Scribd
Upload
11 views

Unit 3 Last Part

Uploaded by

Vemula Muni Karthik
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
11 views

Unit 3 Last Part

Uploaded by

Vemula Muni Karthik
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 17

Cryptography and

Network Security
Chapter 14
Fifth Edition
by William Stallings

Lecture slides by Lawrie Brown


Chapter 14 – Key Management
and Distribution
No Singhalese, whether man or woman,
would venture out of the house without a
bunch of keys in his hand, for without such
a talisman he would fear that some devil
might take advantage of his weak state to
slip into his body.
—The Golden Bough, Sir James George
Frazer
Key Management and
Distribution
 topics of cryptographic key management /
key distribution are complex
cryptographic, protocol, & management issues
 symmetric schemes require both parties to
share a common secret key
 public key schemes require parties to
acquire valid public keys
 have concerns with doing both
Road Map

symmetric key distribution using symmetric


encryption
symmetric key distribution using public-key
encryption
distribution of public keys
• announcement, directory, authrority, CA
X.509 authentication and certificates
public key infrastructure (PKIX)
Key Distribution
 symmetric schemes require both parties to
share a common secret key
 issue is how to securely distribute this key
 whilst protecting it from others
 frequent key changes can be desirable
 often secure system failure due to a break
in the key distribution scheme
Key Distribution
 given parties A and B have various key
distribution alternatives:
1. A can select key and physically deliver to B
2. third party can select & deliver key to A & B
3. if A & B have communicated previously can
use previous key to encrypt a new key
4. if A & B have secure communications with a
third party C, C can relay key between A & B
Key Distribution Task
Key Hierarchy
 typically have a hierarchy of keys
 session key
temporary key
used for encryption of data between users
for one logical session then discarded
 master key
used to encrypt session keys
shared by user & key distribution center
Key Hierarchy
Key Distribution Scenario
Key Distribution Issues
 hierarchies of KDC’s required for large
networks, but must trust each other
 session key lifetimes should be limited for
greater security
 use of automatic key distribution on behalf
of users, but must trust system
 use of decentralized key distribution
 controlling key usage
Road Map

symmetric key distribution using symmetric


encryption
symmetric key distribution using public-key
encryption
distribution of public keys
• announcement, directory, authrority, CA
X.509 authentication and certificates
public key infrastructure (PKIX)
Symmetric Key Distribution
Using Public Keys
 public key cryptosystems are inefficient
so almost never use for direct data encryption
rather use to encrypt secret keys for
distribution
Simple Secret Key Distribution
 Merkle proposed this very simple scheme
allows secure communications
no keys before/after exist
Man-in-the-Middle Attack
 this very simple scheme is vulnerable to
an active man-in-the-middle attack
Secret Key Distribution with Confidentiality and Authentication
Hybrid Key Distribution
 retain use of private-key KDC
 shares secret master key with each user
 distributes session key using master key
 public-key used to distribute master keys
especially useful with widely distributed users
 rationale
performance
backward compatibility

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy