《keydistribution-southernmethodistuniversity-world密钥分配-南卫理公会大学-世界》由会员分享,可在线阅读,更多相关《keydistribution-southernmethodistuniversity-world密钥分配-南卫理公会大学-世界(30页珍藏版)》请在金锄头文库上搜索。
1、SMU,CSE 5349/7349,Key Distribution,SMU,CSE 5349/7349,Where to Put Encryption?,Link level Vulnerable links equipped with encryption devices on both sides Needs large number of devices Needs decryption to perform routing End-to-end Carried out at the end systems Can encrypt only the data portion and n
2、ot the header,SMU,CSE 5349/7349,Link vs. End-to-End Key Distribution,Link keys must be distributed to each pair of link endpoints in advance Relatively easy to distribute securely For e-t-e, must generate and distribute many keys, often in real time,SMU,CSE 5349/7349,Logical Placement,Application la
3、yer Transport layer Network layer Link layer,SMU,CSE 5349/7349,Traffic Analysis,Both techniques hide user data (payload) Link encryption Hides address information Buffers clear data in each node E-T-E encryption Leaves addresses in the clear No need to buffer decrypted payload Use both techniques?,S
4、MU,CSE 5349/7349,Traffic Analysis,Identities of communicating partners Frequency of communication Message patterns, e.g., length, quantity, (encrypted) content Correlation between messages and real world events Can (sometimes) be defeated through traffic padding,SMU,CSE 5349/7349,Covert Channels,Ess
5、entially, the dual of traffic analysis Usually intended to violate or defeat a security policy Examples Message length Message content Message presence,SMU,CSE 5349/7349,Key Distribution,Most important component in secure transmission. Options: (between A and B). A selects a key and physically deliv
6、ers it to B. A trusted third party key distribution center (KDC) selects a key and physically delivers it to A and B. If A and B already have have a viable key, it can be used to distribute a new key. If A and B have a secure link to KDC, can receive the key through that channel.,SMU,CSE 5349/7349,K
7、ey Distribution (contd),Manual delivery is straightforward for link encryption, challenging for E-T-E The number of keys grows quadratically with the number of endpoints (n*(n-1)/2) Further complexity for application/user level encryption KDC a good alternative Only n master keys required,SMU,CSE 53
8、49/7349,Decentralized Distribution,No need for KDC to be trusted and protected Any two nodes can establish a session key Needs n(n-1)/2 master keys Can generate any number of session keys Key distribution protocol,SMU,CSE 5349/7349,Public Key Management,Distribution of public keys Public announcemen
9、t Public directories Public-key authority Public-key certificates Use of public-key encryption to distribute secret keys,SMU,CSE 5349/7349,Public-Key Authority and Certificates,Very similar to session key obtaining process Both the parties are assumed to have authoritys public key Authority sends th
10、e key encrypted in private key (for authentication) Authority could be a bottle-neck Instead use certificates authenticated by authority,SMU,CSE 5349/7349,Public-key distribution of secret keys,A sends public key, ID) to B B sends secret key encrypted in Kua A decrypts for private key,SMU,CSE 5349/7
11、349,Public-Key Authority,Public-key authority,A,B,(1) Request|T1,(2) EKd_authKe_b|Request|T1,(3) EKe_bIDA| N1,(6) EKe_aN1|N2,(7) EKe_bN2,(4) Request|T2,(5) EKd_authKe_a|Request|T2,SMU,CSE 5349/7349,Public-Key Certificates,A certificate contains a public key and other information Created by a certifi
12、cate authority Given to the participant with the matching private key A participant transmits its certificate to convey its key information Other participants can verify that the certificate was created by the authority All nodes are pre-configured with the public key of the certificate authority (C
13、A),SMU,CSE 5349/7349,Exchange of Public-key Certificates,Certificate Authority,A,B,Ke_a,CA= EKd_authT1, IDA, Ke_a,(1) CA,Ke_b,CB= EKd_authT2, IDB, Ke_b,(2) CB,B does: DKe_auth(CA)= DKe_auth(EKd_authT1, IDA, Ke_a) = (T1, IDA, Ke_a), hence gets the public key of A,SMU,CSE 5349/7349,Public-key distribu
14、tion of secret keys,A sends public key, ID) to B B sends secret key encrypted in Kua A decrypts for private key Vulnerable to active attack?,A,B,(1) Ku_a|IDA,(2) EKu_aKs,SMU,CSE 5349/7349,Distribution With Confidentiality and Authentication,A,B,(1) EKu_bN1|IDA,(2) EKu_aN1| N2,(3) EKu_bN2,(4) EKu_bEK
15、r_aKs,SMU,CSE 5349/7349,Diffie-Hellman KE,Public information: p is a prime number g is a generating element of Zp Alices Private Key : a Public Key : ga mod p Bobs Private Key : b Public Key : gb mod p,SMU,CSE 5349/7349,DH Key Exchange,Key Exchange: Alice obtains gb and computes (gb)a = gab mod p =
16、ks Bob obtains ga and computes (ga)b = gab mod p = ks Alice and Bob have agreed upon key ks The well-known man-in-the-middle attack exploits the lack of authentication,SMU,CSE 5349/7349,Diffie-Hellman Scheme,Security factors Discrete logarithm very difficult. Shared key (the secret) itself never transmitted. Disadvantages: Expensive exponential operation The scheme itself cannot be used to encrypt anything it is for secret key establishm
