introduction to cryptographic key management. outline ncontext ndefinitions ndescription nprinciples...
TRANSCRIPT
Introduction to Cryptographic Key Management
Outline
Context Definitions Description Principles Illustrations and Demonstrations Recommendations
Context -- Cryptography is:
use of secret codes to hide and authenticate data suited to open and hostile environments broadly applicable portable composable can emulate any media or environment control arbitrarily strong effective efficient
Context
cost of crypto is low falling with the cost of computing relative strength is rising strong as we need it to be stronger than other security mechanisms strong link in the security chain robust, resilient, not likely to break very unlikely to collapse advantage is to the cryptographer
Modern Cryptography - the great inventions
automatic encoding and decoding the large independent key variable complexity-based encryption (DES) asymmetric key automatic key management
DES DESMessage Message
Out-of -channel exchange
Symmetric Key Cryptography
Key Management
generation recording transcription distribution installation storage change disposition and control
Key Management
generation recording transcription distribution installation storage change disposition and control
Key Management
is very important must be rigorous and disciplined principal point of attack not intuitive easy to screw up
Modern Key Management
fully automated, (i.e., no manual operations) permits frequent key change (e.g., file, session, message,
transaction, or other data object) increases the effective key length or security balances the interests in the key of multiple parties application of RSA and smart cards may be integrated or stand-alone
Applications of Key Management
increase effective strength compensate for limitations of algorithm involve multiple people in sensitive duties personal security environments
Principles of Key Management
No key may ever appear in the clear All keys must be randomly generated by a crypto engine Keys must be chosen evenly from the entire key space Must not have any (visible) structure Key-encrypting keys are separate from data keys Everything encrypted under a key-encrypting key must
originate within a crypto engine Key management must be automated
Asymmetric Key Cryptography
key has two parts what is encrypted with one part may only be decrypted
with the other only one part need be kept secret requires a minimum of prearrangement
Public Key Issues
public key need not be kept secret must be the right key i.e., association between public key and legal person encapsulated in a certificate signed by someone who knows
RSAMessage MessageRSA
Digital Envelope
Bob’sPrivate Key
Bob’sPublic Key
Bob
RSAMessage MessageRSAMessage
Digital Signature
John’sPrivate Key
John’sPublic Key
Characteristic DES RSA
Relative Speed Fast Slow Functions Used Transposition Multiplication & Substitution Key - length 56 bits 400-800 bits Least Cost Attack Exhaustion Factoring Cost of Attack Centuries Centuries Time to Generate Micro-seconds Tens of Seconds a Key Key Type Symmetric Asymmetric
DESRSAMessage MessageRSA
Hybrid Cryptography
Jane’sPublic Key
Jane’sPrivate Key
JaneDESMessage
Key Management Systems and Protocols
PGP RSA Secure Kerberos KDC Secure Socket Layer (SSL) XML Key Management System X509 Certificates/PKIX BBN SafeKeyper ISAKMP and Oakley