1 Key management ECE 646 - Lecture 4 Pretty Good Privacy Using the same key for multiple messages M1 M2 M3 M4 M5 C1 C2 C3 C4 C5 EK time time Using Session Keys & Key Encryption Keys M1 M2 M3 M4 M5 C1 C2 C3 C4 C5 EK1 EK2 EK3 time time K1 K2 time K3 time EKEK EKEK(K1) EKEK(K2) EKEK(K3)2 Key Distribution Center (KDC) KA-KDC KB-KDC KC-KDC KD-KDC ……… A B C D E KDC KA-KDC KB-KDC KC-KDC KD-KDC KE-KDC Simple key establishment protocol based on KDC KDC KA-KDC KB-KDC KC-KDC KD-KDC ……... A B Alice Bob (1) let me talk with Bob (2a) KA-KDC(“Bob”, KAB) (2b) KB-KDC(“Alice”, KAB) KA-KDC KB-KDC Key establishment protocol based on KDC KDC KA-KDC KB-KDC KC-KDC KD-KDC ……... A B Alice Bob (1) let me talk with Bob (2) KA-KDC(“Bob”, KAB, ticketBob) KA-KDC KB-KDC (3) ticketBob = KB-KDC(“Alice”, KAB)3 Key agreement Alice Bob A’s private key A’s public key B’s private key B’s public key Secret derivation Secret derivation Key derivation Key derivation Key of A and B Key of A and B Diffie-Hellman key agreement scheme Alice Bob xA yA = α mod q Key derivation Key derivation Key KAB Key KAB xA α, q - global public elements xB yB = α mod q xB SAB= yB mod q SAB= yA mod q xA xB Man-in-the-middle attack Alice Bob A’s private key A’s public key B’s private key B’s public key Secret derivation Key derivation Key derivation Key of A and C Key of B and C C’s public key Secret derivation C’s public key Charlie4 Does public key cryptography have an Achilles’ heel? Alice Bob Bob, send me your public key, Alice Bob’s public key, Bob message encrypted using Bob’s public key Charlie Does public key cryptography have an Achilles’ heel? Alice Bob Bob, send me your public key, Alice Bob’s public key, Bob message encrypted using Bob’s public key Charlie Charlie’s public key Charlie’s public key Does public key cryptography have an Achilles’ heel? Alice Bob Bob, send me your public key, Alice Bob’s public key, Bob message encrypted using Charlies’s public key Charlie Charlie’s public key message reencrypted using Bob’s public key5 Directory of public keys (1) Alice Bob Bob, Bob’s public key message encrypted using Bob’s public key Charlie Alice, Alice’s public key Bob, Bob’s public key Charlie, Charlie’s public key Dave, Dave’s public key Eve, Eve’s public key ……………………………. On-line database Directory of public keys (2) Alice Bob Bob, Bob’s public key message encrypted using Bob’s public key Charlie Alice, Alice’s public key Bob, Bob’s public key Charlie, Charlie’s public key Dave, Dave’s public key Eve, Eve’s public key ……………………………. On-line database Charlie’s public key Charlie’s public key Directory of public keys (3) Alice Bob Bob, Bob’s public key message encrypted using Charlie’s public key Charlie Alice, Alice’s public key Bob, Bob’s public key Charlie, Charlie’s public key Dave, Dave’s public key Eve, Eve’s public key ……………………………. On-line database Charlie’s public key message reencrypted using Bob’s public key6 PGP: Flow of trust Bob (Washington) David (New York) Betty (London) Manual exchange of public keys: Las Vegas Bob ⇔ David Edinburgh David ⇔ Betty David, send me Betty’s public key Betty’s public key signed by David message encrypted using Betty’s public key Certification Authority Certification Authority Proof of identity Public key of Bob Certificate Public key of Certification Authority Loren Kohnfelder, Towards a Practical Public-Key Cryptosystem, Bachelor’s Thesis, MIT, May 1978 http://groups.csail.mit.edu/cis/theses/kohnfelder-bs.pdf Certificate Subject’s distinguished name Subject’s public key Subject’s Credentials Serial number Issuer (CA) name Period of validity Signature algorithm identifier CA’s signature7 Distinguished Name (DN) according to X.500 Example: Common name (CN) = Kris Gaj Country name (C) = US State or province name (ST) = VA Locality name (L) = Fairfax Organization name (O) = George Mason University Organizational unit name (OU) = ECE Other fields permitted: Street address (SA) Post office box (PO Box) Postal code (PC) Title (T) Description (D) Telephone number (TN) Serial number (SN) The exact X.509 Certificate Format [Stallings, 2006] Non-repudiation only Alice Bob M, SGNA(M), CertCA(A, KUA) Alice’s private key - KRA CA’s public key - KUCA Notation: KUX - public key of X KRX - private key of X SGNX(M) - signature of X for the message M CertY(X, KUX) - certificate issued by Y for the user X8 Alice Bob CertCA(A, KUA) CertCA(B, KUB) CertCA(C, KUC) CertCA(D, KUD) ……………………………. On-line database Confidentiality only CertCA(B, KUB) CA’s public key - KUCA KAB(M), KUB(KAB) Bob’s private key - KRB Alice Bob CertCA(A, KUA) CertCA(B, KUB) CertCA(C, KUC) CertCA(D, KUD) ……………………………. On-line database Confidentiality and Non-repudiation CertCA(B, KUB) Alice’s private key - KRA CA’s public key - KUCA SGNA(M), CertCA(A, KUA), KAB(M), KUB(KAB) Bob’s private key - KRB CA’s public key - KUCA Public Key Infrastructure with Strict Hierarchy US VA MA CA Fairfax Herndon Santa Clara Boston MIT GMU San Jose Worcester A B CertGMU(A, KUA), CertFairfax(GMU, KUGMU), CertVA(Fairfax, KUFairfax), CertUS(VA, KUVA), M, SGNA(M), All users know KUUS9 Public Key Infrastructure with Reverse Certificates US VA MA CA Fairfax Herndon Santa Clara Boston MIT GMU San Jose Worcester A B M, SGNA(M), CertGMU(A, KUA), CertFairfax(GMU, KUGMU), CertVA(Fairfax, KUFairfax), CertUS(VA, KUVA), CertMA(US, KUUS), CertBoston(MA, KUMA), CertMIT(Boston, KUBoston) A knows KUGMU B knows KUMIT Public Key Infrastructure with Cross-Certificates MIT GMU A B M, SGNA(M), CertGMU(A, KUA), CertMIT(GMU, KUGMU) A knows KUGMU B knows KUMIT CertGMU(MIT, KUMIT) CertMIT(GMU, KUGMU) VeriSign Public-Key Certificate Classes [Stallings, 2006]10 Certificate Revocation Lists (CRLs) This update date Next update date Issuer (CA) name List of revoked certificates (serial number + revocation date) Signature algorithm CA’s signature Certificate is valid if • it has a valid signature of CA • did not expire • is not listed in the CA’s most recent CRL The exact X.509 CRL Format [Stallings, 2006] Advantages of
View Full Document
Unlocking...