SENG2250 Key Management and Distribution – 3/8/21

Key Management –

- Generation
- Registration
- Distribution
- Storage
- Updating
- Deletion
- Backup/Recovery
- Archiving

Key Generation-

- Symmetric Key Cryptosystems

o Good pseudo-random or random number generator
o AES
o DES
- Asymmetric key Cryptosystems
o Good Prime Numbers
 RSA
o Others

Key Registration –

- Associate Keys to entities

- Trusted Authorities
o E.g., Key Management Centre (KMC)
o Symmetric System
 Secrecy and Integrity
o Asymmetric Systems
 Integrity of Keys

Key Management –

- Storage
o Hosts
o Network Components
o Smart Cards
o …
- Distribution
o Secure Protocols
o Initialization, Update4, Deletion
- Backup/Recovery
- Archiving
- Considerations of key management mechanism design
o What type of Keys?
o Who generates Keys?
 o Where are they being generated?
o Who needs the Keys?
o How are they distributed?
o How often Key changes are required?
o …

Key Distribution –

- Type of Keys
o Symmetric: for the system using symmetric key cryptography
o Asymmetric: for systems using asymmetric (public) key cryptography
- Symmetric Keys
o Remain as secret
o Distributed via secure channels
- Asymmetric Keys
o Public key is known to everyone, but private key remains secret
o Authenticity and integrity of public key is important. Why and how?

Key Establishment

- Goal: Two users end up with a shared key that is only known by them.
- Possible ways of sharing a key:
o Two users use a supplementary secure channel, such as a courier service
 Disadvantages: Costly, Slow, Questionable security
o (Digital) Key exchange via a trusted authority (T):
 Each suer can securely communicate with T, a central trusted authority
 T mediates between 2 users
 Disadvantages: Requires a trusted node and creates a bottleneck. For every
key between 2 users at least 2 communications involving T are necessary. T
can be replaced by a network of authorities, but this increases the number
of entry points for the intruder.
o Key exchanged using public channels

Key Establishment Protocols

- A protocol is an algorithm to achieve a certain goal:

o A sequence of steps precisely specifying the actions required of 2 or more parties
o Communicating parties in a protocol are called principals
- Key Establishment
o A process to make a shared secret key becomes available to 2 or more parties
- Key Transport
o Single party creates/obtains a secret and securely delivers the other(s)
o One -> many
- Key Agreement
o All parties cooperatively agree on a shared secret as a result of the protocol, using a
function, say f.
o No single party can predict/determine the shared key before hand
Threats

- Disclosure
o Cannot access by unauthorised party
- Modification
o The integrity of message
- Replay
o Is the message “fresh”
- Origin of Keys
o Is the key sent/agreed by the authentic user?
o Impersonation?

Key Transport Protocols

- Alice (A) and Bob (B) share a long term key Kab
- E (key; data) is a symmetric encryption scheme
- Ks is a session key valid for a single secure communication between users
- A ->B: E(Kab; Ks)
- Replay Attack
o Adversary can replay the previous message (key)
o Reason: lack of key freshness
- Solutions
o Timestamp (TS)
 A->B: E(Kab; Ks, TS, B)
o B means Identity of bob

Challenge-Response

- Nonce (random number)

o To guarantee message freshness
o Used only once
- Challenge-Response Mechanism
o Uses Nonce
o Authentication
- Example (Key Transport Protocol)

- Example (Key Agreement Protocol)

- Disadvantage
 o Communication overhead in which requires more than one message: Efficiency vs
Security

Key Establishment with a Server

- Trusted Third Party (TTP)

o An authority trusted by all users
- Key Distribution
o Key Distribution Centre (KDC): supplies the session key
o Key Translation Centre (KTC): enables a session key chosen by one user to be
available to others
- A and B have shared long-term keys with a TTP, e.g., KDC and KTC

Needham-Schroeder Protocol

- Entities
o TS is a trusted server
o A and B are users who have shared long term keys with TS
- Role of TS
o KDS
o Generate session keys
- The NS protocol is the basis of many servers based key distribution systems, including
Kerberos. We will introduce it later

PKC Based Key Transport

- One-pass key transport:

- Issues
o A will not know if B receives the message
o B does not know the source of the message
o Replay attack
o To help against replay:

Preliminaries – Group

- Group is a mathematical representation of symmetries

- A set of elements and a binary operation on that set, satisfying the following properties:
Discrete Logarithm Problem (DLP)

- Definition:
o Let g be a generator of multiplicative group G, given h is an element of G, find a as
an element of Z*, such that h = ga mod p
o P is a large prime
o Computationally hard
o We do not need to be able to do this just know how it works
o One way trap door function
- It provides a way to set up public and private key pairs

Key Transport with Public Key Cryptography

- Sharmir’s no-key protocol

-
- 1. Select and publish a prime p such that for that prime Discrete Logarithm (DL) problem is
hard
- 2. A does the following steps
o 1. Selects a rand num a, 1 < a < p – 2, a co-prime to p-1
o 2. Computes a-1 mod p-1
- 3. B does the same as A and obtains b and b-1 mod p-1

Diffie-Hellman Key Agreement

- SUPER IMPORTANT system and is still used widely in the real world
- System Setup
o A and B agree on a common prime p and a generator g of Z*p
o Safe prime: p = 2q+1, where q is a prime
- Private Keys
o A chooses a random number xa where 1 < xa < p, as a private key
o B chooses a random number xb where 1 < xb < p, as a private key
o These are usually used as ephemeral keys of a session, i.e., choose different keys at
each protocol execution
- Public Keys
z
o A computes the public key Ya = g a mod p
x
o B computes the public key Yb = g b mod p

Forward Secrecy
- A key agreement protocol provides forward secrecy, if old session keys remain secure when
the long-term keys of participated entities were compromised
- Also known as perfect forward secrecy
- Does NS protocol provide forward secrecy?
-