1

public-key

encryption helps address key distribution problems have two aspects of this:

distribution of public keys use of public-key encryption to distribute secret keys

 can

be considered as using one of:

public announcement publicly available directory public-key authority public-key certificates

 users

distribute public keys to recipients or broadcast to community at large

E.g., append PGP keys to email messages or post to news groups or email list

major

weakness is forgery

anyone can create a key claiming to be someone else and broadcast it until forgery is discovered can masquerade as claimed user

 can

obtain greater security by registering keys with a public directory directory must be trusted with properties:

contains {name,public-key} entries participants register securely with directory participants can replace key at any time directory is periodically published directory can be accessed electronically

still

vulnerable to tampering or forgery

 improve

security by tightening control over distribution of keys from directory requires users to know public key for the directory then users interact with directory to obtain any desired public key securely

does require real-time access to directory when keys are needed

 certificates

allow key exchange without realtime access to public-key authority a certificate binds identity to public key
-contains other info such as period of validity, rights of use, etc.
with

all contents signed by a trusted PublicKey or Certificate Authority (CA) can be verified by anyone who knows the public-key authorities public-key

10

11

 use

previous methods to obtain public-key can use for secrecy or authentication but public-key algorithms are slow so usually want to use private-key encryption to protect message contents hence need a session key have several alternatives for negotiating a suitable session key

12

 proposed

by Merkle in 1979

A generates a new temporary public key pair A sends the public key and its identity to B B generates a session key K and sends it to A encrypted using the supplied public key A decrypts the session key and both use

problem

is that an opponent can intercept and impersonate both halves of protocol

13

Simple Use of Public-Key Encryption to Establish a Session Key

14

& B securely exchange public-keys: -Insures both (i) confidentiality and (ii) authentication.

15

 use

of private-key KDC shares secret master key with each user distributes session key using master key public-key used to distribute master keys

Three-level hierarchy. Performance (public key cryptography is used the least frequently.)

rationale

16

by Diffie & Hellman in 1976 along with the exposition of public key concepts

Williamson secretly proposed the concept in 1970

practical method for public exchange of a secret key --even when two parties do not know each other (they share no secret information). -does not require a third party (like KDC).

17

public-key distribution scheme

establishes a common key known only to the two participants

value

of key depends on the participants (and their private and public key information) based on exponentiation in a finite field (modulo a prime or a polynomial) security relies on the difficulty of computing discrete logarithms (similar to factoring) hard
18

 all

users agree on global parameters:

large prime integer or polynomial q number a that is a primitive root mod q

each

user (e.g., A) does the following: -chooses a secret key (number): xA < q xA -computes: yA = a mod q -sends yA to the other party.

19

 shared

KAB = a A. B mod q x = yA B mod q (which B can compute) xA = yB mod q (which A can compute)
KAB

session key for users A & B is KAB:

x x

is used as session key in private-key encryption scheme between Alice and Bob attacker needs an x, must solve discrete log

20

 users

Alice & Bob who wish to swap keys: agree on prime q=353 and a=3 select random secret keys:

compute
97

A chooses xA=97, B chooses xB=233

respective public keys:

compute

yA=3 mod 353 = 40 233 yB=3 mod 353 = 248

x

(Alice) (Bob)
97

shared session key as:

KAB= yB A mod 353 = 248 = 160 (Alice) xB 233 KAB= yA mod 353 = 40 = 160 (Bob)
21

 vulnerable

to a man-in-the-Middle Attack authentication of the keys is needed

22

Generates Two Private Keys XD1, XD2 Generates Two Public Keys YD1, YD2 K2 = (YA)XD2 mod q Hacker K1 = (YB)XD1 mod q YB Alice K2 = (YD2)XA mod q YD1 K1 = (YD1)XB mod q Bob

YA

YD2

23

Darth prepares for the attack by generating two random private keys XD1 and XD2 and then computing the corresponding public keys YD1 and YD2. Alice transmits YA to Bob. Darth intercepts YA and transmits YD1 to Bob. Darth also calculates K2 = (YA)XD2 mod q. Bob receives YD1 and calculates K1 = (YD1)XB mod q. Bob transmits YB to Alice. Darth intercepts YB and transmits YD2 to Alice. Darth calculates K1 = (YB)XD1 mod q. Alice receives YD2 and calculates K2 = (YD2)XA mod q.

24

 Alice

sends an encrypted message M: E(K2, M). Darth intercepts the encrypted message and decrypts it, to recover M. Darth sends Bob E(K1, M) or E(K1, M'), where M' is any message. In the first case, Darth simply wants to eavesdrop on the communication without altering it. In the second case, Darth wants to modify the message going to Bob
25

 have

considered:

distribution of public keys public-key distribution of secret keys Diffie-Hellman key exchange

26