Cryptography and Key Management

Questions and Answers

What is a key property of a publicly available directory?

• Participants can register their keys anonymously.
• The directory cannot be accessed electronically.
• Only the authority can update the directory.
• The directory must contain {name, public-key} entries. (correct)

What is a disadvantage of using a public-key authority?

• No real-time access to the directory is required.
• Users have complete control over the distribution of their keys.
• The authority acts as a potential bottleneck. (correct)
• It eliminates the need for secure key registration.

Which statement about public-key certificates is correct?

• Certificates do not require a time-stamp.
• Any user can create and update a certificate.
• Only the authority can create and update a certificate. (correct)
• The public key cannot be verified by any user.

What is one way a public-key certificate avoids the reuse of voided keys?

By implementing a time-stamp feature. (A)

What measures can enhance security related to keys in a public directory?

Enable participants to replace their keys as needed. (A)

What is a significant drawback of using public announcements for key distribution?

Anyone can forge a key announcement. (D)

Which statement best explains the moral reason for the slower performance of public key encryption compared to private key encryption?

Public keys must be shared without revealing the decryption key. (A)

What is a key agreement protocol?

A process by which two parties jointly establish a secret key. (D)

Which of the following is not considered a potential attack in network security?

Key announcement (D)

To prevent masquerading attacks, it is essential to ensure what during key distribution?

The identity of the message source is verified. (A)

Flashcards

Public Announcement

A method where a user sends out their public key through a general broadcast or to individual recipients.

Publicly Available Directory

A central location where users can retrieve public keys. It's like a directory listing, but for keys.

Public-key Authority

A trusted entity that verifies and issues digital certificates containing public keys. This authority ensures the authenticity of the key.

Public-key Certificate

A digital document that ties a public key to a specific identity. This certificate helps prove the authenticity of the key.

Forgery in Public Announcement

A situation where someone creates a fake key claiming to be someone else and then broadcasts it. This allows the attacker to intercept messages intended for the real user.

Public Directory

A trusted entity that securely stores and distributes public keys for users and allows them to register and replace keys.

Certificate Authority (CA)

A certificate issued by a trusted authority (CA) that binds a public key to a specific entity, allowing secure communication and verification of identities.

Public key Cryptography?

A public key is a cryptographic key that is used to encrypt data, authenticate a user, and verify digital signatures.

Study Notes

Key Management and Generation

• Public key systems are slower than private key systems because they must publish the encryption key without revealing the decryption key.
• Public key systems are often used for shorter data.
• Key distribution involves one party choosing the key and transmitting it to another user.

Key Exchange

• Public key systems are significantly slower than private key systems.
• The primary reason for this difference is that public key encryption needs to publish the encryption key without revealing the decryption key.
• Public key systems are often used for short data and signatures, and key distribution.

Public Key Management

• Simple methods of public key management involve publishing the public key, such as in newsgroups or yellow pages.
• These methods lack security, despite convenience.
• Anyone can forge announcements.
• For example, a user could falsely claim to be another user and publish a key, making messages intended for the original user accessible to the imposter.
• Trusted authorities are needed to manage keys to verify identities during registration.

Possible Attacks

• Passive attacks involve observing messages over a channel to obtain message contents or monitor traffic flows.
• Active attacks include saving messages for reuse later, to avoid replay attacks or masquerade as different users in the network.
• Security measures are needed to verify message sources.

Distribution of Public Keys

• Public keys can be distributed using:
  • Public announcement
  • Publicly available directories
  • Public key authorities
  • Public key certificates

1) Public Announcement

• Users broadcast their public keys to the community.
• Vulnerability: A major issue is key forgery, where anyone can create a key, falsely claiming to be someone else and broadcasting it to the network.
• This enables an attacker to impersonate another user and send/receive messages.
• This flaw persists until a forgery is detected.

2) Publicly Available Directory

• This approach improves security by registering keys in a directory.
• The directory needs to be trusted, and includes entries for participants and their public keys.
• Participants can update their keys in the directory periodically.
• The directory should be accessible electronically.
• Still vulnerable to forgery.

3) Public-Key Authority

• This method improves security by consolidating control over key distribution, ensuring public keys are from a trusted authority.
• A central authority maintains a dynamic directory of all participant's public keys.
• Users retrieve desired keys securely from the directory when needed.
• A limitation is requiring real-time access to the directory for key retrieval, making it a potential bottleneck.

4) Public-Key Certificates

• This is an alternative to using a public key authority.
• Certificates allow participants to exchange keys without contacting an authority.
• Anyone can read a certificate to find the owner's name and public key.
• Users can verify the certificate's authority, creation/update time of the certificate, and timestamp.
• The timestamp is crucial to prevent the reuse of voided keys.
• The certificate structure is: C = E<sub>KRauth</sub>[T, ID<sub>A</sub>, K<sub>UA</sub>]. This uses the private key of the Certificate Authority (CA) to encrypt the certificate.