Post on 30-Jan-2016
description
transcript
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Information Security Management-- Cryptography
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Summary
• Symmetric Encryption
• Public Encryption
• Digital Signature
• Key Distribution
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Basic Terminology
• plaintext - the original message • ciphertext - the coded message • cipher - algorithm for transforming plaintext to ciphertext • key - info used in cipher known only to sender/receiver • encipher (encrypt) - converting plaintext to ciphertext • decipher (decrypt) - recovering ciphertext from plaintext• cryptography - study of encryption principles/methods• cryptanalysis (codebreaking) - the study of principles/
methods of deciphering ciphertext without knowing key• cryptology - the field of both cryptography and
cryptanalysis
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
The language of cryptography
symmetric key crypto: sender, receiver keys identical
public-key crypto: encryption key public, decryption key secret (private)
plaintext plaintextciphertext
KA
encryptionalgorithm
decryption algorithm
Alice’s encryptionkey
Bob’s decryptionkey
KB
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Symmetric Encryption
• or conventional / secret-key / single-key
• sender and recipient share a common key
• all classical encryption algorithms are private-key
• was only type prior to invention of public-key in 1970’s
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Symmetric Cipher Model
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Symmetric Key Cryptography
symmetric key crypto: Bob and Alice share know same (symmetric) key: K
• e.g., key is knowing substitution pattern in mono alphabetic substitution cipher
plaintextciphertext
KA-B
encryptionalgorithm
decryption algorithm
A-B
KA-B
plaintextmessage, m
K (m)A-B
K (m)A-Bm = K ( )
A-B
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Requirements
• two requirements for secure use of symmetric encryption:– a strong encryption algorithm– a secret key known only to sender / receiver
Y = EK(X)
X = DK(Y)
• assume encryption algorithm is known
• implies a secure channel to distribute key
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Cryptography
• can characterize by:– type of encryption operations used
• substitution / transposition / product
– number of keys used• single-key or private / two-key or public
– way in which plaintext is processed• block / stream
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
More Definitions
• unconditional security – no matter how much computer power is
available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext
• computational security – given limited computing resources (eg time
needed for calculations is greater than age of universe), the cipher cannot be broken
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Classical Substitution Ciphers
• where letters of plaintext are replaced by other letters or by numbers or symbols
• or if plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Caesar Cipher
• earliest known substitution cipher
• by Julius Caesar
• first attested use in military affairs
• replaces each letter by 3rd letter later
• example:meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Caesar Cipher
• can define transformation as:a b c d e f g h i j k l m n o p q r s t u v w x y zD E F G H I J K L M N O P Q R S T U V W X Y Z A B C
• mathematically give each letter a numbera b c d e f g h i j k l m0 1 2 3 4 5 6 7 8 9 10 11 12n o p q r s t u v w x y Z13 14 15 16 17 18 19 20 21 22 23 24 25
• then have Caesar cipher as:C = E(p) = (p + k) mod (26)p = D(C) = (C – k) mod (26)
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Cryptanalysis of Caesar Cipher
• only have 26 possible ciphers – A maps to A,B,..Z
• could simply try each in turn
• a brute force search
• given ciphertext, just try all shifts of letters
• do need to recognize when have plaintext
• eg. break ciphertext “ERE L ORYH BRX DOLFH"
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Symmetric Encryption Example-- Substitution
plaintextciphertext
KA-B
encryptionalgorithm
decryption algorithm
KA-B
plaintextmessage, m
K (m)A-B
• Plaintext
• KA-B
• Ciphertext
• Encryption algorithm
• Decryption algorithm
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Monoalphabetic Ciphers
• “Cipher” line can be any permutation of the 26 alphabetic char
• Statistical analysis– Letters “e” and “t” are the most frequent
occurring letters– Two and three letter occurrences of letters
appear quite often together, like “the”, “in”– Guess the appearance of the words
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Types of Cryptanalytic Attacks
• ciphertext only – only know algorithm / ciphertext, statistical, can identify plaintext
• known plaintext – know/suspect plaintext & ciphertext to attack cipher
• chosen plaintext – select plaintext and obtain ciphertext to attack cipher
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Brute Force Search
• always possible to simply try every key
• most basic attack, proportional to key size
• assume either know / recognise plaintext
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Chosen-Plaintext Attack
Crook #1 changeshis PIN to a numberof his choice
cipher(key,PIN)
PIN is encrypted andtransmitted to bank
Crook #2 eavesdropson the wire and learnsciphertext correspondingto chosen plaintext PIN
… repeat for any PIN value
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Polyalphabetic encryption
• monoalphabetic ciphers + Caesar cipher.
• Two Caesar ciphers (k=5, k=19)
• Repeating pattern c1, c2, c2, c1, c2
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Transposition Ciphers
• now consider classical transposition or permutation ciphers
• these hide the message by rearranging the letter order
• without altering the actual letters used
• can recognise these since have the same frequency distribution as the original text
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Rail Fence cipher
• write message letters out diagonally over a number of rows
• then read off cipher row by row
• eg. write message out as:m e m a t r h t g p r y
e t e f e t e o a a t
• giving ciphertextMEMATRHTGPRYETEFETEOAAT
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Row Transposition Ciphers
• a more complex scheme• write letters of message out in rows over a
specified number of columns• then reorder the columns according to
some key before reading off the rowsKey: 4 3 1 2 5 6 7Plaintext: a t t a c k p o s t p o n e d u n t i l t w o a m x y zCiphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Product Ciphers
• ciphers using substitutions or transpositions are not secure because of language characteristics
• hence consider using several ciphers in succession to make harder, but: – two substitutions make a more complex substitution – two transpositions make more complex transposition – but a substitution followed by a transposition makes a
new much harder cipher
• this is bridge from classical to modern ciphers
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Simple Idea: One-Time Pad
= 10111101…---------------
= 00110010… 10001111…
00110010…
10111101…
Key is a never-repeating bitsequence as long as plaintext
Encrypt by bitwise XOR ofplaintext and key:ciphertext = plaintext key
Decrypt by bitwise XOR ofciphertext and key:ciphertext key = (plaintext key) key =plaintext (key key) =plaintext
Cipher achieves perfect secrecy if and only if there are as many possible keys as possible plaintexts, andevery key is equally likely (Claude Shannon’s result)
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Advantages of One-Time Pad
• Easy to compute
– Encryption and decryption are the same operation
– Bitwise XOR is very cheap to compute
• As secure as possible
– Given a ciphertext, all plaintexts are equally likely, regardless of attacker’s computational resources
– …as long as the key sequence is truly random
• True randomness is expensive to obtain in large quantities
– …as long as each key is same length as plaintext• But how does the sender communicate the key to
receiver?
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Problems with One-Time Pad
• Key must be as long as plaintext– Impractical in most realistic scenarios– Still used for diplomatic and intelligence traffic
• Does not guarantee integrity– One-time pad only guarantees confidentiality– Attacker cannot recover plaintext, but can
easily change it to something else
• Insecure if keys are reused– Attacker can obtain XOR of plaintexts
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Modern Block Ciphers
• will now look at modern block ciphers
• one of the most widely used types of cryptographic algorithms
• provide secrecy and/or authentication services
• in particular will introduce DES (Data Encryption Standard)
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Block vs Stream Ciphers
• block ciphers process messages into blocks, each of which is then en/decrypted
• like a substitution on very big characters– 64-bits or more
• stream ciphers process messages a bit or byte at a time when en/decrypting
• many current ciphers are block ciphers
• hence are focus of course
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Block Ciphers
• Operates on a single chunk (“block”) of plaintext– For example, 64 bits for DES– Same key is reused for each block (can use short keys)
• Result should look like a random permutation– As if plaintext bits were randomly shuffled
• Only computational guarantee of secrecy– Not impossible to break, just very expensive
• If there is no efficient algorithm (unproven assumption!), then can only break by brute-force, try-every-possible-key search
– Time/cost of breaking the cipher exceeds the value and/or useful lifetime of protected information
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Permutation
123
4
123
4CODE becomes DCEO
• For N-bit input, N! possible permutations• Idea: split plaintext into blocks, for each block use secret
key to pick a permutation, rinse and repeat– Without the key, permutation should “look random”
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Block Cipher Operation (Simplified)
Block of plaintext
S S S S
S S S S
S S S S
Key
Add some secret key bitsto provide confusion
Each S-box permutes its input bits in a “random-looking” way to provide diffusion (spread plaintext bits throughout ciphertext)
repeat for several rounds
Block of ciphertextProcedure must be reversible
(for decryption)
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Block Cipher Principles
• needed since must be able to decrypt ciphertext to recover messages efficiently
• block ciphers look like an extremely large substitution
• instead create from smaller building blocks
• using idea of a product cipher (substitution followed by transposition)
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Claude Shannon and Substitution-Permutation Ciphers
• in 1949 Claude Shannon introduced idea of substitution-permutation (S-P) networks– modern substitution-transposition product cipher
• these form the basis of modern block ciphers • S-P networks are based on the two primitive
cryptographic operations we have seen before: – substitution (S-box)– permutation (P-box)
• provide confusion and diffusion of message
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Confusion and Diffusion
• cipher needs to completely obscure statistical properties of original message
• a one-time pad does this• more practically Shannon suggested
combining elements to obtain:• diffusion – dissipates statistical structure
of plaintext over bulk of ciphertext• confusion – makes relationship between
ciphertext and key as complex as possible
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Data Encryption Standard (DES)
• most widely used block cipher in world
• adopted in 1977 by NBS (now NIST http://www.itl.nist.gov/fipspubs/fip46-2.htm )
• encrypts 64-bit data using 56-bit key
• has widespread use
• has been considerable controversy over its security
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
DES History
• IBM developed Lucifer cipher– by team led by Feistel– used 64-bit data blocks with 128-bit key
• then redeveloped as a commercial cipher with input from NSA and others
• in 1973 NBS issued request for proposals for a national cipher standard
• IBM submitted their revised Lucifer which was eventually accepted as the DES
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
DES Encryption
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Strength of DES – Key Size
• 56-bit keys have 256 = 7.2 x 1016 values
• brute force search looks hard
• recent advances have shown is possible– in 1997 on Internet in a few months – in 1998 on dedicated h/w (EFF) in a few days – in 1999 above combined in 22hrs!
• still must be able to recognize plaintext
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Design Principles
• block size – increasing size improves security, but slows cipher
• key size – increasing size improves security, makes exhaustive key
searching harder, but may slow cipher • number of rounds
– increasing number improves security, but slows cipher • subkey generation
– greater complexity can make analysis harder, but slows cipher • round function
– greater complexity can make analysis harder, but slows cipher • fast software en/decryption & ease of analysis
– are more recent concerns for practical use and testing
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Confidentiality using Symmetric Encryption
• have two major placement alternatives
• link encryption– encryption occurs independently on every link– implies must decrypt traffic between links
• end-to-end encryption– encryption occurs between original source
and final destination– need devices at each end with shared keys
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Placement of Encryption
• can place encryption function at various layers in OSI Reference Model– link encryption occurs at layers 1 or 2– end-to-end can occur at layers 3, 4, 6, 7– as move higher less information is encrypted
but it is more secure though more complex with more entities and keys
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Summary
• Symmetric encryption
• Public encryption
• Digital Signature
• Key distribution
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Private-Key Cryptography
• traditional private/secret/single key cryptography uses one key
• shared by both sender and receiver • if this key is disclosed communications are
compromised • also is symmetric, parties are equal • hence does not protect sender from
receiver forging a message & claiming is sent by sender
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Public-Key Cryptography
• probably most significant advance in the 3000 year history of cryptography
• uses two keys – a public & a private key
• asymmetric since parties are not equal
• uses clever application of number theoretic concepts to function
• complements rather than replaces private key crypto
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Public-Key Cryptography
• public-key/two-key/asymmetric cryptography involves the use of two keys: – a public-key, which may be known by anybody, and
can be used to encrypt messages, and verify signatures
– a private-key, known only to the recipient, used to decrypt messages, and sign (create) signatures
• is asymmetric because– those who encrypt messages or verify signatures
cannot decrypt messages or create signatures
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Public-Key Cryptography
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Public-Key Characteristics
• Public-Key algorithms rely on two keys with the characteristics that it is:– computationally infeasible to find decryption
key knowing only algorithm & encryption key– computationally easy to en/decrypt messages
when the relevant (en/decrypt) key is known– either of the two related keys can be used for
encryption, with the other used for decryption (in some schemes)
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Public-Key Cryptosystems
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Public-Key Applications
• can classify uses into 3 categories:– encryption/decryption (provide secrecy)– digital signatures (provide authentication)– key exchange (of session keys)
• some algorithms are suitable for all uses, others are specific to one
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Security of Public Key Schemes
• like private key schemes brute force exhaustive search attack is always theoretically possible
• but keys used are too large (>512bits) • security relies on a large enough difference in
difficulty between easy (en/decrypt) and hard (cryptanalysis) problems
• more generally the hard problem is known, its just made too hard to do in practise
• requires the use of very large numbers• hence is slow compared to secret key schemes
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Public key encryption algorithms
need K ( ) and K ( ) such thatB B. .
given public key K , it should be impossible to compute private key K
B
B
Requirements:
1
2
RSA: Rivest, Shamir, Adelson algorithm
+ -
K (K (m)) = m BB
- +
+
-
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
RSA: Choosing keys
1. Choose two large prime numbers p, q. (e.g., 1024 bits each)
2. Compute n = pq, z = (p-1)(q-1)
3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”).
4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ).
5. Public key is (n,e). Private key is (n,d).
K B+ K B
-
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
RSA: Encryption, decryption
0. Given (n,e) and (n,d) as computed above
1. To encrypt bit pattern, m, compute
c = m mod n
e (i.e., remainder when m is divided by n)e
2. To decrypt received bit pattern, c, compute
m = c mod n
d (i.e., remainder when c is divided by n)d
m = (m mod n)
e mod n
dMagichappens!
c
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
RSA example:
Bob chooses p=5, q=7. Then n=35, z=24.e=5 (so e, z relatively prime).d=29 (so ed-1 exactly divisible by z.
letter m me c = m mod ne
l 12 1524832 17
c m = c mod nd
17 481968572106750915091411825223071697 12
cdletter
l
encrypt:
decrypt:
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
RSA: Why is that m = (m mod n)
e mod n
d
(m mod n)
e mod n = m mod n
d ed
Useful number theory result: If p,q prime and n = pq, then:
x mod n = x mod ny y mod (p-1)(q-1)
= m mod n
ed mod (p-1)(q-1)
= m mod n1
= m
(using number theory result above)
(since we chose ed to be divisible by(p-1)(q-1) with remainder 1 )
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
RSA: another important property
The following property will be very useful later:
K (K (m)) = m BB
- +K (K (m))
BB+ -
=
use public key first, followed
by private key
use private key first,
followed by public key
Result is the same!
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Summary
• Symmetric encryption
• Public encryption
• Digital Signature
• Key distribution
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Digital Signatures
Cryptographic technique analogous to hand-written signatures.
• sender (Bob) digitally signs document, establishing he is document owner/creator.
• verifiable, nonforgeable: recipient (Alice) can prove to someone that Bob, and no one else (including Alice), must have signed document
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Digital Signatures
Simple digital signature for message m:• Bob signs m by encrypting with his private
key KB, creating “signed” message, KB(m)--
Dear Alice
Oh, how I have missed you. I think of you all the time! …(blah blah blah)
Bob
Bob’s message, m
Public keyencryptionalgorithm
Bob’s privatekey
K B-
Bob’s message, m, signed
(encrypted) with his private key
K B-(m)
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Digital Signatures (more)
• Suppose Alice receives msg m, digital signature KB(m)
• Alice verifies m signed by Bob by applying Bob’s public key KB to KB(m) then checks KB(KB(m) ) = m.
• If KB(KB(m) ) = m, whoever signed m must have used
Bob’s private key.
+ +
-
-
- -
+
Alice thus verifies that: Bob signed m. No one else signed m. Bob signed m and not m’.
Non-repudiation: Alice can take m, and signature KB(m) to court and prove
that Bob signed m. -
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Internet checksum: poor crypto hash function
Internet checksum has some properties of hash function:
produces fixed length digest (16-bit sum) of message is many-to-one
But given message with given hash value, it is easy to find another message with same hash value:
I O U 10 0 . 99 B O B
49 4F 55 3130 30 2E 3939 42 D2 42
message ASCII format
B2 C1 D2 AC
I O U 90 0 . 19 B O B
49 4F 55 3930 30 2E 3139 42 D2 42
message ASCII format
B2 C1 D2 ACdifferent messagesbut identical checksums!
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Message Digests
Computationally expensive to public-key-encrypt long messages
Goal: fixed-length, easy- to-compute digital “fingerprint”
• apply hash function H to m, get fixed size message digest, H(m).
Hash function properties:
• many-to-1• produces fixed-size msg digest
(fingerprint)• given message digest x,
computationally infeasible to find m such that x = H(m)
large message
m
H: HashFunction
H(m)
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
large message
mH: Hashfunction H(m)
digitalsignature(encrypt)
Bob’s private
key K B-
+
Bob sends digitally signed message:
Alice verifies signature and integrity of digitally signed message:
KB(H(m))-
encrypted msg digest
KB(H(m))-
encrypted msg digest
large message
m
H: Hashfunction
H(m)
digitalsignature(decrypt)
H(m)
Bob’s public
key K B+
equal ?
Digital signature = signed message digest
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Digital Envelopes-- Symmetric + Asymmetric
• Generate a secret key (session key) at random. • Encrypt the message using the session key and
symmetric algorithm.• Encrypt the session key with the recipient’s
public key. This becomes the “digital envelope”.• Send the encrypted message and the digital
envelope to the recipient. • Figure …
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Summary
• Symmetric encryption
• Public encryption
• Digital Signature
• Key distribution
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Key Distribution
• symmetric schemes require both parties to share a common secret key
• issue is how to securely distribute this key
• often secure system failure due to a break in the key distribution scheme
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Key Distribution
• given parties A and B have various key distribution alternatives:
1. A can select key and physically deliver to B
2. third party can select & deliver key to A & B
3. if A & B have communicated previously can use previous key to encrypt a new key
4. if A & B have secure communications with a third party C, C can relay key between A & B
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Trusted Intermediaries
Symmetric key problem:• How do two entities
establish shared secret key over network?
Solution:• trusted key distribution
center (KDC) acting as intermediary between entities
Public key problem:• When Alice obtains
Bob’s public key (from web site, e-mail, diskette), how does she know it is Bob’s public key, not Trudy’s?
Solution:• trusted certification
authority (CA)
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Key Distribution Center (KDC)
• Alice, Bob need shared symmetric key.• KDC: server shares different secret key with
each registered user (many users)
• Alice, Bob know own symmetric keys, KA-KDC KB-KDC ,
for communicating with KDC.
KB-KDC
KX-KDC
KY-KDC
KZ-KDC
KP-KDC
KB-KDC
KA-KDC
KA-KDC
KP-KDC
KDC
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Key Distribution Center (KDC)
Aliceknows
R1
Bob knows to use R1 to communicate with Alice
Alice and Bob communicate: using R1 as session key for shared symmetric
encryption
Q: How does KDC allow Bob, Alice to determine shared symmetric secret key to communicate with each other?
KDC generates
R1
KB-KDC(A,R1)
KA-KDC(A,B)
KA-KDC(R1, KB-KDC(A,R1) )
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Key Management (public)
• public-key encryption helps address key distribution problems
• have two aspects of this:– distribution of public keys– use of public-key encryption to distribute
secret keys
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Distribution of Public Keys
• can be considered as using one of:– Public announcement– Publicly available directory– Public-key authority– Public-key certificates
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Public Announcement
• users distribute public keys to recipients or broadcast to community at large– eg. append PGP keys to email messages or
post to news groups or email list
• major weakness is forgery– anyone can create a key claiming to be
someone else and broadcast it– until forgery is discovered can masquerade as
claimed user
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Certification Authorities
• Certification authority (CA): binds public key to particular entity, E.
• E (person, router) registers its public key with CA.– E provides “proof of identity” to CA.
– CA creates certificate binding E to its public key.
– certificate containing E’s public key digitally signed by CA – CA says “this is E’s public key”
Bob’s public
key K B+
Bob’s identifying informatio
n
digitalsignature(encrypt)
CA private
key K CA-
K B+
certificate for Bob’s public
key, signed by CA
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Certification Authorities
• When Alice wants Bob’s public key:– gets Bob’s certificate (Bob or elsewhere).– apply CA’s public key to Bob’s certificate,
get Bob’s public key
Bob’s public
key K B+
digitalsignature(decrypt)
CA public
key K CA+
K B+
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
A certificate contains:
• Serial number (unique to issuer)• info about certificate owner, including algorithm and
key value itself (not shown)• info about certificate
issuer• valid dates• digital signature by
issuer
Fall, 2005 CPSC499 Information Security Management
Computer Computer ScienceScience
Summary
• Symmetric encryption
• Public encryption
• Digital Signature
• Key distribution