key management and distribution
play

Key Management and Distribution Symmetric with Asymmetric Public - PowerPoint PPT Presentation

Oct 12, 2023 •974 likes •1.33k views

CSS322 Key Management Key Distribution Symmetric with Symmetric Key Management and Distribution Symmetric with Asymmetric Public Keys CSS322: Security and Cryptography X.509 Sirindhorn International Institute of Technology Thammasat

  1. CSS322 Key Management Key Distribution Symmetric with Symmetric Key Management and Distribution Symmetric with Asymmetric Public Keys CSS322: Security and Cryptography X.509 Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l10, Steve/Courses/2013/s2/css322/lectures/key.tex, r2965 1/33

  2. CSS322 Contents Key Management Key Distribution Key Distribution and Management Symmetric with Symmetric Symmetric with Asymmetric Symmetric Key Distribution using Symmetric Encryption Public Keys X.509 Symmetric Key Distribution using Asymmetric Encryption Distribution of Public Keys X.509 Certificates 2/33

  3. CSS322 Key Management Key Management Challenges Key Distribution Symmetric with ◮ How to share a secret key? Symmetric Symmetric with ◮ How to obtain someone else’s public key? Asymmetric ◮ When to change keys? Public Keys X.509 Assumptions and Principles ◮ Many users wish to communicate securely across network ◮ Attacker can intercept any location in network ◮ Manual interactions between users are undesirable (e.g. physical exchange of keys) ◮ More times a key is used, greater chance for attacker to discover the key 3/33

  4. CSS322 Where Should Encryption Be Performed? Key Management Key Distribution F A Symmetric with Symmetric SW1 SW5 R2 Symmetric with G B SW3 Asymmetric Public Keys R1 C R3 H X.509 SW4 D SW2 I R4 SW6 E J ◮ Number of keys to be exchanged depends on number of entities wishing to communicate ◮ Related issue: where to perform encryption ◮ Encrypt separately across each link ◮ Encrypt only at end-points 4/33

  5. CSS322 Link Encryption vs End-to-End Encryption Key Management Link Encryption Key Distribution Symmetric with ◮ Encrypt data over individual links in network Symmetric Symmetric with ◮ Each link end-point shares a secret key Asymmetric ◮ Decrypt/Encrypt at each device in path Public Keys X.509 ◮ Requires all links/devices to support encryption End-to-End Encryption ◮ Encrypt data at network end-points (e.g. hosts or applications) ◮ Each pair of hosts/applications share a secret key ◮ Does not rely on intermediate network devices 5/33

  6. CSS322 How Many Keys Need To Be Exchanged? Key Management Key Distribution F A Symmetric with Symmetric SW1 SW5 R2 Symmetric with G B SW3 Asymmetric Public Keys R1 C R3 H X.509 SW4 D SW2 I R4 SW6 E J ◮ Link-level encryption? ◮ End-to-end encryption between hosts? ◮ End-to-end encryption between applications? 6/33

  7. CSS322 Exchanging Secret Keys Key Management Option 1: Manual Exchange of All Keys Key Distribution Symmetric with ◮ All users exchange secret keys with all other users Symmetric manually (e.g. face-to-face) Symmetric with Asymmetric ◮ Inconvenient Public Keys X.509 Option 2: Manual Exchange of Master Keys ◮ All users exchange master key with trusted, central entity (e.g. Key Distribution Centre) ◮ Session keys automatically exchanged between users via KDC ◮ Security and performance bottleneck at KDC 7/33

  8. CSS322 Exchanging Secret Keys Key Management Option 3: Public Key Cryptography to Exchange Secrets Key Distribution Symmetric with ◮ Use public-key cryptography to securely and Symmetric automatically exchange secret keys Symmetric with Asymmetric ◮ Example 1: user A encrypts secret with user B’s public Public Keys key; sends to B X.509 ◮ Example 2: Diffie-Hellman secret key exchange ◮ Related issue: How to obtain someone else’s public key? 8/33

  9. CSS322 Contents Key Management Key Distribution Key Distribution and Management Symmetric with Symmetric Symmetric with Asymmetric Symmetric Key Distribution using Symmetric Encryption Public Keys X.509 Symmetric Key Distribution using Asymmetric Encryption Distribution of Public Keys X.509 Certificates 9/33

  10. CSS322 Symmetric Key Distribution using Symmetric Key Management Encryption Key Distribution ◮ Objective: two entities share same secret key Symmetric with Symmetric ◮ Principle: change keys frequently Symmetric with ◮ How to exchange a secret key? Asymmetric Public Keys 1. Decentralised Key Distribution: manual distribution of X.509 master keys between all entities, automatic distribution of session keys 2. Key Distribution Centre (KDC): manual distribution of master keys with KDC, automatic distribution of session keys 10/33

  11. CSS322 Key Hierarchy and Lifetimes Key Management ◮ Master keys used to securely exchange session keys Key Distribution ◮ Session keys used to securely exchange data Symmetric with Symmetric ◮ Change session keys automatically and regularly Symmetric with Asymmetric ◮ Change master keys manually and seldom Public Keys ◮ Session key lifetime: X.509 ◮ Shorter lifetime is more secure; but increases overhead of exchanges ◮ Connection-oriented protocols (e.g. TCP): new session key for each connection ◮ Connection-less protocols (e.g. UDP/IP): change after fixed period or certain number of packets sent 11/33

  12. CSS322 Notation Key Management ◮ End-systems: A and B , identified by ID A and ID B Key Distribution ◮ Master key (between A and B ): K m Symmetric with Symmetric ◮ Master keys specific to user: K a , K b Symmetric with Asymmetric ◮ Session key (between A and B ): K s Public Keys ◮ Nonce values: N 1 , N 2 X.509 ◮ Number used only once ◮ E.g. time-stamp, counter, random value, function f () ◮ Must be different for each request ◮ Must be difficult for attacker to guess 12/33

  13. CSS322 Decentralised Key Distribution Key Management ◮ Each end-system must manually exchange n − 1 master Key Distribution keys ( K m ) with others Symmetric with Symmetric ◮ Does not rely on trusted-third party Symmetric with Asymmetric Public Keys X.509 Credit: Figure 14.5 in Stallings, Cryptography and Network Security , 5th Ed., Pearson 2011 13/33

  14. CSS322 Using a Key Distribution Centre Key Management ◮ Key Distribution Centre (KDC) is trusted third party Key Distribution ◮ Users manually exchange master keys with KDC Symmetric with Symmetric ◮ Users automatically obtain session key (via KDC) to Symmetric with communicate with other users Asymmetric Public Keys X.509 14/33

  15. CSS322 Key Distribution with KDC Key Management Key Distribution Symmetric with Symmetric Symmetric with Asymmetric Public Keys X.509 Credit: Figure 14.3 in Stallings, Cryptography and Network Security , 5th Ed., Pearson 2011 15/33

  16. CSS322 Hierarchical Key Control Key Management ◮ Use multiple KDCs in a hierarchy Key Distribution ◮ E.g. KDC for each LAN (or building); central KDC to Symmetric with Symmetric exchange keys between hosts in different LANs Symmetric with ◮ Reduces effort in key distribution; limits damage if local Asymmetric Public Keys KDC is compromised X.509 16/33

  17. CSS322 Contents Key Management Key Distribution Key Distribution and Management Symmetric with Symmetric Symmetric with Asymmetric Symmetric Key Distribution using Symmetric Encryption Public Keys X.509 Symmetric Key Distribution using Asymmetric Encryption Distribution of Public Keys X.509 Certificates 17/33

  18. CSS322 Symmetric Key Distribution using Asymmetric Key Management Encryption Key Distribution ◮ Asymmetric encryption generally too slow for encrypting Symmetric with Symmetric large amount of data Symmetric with ◮ Common application of asymmetric encryption is Asymmetric Public Keys exchanging secret keys X.509 ◮ Three examples: 1. Simple Secret Key Distribution 2. Secret Key Distribution with Confidentiality and Authentication 3. Hybrid Scheme: Public-Key Distribution of KDC Master Keys 18/33

  19. CSS322 Simple Secret Key Distribution Key Management ◮ Simple: no keys prior to or after communication Key Distribution ◮ Provides confidentiality for session key Symmetric with Symmetric ◮ Subject to man-in-the-middle attack Symmetric with Asymmetric ◮ Only useful if attacker cannot modify/insert messages Public Keys X.509 Credit: Figure 14.7 in Stallings, Cryptography and Network Security , 5th Ed., Pearson 2011 19/33

  20. CSS322 Man-in-the-Middle Attack Key Management Key Distribution Symmetric with Symmetric Symmetric with Asymmetric Public Keys X.509 20/33

  21. CSS322 Secret Key Distribution with Confidentiality and Key Management Authentication Key Distribution ◮ Provides both confidentiality and authentication in Symmetric with Symmetric exchange of secret key Symmetric with Asymmetric Public Keys X.509 Credit: Figure 14.8 in Stallings, Cryptography and Network Security , 5th Ed., Pearson 2011 21/33

  22. CSS322 Hybrid Scheme: Public-Key Distribution of KDC Key Management Master Keys Key Distribution ◮ Use public-key distribution of secret keys when Symmetric with Symmetric exchanging master keys between end-systems and KDC Symmetric with ◮ Efficient method of delivering master keys (rather than Asymmetric Public Keys manual delivery) X.509 ◮ Useful for large networks, widely distributed set of users with single KDC 22/33

  23. CSS322 Contents Key Management Key Distribution Key Distribution and Management Symmetric with Symmetric Symmetric with Asymmetric Symmetric Key Distribution using Symmetric Encryption Public Keys X.509 Symmetric Key Distribution using Asymmetric Encryption Distribution of Public Keys X.509 Certificates 23/33

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Broking Broking Distribution Depository services Distribution Depository services Distribution

Broking Broking Distribution Depository services Distribution Depository services Distribution

Organisation Bonanza become Indias most valuable financial Asset management Depository services Asset management Asset management Asset management Distribution Broking Asset management Distribution Distribution Bonanza was established

981 views • 26 slides
Broking Broking Distribution Depository services Distribution Depository services Distribution

Broking Broking Distribution Depository services Distribution Depository services Distribution

Organisation Bonanza become Indias most valuable financial Asset management Depository services Asset management Asset management Asset management Distribution Broking Asset management Distribution Distribution Bonanza was established

304 views • 27 slides
Updating XML with XQuery Web Data Management and Distribution Serge Abiteboul Ioana Manolescu

Updating XML with XQuery Web Data Management and Distribution Serge Abiteboul Ioana Manolescu

Updating XML with XQuery Web Data Management and Distribution Serge Abiteboul Ioana Manolescu Philippe Rigaux Marie-Christine Rousset Pierre Senellart Web Data Management and Distribution http://webdam.inria.fr/textbook September 29, 2011

428 views • 21 slides
Subpart P--Gas Distribution Pipeline Integrity Management Pipeline Integrity Management (IM)

Subpart P--Gas Distribution Pipeline Integrity Management Pipeline Integrity Management (IM)

Subpart P--Gas Distribution Pipeline Integrity Management Pipeline Integrity Management (IM) Major DIMP Comments from NPRM 1. Documentation and Recordkeeping 2. Reporting Plastic Pipe Failures p g p 3. PTP Performance through People

823 views • 64 slides
1. Normal distribution 2. Geometric distribution 3. Binomial distribution 4.

1. Normal distribution 2. Geometric distribution 3. Binomial distribution 4.

Chapter 3. Distribution of Random Variables Jan 26, 2016 by Huamei Dong 1. Normal distribution 2. Geometric distribution 3. Binomial distribution 4. Negative binomial distribution 5. Poisson distribution 1.Normal distribution

520 views • 11 slides
Media Management and Distribution Workshop W ho are the key players, Operated by w here and how

Media Management and Distribution Workshop W ho are the key players, Operated by w here and how

Media Management and Distribution Workshop Zurich, Switzerland 29-30 January, 2009 Peter Szegedi Project Development Officer szegedi@terena.org www.terena.org Media Management and Distribution Workshop W ho are the key players, Operated by

478 views • 9 slides
Introduction Web Data Management and Distribution Serge Abiteboul Ioana Manolescu Philippe

Introduction Web Data Management and Distribution Serge Abiteboul Ioana Manolescu Philippe

Introduction Web Data Management and Distribution Serge Abiteboul Ioana Manolescu Philippe Rigaux Marie-Christine Rousset Pierre Senellart Web Data Management and Distribution http://webdam.inria.fr/textbook September 23, 2011 WebDam

961 views • 61 slides
ARTEMIS CAPITAL MANAGEMENT For Investment Professional Use. Not for Distribution Fall of the

ARTEMIS CAPITAL MANAGEMENT For Investment Professional Use. Not for Distribution Fall of the

ARTEMIS CAPITAL MANAGEMENT For Investment Professional Use. Not for Distribution Fall of the House of Money: Changes in Global Trade and Currency Exchange Council of Supply Chain Management Professionals November 3, 2011 Christopher Cole, CFA

573 views • 35 slides
Distribution The definition of distribution Distribution of the subject-term Distribution of the

Distribution The definition of distribution Distribution of the subject-term Distribution of the

Three Acts of the Mind Verbal Expression: Mental Act: Simple Apprehension Term Judgment Proposition Deductive Inference Syllogism Slide 8-1 Distribution The definition of distribution Distribution of the subject-term

390 views • 12 slides
Key Management and Distribution Symmetric with Asymmetric Public Keys CSS441: Security and

Key Management and Distribution Symmetric with Asymmetric Public Keys CSS441: Security and

CSS441 Key Management Key Distribution Symmetric with Symmetric Key Management and Distribution Symmetric with Asymmetric Public Keys CSS441: Security and Cryptography X.509 Sirindhorn International Institute of Technology Thammasat

545 views • 33 slides
Web search Web data management and distribution Serge Abiteboul Ioana Manolescu Philippe Rigaux

Web search Web data management and distribution Serge Abiteboul Ioana Manolescu Philippe Rigaux

Web search Web data management and distribution Serge Abiteboul Ioana Manolescu Philippe Rigaux Marie-Christine Rousset Pierre Senellart Web Data Management and Distribution http://webdam.inria.fr/textbook June 4, 2013 WebDam (INRIA) Web

874 views • 62 slides
XQuery Web Data Management and Distribution Serge Abiteboul Ioana Manolescu Philippe Rigaux

XQuery Web Data Management and Distribution Serge Abiteboul Ioana Manolescu Philippe Rigaux

XQuery Web Data Management and Distribution Serge Abiteboul Ioana Manolescu Philippe Rigaux Marie-Christine Rousset Pierre Senellart Web Data Management and Distribution http://webdam.inria.fr/textbook September 23, 2011 WebDam (INRIA)

1.24k views • 44 slides
DISTRIBUTION UNIT COST VEGETATION DISTRIBUTION UNIT COST VEGETATION MANAGEMENT BENCHMARK STUDY

DISTRIBUTION UNIT COST VEGETATION DISTRIBUTION UNIT COST VEGETATION MANAGEMENT BENCHMARK STUDY

Appendix 3. Presentation Slides DISTRIBUTION UNIT COST VEGETATION DISTRIBUTION UNIT COST VEGETATION MANAGEMENT BENCHMARK STUDY MANAGEMENT BENCHMARK STUDY INTRODUCTION AND FRAMEWORK INTRODUCTION AND FRAMEWORK 22 Oct 2015 William Porter

1.06k views • 68 slides
AubieSat-1 Distribution Statement: Approved for public release; distribution is unlimited.

AubieSat-1 Distribution Statement: Approved for public release; distribution is unlimited.

AubieSat-1 Distribution Statement: Approved for public release; distribution is unlimited. AubieSat-I Mission Workforce Development: Students develop leadership, technical, team working, and management skills First step in

587 views • 25 slides
Port Rail Truck Distribution Services Quality Management Engineering Our

Port Rail Truck Distribution Services Quality Management Engineering Our

Port Rail Truck Distribution Services Quality Management Engineering Our Services HISTORY Started 11/2011 Our Partners have 40+ years of combined experience in rail, truck, crane, rigging and distribution center

145 views • 11 slides
XPath Web Data Management and Distribution Serge Abiteboul Ioana Manolescu Philippe Rigaux

XPath Web Data Management and Distribution Serge Abiteboul Ioana Manolescu Philippe Rigaux

XPath Web Data Management and Distribution Serge Abiteboul Ioana Manolescu Philippe Rigaux Marie-Christine Rousset Pierre Senellart Web Data Management and Distribution http://webdam.inria.fr/textbook June 23, 2010 WebDam (INRIA) XPath

864 views • 50 slides
Geometric losses for distributional learning Arthur Mensch (1) , Mathieu Blondel (2) , Gabriel

Geometric losses for distributional learning Arthur Mensch (1) , Mathieu Blondel (2) , Gabriel

Geometric losses for distributional learning Arthur Mensch (1) , Mathieu Blondel (2) , Gabriel Peyr e (1) (1) Ecole Normale Sup erieure, DMA Centre National pour la Recherche Scientifique Paris, France (2) NTT Communication Science

927 views • 47 slides
Embe mbedding dding as a To Tool ol for Al Algorithm orithm De Design sign Le Song

Embe mbedding dding as a To Tool ol for Al Algorithm orithm De Design sign Le Song

Embe mbedding dding as a To Tool ol for Al Algorithm orithm De Design sign Le Song College of Computing Center for Machine Learning Georgia Institute of Technology What is machine learning (ML) Design algorithms and systems that can

467 views • 42 slides
BeyOND Unleashing BOND Thomas Bernecker, Franz Graf, Hans-Peter Kriegel, , , g , Christian

BeyOND Unleashing BOND Thomas Bernecker, Franz Graf, Hans-Peter Kriegel, , , g , Christian

DBRank 2011 LUDWIG- August 29, 2011 MAXIMILIANS- DEPARTMENT DATABASE UNIVERSITT INSTITUTE FOR SYSTEMS Seattle, WA Seattle WA MNCHEN MNCHEN INFORMATICS INFORMATICS GROUP GROUP BeyOND Unleashing BOND Thomas Bernecker, Franz

420 views • 23 slides
Definition of Stochastic Processes Definition of Stochastic Processes st Order Density

Definition of Stochastic Processes Definition of Stochastic Processes st Order Density

Definition of Stochastic Processes Definition of Stochastic Processes st Order Density and Distribution 1 1 st Order Density and Distribution nd Order Density and Distribution 2 2 nd Order Density and Distribution

568 views • 3 slides
The Climate-G testbed: issues, requirements and results S. Fiore, Ph.D. SPACI and University of

The Climate-G testbed: issues, requirements and results S. Fiore, Ph.D. SPACI and University of

The Climate-G testbed: issues, requirements and results S. Fiore, Ph.D. SPACI and University of Salento, Italy sandro.fiore@unisalento.it On behalf of Climate-G Team EGI Technical Forum - Sept 16, 2010 Outline Introduction Issues

565 views • 27 slides
GEO-Software R. Prez, G. Gonzlez, J. Becedas, F. Pedrera, M. J. Latorre Jonathan Becedas, PhD

GEO-Software R. Prez, G. Gonzlez, J. Becedas, F. Pedrera, M. J. Latorre Jonathan Becedas, PhD

Testing Cloud Computing for Massive Space Data Processing Storage and Distribution with Open Source GEO-Software R. Prez, G. Gonzlez, J. Becedas, F. Pedrera, M. J. Latorre Jonathan Becedas, PhD R&D Manager This project has received

589 views • 29 slides
IATA World Passenger Symposium in October 2015 in Hamburg By Paul Tilstone & Aurelie Krau

IATA World Passenger Symposium in October 2015 in Hamburg By Paul Tilstone & Aurelie Krau

A Presentation Made To Delegates at the IATA World Passenger Symposium in October 2015 in Hamburg By Paul Tilstone & Aurelie Krau www.festive-road.com If you talk to a man in a language he understands, that goes to his head. If you talk

505 views • 9 slides
SYNNEX Announces Spin-Off of Concentrix Creates Two Industry Leading Public Companies Investor

SYNNEX Announces Spin-Off of Concentrix Creates Two Industry Leading Public Companies Investor

SYNNEX Announces Spin-Off of Concentrix Creates Two Industry Leading Public Companies Investor Presentation January 9, 2020 Safe Harbor Statement Statements in this presentation regarding SYNNEX Corporation which are not historical facts may be

427 views • 28 slides

More recommend