17-11-2012, 11:22 AM
Key Distribution in Cryptography
Key Distribution.pptx (Size: 572.73 KB / Downloads: 25)
Key Management and Distribution
“No Singhalese, whether man or woman, would venture out of the house without a bunch of keys in his hand, for without such a talisman he would fear that some devil might take advantage of his weak state to slip into his body”.
Topics of cryptographic key management / key distribution are complex
cryptographic, protocol, & management issues
Symmetric schemes require both parties to share a common secret key
Public key schemes require parties to acquire valid public keys
Have concerns with doing both
Key Distribution
Symmetric schemes require both parties to share a common secret key
Issue is how to securely distribute this key
While protecting it from others
Frequent key changes can be desirable
Often secure system failure due to a break in the key distribution scheme
Key Distribution Techniques
Given parties A and B have various key distribution alternatives:
A can select key and physically deliver to B
Third party can select & deliver key to A & B
If A & B have communicated previously can use previous key to encrypt a new key
If A & B have secure communications with a third party C, C can relay key between A & B
Key Hierarchy
Typically have a hierarchy of keys
Session key
Temporary key
Used for encryption of data between users
For one logical session then discarded
Master key
Used to encrypt session keys
Shared by user & key distribution center
Key Distribution Issues
Hierarchies of KDC’s required for large networks, but must trust each other
Session key lifetimes should be limited for greater security
Use of automatic key distribution on behalf of users, but must trust system
Use of decentralized key distribution
Controlling key usage
Publicly Available Directory
Can obtain greater security by registering keys with a public directory
Directory must be trusted with properties:
Contains {name,public-key } entries
Participants register securely with directory
Participants can replace key at any time
Directory is periodically published
Directory can be accessed electronically
Still vulnerable to tampering or forgery