CS 291 Special Topics on Network Security
Download
Report
Transcript CS 291 Special Topics on Network Security
CS 285 Network Security
Key Distribution and Management
Yuan Xue
Fall 2012
@Yuan Xue ([email protected])
Overview
Secret Key Distribution
Introduction
Using key distribution center (KDC)
Decentralized
Using public-key
Public Key Management
Public-key Announcement
Publicly Available Directory
Public-key Certificate
Web of Trust (GnuPG)
@Yuan Xue ([email protected])
Secret Key Distribution
Message Encryption
Secret key encryption vs. public key encryption
Both encryption algorithms can provide confidentiality
Secret Key Encryption is more efficient and faster
To use secret key encryption
Communicating peers must share the same key
The key must be protected from access by others
Key Distribution
@Yuan Xue ([email protected])
Key Hierarchy
A secret key becomes insecure when
used for a long time, since more
ciphertext encrypted using this key
is available to the attacker, making it
easies to derive the key.
Keys that are used to encrypt the
data need to be renewed frequently
Solution – Key Hierarchy
Session key – encrypt data, renewed
each session
Master key – distribute session keys,
renewed infrequently using noncryptographic approach
@Yuan Xue ([email protected])
Secret Key Distribution
Now the questions are
What are master keys?
secret key or public key?
Who should share master keys?
who needs to be trusted a priori?
How to get session keys from master keys?
key distribution protocol
@Yuan Xue ([email protected])
Secret Key Distribution Approaches
Three approaches
Via key distribution center (KDC)
KDC needs to share a secret key with each of the
communication parties
Decentralized
The communication parties need to share a master key
Via public key
The communication parties need to have the public keys of
each other
Using public key encryption
Using Diffie-Hellman key exchange
@Yuan Xue ([email protected])
Key Distribution based on KDC
Initially
Goal
A and B both trust KDC
KUA -- shared secret
key between A and KDC
KUB -- shared secret
key between B and KDC
KDC
A
KUA
@Yuan Xue ([email protected])
KDC
KUA, KUB
B
KUB
A and B trust each
other
A and B share a secret
key KS
A
KS ,KUA
KUA, KUB
B
KS ,KUB
Overview
Secret Key Distribution
Introduction
Using key distribution center (KDC)
Decentralized
Using public-key
Public Key Management
Public-key Announcement
Publicly Available Directory
Public-key Certificate
Web of Trust (GnuPG)
@Yuan Xue ([email protected])
KDC-based Key Distribution Protocol
Nonce guarantee the reply (the secret key)
from KDC is fresh
Ticket to B
Vulnerable to
Replay attack
Any math func, e.g., N+1
Match the KDC reply with the request, in
case A issued multiple requests to KDC
The Needham–Schroeder Symmetric Key Protocol
@Yuan Xue ([email protected])
Decentralized Key Distribution
Initially
Goal
A and B trust each
other
A and B share a master
secret key Km
A
Km
@Yuan Xue ([email protected])
B
Km
A
A and B share a session
secret key KS
KS ,Km
B
KS ,Km
Decentralized Key Distribution
@Yuan Xue ([email protected])
Secret Key Distribution Approaches
Three approaches
Via key distribution center (KDC)
KDC needs to share a secret key with each of the
communication parties
Decentralized
The communication parties need to share a master key
Via public key
The communication parties need to have the public keys of
each other
Using public key encryption
Using Diffie-Hellman key exchange
@Yuan Xue ([email protected])
Secret Key Distribution Via Public Key
Using public key encryption
RSA Algorithm
Using Diffie-Hellman key exchange
@Yuan Xue ([email protected])
Simple Secret Key Distribution
Problem: Man-in-the-middle-attack
@Yuan Xue ([email protected])
Man-in-the-middle Attack
KUA||IDA
A
KUD||IDA
B
D
E[KUA, Ks]
E[KUD, Ks]
Key Issue: Binding between public key and the ID.
Solution: public key management
Provides authenticated association between the public
key and the ID
@Yuan Xue ([email protected])
Public Key Management
Distribution of Public Key
Public-key Announcement
Publicly Available Directory
Public-key Certificate (focus)
Others
Fingerprint (GnuPG)
Web of Trust (covered in HW2 and the class on GnuPG)
@Yuan Xue ([email protected])
Public Announcement
No Authentication
Key Issue: Binding ID <-> Public key
@Yuan Xue ([email protected])
Publicly Available Directory
Directory [ID, public key]
A securely registers its
public key
In person
Secure communication
The entire directory is
published periodically
B can access the directory
via secure authenticated
communication
@Yuan Xue ([email protected])
Public-Key Certificate
Certificate CA = E[KRauth, T||IDA||KUA]
@Yuan Xue ([email protected])
Put into practice
Let’s take a look at a real
certificate
How to generate
OpenSSL
http://www.madboa.com/ge
ek/openssl/
@Yuan Xue ([email protected])
Now – Use Public key to distribute secret key
I want to talk to you
Certificate
E(KUbob,S)
A
B
No assurance that the key is fresh
@Yuan Xue ([email protected])
Solution from SSL
Nonce
Pre-master Secret
Secret Key
I want to talk to you, RAlice
Certificate, RBob
E(KUbob,S)
K = Hash (S, RAlice, RBob)
A
B
K = Hash (S, RAlice, RBob)
Nonce
@Yuan Xue ([email protected])
Diffie-Hellman Key Exchange
a is a primitive root of prime number p then
a mod p, a2 mod p, …, ap-1 mod p
are distinct and consist of the integers from 1
through p-1
For any b and a primitive root a of p,
unique exponent I can be found such that
b = ai mod p (0<=i <= p-1)
@Yuan Xue ([email protected])
More on D-H Key Exchange
• Basic Version -- Anonymous Diffie-Hellman:
no authentication, vulnerable to man-in-themiddle attacks
• Fixed Diffie-Hellman: based on public
parameter in server’s CA; fixed secret key
• Ephemeral Diffie-Hellman: one time secret
key; most secure D-H options
@Yuan Xue ([email protected])
In A Nutshell
Announcement
Directory
Certificate
Public-key
management
Public Keys
KDC-based
Decentralized
Public-key-based
RSA, Diffie-Hellman
Secret Key
Distribution
Session Keys
Message
Encryption
@Yuan Xue ([email protected])
Message
Authentication
Decentralized
(Web of Trust)