Beruflich Dokumente
Kultur Dokumente
(Key Management)
Key Management
One of the major roles of public-key
encryption has been to address the
problems of key distribution.
Two distinct aspects of public key
cryptography:
The distribution of public keys
The use of public key encryption to
distribute secret keys
Public Announcements
Any participant can send his public key
to any other participant or broadcast the
key to the community at large.
Example : PGP that uses RSA has adopted
the practice of appending their public key to
messages that they send to public forums
such as newsgroups and internet mailing lists.
Public Announcements
Publicly Available
Directory
Some sort of security can be achieved
by maintaining a publicly available
dynamic directory of public keys.
Maintenance and distribution will be
the responsibility of some trusted entity
or organization.
Publicly Available
Directory
The authority maintains a directory
with a {name, public key} entry for
each participant.
Each participant register a public key
with the directory authority. Registration
would have to be in person or by some
form of secure authenticated
communication.
Participant may replace the existing
key.
Participants could also access the
Publicly Available
Directory
Still its vulnerable , if an adversary
Steps involved
A sends a time stamped message to the public
key authority containing a request for the current
public key of B.
The authority responds with the message that is
encrypted using the authoritys private key , PR auth.
Thus A is able to decrypt the message using the
authoritys public key. Therefore A is assured that
the message originated with the authority.
The message includes:
B public key, PUb , which A can use to encrypt
messages destined for B.
The original request , to enable A to match this
response with the corresponding earlier request and
verify that original request was not altered before
reception by the authority.
The original timestamp, so A can determine that this is
not an old message from the authority containing a key
Continued
A Stores Bs public key and also uses
it to encrypt a message to B containing
an identifier of A (IDA) and a nonce (N1) ,
which is used to identify this transaction
uniquely.
B retrieves As public key from the
authority in the same manner as A
retrieves Bs public key.
At this point , public key has been
securely delivered to A and B. and they
may begin there protected exchange.
Continued..
Requirements
Any participant can read a certificate
to determine the name and public key
of the certificate owner.
Any participant can verify that the
certificate originated from the
certificate authority and is not
counterfeit.
Only the certificate authority can
create and update certificate.
Any participant can verify the
currency of the certificate.
Continued
A may then pass this certificate on to any
other participant , who reads and verifies the
certificate
as follows:
Diffie-Hellman Key
Exchange
Alice and Bob want to share a secret key using
Diffie-Hellman
Alice chooses a large prime number p and a large
number called the generator g which is less than
p; these two values (g and p) are sent to Bob
Alice chooses a number a and calculates A = ga
(mod p); the value A is sent to Bob
Bob chooses a number b and calculates B = gb
(mod p); the value B is sent to Alice
Alice calculates the shared secret K = Ba (mod p)
Bob calculates the shared secret K = Ab (mod p)