Control NMaster Encrypled

Master Session ector session ke

Control
ector

Hashing

here
pust
eeryption
Function Function

Encople Session KE
esson Key

As a tirst step, the control vector Is passea thirough a hash lunction inat produces a

value whose length is equal to the encryption key length. In essence, a hash function maps
values from a larger range into a smaller range with a reasonably uniform spread. Thus, for
example, if umbers in the range I to 100 are hashed into numbers in the range I to 10,

upproximately 10% of the source values should map into each of the target values. The hash
value is then XORed with the master key to produce an output that

iswhere
used as sthehkev
e input
masteer for
keyencrvntine thesession
and 1s the session Key.
kev. hus
The sessJOn key 1s recovered in

plaintext by the reverse operation:

DX[KmBH]. E((Km DH], Ks)

Secret Key Distribution with Confidentiality and Authentication:

(EPCh I 0all

-2) EPU, IN, I N ) -

Initiator Responder

3 ) ELPUa, Na)

-ELPU EPR, K,)*

A Uses B's publie key to encrypt a message to B contarning an tdentifier of A (11)) and a

nonce (Ni), which is used to identify this transaction uniquely

B sends a message to A encrypted with PU, and containingAS nonce (Ni) as wel as a

new nonce generated by B (N;) Because only B could have decrypted message (1), the

presence of N in message (2) assures A that the correspondent is B

A returns Na encrypted using B's public key, to assure B that its correspondent is A.

A selects a secret key K, and sends M = EPU. EPR,. K.) to B. Encryption of this

message with B's public key ensures that only B can read it; encryption with A's private

key ensures that only A could have sent it.

B computes D(PU., D(PR», M)) to recover the secret key.

 Fubiic announcement

Publicly available directory

Public-key authority
Public-key certificates
Public Announcement of Public Keys

he point punc-key enciyption s that the punic key pubic, hence

any
send his or her public key to uny other participunt, bruaudcast the key to
purticipunt can or
the
cumnunity at large. eg append PGP keys to emul messuges ur post to newa gruups or
i l list s major weakness is lorgery, anyone could pretend to be user A and send a public
key to another participant or broadcast such a public key. Until the forgery is discovered

ihey can masquerade as the claimed user

ublicly Available Directory

Can obain greater security by registering keyw with a publice directory

directory must be trusted with properties:

e autoity mantanms a dirciory with a mane, publac key) eniry tor cach

participant.
Each participant registers a public key with the directory authority
A participant may replace the existing key with a new one at any time because the
coresponding pervate key lhas been compromised in some way.

e a n s c o a asO ccess t e aurccoy cietronicay a r s p u r p e , secure

Public-Key
oommunication fmm.the.authoritv.to the.narticinant is mandatory
Authoritv:

Stronger security for public-key distribution can be achieved by providing tighter control
over the dastriDuiOn ol puniic keys trom tne directory

requires users to know the public key for the directory, and that they interact with

directory in real-time to obtain any desired public key securely.

Totally seven messages
are required.

li
 Elliptic curve cryptography:
ECC addition is analog of modular multiplication in RSA
ECC repeated addition is analog of modular exponentiation
Need "hard" problem equivalent to discrete log
where Q,toP compute
=kP, o Is"easy belong to a prime curve
Q given k, P
o But "hard" to find k given Q, P
o Known as the discrete logarithm problem of clliptic curve
Version Signature algortn
Certilicate
algorithm3
identifier
Parameters

Signature
Serml Number Issuer Name
-.gorithm
algorithm
identifier
**
paramefers
This Update Date
Issuer Name

Period of hefore Next Update Date

validity not fter
Revoked user certificate serial #
Subject Name
Subject's gprithns. certificate revocation date

ubic key3 --PEEE --

info
Issuer Unque

Tdentifier
Subject Unique
Identifier Revoked user certilicate seral
- -- ---

Extensions certificate revocation date

aprithms Signature. --
signature parameters P
encrypted1 erypted

a) A.S09 Certificate (b) Certificate Revocation List

CACAS> = CA (V, SN, AI, CA, UCA, A, UA, Ap, TA)

UccV>>
VcU

Yee

WcC>
Xe<W>>
Ycc
XeeD> (ZHz«o

<A>» ZccB
 Hobs

publickey ey

CA
infoemsation

de nf unsige
ertificate

C A p a key ith CAsplbc ky

Figure 14.14 Public-Key Certificate Use

LInfrastructure
Certifcate/CRI. refrieval
Kepstr ,

Certileton,
Registration
Certifenteauthority
publication revocatiotn reqqiest
CertiflcateCRI.
plkcation

CRI. suer certiflication

publlcatlon
ertnee
PKI

entities
lectronic Mail Security
Pretty Good Privacy
scheme
Cssion key u s c d in
symmetric encryplion
private key of userA, u s e d in public-key encryption scheme
PR
scheme
PUa public key of user A, u s e d in public-key encryption

EP= public-key encryption

DP public-key decrypton
EC = symmetric encryption

DC= symmetric decryption

hash function
eatonatio
compreNsion using algorithm tornat

RO conversion to raldix
oa A>

i i

ge .PaPCpplogphic Functions
 LA-KDC: IDal
2. KDC=-A: EIG, |A,1M|EI6,[6,10A1|) 2 8-AUe 9M|EA,AM4
KDC-A EK,I0NIKIT|EIK,JD,&
B-A EIM,N A-B EIKD,IK, EIK,NJ)
5A-B EK,1A) 1. AB: E(K|IDAl| K,|| T%)||N
2. B A : N'|E(K,. N'a)
| Clock T| <
Al1 + Al2 3. A-B:
E(K, N')
One-Way Authentication

LA-ADC: D,ID
KDC-& EM,K D,MEM,[A|10|0
A-B EK,JA|D)JEK,M)
Key
distribution
center
KDC fir aesion key

C
O

***********
HOST HOST
Network

Figre 144 Automatic Key Diaribution for ConnectionOriented PYotocol

connection request,it generates the session key and delivers it to the two

appropriate SSMs,using a unique permanent key for each SSM.

4. The requesting SSM can now release the connection request packet, and a

connection is set up between the two end systems.

5. All user data exchanged between the two end systems are encrypted by their

respective SSMs using the onetime session kev.