certificate and export it to a file. Select Yes Export the private key click next Select Include all certificates in the certification path Select Enable strong protection Do not select Delete the private key if the export is successful Save it with a password of your choice. Import this certificate in Outlook as follows: Tools Options Security Import/Export Browse to your certificate file and add it. 14-23

Lab Homework 14B (Cont) Lab Homework 14B (Cont) If you use Firefox, use the following procedure to request and collect a free email certificate from: http://www.comodo.com/home/email-security/free-emailcertificate.php After you have collected the certificate, in Firefox go to Tools Options Advanced Encryption View Certificates Your Certificates Select your certificate and backup to a file. Save it with a password of your choice. Import this certificate in Outlook as follows: Tools Options Security Import/Export Browse to your certificate file and add it. Note: You have to use the same browser to collect the certificate from Comodo that you used to request the certificate. Safari: See http://support.apple.com/kb/ta22353 14-24

Lab Homework 14B (Cont) Importing Other s Certificates in Outlook: In Outlook, open the signed message received from TA. In the message window, right click on the name in the From field and select "save as outlook contact This will open a new contact window. In that window, click on the "certificates" tab. You will see the certificate listed there. Save this contact in your contacts list. When you reply or send email to this contact, you can enable the security options for encryption and signatures by: View Options Security Options Select Encrypt Message or Add Digital Signature or both Select Security Settings: <Automatic> 14-25

Lab Homework 14B (Cont) Gmail Instructions: The certificate will show up as an attachment name smime.p7s Download and save this attachment on your computer. Transfer this file to the computer where you have an outlook email. Manually create a new contact entry in outlook with proper name and email address. Open this contact entry. Go to certificate panel and import. Select all files *.* and select the file smime.p7s Save and close the entry. To send an email with your Gmail address in the from field, you will need to create a new email account in Outlook with the corresponding Gmail address in the from field. Outlook allows email security. Gmail does not. 14-26

Lab Homework 14B (Cont) Sending Encrypted and Signed Messages w Outlook: You can reply to the TA s email with a signed encrypted message. Content of the reply is not important. Before sending the message, on the message window, Select View Options Security Settings Select encryption and signature Now send the message. 14-27

Lab Homework 14B (Cont) Thunderbird: To import your certificate into Thunderbird: Tools -> Options -> Advanced -> Certificates -> View Certificates -> Your Certificates -> Import Then navigate to where you saved the certificate and select it. Enter the password you encrypted the certificate with. Now go to Tools->Account Settings->Security Under "Digital Signing", click select to choose the certificate you just imported. Click "Yes" to automatically use the same certificate for encryption/decryption. Thunderbird keeps track of other people's certificates automatically. "Add to address book" step is not necessary for Thunderbird. To send a message: After opening a new message, go to Options-> Encrypt this Message and Options->Digitally Sign this message, as desired. 14-28

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback