Army Cost Management & Financial Transparency MIT CDOIQ Symposium 23 July 2014 Mort Anvari
Key Management Network Systems Security Mort Anvari.
-
Upload
rodney-adams -
Category
Documents
-
view
219 -
download
0
description
Transcript of Key Management Network Systems Security Mort Anvari.
Key Management Network Systems Security
Mort Anvari
9/16/2004 2
Key Management Asymmetric encryption helps
address key distribution problems Two aspects
distribution of public keys use of public-key encryption to
distribute secret keys
9/16/2004 3
Distribution of Public Keys Four alternatives of public key
distribution Public announcement Publicly available directory Public-key authority Public-key certificates
9/16/2004 4
Public Announcement Users distribute public keys to
recipients or broadcast to community at large E.g. append PGP keys to email messages
or post to news groups or email list Major weakness is forgery
anyone can create a key claiming to be someone else and broadcast it
can masquerade as claimed user before forgery is discovered
9/16/2004 5
Publicly Available Directory Achieve greater security by registering
keys with a public directory Directory must be trusted with
properties: contains {name, public-key} entries participants register securely with directory participants can replace key at any time directory is periodically published directory can be accessed electronically
Still vulnerable to tampering or forgery
9/16/2004 6
Public-Key Authority Improve security by tightening control
over distribution of keys from directory Has properties of directory Require users to know public key for the
directory Users can interact with directory to
obtain any desired public key securely require real-time access to directory when
keys are needed
9/16/2004 7
Public-Key Authority
9/16/2004 8
Public-Key Certificates Certificates allow key exchange without
real-time access to public-key authority A certificate binds identity to public
key usually with other info such as period of
validity, authorized rights, etc With all contents signed by a trusted
Public-Key or Certificate Authority (CA) Can be verified by anyone who knows
the CA’s public key
9/16/2004 9
Public-Key Certificates
9/16/2004 10
Distribute Secret KeysUsing Asymmetric Encryption Can use previous methods to obtain
public key of other party Although public key can be used for
confidentiality or authentication, asymmetric encryption algorithms are too slow
So usually want to use symmetric encryption to protect message contents
Can use asymmetric encryption to set up a session key
9/16/2004 11
Simple Secret Key Distribution Proposed by Merkle in 1979
A generates a new temporary public key pair A sends B the public key and A’s identity B generates a session key Ks and sends encrypted
Ks (using A’s public key) to A A decrypts message to recover Ks and both use
9/16/2004 12
Problem with Simple Secret Key Distribution An adversary can intercept and
impersonate both parties of protocol A generates a new temporary public key pair {KUa,
KRa} and sends KUa || IDa to B Adversary E intercepts this message and sends KUe ||
IDa to B B generates a session key Ks and sends encrypted Ks
(using E’s public key) E intercepts message, recovers Ks and sends
encrypted Ks (using A’s public key) to A A decrypts message to recover Ks and both A and B
unaware of existence of E
9/16/2004 13
Distribute Secret KeysUsing Asymmetric Encryption if A and B have securely exchanged public-keys
?
9/16/2004 14
Problem with Previous Scenario Message (4) is not protected
by N2 An adversary can intercept
message (4) and replay an old message or insert a fabricated message
9/16/2004 15
Order of Encryption Matters What can be wrong with the
following protocol?AB: NBA: EKUa[EKRb[Ks||N]]
An adversary sitting between A and B can get a copy of secret key Ks without being caught by A and B!
9/16/2004 16
Diffie-Hellman Key Exchange First public-key type scheme proposed By Diffie and Hellman in 1976 along
with advent of public key concepts A practical method for public
exchange of secret key Used in a number of commercial
products
9/16/2004 17
Diffie-Hellman Key Exchange Use to set up a secret key that can be used for
symmetric encryption cannot be used to exchange an arbitrary message
Value of key depends on the participants (and their private and public key information)
Based on exponentiation in a finite (Galois) field (modulo a prime or a polynomial) - easy
Security relies on the difficulty of computing discrete logarithms (similar to factoring) – hard
9/16/2004 18
Primitive Roots From Euler’s theorem: aø(n) mod n=1 Consider am mod n=1, GCD(a,n)=1
must exist for m= ø(n) but may be smaller once powers reach m, cycle will repeat
If smallest is m= ø(n) then a is called a primitive root
if p is prime, then successive powers of a “generate” the group mod p
Not every integer has primitive roots
9/16/2004 19
Primitive Root Example: Power of Integers Modulo 19
9/16/2004 20
Discrete Logarithms Inverse problem to exponentiation is to find the
discrete logarithm of a number modulo p Namely find x where ax = b mod p Written as x=loga b mod p or x=inda,p(b) If a is a primitive root then discrete logarithm
always exists, otherwise may not 3x = 4 mod 13 has no answer 2x = 3 mod 13 has an answer 4
While exponentiation is relatively easy, finding discrete logarithms is generally a hard problem
9/16/2004 21
Diffie-Hellman Setup All users agree on global parameters
large prime integer or polynomial q α which is a primitive root mod q
Each user (e.g. A) generates its key choose a secret key (number): xA < q compute its public key: yA = α
xA mod q Each user publishes its public key
9/16/2004 22
Diffie-Hellman Key Exchange Shared session key for users A and B is
KAB: KAB = αxA.xB mod q= yA
xB mod q (which B can compute) = yB
xA mod q (which A can compute) KAB is used as session key in symmetric
encryption scheme between A and B Attacker needs xA or xB, which requires
solving discrete log
9/16/2004 23
Diffie-Hellman Example Given Alice and Bob who wish to swap keys Agree on prime q=353 and α=3 Select random secret keys:
A chooses xA=97, B chooses xB=233 Compute public keys:
yA=397 mod 353 = 40 (Alice)
yB=3233 mod 353 = 248 (Bob)
Compute shared session key as:KAB= yB
xA mod 353 = 24897 = 160 (Alice)KAB= yA
xB mod 353 = 40233 = 160 (Bob)
9/16/2004 24
Next Class Hashing functions Message digests