Key Management

Key Management:-

One of the major roles of public-key encryption has been to address the problem of key distribution. Two distinct aspects to use of public key encryption are present. 

  • The distribution of public keys. 
  • Use of public-key encryption to distribute secret key

Distribution of Public Keys:        

The most general schemes for distribution of public keys are given below 

  • Public announcement of public keys
  • Publicly available directory
  • Public key authority
  • Public key certificates

PUBLIC ANNOUNCEMENT OF PUBLIC KEYS:-

Here any participant can send his or her public key to any other participant or broadcast the key to the community at large. For example, many PGP users have adopted the practice of appending their public key to messages that they send to public forums. 
Though this approach seems convenient, it has a major drawback. Anyone can forge such a public announcement. 
Some user could pretend to be user A and send a public key to another participant or broadcast such a public key. Until the time when A discovers about the forgery and alerts other participants, the forger is able to read all encrypted messages intended for A and can use the forged keys for authentication. 


PUBLICLY AVAILABLE DIRECTORY:-

A greater degree of security can be achieved by maintaining a publicly available dynamic directory of public keys. Maintenance and distribution of the public directory would have to be the responsibility of some trusted entity or organization. It includes the following elements: 
  1. The authority maintains a directory with a {name, public key} entry for each participant. 
  2. Each participant registers a public key with the directory authority. Registration would have to be in person or by some form of secure authenticated communication. 
  3.   A participant may replace the existing key with a new one at any time, either because of the desire to replace a public key that has already been used for a large amount of data, or because the corresponding private key has been compromised in some way. 
  4.   Participants could also access the directory electronically. For this purpose, secure, authenticated communication from the authority to the participant is mandatory. This scheme has still got some vulnerabilities. If an adversary succeeds in obtaining or computing the private key of the directory authority, the adversary could authoritatively pass out counterfeit public keys and subsequently impersonate any participant and eavesdrop on messages sent to any participant. Or else, the adversary may tamper with the records kept by the authority.


PUBLIC-KEY AUTHORITY:-

Stronger security for public-key distribution can be achieved by providing tighter control over the distribution of public keys from the directory. This scenario assumes the existence of a public authority (whoever that may be) that maintains a dynamic directory of public keys of all users. 
The public authority has its own (private key, public key) that it is using to communicate to users. Each participant reliably knows a public key for the authority, with only the authority knowing the corresponding private key. For example, consider that Alice and Bob wish to communicate with each other and the following steps take place and are also shown in the figure below: 



1.) Alice sends a timestamped message to the central authority with a request for Bob’s public key (the time stamp is to mark the moment of the request) 
2.) The authority sends back a message encrypted with its private key (for authentication) –message contains Bob’s public key and the original message of Alice – this way Alice knows this is not a reply to an old request; 
3.) Alice starts the communication to Bob by sending him an encrypted message containing her identity IDA and a nonce N1 (to identify uniquely this transaction) 
4.) Bob requests Alice’s public key in the same way (step 1) 
5.) Bob acquires Alice’s public key in the same way as Alice did. (Step-2) 
6.) Bob replies to Alice by sending an encrypted message with N1 plus a new generated nonce N2 (to identify uniquely the transaction) 
7.) Alice replies once more encrypting Bob’s nonce N2 to assure bob that its correspondent is Alice 
Thus, a total of seven messages are required. However, the initial four messages need be used only infrequently because both A and B can save the other's public key for future use, a technique known as caching. Periodically, a user should request fresh copies of the public keys of its correspondents to ensure currency. 

PUBLIC-KEY CERTIFICATES:-

The above technique looks attractive, but still has some drawbacks. For any communication between any two users, the central authority must be consulted by both users to get the newest public keys i.e. the central authority must be online 24 hours/day. 
If the central authority goes offline, all secure communications get to a halt. This clearly leads to an undesirable bottleneck. 
A further improvement is to use certificates, which can be used to exchange keys without contacting a public-key authority, in a way that is as reliable as if the keys were obtained directly from a public-key authority. A certificate binds an identity to public key, with all contents signed by a trusted Public-Key or Certificate Authority (CA). 
A user can present his or her public key to the authority in a secure manner, and obtain a certificate. The user can then publish the certificate. Anyone needed this user's public key can obtain the certificate and verify that it is valid by way of the attached trusted signature. A participant can also convey its key information to another by transmitting its certificate. 
Other participants can verify that the certificate was created by the authority. This certificate issuing scheme does have the following requirements: 
  • Any participant can read a certificate to determine the name and public key of the certificate's owner. 
  • Any participant can verify that the certificate originated from the certificate authority and is not counterfeit. 
  • Only the certificate authority can create and update certificates. 
  • Any participant can verify the currency of the certificate. 

  • Application must be in person or by some form of secure authenticated communication. For participant A, the authority provides a certificate of the form CA = E(PRauth, [T||IDA||PUa]) where PRauth is the private key used by the authority  and  T is a timestamp.
  •  A may then pass this certificate on to any other participant,  who reads and verifies the certificate as follows: D(PUauth, CA) = D(PUauth, E(PRauth, [T||IDA||PUa])) = (T||IDA||PUa) 
  • The recipient uses the authority's public key, PUauth to decrypt the certificate. Because the certificate is readable only using the authority's public key, this verifies that the certificate came from the certificate authority. 
  • The elements IDA and PUa provide the recipient with the name and public key of the certificate's holder. The timestamp T validates the currency of the certificate. 
  • The timestamp counters the following scenario. A's private key is learned by an adversary. A generates a new private/public key pair and applies to the certificate authority for a new certificate. Meanwhile, the adversary replays the old certificate to B. If B then encrypts messages using the compromised old public key, the adversary can read those messages. 
  • In this context, the compromise of a private key is comparable to the loss of a credit  card. The owner cancels the credit card number but is at risk until all possible communicants are aware that the old credit card is obsolete. Thus, the timestamp serves as something like an expiration date. If a certificate is sufficiently old, it is assumed to be expired. 
  • One scheme has become universally accepted for formatting public-key certificates: the 
X.509 standard. X.509 certificates are used in most network security applications, including IP security, secure sockets layer (SSL), and secure electronic transactions (SET).

SECRET KEY DISTRIBUTION WITH CONFIDENTIALITY AND AUTHENTICATION:-

It is assumed that A and B have exchanged public keys by one of the schemes described earlier. Then the following steps occur: 
1. A uses B's public key to encrypt a message to B containing an identifier of A (IDA) and a nonce (N1), which is used to identify this transaction uniquely. 
2. B sends a message to A encrypted with PUa and containing A's nonce (N1) as well as a new nonce generated by B (N2) Because only B could have decrypted message (1), the presence of N1 in message (2) assures A that the correspondent is B. 
3. A returns N2 encrypted using B's public key, to assure B that its correspondent is A. 
4. A selects a secret key Ks and sends M = E(PUb, E(PRa, Ks)) to B. Encryption of this message with B's public key ensures that only B can read it; encryption with A's private key ensures that only A could have sent it. 
5. B computes D(PUa, D(PRb, M)) to recover the secret key. 
The result is that this scheme ensures both confidentiality and authentication in the exchange of a secret key. 






Post a Comment

0 Comments