Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
CS 285 Network Security Key Distribution and Management Yuan Xue Fall 2012 @Yuan Xue ([email protected]) Overview Secret Key Distribution Introduction Using key distribution center (KDC) Decentralized Using public-key Public Key Management Public-key Announcement Publicly Available Directory Public-key Certificate Web of Trust (GnuPG) @Yuan Xue ([email protected]) Secret Key Distribution Message Encryption Secret key encryption vs. public key encryption Both encryption algorithms can provide confidentiality Secret Key Encryption is more efficient and faster To use secret key encryption Communicating peers must share the same key The key must be protected from access by others Key Distribution @Yuan Xue ([email protected]) Key Hierarchy A secret key becomes insecure when used for a long time, since more ciphertext encrypted using this key is available to the attacker, making it easies to derive the key. Keys that are used to encrypt the data need to be renewed frequently Solution – Key Hierarchy Session key – encrypt data, renewed each session Master key – distribute session keys, renewed infrequently using noncryptographic approach @Yuan Xue ([email protected]) Secret Key Distribution Now the questions are What are master keys? secret key or public key? Who should share master keys? who needs to be trusted a priori? How to get session keys from master keys? key distribution protocol @Yuan Xue ([email protected]) Secret Key Distribution Approaches Three approaches Via key distribution center (KDC) KDC needs to share a secret key with each of the communication parties Decentralized The communication parties need to share a master key Via public key The communication parties need to have the public keys of each other Using public key encryption Using Diffie-Hellman key exchange @Yuan Xue ([email protected]) Key Distribution based on KDC Initially Goal A and B both trust KDC KUA -- shared secret key between A and KDC KUB -- shared secret key between B and KDC KDC A KUA @Yuan Xue ([email protected]) KDC KUA, KUB B KUB A and B trust each other A and B share a secret key KS A KS ,KUA KUA, KUB B KS ,KUB Overview Secret Key Distribution Introduction Using key distribution center (KDC) Decentralized Using public-key Public Key Management Public-key Announcement Publicly Available Directory Public-key Certificate Web of Trust (GnuPG) @Yuan Xue ([email protected]) KDC-based Key Distribution Protocol Nonce guarantee the reply (the secret key) from KDC is fresh Ticket to B Vulnerable to Replay attack Any math func, e.g., N+1 Match the KDC reply with the request, in case A issued multiple requests to KDC The Needham–Schroeder Symmetric Key Protocol @Yuan Xue ([email protected]) Decentralized Key Distribution Initially Goal A and B trust each other A and B share a master secret key Km A Km @Yuan Xue ([email protected]) B Km A A and B share a session secret key KS KS ,Km B KS ,Km Decentralized Key Distribution @Yuan Xue ([email protected]) Secret Key Distribution Approaches Three approaches Via key distribution center (KDC) KDC needs to share a secret key with each of the communication parties Decentralized The communication parties need to share a master key Via public key The communication parties need to have the public keys of each other Using public key encryption Using Diffie-Hellman key exchange @Yuan Xue ([email protected]) Secret Key Distribution Via Public Key Using public key encryption RSA Algorithm Using Diffie-Hellman key exchange @Yuan Xue ([email protected]) Simple Secret Key Distribution Problem: Man-in-the-middle-attack @Yuan Xue ([email protected]) Man-in-the-middle Attack KUA||IDA A KUD||IDA B D E[KUA, Ks] E[KUD, Ks] Key Issue: Binding between public key and the ID. Solution: public key management Provides authenticated association between the public key and the ID @Yuan Xue ([email protected]) Public Key Management Distribution of Public Key Public-key Announcement Publicly Available Directory Public-key Certificate (focus) Others Fingerprint (GnuPG) Web of Trust (covered in HW2 and the class on GnuPG) @Yuan Xue ([email protected]) Public Announcement No Authentication Key Issue: Binding ID <-> Public key @Yuan Xue ([email protected]) Publicly Available Directory Directory [ID, public key] A securely registers its public key In person Secure communication The entire directory is published periodically B can access the directory via secure authenticated communication @Yuan Xue ([email protected]) Public-Key Certificate Certificate CA = E[KRauth, T||IDA||KUA] @Yuan Xue ([email protected]) Put into practice Let’s take a look at a real certificate How to generate OpenSSL http://www.madboa.com/ge ek/openssl/ @Yuan Xue ([email protected]) Now – Use Public key to distribute secret key I want to talk to you Certificate E(KUbob,S) A B No assurance that the key is fresh @Yuan Xue ([email protected]) Solution from SSL Nonce Pre-master Secret Secret Key I want to talk to you, RAlice Certificate, RBob E(KUbob,S) K = Hash (S, RAlice, RBob) A B K = Hash (S, RAlice, RBob) Nonce @Yuan Xue ([email protected]) Diffie-Hellman Key Exchange a is a primitive root of prime number p then a mod p, a2 mod p, …, ap-1 mod p are distinct and consist of the integers from 1 through p-1 For any b and a primitive root a of p, unique exponent I can be found such that b = ai mod p (0<=i <= p-1) @Yuan Xue ([email protected]) More on D-H Key Exchange • Basic Version -- Anonymous Diffie-Hellman: no authentication, vulnerable to man-in-themiddle attacks • Fixed Diffie-Hellman: based on public parameter in server’s CA; fixed secret key • Ephemeral Diffie-Hellman: one time secret key; most secure D-H options @Yuan Xue ([email protected]) In A Nutshell Announcement Directory Certificate Public-key management Public Keys KDC-based Decentralized Public-key-based RSA, Diffie-Hellman Secret Key Distribution Session Keys Message Encryption @Yuan Xue ([email protected]) Message Authentication Decentralized (Web of Trust)