Network Security: Key Management PDF

Network Security V. Key Management Prof. Dr. Torsten Braun, Institut für Informatik Bern, 14.10.2024 – 21.10.2024 Network Security: Key Management Key Management Table of Contents 1. Introduction 2. Symmetric Key Distribution with Symmetric Encryption 3. Symmetric Key Distribution with Asymmetric Encryption 4. Distribution of Public Keys 5. X.509 Certificates and Public Key Infrastructure 3 Network Security: Key Management 1. Introduction 1. Cryptographic Key Management − Secure use of cryptographic key − Key management also involves algorithms depends on protection monitoring and recording of each of cryptographic keys key’s access, use, and context. − Cryptographic key management: key − Key management system includes − generation − key servers − creation − user procedures − protection − protocols − storage − exchange − replacement − use 4 Network Security: Key Management 1. Introduction 2. Symmetric Key Distribution − Key distribution: − For symmetric encryption to work, means of delivering a key to the two parties to an exchange two parties, who wish to must share the same key, exchange data without and that key must be protected allowing others to see the key from access by others. − Frequent key changes are desirable to limit the amount of data compromised, if an attacker learns the key. 5 Network Security: Key Management 1. Introduction 3. Symmetric Key Distribution Alternatives − A can select a key and − If A and B have previously and physically deliver it to B. recently used a key, one party can transmit the new key to the other, encrypted using the old key. − A third-party C can select the − If both A and B have an encrypted key and physically deliver it to both A and B. connection to a third-party C (key distribution center), C can deliver a key on the encrypted links to A and B. 6 Network Security: Key Management 2. Symmetric Key Distribution with Symmetric Encryption 1. Third Party Key Distribution Options Key Translation Center 1. Key Translation − transfers keys between 2 entities. 2. Key Translation with − Decryption and encryption of keys Key Forwarding Key Distribution Center 3. Key Distribution − generation and distribution 4. Key Distribution with of session keys. Key Forwarding 7 Network Security: Key Management 2. Symmetric Key Distribution with Symmetric Encryption 1.1 Key Translation 8 Network Security: Key Management 2. Symmetric Key Distribution with Symmetric Encryption 1.2 Key Translation with Key Forwarding 9 Network Security: Key Management 2. Symmetric Key Distribution with Symmetric Encryption 1.3 Key Distribution 10 Network Security: Key Management 2. Symmetric Key Distribution with Symmetric Encryption 1.4 Key Distribution with Key Forwarding 11 Network Security: Key Management 2. Symmetric Key Distribution with Symmetric Encryption 2. Key Hierarchy − Higher level protocols and keys are used to encrypt and exchange lower-level keys. − Infrequently used higher level keys are more resistant to cryptanalysis. 12 Network Security: Key Management 2. Symmetric Key Distribution with Symmetric Encryption 2.1 Master and Session Keys − KDC is based on a hierarchy of keys. − Session keys − for the duration of a logical session, or for a certain time interval / number of messages − Master key − is used to encrypt session key transfer. − is shared between KDC and user / end system. 13 Network Security: Key Management 2. Symmetric Key Distribution with Symmetric Encryption 2.2 Hierarchical Key Control − Local KDCs for small domain, − Scheme can be extended to three e.g., local area network, or more layers. responsible for key exchange − Advantages between users of this small domain. − Scalability − Limited damage in case of breaches − If entities in two different domains need a key, the two local KDCs can communicate over a 14 global KDC. Network Security: Key Management 2. Symmetric Key Distribution with Symmetric Encryption 3. Decentralized Key Control Session key establishment 1. A issues request for session key. (1) IDA || N1 2. B responds with encrypted Initiator Responder A B message including session (2) E(Km, [Ks || IDA || IDB || f(N1) || N2 ]) key using shared master key. (3) E(Ks, f(N2)) 3. A returns f(N2) using new session key. N (N-1)/2 master keys required Figure 14.5 Decentralized Key Distribution 15 Network Security: Key Management 2. Symmetric Key Distribution with Symmetric Encryption 4. Controlling Key Usage Control Master Session Control Master Encrypted Vector Key Key Vector Key Session Key − Different types of keys for different applications, e.g. Hashing Hashing − Data communication encryption Function Function − PIN encryption − File encryption Key Plaintext Key Ciphertext − Tags with each key can input Encryption input input Decryption input indicate usage type. Function Function − Control vectors can be Encrypted Session Key used to specify uses and Session Key restrictions for session key. Control Vector Encryption / Decryption 16 (a) Control Vector Encryption (b) Control Vector Decryption Network Security: Key Management 3. Symmetric Key Distribution with Asymmetric Encryption 1. Simple Secret Key Distribution 1. A generates public / private key pair (PUa, PRa) and transmits message with public key PUa to B. (1) PUa || IDA 2. B generates secret key Ks and transmits encrypted A B message to A using A’s (2) E(PUa, Ks) public key PUa 3. A computes D(PRa, E(PUa, Ks)) to recover secret key. Figure 14.7 Simple Use of Public-Key Encryption to Establish a Session Key 4. A and B discard PUa and PRa. 17 Network Security: Key Management 3. Symmetric Key Distribution with Asymmetric Encryption 2. Another Man-in-the-Middle Attack Alice Darth Bob 1. A generates public/private pair key and transmits message to B. Private key PRA public key PUA 2. D intercepts message, PUA, IDA creates own new public/private key pair, Private key PRD public key PUD and submits PUd, IDA to B. PUD, IDA 3. B generates secret key and Private key PRB transmits E(PUd, Ks) to A. public key PUB secret key Ks 4. D intercepts message and E(PUD, Ks) learns secret key. Ks = D(PRD, E(PUD, Ks)) 5. D transmits E(PUa, Ks) to A E(PUA, Ks) 18 Network Security: Key Management 3. Symmetric Key Distribution with Asymmetric Encryption 3. Secret Key Distribution with Confidentiality and (1) E(PUb, [N1 || IDA]) Authentication (2) E(PUa, [N1 || N2]) 1. A uses B’s public key PUb to Initiator Responder encrypt message with N1 to B. A B (3) E(PUb, N2) 2. B sends message with nonces N1 and N2 to A encrypted with PUa. (4) E(PUb, E(PRa, Ks)) 3. A returns nonce N2 encrypted using B’s public key PUb. Figure 15.5 Public-Key Distribution of Secret Keys 4. A selects secret key Ks and sends message to B. 5. B computes (D(PUa, D(PRb, M)) to recover key 19 Network Security: Key Management 4. Distribution of Public Keys 1. Public Announcement of Keys Convenient, but anyone can forge public announcements, PUa PUb i.e., can users can pretend PUa PUb to be other users. A B PUa PUb PUa PUb Figure 15.6 Uncontrolled Public Key Distribution 20 Network Security: Key Management 4. Distribution of Public Keys 2. Publicly Available Directory − Public-Key Directory with entries Public-Key Directory [name, public key] − Participants register at directory. − Participants can replace entries. PUa PUb A B Figure 15.7 Public Key Publication 21 Network Security: Key Management 4. Distribution of Public Keys 3. Public-Key Authority Initiator A Public-key Authority Responder B − Again: directory with public keys of all participants (1) Request || T1 − In addition: participants know (2) E(PRauth, [PUb || Request || T1]) public key of PKA − Disadvantage: PKA as bottleneck (3) E(PUb, [ IDA || N1]) (4) Request || T2 − Alternative approach: (5) E(PRauth, [PUa || Request || T2]) direct key exchange but keys are signed by PKA (6) E(PUa, [ N1 || N2]) (7) E(PUb, N2) 22 Network Security: Key Management 4. Distribution of Public Keys 4. Public-Key Certificates Certificate Authority PUa PUb CA = E(PRauth, [T1 || IDA || PUa]) Requirements CB = E(PRauth, [T2 || IDB || PUb]) − Any participant can read certificates issued by Certificate Authority. − Any participant can verify that A B certificates originated from CA. − Only CA can create and update certificates. (a) Obtaining certificates from CA − Any participant can verify (1) CA time validity of certificates. A B Certificate verification − D(PUauth, CA) = D(PUauth, (2) CB E(PRauth, [T || IDA || PUa])) (b) Exchanging certificates 23 = (T || ID || PU ) Network Security: Key Management 5. X.509 Certificates and Public Key Infrastructure 1. ITU Recommendation X.509 − Part of the X.500 series of recommen- − Each certificate contains the public dations that define a directory service key of a user and is signed with the − The directory is a server or distributed set of servers maintaining a database private key of a trusted certification of information about users authority. − X.509 defines a framework for the − X.509 defines alternative provision of authentication services by the X.500 directory to its users authentication protocols based on − is based on the use of public-key the use of public-key certificates. cryptography and digital signatures − does not dictate the use of a specific algorithm but recommends RSA − does not dictate a specific hash algorithm 24 Network Security: Key Management 5. X.509 Certiticates and PKI 2. X.509 Public-Key Certificate Use Bob's ID Unsigned certificate: information contains user ID, user's public key Bob's public key H H CA information Certificate information Verify algorithm S V indicates whether the signature is Generate hash Signed certificate valid code of unsigned certificate Use hash code of Supply CA's public key unsigned certificate to the verify algorithm with CA's private key to form signature Create signed Use verified certificate to 25 digital certificate obtain Bob's public key Network Security: Key Management 5. X.509 Certificates and PKI Signature algorithm Version algorithm 3.1 X.509 Formats Certificate identifier parameters Issuer Name Serial Number Signature algorithm algorithm This Update Date identifier parameters Version 1 Issuer Name Next Update Date Version 2 Period of not before Revoked user certificate serial # validity not after certificate revocation date Version 3 Subject Name Subject's algorithms public key parameters info key Issuer Unique Revoked user certificate serial # Identifier certificate revocation date Subject Unique algorithms Signature parameters Identifier encrypted Extensions (b) Certificate Revocation List versions algorithms Signature parameters all encrypted hash 26 (a) X.509 Certificate Network Security: Key Management 5. X.509 Certificates and PKI 3.2 X.509 Formats − Version: Differentiates among successive − Subject name: versions of the certificate format The name of the user to whom this certificate refers. − Serial number: An integer value unique within − Subject’s public-key information: The public key of the issuing CA that is unambiguously the subject, plus an identifier of the algorithm for which associated with this certificate. this key is to be used, together with any associated parameters. − Signature algorithm identifier: The algorithm used to sign the certificate − Issuer unique identifier: An optional-bit string field together with any associated parameters. used to identify uniquely the issuing CA in the event Because this information is repeated in the the X.500 name has been reused for different entities. signature field at the end of the certificate, this field has little, if any, utility. − Subject unique identifier: An optional-bit string field used to identify uniquely the subject in the event the − Issuer name: X.500 name of the CA that X.500 name has been reused for different entities. created and signed this certificate. − Extensions: A set of one or more extension fields − Period of validity: Consists of the first and last date on which the certificate is valid. − Signature: Covers all the other fields of the certificate. 27 Network Security: Key Management 5. X.509 Certificates and PKI 4. Obtaining a User’s Certificate Characteristics of a user certificate − If all users subscribe to one CA, generated by CA there is a common trust. − In case of large communities, − Any user with access to CA’s public users might not subscribe to the same CA. key can verify a user’s public key. − Chains of certificates can be used to obtain − No party other than CA can modify other users’ keys. a certificate without this being − Example detected. − A has certificate from X1, B from X2. − Assumption: X1 and X2 exchanged certificates. − A can obtain X2’s certificate signed by X1. − A has then a trusted copy of X 2’s certificate, A can verify B’s certificate. − Certificate chain: X1 X2 28 Network Security: Key Management 5. X.509 Certificates and PKI 5. X.509 Hierarchy − Connected circles indicate hierarchical relationship among CAs. − Associated boxes indicate certificates maintained in the directory for each CA entry. − Directory entry for each CA includes 2 types of certificates − Forward certificates: Certificates of X generated by other CAs − Reverse certificates: Certificates generated by X that are certificates of other CAs − Example: A can establish certification path to B − X W V Y Z 29 Network Security: Key Management 5. X.509 Certificates and PKI 6. Certificate Revocation − Each certificate includes a period of validity and typically a new certificate is issued just before the expiration of the old one. − It may be desirable on occasion to revoke a certificate before it expires, for one of the following reasons: − The user’s private key is assumed to be compromised. − The user is no longer certified by this CA. − The CA’s certificate is assumed to be compromised. − Each CA must maintain a Certificate Revocation List consisting of all revoked but not expired certificates issued by that CA − These lists should be posted on the directory. 30 Network Security: Key Management 5. X.509 Certificates and PKI 7. Public Key Infrastructure Components − End entity: users, devices − Certification Authority: creation and signing public keys − Registration authority: optional component to offload CA functions − Repository: methods to store and retrieve PKI-related information − Relying party: user or agent relying on certificate data in making decisions. 31 Thanks for Your Attention Prof. Dr. Torsten Braun, Institut für Informatik Bern, 14.10.2024 – 21.10.2024 32

Network Security: Key Management PDF

Document Details

Tags

Related

Summary

Full Transcript