The document discusses key management principles essential for cryptographic security, emphasizing the importance of secure key handling throughout their lifecycle. It covers key generation, establishment, storage, and the trade-offs between key length and efficiency, as well as the significance of session keys and the role of public-key infrastructures in key distribution. Additionally, it addresses potential attacks like man-in-the-middle and the necessity of certificates for authenticating public keys.
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0 ratings0% found this document useful (0 votes)
10 views36 pages
Key_Management_Slides_Revised (2)
The document discusses key management principles essential for cryptographic security, emphasizing the importance of secure key handling throughout their lifecycle. It covers key generation, establishment, storage, and the trade-offs between key length and efficiency, as well as the significance of session keys and the role of public-key infrastructures in key distribution. Additionally, it addresses potential attacks like man-in-the-middle and the necessity of certificates for authenticating public keys.
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 36
Key Management
Sachin Tripathi IIT(ISM), Dhanbad Outline Identify some fundamentals principles of key management Discuss some key establishment mechanisms
2 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
Security Services The basic security services are achieved in the form of: Confidentiality (with encryption algorithms) Integrity (with MACs or digital signatures) Message authentication (with MACs or digital signatures) Non-repudiation (with digital signatures)
3 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
Key Management Key management is crucial to the security of any cryptosystem. Without secure procedures for handling of cryptographic keys throughout their lifecycle, the benefits of the use of strong cryptographic primitives are potentially lost. If key management is not performed correctly then there is no point in using cryptography at all.
4 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
Key Lifecycle Key Generation: concerns the creation of keys. Key Establishment: is the process of making sure that keys reach the end points where they will be used. Key Storage: deals with the safekeeping of keys. It may also be important to conduct key backup so that keys can be recovered in the event of loss of a key.
5 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
Key lengths In general, longer keys are better from a security perspective. A cryptographic computation normally takes more time if the key is longer. In addition, longer keys involve greater storage and distribution overheads. Longer keys are less efficient in several important respects. Thus key length tends to be based on an efficiency-security trade- off.
6 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
Key lifetimes Every key has certain lifespan for a particular application. There are many reasons why cryptographic keys have finite lifetimes. Mitigation against key compromise: Mitigation against key management failures Mitigation against future attacks Enforcement of management cycles Flexibility Limitation of key exposure
7 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
Key Establishment How keys can be established using symmetric cryptosystems? How keys can be established using public-key cryptosystems? Why public-key techniques still have shortcomings for key distribution? What certificates are and how they are used? The role that public-key infrastructures play
8 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
Continued.. All cryptographic mechanisms that we have introduced so far assume that keys are properly distributed between the parties involved, e.g., between Alice and Bob. The task of key establishment is in practice one of the most important and often also most difficult parts of a security system. We already learned some ways of distributing keys, in particular Diffie–Hellman key exchange. We will learn many more methods for establishing keys between remote parties.
9 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
Contd… Key establishment deals with establishing a shared secret between two or more parties. Methods for this can be classified into key transport and key agreement methods. A key transport protocol is a technique where one party securely transfers a secret value to others. In a key agreement protocol two (or more) parties derive the shared secret where all parties contribute to the secret.
10 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
Key Freshness It is desirable to use cryptographic keys which are only valid for a limited time, such keys are called session keys. A major advantage is that there is less damage if the key is exposed.
11 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
Implementation issue There are always certain costs associated with key establishment, typically with respect to additional communication connections and computations. The latter holds especially in the case of public-key algorithms which are very computationally intensive.
12 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
Key Derivation
13 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
14 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024 Key Distribution Problem
15 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
Contd… Each user must store n−1 keys. There is a total of n(n−1) ≈ n2 keys in the network. A total of n(n−1)/2 =nC2 symmetric key pairs are in the network. If a new user joins the network, a secure channel must be established with every other user in order to upload new keys.
16 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
Key Establishment with KDC
17 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
Alternative
18 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
Replay Attack This attack makes use of the fact that neither Alice nor Bob know whether the encrypted session key they receive is actually a new one. If an old session key is reused, key freshness is violated.
19 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
Key Confirmation Attack
20 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
Kerberos
21 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
Limitations Communication requirements Secure channel during initialization Single point of failure No perfect forward secrecy
22 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
Key Establishment using Asymmetric Techniques Public-key algorithms are especially suited for key establishment protocols since they don’t share most of the drawbacks that symmetric key approaches have. The public-key primitives are quite slow, and that for this reason actual data encryption is usually done with symmetric primitives like AES or 3DES, after a key has been established using asymmetric techniques. At this moment it looks as though public-key schemes solve all key establishment problems. It turns out, however, that they all require what is termed an authenticated channel to distribute the public keys.
23 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
Man-in-the-Middle Attack The man-in-the-middle attack is a serious attack against public-key algorithms. The basic idea of the attack is that the adversary, Eve, replaces the public keys sent out by the participants with his own keys. This is possible whenever public keys are not authenticated.
24 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
25 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024 26 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024 Certificates
The underlying problem of the man-in-the-middle (MIM) attack is
that public keys are not authenticated. The MIM attack is not restricted to the DHKE, but is in fact applicable to any asymmetric crypto scheme. The attack always proceeds the same way: Eve intercepts the public key that is being sent and replaces it with his own.
27 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
Contd… The problem of trusted distribution of private keys is central in modern public key cryptography. There are several ways to address the problem of key authentication. The main mechanism is the use of certificates. A certificate for a user Alice in its most basic form is the following structure:
28 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
Contd… Certificates require that the receiver has the correct verification key, which is a public key. If we were to use Alice’s public key for this, we would have the same problem that we are actually trying to solve. Instead, the signatures for certificates are provided by a mutually trusted third party. This party is called the Certification Authority (CA). It is the task of the CA to generate and issue certificates for all users in the system. For certificate generation, the user computes her own asymmetric key pair and merely requests the CA to sign the public key. 29 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024 30 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024 CA’s role From a security point of view, the first transaction is crucial. It must be assured that Alice’s message (kpub_A, IDA) is sent via an authenticated channel. Otherwise, Eve could request a certificate in Alice’s name. In practice it is often advantageous that the CA not only signs the public keys but also generates the public–private key pairs for each user. In this case, a basic protocol looks like this:
31 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
32 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024 33 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024 One very crucial point here is the verification of the certificates. Without verification, the signatures within the certificates would be of no use. Verification requires the public key of the CA. This key must be transmitted via an authenticated channel, otherwise Eve could perform MIM attacks again. We need the authenticated channel only once, at set-up time. We saw in the earlier example of DHKE without certificates, that Alice and Bob have to trust each other’s public keys directly. With the introduction of certificates, they only have to trust the CA’s public key kpub_CA. If the CA signs other public keys, Alice and Bob know that they can also trust those. This is called a chain of trust. 34 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024 Public-Key Infrastructures (PKI) and CAs In order for public key cryptography to be useful in commercial applications, it is necessary to have an infrastructure that keeps that track of public keys. A Public-Key Infrastructures (PKI) is a framework consisting of policies defining the rules under which the cryptographic systems operate and procedures for generating and publishing keys and certificates.
35 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
X.509 Certificates
36 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024