Scribd
Upload
20 views29 pages

Lecture 17

Uploaded by

MUHAMMAD AHMAD
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
20 views29 pages

Lecture 17

Uploaded by

MUHAMMAD AHMAD
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 29

Information Security

Lecture # 17

Dr. Shafiq Hussain


Associate Professor & Chairperson
Department of Computer Science

1
Objectives
• Introduction to Key Management.

2
Key Management
• Key management refers to the processes and
procedures involved in generating, storing,
distributing, and managing cryptographic keys used
in cryptographic algorithms to protect sensitive data.

3
Key Management (Cont..)
• It ensures that keys used to protect sensitive data are
kept safe from unauthorized access or loss.

• Good key management helps maintain the security of


encrypted information and is important for protecting
digital assets from cyber threats.

4
Key Management (Cont..)
• Effective key management is crucial for ensuring the
confidentiality, integrity, and availability of encrypted
information by securing cryptographic keys from
unauthorized access, loss, or compromise.

5
Key Management (Cont..)
How Cryptographic Keys Works?
• Cryptographic keys are special codes that protect
information by locking (encrypting) and unlocking
(decrypting) it.

6
Key Management (Cont..)
How Cryptographic Keys Works?
• In symmetric key cryptography, a single shared key
does both jobs, so the same key must be kept secret
between users.

7
Key Management (Cont..)
How Cryptographic Keys Works?
• In asymmetric key cryptography, there are two keys:
a public key that anyone can use to encrypt messages
or verify signatures, and a private key that only the
owner uses to decrypt messages or create signatures.

8
Key Management (Cont..)
How Cryptographic Keys Works?
• This makes it easier to share the public key openly
while keeping the private key secret.

• These keys are crucial for secure communication, like


when you visit a secure website (HTTPS), where they
help encrypt your data and keep it safe from
eavesdroppers and criminals.

9
Key Management (Cont..)
Distribution of Public Key:
1. Public announcement
2. Publicly available directory
3. Public-key authority
4. Public-key certificates.

10
Key Management (Cont..)
Distribution of Public Key:
1. Public Announcement:
– Here the public key is broadcast to everyone.
– The major weakness of this method is a forgery.
– Anyone can create a key claiming to be someone
else and broadcast it.
– Until forgery is discovered can masquerade as
claimed user.

11
Key Management (Cont..)
Distribution of Public Key:
1. Public Announcement:

12
Key Management (Cont..)
Distribution of Public Key:
2. Publicly Available Directory:
– In this type, the public key is stored in a public
directory.
– Directories are trusted here, with properties like
Participant Registration, access and allow to
modify values at any time, contains entries like
{name, public-key}.

13
Key Management (Cont..)
Distribution of Public Key:
2. Publicly Available Directory:
– Directories can be accessed electronically still
vulnerable to forgery or tampering.

14
Key Management (Cont..)
Distribution of Public Key:
3. Public Key Authority:
– It is similar to the directory but, improves security
by tightening control over the distribution of keys
from the directory.

– It requires users to know the public key for the


directory.

15
Key Management (Cont..)
Distribution of Public Key:
3. Public Key Authority:
– Whenever the keys are needed, real-time access to
the directory is made by the user to obtain any
desired public key securely.

16
Key Management (Cont..)
Distribution of Public Key:
4. Public Certification:
– This time authority provides a certificate (which
binds an identity to the public key) to allow key
exchange without real-time access to the public
authority each time.

17
Key Management (Cont..)
Distribution of Public Key:
4. Public Certification:
– The certificate is accompanied by some other info
such as period of validity, rights of use, etc.

– All of this content is signed by the private key of


the certificate authority and it can be verified by
anyone possessing the authority’s public key.

18
Key Management (Cont..)
Key Management Lifecycle:
• The key management lifecycle outlines the stages
through which cryptographic keys are generated,
used, and eventually retired or destroyed.

• Proper management of these keys is critical to


ensuring the security of cryptographic systems.

19
Key Management (Cont..)
Key Management Lifecycle:
1. Key Generation:
• Creation: Keys are created using secure algorithms
to ensure randomness and strength.

• Initialization: Keys are initialized with specific


parameters required for their intended use (e.g.,
length, algorithm).

20
Key Management (Cont..)
Key Management Lifecycle:
2. Key Distribution:
• Sharing: For symmetric keys, secure methods must
be used to share the key between parties.

• Publication: For asymmetric keys, the public key is


shared openly, while the private key remains
confidential.

21
Key Management (Cont..)
Key Management Lifecycle:
3. Key Storage:
• Protection: Keys must be stored securely, typically
in hardware security modules (HSMs) or encrypted
key stores, to prevent unauthorized access.

• Access Control: Only authorized users or systems


should be able to access keys.

22
Key Management (Cont..)
Key Management Lifecycle:
5. Key Rotation:
• Updating: Keys are periodically updated to reduce
the risk of exposure or compromise.

• Re-Keying: New keys are generated and distributed,


replacing old ones while ensuring continuity of
service.

23
Key Management (Cont..)
Key Management Lifecycle:
6. Key Revocation:
• Invalidation: Keys that are no longer secure or
needed are invalidated.

• Revocation Notices: For public keys, revocation


certificates or notices are distributed to inform others
that the key should no longer be trusted.

24
Key Management (Cont..)
Key Management Lifecycle:
7. Key Archival:
• Storage: Old keys are securely archived for future
reference or compliance purposes.

• Access Restrictions: Archived keys are kept in a


secure location with restricted access.

25
Key Management (Cont..)
Key Management Lifecycle:
8. Key Destruction:
• Erasure: When keys are no longer needed, they are
securely destroyed to prevent any possibility of
recovery.

• Verification: The destruction process is verified to


ensure that no copies remain.

26
Questions
Any Question Please?

You can contact me at: [email protected]

Your Query will be answered within one working day.

27
Further Readings
• Chapter No. 1
Computer_Security_Principles_and_Practice_(3rd_E
dition)
By William Stallings and Lawrie Brown

28
Thanks

29

You might also like