Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
key management in cryptography and network security
1.
2. What is key management?
Key management is the set of techniques and procedures
supporting the establishment and maintenance of keying
relationships between authorizedparties.
A keying relationship is the state wherein communicating
entities share common data(keying material) to facilitate
cryptography techniques. This data may include public or
secret keys, initialization values, and additionalnon-secret
parameters.
3. Key management encompasses techniquesand
procedures supporting:
1. initializationof systems users within adomain;
2. generation, distribution, and installation of keying
material;
3. controlling the use of keying material;
4. update, revocation, and destruction of keyingmaterial;
and
5. storage, backup/recovery, and archival of keying
material.
4. Objectives
The objective of key management is tomaintain
keying relationships and keying material in a
manner that counters relevantthreats
In practicean additional objective is conformance to
a relevant securitypolicy
5. Threats
1. compromise of confidentiality of secretkeys
2. compromiseof authenticityof secret or public keys.
3. unauthorized useof publicor secret keys
6. Security Policy
Security policyexplicitlyor implicitlydefines the
threats a system is intended toaddress
Security policy may affect the stringency of
cryptographic requirements, depending on the
susceptibility of the environment in questionsto
various types of attack.
7. Key management techniques
Public-key techniques
Primaryadvantages offered by public-key techniques for
applications related to key managementinclude:
1. simplified key management
2. on-line trusted server notrequired
3. enhanced functionality
10. Key management techniques
Techniques for distributing confidentialkeys
Key layering and symmetric-keycertificates
Key layering:
1. masterkeys – keys at the highest level in the hierarchy
2. key-encrypting keys – symmetric keys or encryptionpublic
keys used for key transportorstorageof other keys
3.data keys – used toprovidecryptographicoperationson user
data
11. Key management techniques
symmetric-keycertificates:
Symmetric-key certificates providea means fora KTC(KeyTranslation
Center) to avoid the requirement of either maintaining a secure
database of user secrets (or duplicating such a database for multiple
servers), or retrieving such keys from a database upon translation
requests.
12. Key management life cycle
1. userregistration
2. user initialization
3. key generation
4. key installation
5. keyregistration
6. normal use
7. key backup
8. keyupdate
9. archival
10. key de-registration anddestruction
11. key recovery
12. key revocation
13. Key Distribution
given parties A and B havevarious keydistribution
alternatives:
1. A can select keyand physicallydeliver to B
2. third partycan select & deliver key to A & B
3. if A & B have communicated previously canuse
previous key to encrypta new key
4. if A & B have securecommunications with a third
party C, C canrelay key between A & B
16. Key Distribution Issues
hierarchies of KDC’s required for large networks,but
must trust eachother
session key lifetimes should be limited forgreater
security
useof automatic keydistributionon behalf of users,
but must trustsystem
use of decentralized keydistribution
controlling key usage
17. Simple Secret Key Distribution
Merkleproposed thisverysimplescheme
allows securecommunications
no keys before/afterexist
19. Distribution of Public Keys
can beconsidered as using oneof:
publicannouncement
publicly availabledirectory
public-keyauthority
public-keycertificates
20. Public Announcement
usersdistribute public keys torecipients or broadcast
to community atlarge
eg. append PGP keys toemail messagesor post to news
groups or emaillist
major weakness isforgery
anyone can createa keyclaiming to be someone elseand
broadcast it
until forgery isdiscovered can masqueradeas claimed
user
21. Publicly Available Directory
can obtain greatersecurity by registering keyswith a
publicdirectory
directory must be trusted withproperties:
contains {name,public-key} entries
participants register securely withdirectory
participantscan replace keyat any time
directory is periodicallypublished
directory can be accessedelectronically
still vulnerable to tampering or forgery
22. Public-Key Authority
improve security by tightening controlover
distribution of keys fromdirectory
has properties of directory
and requires users to know public key for the directory
then users interact with directory to obtain any desired
public key securely
does require real-time access to directory when keys are
needed
may be vulnerable totampering
24. Public-Key Certificates
certificatesallow keyexchange withoutreal-time
access to public-keyauthority
a certificate binds identity to publickey
usuallywith other infosuch as period of validity, rights
of useetc
with all contents signed bya trusted Public-Keyor
Certificate Authority(CA)
can beverified byanyonewho knows the public-key
authorities public-key