Key Distribution

1
Key Distribution
2
Where to Put Encryption?

• Link level
• Vulnerable links equipped with encryption devices
  on both sides
• Needs large number of devices
• Needs decryption to perform routing
• End-to-end
• Carried out at the end systems
• Can encrypt only the data portion and not the
  header

3
Link vs. End-to-End Key Distribution

• Link keys must be distributed to each pair of
  link endpoints in advance
• Relatively easy to distribute securely
• For e-t-e, must generate and distribute many
  keys, often in real time

4
Logical Placement

• Application layer
• Transport layer
• Network layer
• Link layer

5
Traffic Analysis

• Both techniques hide user data (payload)
• Link encryption
• Hides address information
• Buffers clear data in each node
• E-T-E encryption
• Leaves addresses in the clear
• No need to buffer decrypted payload
• Use both techniques?

6
Traffic Analysis

• Identities of communicating partners
• Frequency of communication
• Message patterns, e.g., length, quantity,
  (encrypted) content
• Correlation between messages and real world
  events
• Can (sometimes) be defeated through traffic
  padding

7
Covert Channels

• Essentially, the dual of traffic analysis
• Usually intended to violate or defeat a security
  policy
• Examples
• Message length
• Message content
• Message presence

8
Key Distribution

• Most important component in secure transmission.
• Options (between A and B).
• A selects a key and physically delivers it to B.
• A trusted third party key distribution center
  (KDC) selects a key and physically delivers it to
  A and B.
• If A and B already have have a viable key, it can
  be used to distribute a new key.
• If A and B have a secure link to KDC, can receive
  the key through that channel.

9
Key Distribution (contd)

• Manual delivery is straightforward for link
  encryption, challenging for E-T-E
• The number of keys grows quadratically with the
  number of endpoints (n(n-1)/2)
• Further complexity for application/user level
  encryption
• KDC a good alternative
• Only n master keys required

10
Decentralized Distribution

• No need for KDC to be trusted and protected
• Any two nodes can establish a session key
• Needs n(n-1)/2 master keys
• Can generate any number of session keys
• Key distribution protocol

11
Public Key Management

• Distribution of public keys
• Public announcement
• Public directories
• Public-key authority
• Public-key certificates
• Use of public-key encryption to distribute secret
  keys

12
Public-Key Authority and Certificates

• Very similar to session key obtaining process
• Both the parties are assumed to have authoritys
  public key
• Authority sends the key encrypted in private key
  (for authentication)
• Authority could be a bottle-neck
• Instead use certificates authenticated by
  authority

13
Public-key distribution of secret keys

• A sends public key, ID) to B
• B sends secret key encrypted in Kua
• A decrypts for private key

14
Public-Key Authority
Public-key authority
(4) RequestT2
(5) EKd_authKe_aRequestT2
(1) RequestT1
(2) EKd_authKe_bRequestT1
(3) EKe_bIDA N1
A
(6) EKe_aN1N2
B
(7) EKe_bN2
15
Public-Key Certificates

• A certificate contains a public key and other
  information
• Created by a certificate authority
• Given to the participant with the matching
  private key
• A participant transmits its certificate to convey
  its key information
• Other participants can verify that the
  certificate was created by the authority
• All nodes are pre-configured with the public key
  of the certificate authority (CA)

16
Exchange of Public-key Certificates
Certificate Authority
Ke_b
CB EKd_authT2, IDB, Ke_b
Ke_a
CA EKd_authT1, IDA, Ke_a
(1) CA
A
(2) CB
B
B does DKe_auth(CA) DKe_auth(EKd_authT1, IDA,
Ke_a) (T1, IDA, Ke_a), hence gets the public
key of A
17
Public-key distribution of secret keys

• A sends public key, ID) to B
• B sends secret key encrypted in Kua
• A decrypts for private key
• Vulnerable to active attack?

(1) Ku_aIDA
A
(2) EKu_aKs
B
18
Distribution With Confidentiality and
Authentication
(1) EKu_bN1IDA
(2) EKu_aN1 N2
A
B
(3) EKu_bN2
(4) EKu_bEKr_aKs
19
Diffie-Hellman KE

• Public information
• p is a prime number
• g is a generating element of Zp
• Alices
• Private Key a
• Public Key ga mod p
• Bobs
• Private Key b
• Public Key gb mod p

20
DH Key Exchange

• Key Exchange
• Alice obtains gb and computes
• (gb)a gab mod p ks
• Bob obtains ga and computes
• (ga)b gab mod p ks
• Alice and Bob have agreed upon key ks
• The well-known man-in-the-middle attack exploits
  the lack of authentication

21
Diffie-Hellman Scheme

• Security factors
• Discrete logarithm very difficult.
• Shared key (the secret) itself never transmitted.
• Disadvantages
• Expensive exponential operation
• The scheme itself cannot be used to encrypt
  anything it is for secret key establishment.
• No authentication, so you can not sign anything

22
Man-In-The-Middle Attack

• Alice Eve Bob
• ga123 ge 654 gb 255
• 123 --gt 654 --gt
• lt--654 lt--255
• gae geb
• Eve plays Bob to Alice and Alice to Bob

23
DH in Phone Book Mode

• In the attack public key-component was
  intercepted and substituted
• Phone book mode allows everyone to generate the
  public key-component in advance and publish them
  through other reliable means
• All communicating parties agree on their common
  ltg, pgt

24
Authenticated DH

• Alice sends ga mod p to Bob and Bob computes
  kB (ga )b mod p.
• Bob sends gb mod p and SB(gb, ga) and his
  certificate to Alice
• Alice computes kA (gb )a mod p.
• Finally, Alice sends ga mod p and SA(ga, gb) and
  his certificate to Bob

25
Key Generation

• Manual selection not good
• Using pass-phrase
• Random generation
• PRNG
• Standards

26
Random Number Generation

• Need
• Stream Key
• Encryption keys
• Secret symmetric keys
• Private asymmetric keys
• Session keys
• Digital Signature Schemes
• RSA
• Against replay attacks
• Nonce

27
How do we know?
28
True Random Sources

• Elapsed time between emissions of particles from
  a radioactive source
• Quantum effects in a semiconductor, such as a
  noisy diode or a noisy resistor
• Frequency fluctuations of free-running
  oscillators
• Fluctuations in the amount a metal insulator
  semiconductor capacitor is charged during a fixed
  period of time
• Fluctuations in read times caused by air
  turbulence within a sealed disk drive

29
Typical Implementation
30
Cryptographic PRNGs

• RNG from a counter
• ANSI X9.17 PRNG
• 2 pr inputs
• 3 Triple DES encryption
• Blum Blum Shub generator
• Considered to be cryptographically secure