UNIT-4

Key distribution & Management

 Why key distribution & management is necessary?
(i) Many users wish to communicate securely across network.
(ii) An attacker can intercept at any location in the network.
(iii) Manual exchange of key is undesirable.
(iv) Use of a secret key for long time is undesirable and is necessary

to change the key frequently to safeguard from attackers.

So, How to distribute & manage a key ?.

 Different stages of Key Management are:
Key generation, Key storage, Key distribution, Key deployment, Key
activation, and Key deletion. This is called Key Life – Cycle.
 The syllabus focuses on key distribution.
 In cryptography we use only two types of keys called Symmetric and
Asymmetric key.
 The syllabus on key distribution has two parts.
Part 1: Symmetric key distribution using symmetric key encryption.
Part 2: Symmetric key distribution using Asymmetric key encryption.
 Part 1 has two three types of distribution.
(i) Type 1: Secret key distribution by KDC (centralized).
(ii) Type 2: Automatic key distribution for connection-oriented protocol
(centralized).
(iii) Type 3: Sharing Session key in Decentralized Key distribution.
 Symmetric key distribution using symmetric encryption

During the process of data transmission, encryption can be done in two ways.
(i) Link encryption & (II) end-to-end encryption.
(1) Link encryption
 This type of encryption is done at Internet layer (IP) of TCP/IP model.
 Both header and payload is being encrypted.
 This type of encryption is used in circuit switching technology.
 This method use less number of keys but introduce more delay.
 Link encryption (contd..)
 The network contains 20 links, needs 20 different secure keys.
 Encrypt data over individual link.
 Each link end points shares a secret key.
 Decrypt and Encrypt at each device in the path introduces large delay.
 Requires all devices to support encryption.
 Configuring the keys in small network can be done manually, but not in large
networks.
 Symmetric key distribution using symmetric encryption
(2) End-to-End encryption
 This is applied in transport layer.
 End-to-end encryption is applied in packet switching technology.
 This method is widely adopted.
 If the number of nodes are n, then n(n-1)/2 number of keys are needed.
 The scheme use key distribution center(KDC).
 (2) End-to-End encryption (contd…)
 Encrypt data at network end points (hosts or applications).
 Each pair of host or application share a Secret key.
 Does not rely on intermediate network devices.
 If, each pair of host share a secret key, need 10x9/2=45 keys.
 If, each application share a secret key need 50x49/2=1225 keys.
So, the strength of any cryptographic system rests upon the key distribution technique.
 Keys requirement Vs end points
 The graph illustrate the magnitude of key distribution task for an end-to-end
encryption.
 As, the number of endpoints increase, relatively the number of key
requirement increase.
 The key distribution mechanism is taken care by KDC.
 Symmetric key distribution using symmetric encryption

Key Distribution Centre (KDC)

 KDC is a trusted third party, and is a part of cryptosystem who takes care of
key distribution and management for users.
 KDC uses two types of keys called Master key & Session key.
 Users can manually or securely, exchange the Master key with KDC.
 Users obtain Session key via KDC for communication with other users.
 Using that session key data can be exchanged between sender and receiver.
 This is also called as centralized key distribution system.
 Symmetric key distribution using symmetric encryption

 For intranet you can have a local KDC.

 For Internet you can have distributed KDCs
 key distribution scenario

 User A wishes to establish a logical connection with B. A requires a one-time

Session key to encrypt the data and to transfer to B.

 A has a master key Ka, known only to itself and the KDC. Similarly, B shares his

master key Kb known only to itself and the KDC. 

  A send a request message to the KDC for a session key (Ks), that include the

identity of A (IDA), and identity of B (IDB) and a unique identifier called nonce

(N1, Number occurring once).

key distribution scenario (contd…)
 key distribution scenario (contd…)

 The KDC responds with a message encrypted by using Ka. The message includes

one-time session key Ks , and the original request message of A appended with

E(Kb,[Ks|| IDA]).

 A stores the session key for its use, and forward to B the information that

originated at the KDC for B, namely, E(Kb,[Ks|| IDA]).

 Using new session key Ks , B sends a nonce, N2, to A.

 Using Ks, A responds with f(N2), where f is a function that performs some

transformation on N2.
 Symmetric key distribution using symmetric encryption

Session Key Lifetime

 For connection-oriented protocol, the same session key can be used for
complete length of time the connection is open.
For a connectionless protocol, the most secure approach is to use a new
session key for each exchange of datagram. But this introduce increase delay .
Therefore, a better strategy is to use a given session key for a certain fixed
period only or for a certain number of transactions.
 A transparent key control scheme
This scheme is useful for providing end-to-end encryption at a network.
This scheme is applied at the transport layer level.
The method assumes that communication make use of a connection-oriented, end-to-end
protocol such as TCP.
In the implementation protocol use 4-steps.
 Symmetric key distribution using symmetric encryption
(A transparent key control scheme)

 The protocol is applied at Transport layer.

 This type of key distribution is useful for applications like FTP, HTTP which provide
end-to-end service using TCP.
 The key distribution system introduces Session Security Module (SSM).
 On behalf of the host, SSM gets session key from KDC for end-to-end encryption.
Symmetric key distribution using symmetric encryption
 A transparent key control scheme
In the implementation the protocol uses 4-steps.
Step-1: When the host A wishes to setup a connection to another host B, It transmit a
connection request packet to session security model (SSM) of A.
Step-2: The SSM save the packet and send a request to KDC for a session establishment.
Step-3: If the KDC approves the connection request, it generates a session key and deliver
it to the two SSM’s of A & B in encrypted form using Masters keys of A & B.
Step-4: Now, a connection is established between two end hosts. The data being
exchanged between the two in an encrypted form using the session key Ks.
 Symmetric key distribution using symmetric encryption

Decentralized Key Control

 If, KDC is trustworthy the system works fine, otherwise we can opt for key
distribution which is decentralized.
 In decentralized approach, each end system will communicate with its
potential partner end system for a session key.
 Symmetric key distribution using symmetric encryption
Sharing Session key in Decentralized Key distribution
The system uses 3 steps.
B share its master key , Km with A.
(1) A sends a nonce, N1 to B as part of request for a session key.
(2) B responds with a message that is encrypted using the shared Master key (K m).

The response includes the session key selected by B, an identifier of B, the

value f(N1), and another nonce, N2.
(3) Using the new session key, A returns f(N2) to B.
 Symmetric key distribution using Asymmetric key encryption.

The method of symmetric key distribution can be implemented in three types.

Type 1: Simple Secret Key Distribution.

Type 2: Secret Key Distribution with Confidentiality and Authentication.

Type 3: A Hybrid Scheme.

 Type 1: Simple Secret Key Distribution
(1) Host -A generates a pair of public & private key {PUa, PRa}.
(2) Host-A transmit a message to Host-B consisting of PUa appended with an
identifier of A, IDA.
(3) B generates a secret key Ks, encrypt that with PUa, and send to A.
(4) A decrypt, D(PRa, E(PUa, Ks)) and recover the session key Ks.
(5) Since, only A can decrypt the message, only A and B knows Ks.
 Type 1: Simple Secret Key Distribution (contd..)

 The key distribution model is a simple model.

 The model work satisfactorily subject to the condition that no man –in- the
middle.
 It does not work when man- in-the middle intercept the message.

How man – in – the - middle – attack works ?

Man-in-the-Middle Attack for Simple Secret Key Distribution
 Man-in-the-Middle Attack for Simple Secret Key Distribution
(1) A generates a pair of Public & Private key {PUa, PRa} and transmits a message
to B consisting of (PUa , IDA ).
(2) D intercepts the message, creates his own {PUd, PRd}. He change message as
(PUd || IDA) & transmit to B.
(3) B generates a session key, Ks, and transmits E(PUd,Ks).
(4) D intercepts the message and learns Ks by computing D(PRd, E(PUd, Ks)).
(5) D transmits E(PUa, Ks) to A.
(6) In this case, both A and B knows Ks and they are unaware that Ks has been
revealed to D.
(7) A and B can now exchange messages using Ks.
(8) Knowing Ks , D can decrypt all message, and both A and B are unaware of the
 Type 2: Secret Key Distribution with Confidentiality and Authentication
This approach provides protection against both active and passive attacks during the
process of secret key distribution.
 A generate (PUa , PRa) & B generates (PUb, PRb) and the Public keys (Pua, PUb) are
shared securely between A & B.
 Secret Key Distribution with Confidentiality and Authentication (contd..
(1) A send an encrypted message E(PUb,[N1||IDA]) to B.
(2) B responds to A by sending an encrypted message E(PU a,[N1||N2])

(3) A returns N2 by encrypting, E(PUb, N2)

(4) The steps (1), (2) & (3) assures authentication between A & B.
(5) A generate a session key Ks and sends M = E(PUb, E(PRa, Ks)) to B. Encryption of
this message with B’s public key ensures that only B can read it; encryption with
A’s private key ensures that only A could have sent it.
(6) B computes D(PUa, D(PRb, Ks)) to recover the secret key. The steps 5 & 6
provide confidentiality.
The result is that this scheme ensures both confidentiality and authentication in
the exchange of a secret key.
 Type 3: A Hybrid Scheme

 The model was developed by IBM that was used in IBM main frames.

 IBM main frame was designed based on Client/Server architecture.

 Hybrid scheme inherits the properties of Secret key distribution using

Symmetric and Asymmetric encryption.
 The scheme use Public key encryption for sharing Master key with KDC.

 KDC distributes Ks, encrypted by using the Master key (Symmetric key).

 The advantage of hybrid scheme is to improve the performance and

compatibility.
 Observations:
 Symmetric key encryption algorithms are used to encrypt large data.
 Algorithms that uses symmetric key are DES,3DES,AES,IDEA,RC4,RC5.
 Asymmetric key encryption algorithms are used to encrypt small data.
 Algorithms that uses Asymmetric key are RSA, DSA.
 Practically, Asymmetric key algorithms are slow compared to symmetric
key algorithms.
 Processing Public key is faster than private key .
 Distribution Of Public Key
How to share my public key ?.
The sharing must preserve authentication. This is a challenging task. Several
techniques have been proposed for sharing the public key.
Some popular public key sharing techniques are,
(1) Public announcement
(2) Publicly available directory
(3) Public-key authority
(4) Public-key certificate
 (1) Distribution of Public Keys by Public Announcement

 Public key distribution using Public announcement is an easy method.

You can make Public key available in open forum like email signature, website,

& public key servers.

 The disadvantage of this model is anyone can announce a key , pretending to

be other user.
 (2) Publicly Available Directory
 Some degree of security can be achieved by maintaining a special directory
called public key directory.
 The maintenance and distribution of the public key directory is by a trusted
authority.
 The authority maintains a directory containing {name, public key} of
users.
 Each user register his public key with the directory authority by a secure
and authenticated communication.
 (2) Publicly Available Directory(contd…)

 A user may replace the existing public key by a new key at any time.
 Users can access the directory to get their required public key.
 The model works fine till the agency is trustworthy and directory is secure.
 (3) Public-Key Authority
 The model provides a stronger security for public-key distribution with a tight
control over the distribution process.
 All the three entities(User A, User B & Authority), each has a pair of keys.
 In this method, before any exchange take place, users published their public
key to the authority.
 In turn authority share its public key (PUauth) with the user.
 The model provides Confidentiality and greater degree of authenticity.
 (3) Public-Key Authority (contd…)
How this method provide Authentication & Confidentiality?
 (3) Public-Key Authority (contd…)

Disadvantages of Public-Key Authority

(1) The method relay on trusting the public key authority.

(2) We must get correct public key of the authority, then the system works fine.
(3) The key distribution mechanism involve more number of transactions that
build overhead into the system reducing the performance of key distribution
algorithm.
(4) Alternate: Public key Certificates.
 (4) Public-Key Certificates

(1) This approach uses certificates.

(2) The certificate can be used by the users for authentication and sharing the
public key with other users.
(3) No need of contacting the authority.
(4) Only the certificate authority is authorized to create and update certificate.
(5) Such certificates are used in web security.
(4) Public-Key Certificates (contd…)
How to get a certificate from CA ?
 4) Public-Key Certificates (contd…)

(i) A & B are implicitly trusted.

(ii) CA = E(PRauth , [T1||IDA ||PUa])

(iii) Format are used to represent [T1||IDA ||PUa] which is specified in X.509.
 How A & B authenticates Digital certificate (X.509)
(1) The certificate is a digitally signed document by the authority.
(2) When the receiver B receive certificate from A, verify the certificate and authenticates.
So also A.
(3) CA = E(PRauth , [T1||IDA ||PUa])
Certificate Format X.509
Version: Default is version 1, latest version is version 3.

Serial number: A unique integer value associated the certificate issued by CA.

Signature algorithm identifier: The algorithm used to sign the certificate

(Hashing Algorithm).

Issuer name: Name of the CA that created and signed this certificate.

Period of validity: Consists of two dates: the beginning and last dates.
Subject name: The name of the user to whom this certificate refers.

Subject’s public-key information: The public key of the subject, plus an

identifier of the algorithm for which this key is to be used, together with any
associated parameters.
Issuer unique identifier: An optional-bit string field used to identify uniquely
the issuing CA in the event the X.500 name has been reused for different
entities.
Subject unique identifier: An optional-bit string field used to identify uniquely
the subject in the event the X.500 name has been reused for different entities.
Extensions: A set of one or more extension fields.
Signature: It contains the hash code of the other fields encrypted with the
CA’s private key. This field includes the signature algorithm identifier.
 Public-Key Infrastructure (PKI)
 It is a frame work for managing digital certificates.
 The framework policies of PKI are defined in RFC4949.
 According to RFC 4949, PKI is a set of hardware, software, people, policies, and
procedures needed to create, manage, store, distribute, and revoke digital
certificates.
 PKI contains 5 elements. The elements are:
(i) End entity
(ii) Certificate authority (CA)
(iii) Registration authority(RA)
(iv) CRL issuer, &
(v) CRL Repository.
The elements of PKI
End entity:
An entity that participates in the PKI. They are the end users, devices
(servers, routers), or any other entity that can be identified in the subject field
of a public-key certificate. End entities acts as the consumers and supporters
of PKI.
Certification authority (CA):
CA is a trusted entity that issues digital certificates, key pair recovery, key pair
update and revocation request.
Registration authority (RA):
RA is responsible for accepting requests for digital certificates, verify the
request, authenticate. After satisfactory authentication, tell the
certificate authority (CA) to issue certificate to the entity.
 Public-Key Infrastructure (contd…)
CRL issuer:
A Certificate Revocation List (CRL) is a list of digital certificates that have been
revoked (invalid). These certificates are truly issued by the issuing authority (CA),
but, revoked by CA before their expiry date and should no longer be trusted.

CRL Repository:
 CRL repository is the list of revoked certificates which are signed by CA. The
repository is freely available for public reference. Each revoked certificate is listed
in  CRL by certificate serial number.
 PKIX Management (Public Key Infrastructure X.509 )

(1) PKIX define a number of management functions to support PKI elements.

(2) PKIX management function entities are:
Registration, Initialization, Certification, Key pair recovery, Key pair update,
Revocation request, & Cross certification.
(3) These management entities support PKI elements to perform their
function.
 PKIX model
 The model shows the interrelationship among the PKI elements and PKIX
management function entities.
 PKIX  define the standards for public key infrastructures to support on the
Internet.
 PKIX Management functions
(i) Registration
End entity makes itself to know to a CA or through RA. Registration is the
process of enrolling in a PKI. Registration can be done online or offline after
proper verification.
(ii) Initialization
Before the client use the certificate for secure communication, he has to
install some initial information into his system.
(iii) Certification
CA issues a certificate to user and post the revoked certificate in to a
repository.
(iv) Key pair recovery
A mechanism to recover the necessary pair of keys.
 PKIX Management functions(contd…)
(v) Key pair update
A mechanism to update the pair of keys regularly before expiry & after expiry ,
& issue of new certificate.
(vi) Revocation request
Reason for revocation when private key compromised, change in affiliation, and
change in name. new certificate is to be issued.
(vii) Cross certification
Two CAs exchange information. It is a certificate issued by one CA to another CA
that contain a CA signature key used for issuing a certificate.

End of UNIT 4
 Unit 5

Transport Level Security

Or

Transport Layer Security