SlideShare a Scribd company logo

Lec 10 - Key Management.ppt

Download as PPT, PDF
I
IshaKanwal4

1) Key management involves the distribution and use of public keys through public announcement, public directories, public key authorities, and public key certificates. 2) Public key certificates bind a user's identity to their public key and can be verified by anyone, providing a secure mechanism for distributing public keys without direct contact. 3) Secret keys can be distributed securely using public key encryption by having one party encrypt a secret key with the other's public key, or through protocols like Diffie-Hellman key exchange which allow two parties to jointly derive a shared secret key.

Engineering
1 of 16
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
CRYPTOGRAPHY Key Management
Key Management • The distribution of public keys – Public announcement – Public available directory – Public-key authority – Public-key certificates • The use of public-key encryption to distribute secret keys
Public Announcement of Public Keys • Users distribute public keys to recipients or broadcast to community at large – E.g., such as RSA, any participant can send his or her public key to another participant Major weakness is forgery 1. Anyone can create a key claiming to be someone else and broadcast it 2. Until forgery is discovered can masquerade as claimed user
Public Key Directory • Can obtain greater security by registering keys with a public directory • Directory must be trusted with properties: – Contains {name, public-key} entries – Participants register securely with directory – Participants can replace key at any time – Directory is periodically published – Directory can be accessed electronically • The scheme is Cleary more secure. The danger is, if an adversary succeeds in obtaining or computing the private key of the directory authority-it can impersonate public keys of all the participants-Still vulnerable to tampering or forgery
Public Key Directory
Public Key Authority • Improve security by tightening control over distribution of public keys from the directory • Has properties of directory • Requires users to know public key for the directory • Users interact with directory to obtain any desired public key securely – Require real-time access to directory when keys are needed • Users A and B mutually authenticate and assure freshness • Drawbacks – Public key authority could be a performance bottleneck – The directory is vulnerable to tampering
Public Key Authority Public-Key Distribution Scenario
Public Key Certificates • Goal is to provide a mechanism as secure and reliable as the public key authority without requiring direct contact-use of public key certificate • Public key certificate – Binds identity to public key – Usually with other info such as period of validity, rights of use etc. – With all contents signed by a TTP or Certificate Authority (CA) • Public key certificate requirements – Anyone can read a certificate and determine the name and public key of the owner – Anyone can verify that the certificate originated from the public key certification authority – Only the public key certification authority can issue or update certificates – Anyone can verify the currency of the certificate
Public Key Certificates Exchange of Public-Key Certificates
Distribution of Secret Keys using PKC • Because of its huge computational cost, Public-Key cryptosystem usage tends to be restricted – Secret key distribution
Simple Secret Key Distribution (Merkle’s) • Alice generates a public/private key pair and sends her public key to Bob • Bob generates a secret key and sends it to Alice encrypted in her public key • Simple but vulnerable to man-in-the-middle attack – End-to-end authentication is required Simple Use of Public-Key Encryption to Establish a Session Key
Secret Key Distribution (Needham- Schroeder’s) • Provides a protection against both active and passive attacks • Assume Alice and Bob have exchanged public keys (by any scheme described earlier) • Steps 1. Alice encrypts and sends an identifier of Alice and a nonce to Bob 2. Bob encrypts and sends Alice’s nonce and his own nonce 3. Alice encrypts and sends Bob’s nonce back to Bob 4. Alice selects, signs, encrypts and sends a secret key to Bob • Ensure both confidentiality and authentication in the exchange of a secret key
Secret Key Distribution (Needham- Schroeder’s) Public-Key Distribution of Secret Keys (Needham-Schroeder’s Algorithm)
Diffie-Hellman Key Exchange • Relies on difficulty of computing discrete logarithms K = (YB)XA mod q = (XB mod q)XA mod q = (XB)XA mod q = XBXA mod q = (XA)XB mod q = (XA mod q)XB mod q = (YA)XB mod q
Diffie-Hellman Key Exchange EXAMPLE: q = 97, primitive root of q, in this case,  = 5 A and B selects secret keys XA = 36 and XB = 58 Each computes public key; YA = 536 = 50 mod 97, YB = 558 = 44 mod 97 After exchanging public keys, each compute the common secret key: K = (YB)XA mod 97 = 4436 = 75 mod 97 K = (YA)XB mod 97 = 5058 = 75 mod 97
Man-in-the-Middle Attack Alice Bob Darth YA YD1 K1 = (YD1)XB mod q K2 = (YD2)XA mod q K2 = (YA)XD2 mod q YB K1 = (YB)XD1 mod q YD2 • To counter such an attack, end-to-end authentication (the use of digital signatures or public-key certificates) is required

More Related Content

PPTX
Key Management, key management three tools ,
salutiontechnology
 
PPT
Key management.ppt
Sou Jana
 
PPTX
Module 5-Key management in security in computing
AparnaSunil24
 
PPT
CHAPTER 14 CRYPTOGR AND NETWORK SECURITY
ComputerScienceDepar10
 
PPT
Information and data security key management and distribution
Mazin Alwaaly
 
PDF
Unit 2_Key distribution_Deffi-Hellman.pdf
KanchanPatil34
 
PPT
Chapter 7 security
AbDul ThaYyal
 
PDF
Ch14
Francis Alamina
 
Key Management, key management three tools ,
salutiontechnology
 
Key management.ppt
Sou Jana
 
Module 5-Key management in security in computing
AparnaSunil24
 
CHAPTER 14 CRYPTOGR AND NETWORK SECURITY
ComputerScienceDepar10
 
Information and data security key management and distribution
Mazin Alwaaly
 
Unit 2_Key distribution_Deffi-Hellman.pdf
KanchanPatil34
 
Chapter 7 security
AbDul ThaYyal
 
Ch14
Francis Alamina
 

Similar to Lec 10 - Key Management.ppt (20)

PPTX
information security(Public key encryption its characteristics and weakness, ...
Zara Nawaz
 
PDF
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
SafeNet
 
PPT
Is unit-4-part-1
vmuniraja
 
PDF
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
PPTX
UNIT-IV.pptx
SunnyAnchews
 
PDF
Computer security module 3
Deepak John
 
PPT
ch10_key_management.ppt
PanimalarK
 
PPTX
Principles of public key cryptography and its Uses
Mohsin Ali
 
PPTX
Cyptography and network security unit 3-1
AsrithaKorupolu
 
PPTX
CNS 3RD UNIT PPT.pptx
pjeraids
 
PPTX
Key management
Sujata Regoti
 
PPTX
Public Key Distribution
AzaharulIslamAsik
 
PPTX
3 public key cryptography
Rutvik Mehta
 
PPT
Unit - 3.ppt
DHANABALSUBRAMANIAN
 
PDF
Data security for any organization by using public key infrastructure compone...
eSAT Publishing House
 
PDF
Data security for any organization by using public key infrastructure compone...
eSAT Journals
 
PPT
KEY MGMT.ppt
RizwanBasha12
 
PPTX
008 Key Distribution with examples and some
AssadLeo1
 
PDF
Unit 2_Public Key Cryptograohy_RSA_Example.pdf
KanchanPatil34
 
PPTX
Introduction to Cryptography CYB 303.pptx
Abolarinwa
 
information security(Public key encryption its characteristics and weakness, ...
Zara Nawaz
 
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
SafeNet
 
Is unit-4-part-1
vmuniraja
 
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
UNIT-IV.pptx
SunnyAnchews
 
Computer security module 3
Deepak John
 
ch10_key_management.ppt
PanimalarK
 
Principles of public key cryptography and its Uses
Mohsin Ali
 
Cyptography and network security unit 3-1
AsrithaKorupolu
 
CNS 3RD UNIT PPT.pptx
pjeraids
 
Key management
Sujata Regoti
 
Public Key Distribution
AzaharulIslamAsik
 
3 public key cryptography
Rutvik Mehta
 
Unit - 3.ppt
DHANABALSUBRAMANIAN
 
Data security for any organization by using public key infrastructure compone...
eSAT Publishing House
 
Data security for any organization by using public key infrastructure compone...
eSAT Journals
 
KEY MGMT.ppt
RizwanBasha12
 
008 Key Distribution with examples and some
AssadLeo1
 
Unit 2_Public Key Cryptograohy_RSA_Example.pdf
KanchanPatil34
 
Introduction to Cryptography CYB 303.pptx
Abolarinwa
 
Ad

Recently uploaded (20)

PPTX
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
PDF
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
PDF
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
PPTX
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
PPTX
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
PPTX
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
PDF
Well-logging-methods_new................
ZafriFarid
 
PDF
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
PPTX
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
PPTX
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
PPTX
UNIT-1 - COAL BASED THERMAL POWER PLANTS
Chandra Kumar S
 
PDF
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
PPTX
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
PPTX
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
PPT
introduction to datamining and warehousing
ssuser4ab3a2
 
PPTX
Geodesy 1.pptx...............................................
abhi1361yadav
 
PPTX
CH1 Production IntroductoryConcepts.pptx
RacemMellouli1
 
PPT
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 
PDF
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
PPTX
Sustainable Sites - Green Building Construction
mhdumerali
 
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
Well-logging-methods_new................
ZafriFarid
 
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
UNIT-1 - COAL BASED THERMAL POWER PLANTS
Chandra Kumar S
 
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
introduction to datamining and warehousing
ssuser4ab3a2
 
Geodesy 1.pptx...............................................
abhi1361yadav
 
CH1 Production IntroductoryConcepts.pptx
RacemMellouli1
 
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
Sustainable Sites - Green Building Construction
mhdumerali
 
Ad

Lec 10 - Key Management.ppt

  • 2. Key Management • The distribution of public keys – Public announcement – Public available directory – Public-key authority – Public-key certificates • The use of public-key encryption to distribute secret keys
  • 3. Public Announcement of Public Keys • Users distribute public keys to recipients or broadcast to community at large – E.g., such as RSA, any participant can send his or her public key to another participant Major weakness is forgery 1. Anyone can create a key claiming to be someone else and broadcast it 2. Until forgery is discovered can masquerade as claimed user
  • 4. Public Key Directory • Can obtain greater security by registering keys with a public directory • Directory must be trusted with properties: – Contains {name, public-key} entries – Participants register securely with directory – Participants can replace key at any time – Directory is periodically published – Directory can be accessed electronically • The scheme is Cleary more secure. The danger is, if an adversary succeeds in obtaining or computing the private key of the directory authority-it can impersonate public keys of all the participants-Still vulnerable to tampering or forgery
  • 6. Public Key Authority • Improve security by tightening control over distribution of public keys from the directory • Has properties of directory • Requires users to know public key for the directory • Users interact with directory to obtain any desired public key securely – Require real-time access to directory when keys are needed • Users A and B mutually authenticate and assure freshness • Drawbacks – Public key authority could be a performance bottleneck – The directory is vulnerable to tampering
  • 7. Public Key Authority Public-Key Distribution Scenario
  • 8. Public Key Certificates • Goal is to provide a mechanism as secure and reliable as the public key authority without requiring direct contact-use of public key certificate • Public key certificate – Binds identity to public key – Usually with other info such as period of validity, rights of use etc. – With all contents signed by a TTP or Certificate Authority (CA) • Public key certificate requirements – Anyone can read a certificate and determine the name and public key of the owner – Anyone can verify that the certificate originated from the public key certification authority – Only the public key certification authority can issue or update certificates – Anyone can verify the currency of the certificate
  • 9. Public Key Certificates Exchange of Public-Key Certificates
  • 10. Distribution of Secret Keys using PKC • Because of its huge computational cost, Public-Key cryptosystem usage tends to be restricted – Secret key distribution
  • 11. Simple Secret Key Distribution (Merkle’s) • Alice generates a public/private key pair and sends her public key to Bob • Bob generates a secret key and sends it to Alice encrypted in her public key • Simple but vulnerable to man-in-the-middle attack – End-to-end authentication is required Simple Use of Public-Key Encryption to Establish a Session Key
  • 12. Secret Key Distribution (Needham- Schroeder’s) • Provides a protection against both active and passive attacks • Assume Alice and Bob have exchanged public keys (by any scheme described earlier) • Steps 1. Alice encrypts and sends an identifier of Alice and a nonce to Bob 2. Bob encrypts and sends Alice’s nonce and his own nonce 3. Alice encrypts and sends Bob’s nonce back to Bob 4. Alice selects, signs, encrypts and sends a secret key to Bob • Ensure both confidentiality and authentication in the exchange of a secret key
  • 13. Secret Key Distribution (Needham- Schroeder’s) Public-Key Distribution of Secret Keys (Needham-Schroeder’s Algorithm)
  • 14. Diffie-Hellman Key Exchange • Relies on difficulty of computing discrete logarithms K = (YB)XA mod q = (XB mod q)XA mod q = (XB)XA mod q = XBXA mod q = (XA)XB mod q = (XA mod q)XB mod q = (YA)XB mod q
  • 15. Diffie-Hellman Key Exchange EXAMPLE: q = 97, primitive root of q, in this case,  = 5 A and B selects secret keys XA = 36 and XB = 58 Each computes public key; YA = 536 = 50 mod 97, YB = 558 = 44 mod 97 After exchanging public keys, each compute the common secret key: K = (YB)XA mod 97 = 4436 = 75 mod 97 K = (YA)XB mod 97 = 5058 = 75 mod 97
  • 16. Man-in-the-Middle Attack Alice Bob Darth YA YD1 K1 = (YD1)XB mod q K2 = (YD2)XA mod q K2 = (YA)XD2 mod q YB K1 = (YB)XD1 mod q YD2 • To counter such an attack, end-to-end authentication (the use of digital signatures or public-key certificates) is required