Key Management
Network Systems Security
Mort Anvari
Key Management
Asymmetric encryption helps address
key distribution problems
Two aspects
distribution of public keys
use of public-key encryption to distribute
secret keys
9/16/2004
2
Distribution of Public Keys
Four alternatives of public key
distribution
Public announcement
Publicly available directory
Public-key authority
Public-key certificates
9/16/2004
3
Public Announcement
Users distribute public keys to recipients
or broadcast to community at large
E.g. append PGP keys to email messages
or post to news groups or email list
Major weakness is forgery
anyone can create a key claiming to be
someone else and broadcast it
can masquerade as claimed user before
forgery is discovered
9/16/2004
4
Publicly Available Directory
Achieve greater security by registering keys
with a public directory
Directory must be trusted with properties:
contains {name, public-key} entries
participants register securely with directory
participants can replace key at any time
directory is periodically published
directory can be accessed electronically
Still vulnerable to tampering or forgery
9/16/2004
5
Public-Key Authority
Improve security by tightening control over
distribution of keys from directory
Has properties of directory
Require users to know public key for the
directory
Users can interact with directory to obtain
any desired public key securely
require real-time access to directory when keys
are needed
9/16/2004
6
Public-Key Authority
9/16/2004
7
Public-Key Certificates
Certificates allow key exchange without realtime access to public-key authority
A certificate binds identity to public key
usually with other info such as period of validity,
authorized rights, etc
With all contents signed by a trusted PublicKey or Certificate Authority (CA)
Can be verified by anyone who knows the
CA’s public key
9/16/2004
8
Public-Key Certificates
9/16/2004
9
Distribute Secret Keys
Using Asymmetric Encryption
Can use previous methods to obtain public
key of other party
Although public key can be used for
confidentiality or authentication, asymmetric
encryption algorithms are too slow
So usually want to use symmetric encryption
to protect message contents
Can use asymmetric encryption to set up a
session key
9/16/2004
10
Simple Secret Key Distribution
Proposed by Merkle in 1979
A generates a new temporary public key pair
A sends B the public key and A’s identity
B generates a session key Ks and sends encrypted
Ks (using A’s public key) to A
A decrypts message to recover Ks and both use
9/16/2004
11
Problem with
Simple Secret Key Distribution
An adversary can intercept and impersonate
both parties of protocol
A generates a new temporary public key pair {KUa, KRa} and
sends KUa || IDa to B
Adversary E intercepts this message and sends KUe || IDa to
B
B generates a session key Ks and sends encrypted Ks (using
E’s public key)
E intercepts message, recovers Ks and sends encrypted Ks
(using A’s public key) to A
A decrypts message to recover Ks and both A and B unaware
of existence of E
9/16/2004
12
Distribute Secret Keys
Using Asymmetric Encryption
if A and B have securely exchanged public-keys
?
9/16/2004
13
Problem with Previous Scenario
Message (4) is not protected by N2
An adversary can intercept message
(4) and replay an old message or
insert a fabricated message
9/16/2004
14
Order of Encryption Matters
What can be wrong with the following
protocol?
AB: N
BA: EKUa[EKRb[Ks||N]]
An adversary sitting between A and B
can get a copy of secret key Ks without
being caught by A and B!
9/16/2004
15
Diffie-Hellman Key Exchange
First public-key type scheme proposed
By Diffie and Hellman in 1976 along
with advent of public key concepts
A practical method for public exchange
of secret key
Used in a number of commercial
products
9/16/2004
16
Diffie-Hellman Key Exchange
Use to set up a secret key that can be used for
symmetric encryption
cannot be used to exchange an arbitrary message
Value of key depends on the participants (and their
private and public key information)
Based on exponentiation in a finite (Galois) field
(modulo a prime or a polynomial) - easy
Security relies on the difficulty of computing discrete
logarithms (similar to factoring) – hard
9/16/2004
17
Primitive Roots
From Euler’s theorem: aø(n) mod n=1
Consider am mod n=1, GCD(a,n)=1
must exist for m= ø(n) but may be smaller
once powers reach m, cycle will repeat
If smallest is m= ø(n) then a is called a
primitive root
if p is prime, then successive powers of a
“generate” the group mod p
Not every integer has primitive roots
9/16/2004
18
Primitive Root Example:
Power of Integers Modulo 19
9/16/2004
19
Discrete Logarithms
Inverse problem to exponentiation is to find the
discrete logarithm of a number modulo p
Namely find x where ax = b mod p
Written as x=loga b mod p or x=inda,p(b)
If a is a primitive root then discrete logarithm always
exists, otherwise may not
x = 4 mod 13 has no answer
3
x = 3 mod 13 has an answer 4
2
While exponentiation is relatively easy, finding
discrete logarithms is generally a hard problem
9/16/2004
20
Diffie-Hellman Setup
All users agree on global parameters
Each user (e.g. A) generates its key
large prime integer or polynomial q
α which is a primitive root mod q
choose a secret key (number): xA < q
xA
compute its public key: yA = α mod q
Each user publishes its public key
9/16/2004
21
Diffie-Hellman Key Exchange
Shared session key for users A and B is KAB:
xA.xB
KAB = α
mod q
xB
= yA mod q (which B can compute)
xA
= yB mod q (which A can compute)
KAB is used as session key in symmetric
encryption scheme between A and B
Attacker needs xA or xB, which requires
solving discrete log
9/16/2004
22
Diffie-Hellman Example
Given Alice and Bob who wish to swap keys
Agree on prime q=353 and α=3
Select random secret keys:
Compute public keys:
A chooses xA=97, B chooses xB=233
97
yA=3 mod 353 = 40
(Alice)
233
yB=3
mod 353 = 248 (Bob)
Compute shared session key as:
xA
97
KAB= yB mod 353 = 248 = 160
xB
233
KAB= yA mod 353 = 40
= 160
9/16/2004
(Alice)
(Bob)
23
Next Class
Hashing functions
Message digests
9/16/2004
24
© Copyright 2026 Paperzz