Topic-2 Key Management
Topic-2 Key Management
E.g. KDC for each LAN (or building); central KDC to exchange keys between hosts in
different LANs.
o Reduces effort in key distribution; limits damage if local KDC is compromised.
Session Key Lifetime
o Shorter lifetime is more secure; but increases overhead of exchanges.
o Connection-oriented protocols (e.g. TCP): new session key for each connection.
o Connection-less protocols (e.g. UDP/IP): change after fixed period or certain number of
packets sent.
Decentralized Key Distribution
Alternative that doesn’t rely on KDC.
Each end-system must manually exchange n − 1
master keys (Km) with others.
Symmetric Key Distribution using Asymmetric
Encryption
• Asymmetric encryption generally too slow for encrypting large
amount of data.
• Common application of asymmetric encryption is exchanging
secret keys.
• Three ways to exchange key:
Simple Secret Key Distribution
Secret Key Distribution with Confidentiality and Authentication
Hybrid Scheme: Public-Key Distribution of KDC Master Keys.
Simple Secret Key Distribution
• Simple: no keys prior to or after communication.
• Provides confidentiality for session key.
• Subject to man-in-the-middle attack.
• Only useful if attacker cannot modify/insert messages.
Man-in-the-Middle Attack
Cont..
• A generates a public/private key pair {PUa, PRa} and transmits a
message intended for B consisting of PUa and an identifier of A, IDA .
• E intercepts the message, creates its own public/private key pair
{PUe, PRe} and transmits PUe ||IDA to B.
• B generates a secret key, Ks, and transmits E(PUe, Ks) .
• E intercepts the message and learns Ks by computing D(PRe,
E(PUe, Ks)).
• E transmits E(PUa, Ks) to A.
Secret Key Distribution with Confidentiality and
Authentication
• Provides both confidentiality and authentication
in exchange of secret key.
Hybrid Scheme: Public-Key Distribution of KDC
Master Keys
• Use public-key distribution to distribute master
keys between end-systems and KDC.
• Efficient method of delivering master keys (rather
than manual delivery).
• Useful for large networks, widely distributed set
of users with single KDC.
Distribution of Public Keys
• By design, public keys are made public.
• Issue: how to ensure public key of A actually belongs to A (and not
someone pretending to be A).
• Four approaches for distributing public keys
Public announcement
Publicly available directory
Public-key authority
Public-key certificates
Public Announcements
• Make public key available in open forum: newspaper,
email signature, website, conference, . . .
• Problem: anyone can announce a key pretending to be
another user.
Publicly Available Directory
• All users publish keys in central directory.
• Users must provide identification when publishing key.
• Users can access directory electronically.
• Weakness: directory must be secure.
Public-Key Authority
• Specific instance of using publicly available directory.
• Assume each user has already securely published public-
key at authority; each user knows authorities public key.
Cont..
• First 5 messages are for key exchange; last 2
are authentication of users.
• Although 7 messages, public keys obtained from
authority can be cached.
• Problem: authority can be bottleneck.
• Alternative: public-key certificates.
Public-Key Certificates
• Assume public keys sent to CA can be authenticated by CA;
each user has certificate of CA.
Cont..
A certificate is the ID and public-key of a user signed by CA
CA = E(PRauth , [T ||IDA ||PUa])
Timestamp T validates the certificate (expiration date).
Common format for certificates is X.509 standard (by ITU)
S/MIME (secure email)
IP security (network layer security)
SSL/TLS (transport layer security)
SET (e-commerce)
X.509 Certificate
• Each user has a certificate, although it is created
by the Certificate Authority (CA).
• Certificates are stored in a public directory.
• Certificate format includes:
X.509 Formats
Public-Key Certificate Use
Certificate Revocation List
• Certificates may be revoked before expiry.
Multiple Certificate Authorities
• Multiple CA’s can be arranged in hierarchy.
• Notation: Y << X >> certificate of X issued by
CA Y.
• A acquires B certificate using chain:
X<<W>>W<<V>>V<<Y>>Y<<Z>>Z<<B>>
X.509 Hierarchy
Public Key Infrastructure