Cryptography and Network Key Management and Generation PDF

Cryptography and Network Key Management and generation Cryptography and Network Security 1 Key Exchange Public key systems are much slower than private key system The "moral" reason of public key encryption being slower than private key encryption is that it must be able to publish the encryption key without revealing the decryption key. Public key system is then often for short data Signature, key distribution Key distribution One party chooses the key and transmits it to other user Key agreement Protocol such two parties jointly establish secret key over public communication channel Key is the function of inputs of two users 2 Cryptography and Network Security Public Key Management Simple one: publish the public key Such as newsgroups, yellow-book, etc. But it is not secure, although it is convenient Anyone can forge such an announcement Ex: user B pretends to be A, and publish a key for A Then all messages sent to A, readable by B! Let trusted authority maintain the keys Need to verify the identity, when register keys Cryptography and Network Security 3 Possible Attacks Observe all messages over the channel (Passive Attacks) obtain message contents, or monitor traffic flows So assume that all plaintext messages are available to all Save messages for reuse later (Active Attacks) So have to avoid replay attack Masquerade various users in the network (Active Attacks) So have to be able to verify the source of the message Cryptography and Network Security 4 Distribution of Public Keys Can be considered as using one of: Public announcement Publicly available directory Public-key authority Public-key certificates Cryptography and Network Security 5 1) Public Announcement Users distribute public keys to recipients or broadcast to community at large Major weakness is forgery anyone can create a key claiming to be someone else and broadcast it That is, some user could pretend to be user A and send a public key to another participant or broadcast such a public key. until forgery is discovered can masquerade as claimed user Cryptography and Network Security 6 2) Publicly Available Directory Can obtain greater security by registering keys with a public directory Directory must be trusted with properties: contains {name, public-key} entries participants register securely with directory participants can replace key at any time directory is periodically published directory can be accessed electronically Still vulnerable to forgery Cryptography and Network Security 7 3) Public-Key Authority Improve security by tightening control over distribution of keys from directory It has properties of directory and requires users to know public key for the directory a central authority maintains a dynamic directory of public keys of all participants. then users interact with directory to obtain any desired public key securely does require real-time access to directory when keys are needed the authority is bottleneck https://www.brainkart.com/article/Distribution-of-Public-Keys_8469/ Cryptography and Network Security 8 Public-Key Authority Cryptography and Network Security 9 4) Public-Key Certificates An alternative approach is to use certificates that can be used by participants to exchange keys without contacting a public-key authority Any user can read certificate, determine name and public key of the certificate’s owner Any user can verify the authority of certificate Only the authority can create and update certificate Any user can verify the time-stamp of certificate Time-stamp is to avoid reuse of voided key The certificate is CA=EKR [T,IDA, KUA], where the EKR auth auth is the private key used by the authority. Cryptography and Network Security 10 Public-Key Certificates Cryptography and Network Security 11

Cryptography and Network Key Management and Generation PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue