Scribd
Upload
21 views25 pages

008 Key Distribution

Uploaded by

Assad Leo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
21 views25 pages

008 Key Distribution

Uploaded by

Assad Leo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 25

Key Management

and Distribution
Presented by
Sir Najam
What is key management?
Key management is the set of techniques and
procedures supporting the establishment and
maintenance of keying relationships between
authorized parties.
A keying relationship is the state wherein
communicating entities share common
data(keying material) to facilitate cryptography
techniques. This data may include public or
secret keys, initialization values, and additional
non-secret parameters.
 Key management encompasses techniques
and procedures supporting:
1. initialization of systems users within a domain;
2. generation, distribution, and installation of keying

material;
3. controlling the use of keying material;
4. update, revocation, and destruction of keying
material;
and
5. storage, backup/recovery, and archival of keying
material.
Objectives

The objective of key management is to


maintain
keying relationships and keying material in a
manner that counters relevant threats

In practice an additional objective is


conformance to
a relevant security policy
Threats

1. compromise of confidentiality of secret keys

2. compromise of authenticity of secret or


public keys.

3. unauthorized use of public or secret keys


Security Policy

Security policy explicitly or implicitly defines the

threats a system is intended to address

Security policy may affect the stringency of


cryptographic requirements, depending on the
susceptibility of the environment in questions
to
various types of attack.
Key management techniques
Public-key techniques
Primary advantages offered by public-key
techniques for applications related to key
management include:

1. simplified key management


2. on-line trusted server not required
3. enhanced functionality
Key management techniques
 Key management
a) Symmetric-key encryption

plaintext ciphertex
encryptio t decryptio plaintext
n n

secret secret
symmetric key key
key
generator
Key management techniques
b) public-key encryption

plaintex
plaintext ciphertext
t
encryptio decryption
n
public private
key key

asymmetric key
pair generation

secure channel (private and


authentication)
secure channel (authentication
only)
unsecured channel (no
protection)
Key management techniques
Techniques for distributing confidential keys
Key layering and symmetric-key certificates
Key layering:
1. master keys – keys at the highest level in the hierarchy
2. key-encrypting keys – symmetric keys or encryption
public
keys used for key transport or storage of other keys
3. data keys – used to provide cryptographic operations
on user
data
Key management techniques
symmetric-key certificates:
Symmetric-key certificates provide a means for a KTC(Key
Translation Center) to avoid the requirement of either
maintaining a secure database of user secrets (or
duplicating such a database for multiple servers), or
retrieving such keys from a database upon translation
requests.
Key management life cycle
1. user registration
2. user initialization
3. key generation
4. key installation
5. key registration
6. normal use
7. key backup
8. key update
9. archival
10. key de-registration and destruction
11. key recovery
12. key revocation
Key Distribution
 given parties A and B have various key
distribution alternatives:
1. A can select key and physically deliver to B
2. third party can select & deliver key to A & B
3. if A & B have communicated previously can
use previous key to encrypt a new key
4. if A & B have secure communications with a
third party C, C can relay key between A & B
Key Distribution Task
Key Distribution Scenario
Key Distribution Issues
hierarchies of KDC’s required for large
networks, but must trust each other
session key lifetimes should be limited for
greater security
use of automatic key distribution on behalf of
users, but must trust system
use of decentralized key distribution
controlling key usage
Simple Secret Key Distribution
Merkle proposed this very simple scheme
allows secure communications
no keys before/after exist
Secret Key Distribution with
Confidentiality and Authentication
Distribution of Public Keys
can be considered as using one of:
public announcement
publicly available directory
public-key authority
public-key certificates
Public Announcement
users distribute public keys to recipients or
broadcast to community at large
eg. append PGP keys to email messages or post
to news groups or email list
major weakness is forgery
anyone can create a key claiming to be
someone else and broadcast it
until forgery is discovered can masquerade as
claimed user
Publicly Available Directory
can obtain greater security by registering
keys with a public directory
directory must be trusted with properties:
contains {name,public-key} entries
participants register securely with directory
participants can replace key at any time
directory is periodically published
directory can be accessed electronically
still vulnerable to tampering or forgery
Public-Key Authority
improve security by tightening control over
distribution of keys from directory
has properties of directory
and requires users to know public key for the
directory
then users interact with directory to obtain
any desired public key securely
does require real-time access to directory
when keys are needed
may be vulnerable to tampering
Public-Key Authority
Public-Key Certificates
 certificates allow key exchange without real-
time access to public-key authority
 a certificate binds identity to public key
usually with other info such as period of
validity, rights of use etc
 with all contents signed by a trusted Public-
Key or Certificate Authority (CA)
 can be verified by anyone who knows the
public-key authorities public-key
Public-Key Certificates

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy