Key Management

Sachin Tripathi
IIT(ISM), Dhanbad
 Outline
 Identify some fundamentals principles of key management
 Discuss some key establishment mechanisms

2 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024

 Security Services
 The basic security services are achieved in the form of:
 Confidentiality (with encryption algorithms)
 Integrity (with MACs or digital signatures)
 Message authentication (with MACs or digital signatures)
 Non-repudiation (with digital signatures)

3 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024

 Key Management
 Key management is crucial to the security of any
cryptosystem.
 Without secure procedures for handling of cryptographic
keys throughout their lifecycle, the benefits of the use of
strong cryptographic primitives are potentially lost.
 If key management is not performed correctly then there is
no point in using cryptography at all.

4 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024

 Key Lifecycle
 Key Generation: concerns the creation of keys.
 Key Establishment: is the process of making sure that keys reach the
end points where they will be used.
 Key Storage: deals with the safekeeping of keys. It may also be
important to conduct key backup so that keys can be recovered in
the event of loss of a key.

5 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024

 Key lengths
 In general, longer keys are better from a security perspective.
 A cryptographic computation normally takes more time if the key is
longer.
 In addition, longer keys involve greater storage and distribution
overheads.
 Longer keys are less efficient in several important respects.
 Thus key length tends to be based on an efficiency-security trade-
off.

6 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024

 Key lifetimes
 Every key has certain lifespan for a particular application.
 There are many reasons why cryptographic keys have finite lifetimes.
 Mitigation against key compromise:
 Mitigation against key management failures
 Mitigation against future attacks
 Enforcement of management cycles
 Flexibility
 Limitation of key exposure

7 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024

 Key Establishment
 How keys can be established using symmetric cryptosystems?
 How keys can be established using public-key cryptosystems?
 Why public-key techniques still have shortcomings for key
distribution?
 What certificates are and how they are used?
 The role that public-key infrastructures play

8 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024

 Continued..
 All cryptographic mechanisms that we have introduced so far
assume that keys are properly distributed between the parties
involved, e.g., between Alice and Bob.
 The task of key establishment is in practice one of the most
important and often also most difficult parts of a security system.
 We already learned some ways of distributing keys, in particular
Diffie–Hellman key exchange.
 We will learn many more methods for establishing keys between
remote parties.

9 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024

 Contd…
 Key establishment deals with establishing a shared secret between
two or more parties.
 Methods for this can be classified into key transport and key
agreement methods.
 A key transport protocol is a technique where one party securely
transfers a secret value to others.
 In a key agreement protocol two (or more) parties derive the
shared secret where all parties contribute to the secret.

10 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024

 Key Freshness
 It is desirable to use cryptographic keys which are only valid
for a limited time, such keys are called session keys.
 A major advantage is that there is less damage if the key is
exposed.

11 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024

 Implementation issue
 There are always certain costs associated with key
establishment, typically with respect to additional
communication connections and computations.
 The latter holds especially in the case of public-key
algorithms which are very computationally intensive.

12 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024

 Key Derivation

13 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024

14 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
 Key Distribution Problem

15 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024

 Contd…
 Each user must store n−1 keys.
 There is a total of n(n−1) ≈ n2 keys in the network.
 A total of n(n−1)/2 =nC2 symmetric key pairs are in the network.
 If a new user joins the network, a secure channel must be
established with every other user in order to upload new keys.

16 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024

 Key Establishment with KDC

17 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024

 Alternative

18 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024

 Replay Attack
 This attack makes use of the fact that neither Alice nor Bob know
whether the encrypted session key they receive is actually a new
one.
 If an old session key is reused, key freshness is violated.

19 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024

 Key Confirmation Attack

20 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024

 Kerberos

21 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024

 Limitations
 Communication requirements
 Secure channel during initialization
 Single point of failure
 No perfect forward secrecy

22 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024

 Key Establishment using Asymmetric
Techniques
 Public-key algorithms are especially suited for key establishment
protocols since they don’t share most of the drawbacks that symmetric
key approaches have.
 The public-key primitives are quite slow, and that for this reason actual
data encryption is usually done with symmetric primitives like AES or
3DES, after a key has been established using asymmetric techniques.
 At this moment it looks as though public-key schemes solve all key
establishment problems.
 It turns out, however, that they all require what is termed an authenticated
channel to distribute the public keys.

23 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024

 Man-in-the-Middle Attack
 The man-in-the-middle attack is a serious attack against public-key
algorithms.
 The basic idea of the attack is that the adversary, Eve, replaces
the public keys sent out by the participants with his own keys.
 This is possible whenever public keys are not authenticated.

24 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024

25 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
26 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
 Certificates

 The underlying problem of the man-in-the-middle (MIM) attack is

that public keys are not authenticated.
 The MIM attack is not restricted to the DHKE, but is in fact
applicable to any asymmetric crypto scheme.
 The attack always proceeds the same way: Eve intercepts the public
key that is being sent and replaces it with his own.

27 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024

 Contd…
 The problem of trusted distribution of private keys is central in
modern public key cryptography.
 There are several ways to address the problem of key authentication.
 The main mechanism is the use of certificates.
 A certificate for a user Alice in its most basic form is the following
structure:

28 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024

 Contd…
 Certificates require that the receiver has the correct verification
key, which is a public key.
 If we were to use Alice’s public key for this, we would have the
same problem that we are actually trying to solve.
 Instead, the signatures for certificates are provided by a
mutually trusted third party.
 This party is called the Certification Authority (CA). It is
the task of the CA to generate and issue certificates for all users
in the system.
 For certificate generation, the user computes her own
asymmetric key pair and merely requests the CA to sign the
public key.
29 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
30 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
 CA’s role
 From a security point of view, the first transaction is
crucial.
 It must be assured that Alice’s message (kpub_A, IDA) is sent
via an authenticated channel.
 Otherwise, Eve could request a certificate in Alice’s name.
 In practice it is often advantageous that the CA not only
signs the public keys but also generates the public–private
key pairs for each user.
 In this case, a basic protocol looks like this:

31 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024

32 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
33 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
 One very crucial point here is the verification of the certificates. Without
verification, the signatures within the certificates would be of no use.
 Verification requires the public key of the CA. This key must be
transmitted via an authenticated channel, otherwise Eve could perform
MIM attacks again.
 We need the authenticated channel only once, at set-up time.
 We saw in the earlier example of DHKE without certificates, that Alice
and Bob have to trust each other’s public keys directly.
 With the introduction of certificates, they only have to trust the CA’s
public key kpub_CA.
 If the CA signs other public keys, Alice and Bob know that they can also
trust those.
 This is called a chain of trust.
34 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024
 Public-Key Infrastructures (PKI) and
CAs
 In order for public key cryptography to be useful in commercial
applications, it is necessary to have an infrastructure that keeps that
track of public keys.
 A Public-Key Infrastructures (PKI) is a framework consisting of
policies defining the rules under which the cryptographic systems
operate and procedures for generating and publishing keys and
certificates.

35 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024

 X.509 Certificates

36 Dept. of CSE, IIT(ISM) Dhanbad December 13, 2024