ECE 646 Lecture 3. Key management

Similar documents
Key management. Required Reading. Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E

ECE 646 Lecture 3. Key management. Required Reading. Using the same key for multiple messages

ECE 646 Lecture 3. Key management. Required Reading. Using Session Keys & Key Encryption Keys. Using the same key for multiple messages

Key management. Pretty Good Privacy

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

T Cryptography and Data Security

Diffie-Hellman. Part 1 Cryptography 136

Overview of Authentication Systems

Key Management and Distribution

Cryptography and Network Security Chapter 14

Lecture Notes 14 : Public-Key Infrastructure

Key Management and Distribution

Cryptographic Protocols 1

Cryptography and Network Security

T Cryptography and Data Security

Chapter 9: Key Management

Public Key Algorithms

UNIT - IV Cryptographic Hash Function 31.1

Lecture 13. Public Key Distribution (certification) PK-based Needham-Schroeder TTP. 3. [N a, A] PKb 6. [N a, N b ] PKa. 7.

KEY AGREEMENT PROTOCOLS. CIS 400/628 Spring 2005 Introduction to Cryptography. This is based on Chapter 13 of Trappe and Washington

Pretty Good Privacy PGP. Required Reading. Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E

Key Agreement Schemes

X.509. CPSC 457/557 10/17/13 Jeffrey Zhu

Acknowledgments. CSE565: Computer Security Lectures 16 & 17 Authentication & Applications

ECE 646 Lecture 4. Pretty Good Privacy PGP

Cryptography and Network Security

Lecture 15 Public Key Distribution (certification)

What did we talk about last time? Public key cryptography A little number theory

Spring 2010: CS419 Computer Security

1. Diffie-Hellman Key Exchange

Authentication and Key Distribution

Authentication in Distributed Systems

Lecture 2 Applied Cryptography (Part 2)

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

Authentication Part IV NOTE: Part IV includes all of Part III!

Datasäkerhetsmetoder föreläsning 7

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

CSC 482/582: Computer Security. Security Protocols

ECE 646 Lecture 4A. Pretty Good Privacy PGP. Short History of PGP based on the book Crypto by Steven Levy. Required Reading

Lecture 15 PKI & Authenticated Key Exchange. COSC-260 Codes and Ciphers Adam O Neill Adapted from

Network Security Essentials

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Cryptology Part 1. Terminology. Basic Approaches to Cryptography. Basic Approaches to Cryptography: (1) Transposition (continued)

CSE 565 Computer Security Fall 2018

Topics. Dramatis Personae Cathy, the Computer, trusted 3 rd party. Cryptographic Protocols

Course Administration

Digital Signatures. Public-Key Signatures. Arbitrated Signatures. Digital Signatures With Encryption. Terminology. Message Authentication Code (MAC)

Background. Network Security - Certificates, Keys and Signatures - Digital Signatures. Digital Signatures. Dr. John Keeney 3BA33

Lecture 4: Cryptography III; Security. Course Administration

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Public-Key Infrastructure NETS E2008

ICS 180 May 4th, Guest Lecturer: Einar Mykletun

Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

Public Key Algorithms

KEY DISTRIBUTION AND USER AUTHENTICATION

CIS 4360 Secure Computer Systems Applied Cryptography

Verteilte Systeme (Distributed Systems)

Digital Certificates Demystified

Public-key Cryptography: Theory and Practice

Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh

CT30A8800 Secured communications

CIS 6930/4930 Computer and Network Security. Final exam review

CSC/ECE 774 Advanced Network Security

Kurose & Ross, Chapters (5 th ed.)

X.509 CERTIFICATE X.509 CERTIFICATE PUBLIC-KEY CERTIFICATES THE CERTIFICATE TRIANGLE CERTIFICATE TRUST. INFS 766 Internet Security Protocols

INF3510 Information Security University of Oslo Spring Lecture 3 Key Management and PKI. Audun Jøsang

Cryptography and Network Security Chapter 10. Fourth Edition by William Stallings

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to share so many secrets?!?

Introduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution

Total points: 71. Total time: 75 minutes. 9 problems over 7 pages. No book, notes, or calculator

PUBLIC-KEY CERTIFICATES

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure

Chapter 10: Key Management

Lecture Note 6 KEY MANAGEMENT. Sourav Mukhopadhyay

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

Certificates, Certification Authorities and Public-Key Infrastructures

Cryptography and Network Security

CSC 774 Network Security

Fall 2010/Lecture 32 1

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to talk so much?!? Content taken from the following:

Lecture 6 - Cryptography

CS 161 Computer Security

Certificateless Public Key Cryptography

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

Crypto meets Web Security: Certificates and SSL/TLS

Network Security Chapter 8

1 Identification protocols

PKI Services. Text PKI Definition. PKI Definition #1. Public Key Infrastructure. What Does A PKI Do? Public Key Infrastructures

Distributed Systems Principles and Paradigms. Chapter 09: Security

Key Management CS461/ECE422

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

Modern cryptography 2. CSCI 470: Web Science Keith Vertanen

Module: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

Security Handshake Pitfalls

CS Computer Networks 1: Authentication

Computer Security 3e. Dieter Gollmann. Chapter 15: 1

Transcription:

ECE 646 Lecture 3 Key management

Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E Chapter 14 Key Management and Distribution

Using the same key for multiple messages M 1 M 2 M 3 M 4 M 5 time E K time C 1 C 2 C 3 C 4 C 5

Using Session Keys & Key Encryption Keys K 1 K 2 K 3 time E KEK time E KEK (K 1 ) E KEK (K 2 ) E KEK (K 3 ) M 1 M 2 M 3 M 4 M 5 time E K1 E K2 E K3 time C 1 C 2 C 3 C 4 C 5

Control Vector Master Key Session Key Control Vector Master Key Encrypted Session Key Hashing Function Hashing Function Key input Plaintext input Key input Ciphertext input Encryption Function Decryption Function Encrypted Session Key Session Key (a) Control Vector Encryption (b) Control Vector Decryption Figure 14.6 Control Vector Decryption Control Vector Encryption and Decryption

Key Distribution Center (KDC) B K B-KDC K A-KDC A C K C-KDC K A-KDC K B-KDC K C-KDC K D-KDC KDC E K E-KDC D K D-KDC

Simple key establishment protocol based on KDC KDC K A-KDC K B-KDC K C-KDC K D-KDC... (1) let me talk with Bob (2b) K B-KDC ( Alice, K AB ) (2a) K A-KDC ( Bob, K AB ) Alice A K A-KDC K B-KDC B Bob

Key establishment protocol based on KDC KDC K A-KDC K B-KDC K C-KDC K D-KDC... (1) let me talk with Bob (2) K A-KDC ( Bob, K AB, ticket Bob ) Alice (3) ticket Bob = K B-KDC ( Alice, K AB ) A B K A-KDC K B-KDC Bob

Alice A s private key Key agreement Bob B s private key A s public key B s public key Secret derivation Secret derivation Key derivation Key of A and B Key derivation Key of A and B

x A Diffie-Hellman key agreement scheme Alice α, q - global public elements Bob x B y A = α x A mod q y B = α x B mod q x A S AB = y B mod q x B S AB = y A mod q Key derivation Key derivation Key K AB Key K AB

Man-in-the-middle attack Alice Bob A s private key B s private key A s public key B s public key Charlie Secret derivation C s public key C s public key Secret derivation Key derivation Key derivation Key of A and C Key of B and C

Does public key cryptography have an Achilles heel? Alice Bob, send me your public key, Alice Bob Bob s public key, Bob message encrypted using Bob s public key Charlie

Does public key cryptography have an Achilles heel? Alice Bob, send me your public key, Alice Bob Bob s public key, Bob Charlie s public key message encrypted using Bob s public key Charlie Charlie s public key

Does public key cryptography have an Achilles heel? Alice Bob, send me your public key, Alice Bob Bob s public key, Bob Charlie s public key message encrypted using Charlies s public key Charlie message reencrypted using Bob s public key

Directory of public keys (1) Bob, Bob s public key Alice, Alice s public key Bob, Bob s public key Charlie, Charlie s public key Dave, Dave s public key Eve, Eve s public key. On-line database Alice message encrypted using Bob s public key Bob Charlie

Directory of public keys (2) On-line database Bob, Bob s public key Charlie s public key Alice, Alice s public key Bob, Bob s public key Charlie, Charlie s public key Dave, Dave s public key Eve, Eve s public key. Alice message encrypted using Bob s public key Charlie Charlie s public key Bob

Directory of public keys (3) On-line database Bob, Bob s public key Charlie s public key Alice, Alice s public key Bob, Bob s public key Charlie, Charlie s public key Dave, Dave s public key Eve, Eve s public key. Alice Bob message encrypted using Charlie s public key Charlie message reencrypted using Bob s public key

PGP: Flow of trust Manual exchange of public keys: Las Vegas Bob David Edinburgh David Betty Bob (Washington) David (New York) Betty (London) David, send me Betty s public key Betty s public key signed by David message encrypted using Betty s public key

Certification Authority Loren Kohnfelder, Towards a Practical Public-Key Cryptosystem, Bachelor s Thesis, MIT, May 1978 http://groups.csail.mit.edu/cis/theses/kohnfelder-bs.pdf Proof of identity Public key of Bob Certification Authority Certificate Public key of Certification Authority

Certificate Subject name Subject s public key Subject s Credentials Serial number Issuer (CA) name Period of validity Signature algorithm identifier CA s signature

The exact X.509 Certificate Format [Stallings, 2010]

Distinguished Name (DN) according to X.500 Example: Common name (CN) = Kris Gaj Country name (C) = US State or province name (ST) = VA Locality name (L) = Fairfax Organization name (O) = George Mason University Organizational unit name (OU) = ECE Other fields permitted: Street address (SA) Post office box (PO Box) Postal code (PC) Title (T) Description (D) Telephone number (TN) Serial number (SN)

Examples of X.509 version extensions Key usage: Restrictions on the use of a given key, e.g., digital signature, key encryption, data encryption, key agreement. Subject key identifier: A subject may have different key pairs for different purposes (e.g., digital signature, key agreement). Private key usage period: Period of use of the corresponding private key. Subject alternative name: Application specific name, e.g. e-mail address. Basic constraints: Identifies if the subject may act as a CA.

Non-repudiation only Alice Bob M, SGN A (M), Cert CA (A, KU A ) Alice s private key - KR A CA s public key - KU CA Notation: KU X - public key of X KR X - private key of X SGN X (M) - signature of X for the message M Cert Y (X, KU X ) - certificate issued by Y for the user X

Cert CA (B, KU B ) Confidentiality only Cert CA (A, KU A ) Cert CA (B, KU B ) Cert CA (C, KU C ) Cert CA (D, KU D ). On-line database Alice K AB (M), KU B (K AB ) Bob CA s public key - KU CA Bob s private key - KR B

Confidentiality and Non-repudiation Cert CA (B, KU B ) Cert CA (A, KU A ) Cert CA (B, KU B ) Cert CA (C, KU C ) Cert CA (D, KU D ). On-line database Alice SGN A (M), Cert CA (A, KU A ), K AB (M), KU B (K AB ) Bob Alice s private key - KR A CA s public key - KU CA Bob s private key - KR B CA s public key - KU CA

Public Key Infrastructure with Reverse Certificates US VA MA CA Fairfax Herndon Worcester Boston Santa Clara San Jose GMU MIT A A knows KU GMU M, SGN A (M), Cert GMU (A, KU A ), Cert Fairfax (GMU, KU GMU ), Cert VA (Fairfax, KU Fairfax ), Cert US (VA, KU VA ), Cert MA (US, KU US ), Cert Boston (MA, KU MA ), Cert MIT (Boston, KU Boston ) B B knows KU MIT

Public Key Infrastructure with Strict Hierarchy US VA MA CA Fairfax Herndon Worcester Boston Santa Clara San Jose GMU MIT A M, SGN A (M), All users know KU US Cert GMU (A, KU A ), Cert Fairfax (GMU, KU GMU ), Cert VA (Fairfax, KU Fairfax ), Cert US (VA, KU VA ), B

Public Key Infrastructure with Cross-Certificates Cert GMU (MIT, KU MIT ) Cert MIT (GMU, KU GMU ) GMU MIT A A knows KU GMU B B knows KU MIT M, SGN A (M), Cert GMU (A, KU A ), Cert MIT (GMU, KU GMU )

Certificate Revocation Lists (CRLs) This update date Next update date Issuer (CA) name List of revoked certificates (serial number + revocation date) Signature algorithm CA s signature Certificate is valid if it has a valid signature of CA did not expire is not listed in the CA s most recent CRL

The exact X.509 CRL Format [Stallings, 2006]

Advantages of Certification Authorities over Key Distribution Centers CA does not need to be on-line CA is relatively easy to implement CA crash = no new users in the network but all old users operate normally certificates are not security sensitive, they can be stored in a public database, and transmitted over a public network compromised CA cannot decrypt messages (without first impersonating one of the users) only active attacks can be mounted using CAs private key

Authenticated key agreement A s static private key A s ephemeral private key A s ephemeral public key Secret derivation Key derivation key A s static public key certificates B s static public key B s ephemeral public key Secret derivation Key derivation key B s static private key B s ephemeral private key

Authenticated key agreement A s static private key x A A s ephemeral private key r A A s ephemeral public key A s static public key y A p A certificates B s static public key p B y B r B x B B s ephemeral public key B s static private key B s ephemeral private key Secret derivation Key derivation key x A Z = y B p B r A x Z = y B r A p B A Secret derivation Key derivation key

1 2 3 Station-to-Station (STS) Protocol Authenticated key agreement with key confirmation Alice Bob KU Z static public key of Z KR Z static private key of Z x Z ephemeral private key of Z y Z ephemeral public key of Z y A y B, K AB (SGN B (y B, y A )), Cert CA (B, KU B )) K AB (SGN A (y A, y B )), Cert CA (A, KU A )) KR A static private key of A KU CA static public key of CA Cert CA (A, KU A )) certificate of A issued by CA Notation: KR B static private key of B KU CA static public key of CA Cert CA (B, KU B )) certificate of B issued by CA SGN Z (M) - signature of Z for the message M Cert CA (Z, KU Z ) certificate of Z issued by CA

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback