key management network systems security
DESCRIPTION
Key Management Network Systems Security. Mort Anvari. Key Management. Asymmetric encryption helps address key distribution problems Two aspects distribution of public keys use of public-key encryption to distribute secret keys. Distribution of Public Keys. - PowerPoint PPT PresentationTRANSCRIPT
Key Management Network Systems Security
Mort Anvari
9/16/2004 2
Key Management
Asymmetric encryption helps address key distribution problems
Two aspects distribution of public keys use of public-key encryption to
distribute secret keys
9/16/2004 3
Distribution of Public Keys
Four alternatives of public key distribution Public announcement Publicly available directory Public-key authority Public-key certificates
9/16/2004 4
Public Announcement Users distribute public keys to
recipients or broadcast to community at large E.g. append PGP keys to email messages
or post to news groups or email list Major weakness is forgery
anyone can create a key claiming to be someone else and broadcast it
can masquerade as claimed user before forgery is discovered
9/16/2004 5
Publicly Available Directory Achieve greater security by registering
keys with a public directory Directory must be trusted with
properties: contains {name, public-key} entries participants register securely with directory participants can replace key at any time directory is periodically published directory can be accessed electronically
Still vulnerable to tampering or forgery
9/16/2004 6
Public-Key Authority Improve security by tightening control
over distribution of keys from directory Has properties of directory Require users to know public key for the
directory Users can interact with directory to
obtain any desired public key securely require real-time access to directory when
keys are needed
9/16/2004 7
Public-Key Authority
9/16/2004 8
Public-Key Certificates Certificates allow key exchange without
real-time access to public-key authority A certificate binds identity to public
key usually with other info such as period of
validity, authorized rights, etc With all contents signed by a trusted
Public-Key or Certificate Authority (CA) Can be verified by anyone who knows
the CA’s public key
9/16/2004 9
Public-Key Certificates
9/16/2004 10
Distribute Secret KeysUsing Asymmetric Encryption
Can use previous methods to obtain public key of other party
Although public key can be used for confidentiality or authentication, asymmetric encryption algorithms are too slow
So usually want to use symmetric encryption to protect message contents
Can use asymmetric encryption to set up a session key
9/16/2004 11
Simple Secret Key Distribution Proposed by Merkle in 1979
A generates a new temporary public key pair A sends B the public key and A’s identity B generates a session key Ks and sends
encrypted Ks (using A’s public key) to A A decrypts message to recover Ks and both use
9/16/2004 12
Problem with Simple Secret Key Distribution
An adversary can intercept and impersonate both parties of protocol
A generates a new temporary public key pair {KUa, KRa} and sends KUa || IDa to B
Adversary E intercepts this message and sends KUe || IDa to B
B generates a session key Ks and sends encrypted Ks (using E’s public key)
E intercepts message, recovers Ks and sends encrypted Ks (using A’s public key) to A
A decrypts message to recover Ks and both A and B unaware of existence of E
9/16/2004 13
Distribute Secret KeysUsing Asymmetric Encryption if A and B have securely exchanged public-keys
?
9/16/2004 14
Problem with Previous Scenario
Message (4) is not protected by N2
An adversary can intercept message (4) and replay an old message or insert a fabricated message
9/16/2004 15
Order of Encryption Matters
What can be wrong with the following protocol?
AB: NBA: EKUa[EKRb[Ks||N]]
An adversary sitting between A and B can get a copy of secret key Ks without being caught by A and B!
9/16/2004 16
Diffie-Hellman Key Exchange
First public-key type scheme proposed
By Diffie and Hellman in 1976 along with advent of public key concepts
A practical method for public exchange of secret key
Used in a number of commercial products
9/16/2004 17
Diffie-Hellman Key Exchange Use to set up a secret key that can be used for
symmetric encryption cannot be used to exchange an arbitrary message
Value of key depends on the participants (and their private and public key information)
Based on exponentiation in a finite (Galois) field (modulo a prime or a polynomial) - easy
Security relies on the difficulty of computing discrete logarithms (similar to factoring) – hard
9/16/2004 18
Primitive Roots From Euler’s theorem: aø(n) mod n=1 Consider am mod n=1, GCD(a,n)=1
must exist for m= ø(n) but may be smaller once powers reach m, cycle will repeat
If smallest is m= ø(n) then a is called a primitive root
if p is prime, then successive powers of a “generate” the group mod p
Not every integer has primitive roots
9/16/2004 19
Primitive Root Example: Power of Integers Modulo 19
9/16/2004 20
Discrete Logarithms Inverse problem to exponentiation is to find the
discrete logarithm of a number modulo p Namely find x where ax = b mod p Written as x=loga b mod p or x=inda,p(b) If a is a primitive root then discrete logarithm
always exists, otherwise may not 3x = 4 mod 13 has no answer 2x = 3 mod 13 has an answer 4
While exponentiation is relatively easy, finding discrete logarithms is generally a hard problem
9/16/2004 21
Diffie-Hellman Setup
All users agree on global parameters large prime integer or polynomial q α which is a primitive root mod q
Each user (e.g. A) generates its key choose a secret key (number): xA < q
compute its public key: yA = αxA mod q
Each user publishes its public key
9/16/2004 22
Diffie-Hellman Key Exchange Shared session key for users A and B is
KAB: KAB = α
xA.xB mod q
= yA
xB mod q (which B can compute)
= yB
xA mod q (which A can compute) KAB is used as session key in symmetric
encryption scheme between A and B Attacker needs xA or xB, which requires
solving discrete log
9/16/2004 23
Diffie-Hellman Example Given Alice and Bob who wish to swap keys Agree on prime q=353 and α=3 Select random secret keys:
A chooses xA=97, B chooses xB=233 Compute public keys:
yA=397 mod 353 = 40 (Alice)
yB=3233 mod 353 = 248 (Bob)
Compute shared session key as:KAB= yB
xA mod 353 = 24897 = 160 (Alice)
KAB= yA
xB mod 353 = 40233 = 160 (Bob)
9/16/2004 24
Next Class
Hashing functions Message digests