Scribd
Upload
15 views23 pages

Symmetric Key Distribution Methods

Uploaded by

Ankur Verma
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
15 views23 pages

Symmetric Key Distribution Methods

Uploaded by

Ankur Verma
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

KEY MANAGEMENT

SYMMETRIC KEY DISTRIBUTION


USING SYMMETRIC KEY
symmetric schemes require both parties to share a common secret key
issue is how to securely distribute this key
whilst protecting it from others
frequent key changes can be desirable
often secure system failure due to a break in the key distribution scheme
Key Distribution
• given parties A and B have various key distribution alternatives:
1. A can select key and physically deliver to B
2. third party can select & deliver key to A & B
3. if A & B have communicated previously can use previous key to encrypt a new key
4. if A & B have secure communications with a third party C, C can relay key between
A&B
Key Hierarchy
 typically have a hierarchy of keys
 session key
 temporary key
 used for encryption of data between users
 for one logical session then discarded
 master key
 used to encrypt session keys
 shared by user & key distribution center
Key Distribution Scenario
Key Distribution Issues
• Hierarchical Key Control - hierarchies of KDC’s required for large
networks, but must trust each other
• Session Key Lifetime – more frequent session keys are exchanged, more
secure they are; distribution of session keys delays the start of exchange of
messages; balance is desired; use session keys for fixed lifetime or
transactions.
Transparent Key Control Scheme
Decentralized Key Distribution
Symmetric Key Distribution Using
Public Keys
public key cryptosystems are inefficient
 so almost never use for direct data encryption
 rather use to encrypt secret keys for distribution
Simple Secret Key Distribution
• Merkle proposed this very simple scheme
• allows secure communications
• no keys before/after exist
Man-in-the-Middle Attack
• A generates {PUa, PRa}and forwards {Pua||IDa} to B.
• D generates {PUd, PRd}, intercepts the message and forwards {Pud||IDa}
to B.
• B generates the secret key and transmits E(PUd,Ks)
• D intercepts the message, learns Ks and forwards E(PUa,Ks) to A.
Secret Key Distribution with
Confidentiality and Authentication
Distribution of Public
Keys
Distribution of Public Keys
• can be considered as using one of:
• public announcement
• publicly available directory
• public-key authority
• public-key certificates
Public Announcement
• users distribute public keys to recipients or broadcast to community at large
• major weakness is forgery
• anyone can create a key claiming to be someone else and broadcast it
• until forgery is discovered can masquerade as claimed user
Publicly Available Directory
• can obtain greater security by registering keys with a public directory
• directory must be trusted with properties:
• contains {name,public-key} entries
• participants register securely with directory
• participants can replace key at any time
• directory is periodically published
• directory can be accessed electronically
• still vulnerable to tampering or forgery
Public-Key Authority
• improve security by tightening control over distribution of keys
from directory
• has properties of directory
• and requires users to know public key for the directory
• then users interact with directory to obtain any desired public key
securely
• does require real-time access to directory when keys are needed
• may be vulnerable to tampering
Public-Key Certificates
certificates allow key exchange without real-time access to public-key
authority
a certificate binds identity to public key
 usually with other info such as period of validity, rights of use etc
with all contents signed by a trusted Public-Key or Certificate Authority
(CA)
can be verified by anyone who knows the public-key authorities public-key
Public-Key Certificates
MISC. TOPIC
• Fermat’s Theorem:
• If p is prime and a is a positive integer not divisible by p, then
ap-1 mod p = 1
• E.g. a=7 and p = 19, then 718mod 19 = 1.
• Can be written as ap=a mod p.
MISC. TOPIC
• Euler’s Totient Function
• phi(n) is the number of positive integers less than n and relatively prime to n.
• Example phi(35) = 24
• phi(37)=26

• If p is prime, phi(p) = p-1 else phi(p) = (a-1)(b-1)


MISC. TOPIC
• Euler Theorem
• Aphi(n) mod n = 1.

• Example, a=3, n=10


• phi(10) = 4
• 34 mod 10 = 1

You might also like