Download CS 291 Special Topics on Network Security

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
Document related concepts

Web of trust wikipedia , lookup

Transcript 
CS 285 Network Security
Key Distribution and Management
Yuan Xue
Fall 2012
@Yuan Xue (yuan.xue@vanderbilt.edu)
Overview
Secret Key Distribution




Introduction
Using key distribution center (KDC)
Decentralized
Using public-key
Public Key Management




Public-key Announcement
Publicly Available Directory
Public-key Certificate
Web of Trust (GnuPG)
@Yuan Xue (yuan.xue@vanderbilt.edu)
Secret Key Distribution
Message Encryption

Secret key encryption vs. public key encryption
 Both encryption algorithms can provide confidentiality
 Secret Key Encryption is more efficient and faster

To use secret key encryption
 Communicating peers must share the same key
 The key must be protected from access by others
Key Distribution
@Yuan Xue (yuan.xue@vanderbilt.edu)
Key Hierarchy
A secret key becomes insecure when
used for a long time, since more
ciphertext encrypted using this key
is available to the attacker, making it
easies to derive the key.
Keys that are used to encrypt the
data need to be renewed frequently
Solution – Key Hierarchy


Session key – encrypt data, renewed
each session
Master key – distribute session keys,
renewed infrequently using noncryptographic approach
@Yuan Xue (yuan.xue@vanderbilt.edu)
Secret Key Distribution
Now the questions are

What are master keys?
 secret key or public key?

Who should share master keys?
 who needs to be trusted a priori?

How to get session keys from master keys?
 key distribution protocol
@Yuan Xue (yuan.xue@vanderbilt.edu)
Secret Key Distribution Approaches
Three approaches

Via key distribution center (KDC)
 KDC needs to share a secret key with each of the
communication parties

Decentralized
 The communication parties need to share a master key

Via public key
 The communication parties need to have the public keys of
each other


Using public key encryption
Using Diffie-Hellman key exchange
@Yuan Xue (yuan.xue@vanderbilt.edu)
Key Distribution based on KDC
Initially



Goal
A and B both trust KDC
KUA -- shared secret
key between A and KDC
KUB -- shared secret
key between B and KDC
KDC
A
KUA
@Yuan Xue (yuan.xue@vanderbilt.edu)


KDC
KUA, KUB
B
KUB
A and B trust each
other
A and B share a secret
key KS
A
KS ,KUA
KUA, KUB
B
KS ,KUB
Overview
Secret Key Distribution




Introduction
Using key distribution center (KDC)
Decentralized
Using public-key
Public Key Management




Public-key Announcement
Publicly Available Directory
Public-key Certificate
Web of Trust (GnuPG)
@Yuan Xue (yuan.xue@vanderbilt.edu)
KDC-based Key Distribution Protocol
Nonce guarantee the reply (the secret key)
from KDC is fresh
Ticket to B
Vulnerable to
Replay attack
Any math func, e.g., N+1
Match the KDC reply with the request, in
case A issued multiple requests to KDC
The Needham–Schroeder Symmetric Key Protocol
@Yuan Xue (yuan.xue@vanderbilt.edu)
Decentralized Key Distribution
Initially


Goal
A and B trust each
other
A and B share a master
secret key Km
A
Km
@Yuan Xue (yuan.xue@vanderbilt.edu)
B
Km

A
A and B share a session
secret key KS
KS ,Km
B
KS ,Km
Decentralized Key Distribution
@Yuan Xue (yuan.xue@vanderbilt.edu)
Secret Key Distribution Approaches
Three approaches

Via key distribution center (KDC)
 KDC needs to share a secret key with each of the
communication parties

Decentralized
 The communication parties need to share a master key

Via public key
 The communication parties need to have the public keys of
each other


Using public key encryption
Using Diffie-Hellman key exchange
@Yuan Xue (yuan.xue@vanderbilt.edu)
Secret Key Distribution Via Public Key
Using public key encryption

RSA Algorithm
Using Diffie-Hellman key exchange
@Yuan Xue (yuan.xue@vanderbilt.edu)
Simple Secret Key Distribution
Problem: Man-in-the-middle-attack
@Yuan Xue (yuan.xue@vanderbilt.edu)
Man-in-the-middle Attack
KUA||IDA
A
KUD||IDA
B
D
E[KUA, Ks]
E[KUD, Ks]
Key Issue: Binding between public key and the ID.
Solution: public key management
Provides authenticated association between the public
key and the ID
@Yuan Xue (yuan.xue@vanderbilt.edu)
Public Key Management
Distribution of Public Key




Public-key Announcement
Publicly Available Directory
Public-key Certificate (focus)
Others
 Fingerprint (GnuPG)
 Web of Trust (covered in HW2 and the class on GnuPG)
@Yuan Xue (yuan.xue@vanderbilt.edu)
Public Announcement
No Authentication
Key Issue: Binding ID <-> Public key
@Yuan Xue (yuan.xue@vanderbilt.edu)
Publicly Available Directory
Directory [ID, public key]
A securely registers its
public key


In person
Secure communication
The entire directory is
published periodically
B can access the directory
via secure authenticated
communication
@Yuan Xue (yuan.xue@vanderbilt.edu)
Public-Key Certificate
Certificate CA = E[KRauth, T||IDA||KUA]
@Yuan Xue (yuan.xue@vanderbilt.edu)
Put into practice
Let’s take a look at a real
certificate
How to generate


OpenSSL
http://www.madboa.com/ge
ek/openssl/
@Yuan Xue (yuan.xue@vanderbilt.edu)
Now – Use Public key to distribute secret key
I want to talk to you
Certificate
E(KUbob,S)
A
B
No assurance that the key is fresh
@Yuan Xue (yuan.xue@vanderbilt.edu)
Solution from SSL
Nonce
Pre-master Secret
Secret Key
I want to talk to you, RAlice
Certificate, RBob
E(KUbob,S)
K = Hash (S, RAlice, RBob)
A
B
K = Hash (S, RAlice, RBob)
Nonce
@Yuan Xue (yuan.xue@vanderbilt.edu)
Diffie-Hellman Key Exchange
a is a primitive root of prime number p then
a mod p, a2 mod p, …, ap-1 mod p
are distinct and consist of the integers from 1
through p-1
For any b and a primitive root a of p,
unique exponent I can be found such that
b = ai mod p (0<=i <= p-1)
@Yuan Xue (yuan.xue@vanderbilt.edu)
More on D-H Key Exchange
• Basic Version -- Anonymous Diffie-Hellman:
no authentication, vulnerable to man-in-themiddle attacks
• Fixed Diffie-Hellman: based on public
parameter in server’s CA; fixed secret key
• Ephemeral Diffie-Hellman: one time secret
key; most secure D-H options
@Yuan Xue (yuan.xue@vanderbilt.edu)
In A Nutshell
Announcement
Directory
Certificate
Public-key
management
Public Keys
KDC-based
Decentralized
Public-key-based
RSA, Diffie-Hellman
Secret Key
Distribution
Session Keys
Message
Encryption
@Yuan Xue (yuan.xue@vanderbilt.edu)
Message
Authentication
Decentralized
(Web of Trust)
Related documents
China`s Central Bank & Monetary Policy
China`s Central Bank & Monetary Policy
Risk of China market
Risk of China market
Yuan Dynasty Dynastic Cycle
Yuan Dynasty Dynastic Cycle
China: Yuan dynasty (AD 1279
China: Yuan dynasty (AD 1279
Section 20.5
Section 20.5
POD 8- The Middle kingdom
POD 8- The Middle kingdom
China
China
China
China
Taking Action - Wolverton
Taking Action - Wolverton
Dramatic Social changes and Higher Education Reforms in China
Dramatic Social changes and Higher Education Reforms in China
CS 291 Special Topics on Network Security
CS 291 Special Topics on Network Security
CS 291 Special Topics on Network Security
CS 291 Special Topics on Network Security