Key Management Key management refers to the distribution of cryptographic keys; the mechanisms used to bind an identity to a key; and the generation, maintenance, and revoking of such keys. The notation that we will use is X → Y: { Z } k means that entity X sends to entity Y a message Z encrypted with the key k e.g. Alice → Bob: { “Hello World” } k means that Alice send Bob the message “Hello World” using key k. k represents the secret key for the classical (symmetrical) key encryption system. e and d represent the public and private key, respectively, for a public key (asymmetrical) encryption system. Session and Interchange Keys Def: An interchange key is a cryptographic key associated with a principal to a communication. Def: A session key is a cryptographic key associated with the communications itself talk about way to communicate different key for each communications A session key prevents forward searches Forward Search Attack small number of plain text messages encrypt with a public key compare to sent messages know plain text message e.g. Suppose that Alice is a client of Bob’s stock brokerage firm. Alice need to send Bob one of two messages: BUY or SELL. Cathy, the attacker, enciphers both messages with Bob’s public key. When Alice sends her message, Cathy compares it with her enciphered messages and sees which one it matches. Randomly generated session key that are used once prevents this type of attack. An interchange key used to convince receiver who the sender is used for all sessions changes independently of session initiation and termination Key Exchange e.g. Alice and Bob want to communicate securely The goal is for Alice and Bob to communicate secretly. 1. Key cannot be transmitted in the clear 2. Bob and Alice may decide to trust a third party 3. The cryptosystems and protocols are known. Only the keys are secret. Classical Cryptographic Key Exchange & Authentication Trusted third party 1. Alice → Cathy: { request for session key to Bob} KAlice 2. Cathy → Alice: { KSession }KAlice || { KSession } KBob 3. Alice → Bob: { KSession } KBob Alice wants to talk to Bob Alice & Cathy share a secret key Bob & Cathy share a secret key Goal: Alice and Bob share a secret key Public Key Cryptographic Key Exchange and Authentication Again, Alice wants to secretly communicate with Bob Alice → Bob: { K } K Session Bob Pub Bob decodes and away they go BUT …… How does Bob know that the KSession came from Alice? Alice → Bob: { { K } K } K Session Alice Bob Pri Pub Suppose that Eve is listing to Alice Alice → Peter: { “send me Bob’s public key” } - Eve hears Eve → Peter: { “send me Bob’s public key” } Peter → Eve: { Key } Bob Pub Eve → Alice: { Key } Eve Pub Alice → Bob: { K } K - This is intercepted by Eve Session Eve Pub Eve → Bob: { K } K Session Bob Pub This is an example of a man-in-the-middle attack Kerberos System that supports authentication in distributed systems Developed by MIT Ticket is an unforgeable, non-replayable, authenticated object names the user & service user allowed to use Flow of Information 1. user identifies self to Kerberos Server. 2. Kerberos Server verifies the user is authorized. 3. Kerberos Server sends a Session Key SG for use in communications with the TG server and a Ticket TG for the TG server encrypted with the user’s password. 4. Kerberos Server sends a copy of the Session Key SG to the TG server, the identity of the user encrypted with a Key shared by the Kerberos server and the TG server. Note: User’s password stored at Kerberos Server and not passed over the networks. Ticket contains User’s authenticated identity identification of requested service rights w.r.t. services Session Key expiration date of ticket 1. Authentication 2. Ticket Authorization – Authorization Key 3. Server Access Request 4. Service Ticket 5. Unique Keys between TG Server and Service 6. Service Request Characteristics 1. No passwords communicated on the network initial password passed by snail mail 2. Cryptographic protection against spoofing 3. Limited period of validity 4. Timestamps to prevent replay attacks 5. Mutual authentication Issues 1. continuous availability of a trusted TG server. 2. Authenticity of servers requires a trusted relationship between that TG server and every server. 3. Requires timely transactions 4. Subverted workstation can save and later replay user passwords. 5. Password guessing works intercept ticket 6. Does not scale well. 7. Complete solution all applications must use Kerberos authentication e.g. works with ls Infrastructures Def: A certificate is a token that binds an identity to a cryptographic key. C = { K || Alice || Time Stamp } K Alice Alice Cathy Pub Pri Bob wants to communicate with Alice. Bob obtains CAlice. If he trusts Cathy, then using Cathy’s public key, he knows Alice’s public key, the binding to Alice and a time stamp. Certificate Signature Chains X.509 – the Directory Authentication Framework Def: A certification authority (CA) is an entity that issues certificates. Many, some in US and some in France, and some in ….. X << Y >> means that X is the CA and generated the certificate for the subject Y Def: Two CA’s are cross-certified if each has issued a certificate for the other. Def: A certificate revocation list is a list of certificates that are no longer valid. 1. only issuer can revoke a certificate 2. timeliness of getting list out Def: A digital signature is a construct that authenticates both the origin and contents of a message in a manner that is provable to a disinterested third party. .
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages7 Page
-
File Size-