Network Security

(Key Management)

Key Management
One of the major roles of public-key
encryption has been to address the
problems of key distribution.
Two distinct aspects of public key
cryptography:
The distribution of public keys
The use of public key encryption to
distribute secret keys

Distribution of Public keys

Public announcements
Publicly available directory
Public key authority
Public key certificates

Public Announcements
Any participant can send his public key
to any other participant or broadcast the
key to the community at large.
Example : PGP that uses RSA has adopted
the practice of appending their public key to
messages that they send to public forums
such as newsgroups and internet mailing lists.

Seems to be convenient, has major

weaknesses. Anyone can forge, That is
some user pretend to be user A and
broadcast its public key. Until noticed ,
forger can able to read encrypted
messages intended for A and can use keys

Public Announcements

Publicly Available
Directory
Some sort of security can be achieved
by maintaining a publicly available
dynamic directory of public keys.
Maintenance and distribution will be
the responsibility of some trusted entity
or organization.

Publicly Available
Directory
The authority maintains a directory
with a {name, public key} entry for
each participant.
Each participant register a public key
with the directory authority. Registration
would have to be in person or by some
form of secure authenticated
communication.
Participant may replace the existing
key.
Participants could also access the

Publicly Available
Directory
Still its vulnerable , if an adversary

succeed in obtaining the private key of the

directory authority, it can authoritatively
pass out counterfeit public keys and
subsequently impersonate and eavesdrop
any participant.
Another way is to temper records kept by
the authority.

Public Key Authority

Stronger security can be achieved by
providing tighter control over
distribution of public keys from directory.
Assumes that central authority
maintains a dynamic directory of public
keys of all participants.
Each participant reliably knows public
key of the authority, with only authority
knows private key.

Steps involved
A sends a time stamped message to the public
key authority containing a request for the current
public key of B.
The authority responds with the message that is
encrypted using the authoritys private key , PR auth.
Thus A is able to decrypt the message using the
authoritys public key. Therefore A is assured that
the message originated with the authority.
The message includes:
B public key, PUb , which A can use to encrypt
messages destined for B.
The original request , to enable A to match this
response with the corresponding earlier request and
verify that original request was not altered before
reception by the authority.
The original timestamp, so A can determine that this is
not an old message from the authority containing a key

Continued
A Stores Bs public key and also uses
it to encrypt a message to B containing
an identifier of A (IDA) and a nonce (N1) ,
which is used to identify this transaction
uniquely.
B retrieves As public key from the
authority in the same manner as A
retrieves Bs public key.
At this point , public key has been
securely delivered to A and B. and they
may begin there protected exchange.

Two Additional Steps

B sends a message to A encrypted
with PUa and containing As nonce(N1)
as well as a new nonce generated by B
(N2). Because only B could have
decrypted message (3), the presence of
N1 in message (6) assures A that the
corresponding is B.
A returns N2, encrypted using Bs
public key , to assure B that is
corresponding is A.

Continued..

Total are seven steps, the initial four

steps are used infrequently because
both A and B can save the others
public key for future use, known as
caching.
Periodically user should request fresh
copies of public key to ensure currency.

Public Key Authority

Public key certificates

Last approach bottleneck in the system, for
user must appeal to the authority for public
key for every other user it wishes to contact.
An alternate approach is to use certificates
that can be used by participants to exchange
keys without contacting a public key authority.
A certificate consists of a public key plus an
identifier of the key owner, with whole block
signed by the trusted third party.
Typically , the third party is the certificate
authority, such as government agency, that is
trusted by user community.

Public key Certificates

A user can present his public key to the
authority in a secure manner , and obtain a
certificate.
The user then publish the certificate.
Any one needed this user public key can
obtain the certificate and verify that it is
valid by way of the attached trusted
signature.
A participant can also convey its key
information to another by transmitting its
certificate.

Requirements
Any participant can read a certificate
to determine the name and public key
of the certificate owner.
Any participant can verify that the
certificate originated from the
certificate authority and is not
counterfeit.
Only the certificate authority can
create and update certificate.
Any participant can verify the
currency of the certificate.

Public key Certificates

Each participant applies to the
certificate authority, supplying a public
key and request a certificate.
Application must be in person or by
some form of secure authenticated
communication.
For participant A, the authority
provides a certificate of the form:
Where PR auth is the private key used by
the authority and T is the timestamp.

Continued
A may then pass this certificate on to any
other participant , who reads and verifies the
certificate
as follows:

The recipient uses the authority public key, PU

auth, to decrypt the certificate.
Because the certificate is readable only using
authoritys public key, this verifies authenticity
of certificate authority.
The elements IDA and PU a provides the
recipient with the name and the public key of

Time Stamp Scenario

A private key is learned by the
adversary.
A generates a new private/public key
pair and applies to the certificate
authority for new certificate.
Meanwhile , the adversary replays the
old certificate to B. if B then encrypts
messages using compromised old public
key, the adversary can read those
messages.

Public Key Certificate

Distribution of Secret Key

using Public Key
cryptography

Public key encryption can be used

for distribution of Secret keys

Simple Secret Key

Distribution
A generates a public/private key
pair{PUa, PRa} and transmits a
message to B consisting of PU a and
an identifier of A, IDA.
B generates a secret key , Ks , and
transmit it to A, encrypted with As
public key.
A computes D(PR a, E(PU a, Ks)) to
recover the secret key. Because only
A can decrypt the message, only A

Simple Secret Key

Distribution
A and B can now securely
communicate using conventional
encryption and the session Key Ks.
At the completion of exchange both
discard Ks.
No keys exist at the start of
communication and none exist after
the completion of communication.
Thus the risk of keys compromise is
minimal.

Simple Secret Key

Distribution

Secret key Distribution with

confidentiality and
authentication

A uses Bs public key to encrypt a message to B

containing an identifier of A (IDA) and nonce(N1),
which is used to identify this transaction uniquely.
B sends a message to A encrypted with PU a and
containing As nonce(N1) as well as a new nonce
generated by B (N2). Because only B could have
decrypted message(1), the presence of N1 in
message(2) assures A that the correspondent is B.
A returns N2, encrypted using Bs public key, to
assure B that its correspondent is A.
A selects a secret key Ks and sends M=E(PU b, E(PR
a, Ks)) to B.
Encryption of this message with Bs public key
ensures that only B can read it; encryption with A s

Diffie-Hellman Key
Exchange
Alice and Bob want to share a secret key using
Diffie-Hellman
Alice chooses a large prime number p and a large
number called the generator g which is less than
p; these two values (g and p) are sent to Bob
Alice chooses a number a and calculates A = ga
(mod p); the value A is sent to Bob
Bob chooses a number b and calculates B = gb
(mod p); the value B is sent to Alice
Alice calculates the shared secret K = Ba (mod p)
Bob calculates the shared secret K = Ab (mod p)