Chapter 14:

Key Distribution

Agenda
Symmetric Key distribution using symmetric techniques
Symmetric Key distribution using Asymmetric techniques
Symmetric Key distribution using hybrid techniques
Asymmetric Key distribution
Certificate Example

Definition
Link encryption (link or physical layer encryption): is an approach to
communications security that encrypts and decrypts all traffic at each end of
a communications line
End-to-end encryption (Application encryption) : messages are
encrypted by the sender at the point of origin and only decrypted by the
intended receiver.

?How to share a Secret Key

1. A can select a key and physically deliver it to B.
2. A third party can select the key and physically deliver it to A and B.
3. If A and B have previously and recently used a key, one party can transmit
the new key to the other, encrypted using the old key.
4. If A and B each has an encrypted connection to a third party C, C can
deliver a key on the encrypted links to A and B.
Which one(s) are more appropriate for Link encryption ? Which one(s) are
more appropriate for end-to-end encryption ?

Symmetric Key
distribution using
symmetric techniques

Definition
A session key is a temporary encryption key used between two principals.
A master key is a long-lasting key that is used between a key distribution
center and a principal for the purpose of encoding the transmission of session
keys. Typically, the master keys are distributed by noncryptographic
means.
Anonceis an arbitrary number used only once in a cryptographic
communication, in the spirit of anonceword () . The nonce may be
a timestamp, a counter, or a random number; the minimum requirement is
that it differs with each request.
We will always talk about distributing session keys or public keys.

Symmetric Key Distribution

using Symmetric encryption
example
How would A make
sure that B is the one
replying?
How would B be sure
that A is the one
replying?
How would A/B make
sure that it is not a
reply of old reply?
How many master keys
needed if we have a
network of n nodes?

Symmetric Key Distribution

using Symmetric encryption
example
How would A make
sure that B is the one
replying?
How would B be sure
that A is the one
replying?
How would A/B make
sure that it is not a
reply of old reply?
How many master keys
needed if we have a
network of n nodes?

A Transparent Key Control

Scheme
The sender doesnt
have to worry or even
be aware by the
encryption

Hierarchical Key Control

One KDC for all the world ?
Each host is linked to one KDC
KDCs link together to for a tree for communication
The tree decrease the overhead over each KDC, and minimize the impact of
a faulty KDC.

Session Key Lifetime

When Should I exchange a new session key?
When the old key is exploit.
When it is used too much by number of messages or time. (to prevent attacks and
predictions).
In connection oriented approach, it could be used for every new connection

it is more secure to change session key frequently, Why dont we

use a new session key for each message?
The key exchange induce extra overhead (delay) on the connection.
We need to decide wisely between security and overhead.

Types of session keys

Data-encrypting key, for general communication across a network
PIN-encrypting key, for personal identification numbers (PINs) used in
electronic funds transfer and point-of-sale applications
File-encrypting key, for encrypting files stored in publicly accessible
locations.
. Etc

Why do we have different types of keys?

How do you know what is the type of the key?

DES control schema

Use DES for encrypting key
Makes use of the extra 8 bits in each 64-bit DES (or 3DES) key. (remember it
was 56-bit)
Type of information in this extra bits :
Used for Encryption
Used for Decryption
Session Key/ Master Key

Limitation :
The tag length is limited to 8 bits, limiting its flexibility and functionality.
Because the tag is not transmitted in clear form, it can be used only at the point of
decryption, limiting the ways in which key use can be controlled.

Control Vector schema

It defies the limitation of the
Last schema:
Size of control vector is
variable and flexible
Control vector are sent in a
clear form

Key distribution using

Asymmetric techniques

Symmetric Key Distribution

using Asymmetric encryption
example

Man in the Middle Attack

?Solution

Symmetric Key Distribution

using Asymmetric encryption
example

Confidentiality & Authentication, .. But how it got the Public key of the other?

Hybrid Key distribution

USING SYMMETRIC AND ASYMMETRIC TECHNIQUES

Hybrid approach
Distribute session key using master key (symmetric Encryption)
Distribute Master keys using ( Public Encryption)
Rational ?
Performance (public-private encryption is computational costy)
Backward compatibility

Distribution of Public
key

Distribution of public keys

Public announcement
easy to masquerade
very high overhead

Distribution of public keys

Public announcement
Public Available directory
directory have to be trusted
contains {name,public-key} entries
participants register securely with directory
participants can replace key at any time
directory is periodically published
directory can be accessed electronically
Still easy to masquerade (Man-in-the )

Distribution of public keys

Public announcement
Public Available directory
Public-key authority

Public-Key Authority
Like Public directory but with Authentication

24

Distribution of public keys

Public announcement
Public Available directory
Public-key authority
Public-key Certificate
certificates allow key exchange without real-time access to publickey authority
a certificate binds identity to public key usually with other info
such as period of validity, rights of use etc
with all contents signed by a trusted Public-Key or Certificate
Authority (CA)
can be verified by anyone who knows the public-key authorities
public-key

Public-Key Certificates
1. Any participant can read a
certificate to determine the
name and public key of the
certificates owner.
2. Any participant can verify
that the certificate originated
from the certificate authority
and is not counterfeit.
3. Only the certificate
authority can create and
update certificates.
4. Any participant can verify
the currency of the
certificate.

26

Public-Key Certificates
Limitation:
It takes time, in case of
certificate change.
Users might use old
certificates.

27

X.509 CERTIFICATES

Public-Key Certificate Use

X.509 certificate contents

Remember: Public-Key
.Certificates Req
1. Any participant can read a certificate to determine the name and public key of the
certificates owner.
2. Any participant can verify that the certificate originated from the certificate authority
and is not counterfeit.
3. Only the certificate authority can create and update certificates.
4. Any participant can verify the currency of the certificate.
Because certificates are unforgeable, they can be placed in a directory without the need
for the directory to make special efforts to protect them.

31

Chain of CA
Is there only One CA in the world ?
Initially
A has certificate from CA X1. A securely knows X1s public key.
B has certificate from CA X2. B securely knows X2s public key.

CAs have securely exchanged their own public keys

A wants to verify Bs certificate signed by X2

A obtains from the directory the certificate of X 2 signed by X1.
A can obtain X2s public key from its certificate and verify it by means of X 1s
signature on the certificate.
A then goes back to the directory and obtains the certificate of B signed by X 2.
Because A now has a trusted copy of X2s public key,A can verify the signature and
securely obtain Bs public key.

Chain of CA
Notation : X1 has certificate of X2
Previous example:
mean?)

X1 <<X2>>

X1 <<X2>> X2 <<B>>

(what does that

A chain of CAs X1 <<X2>> X2<<X3>> X3 <<X4>>

require that each pair Xi , Xi+1 to secretly share their public key in advance.
How to determine the chain of CAs that contains the certificate?

Determine the chain of CAs

Each CAs has two types of certificates
Forward certificates: Certificates of X
generated by other CAs
Reverse certificates: Certificates
generated by X that are the certificates of
other CAs.

How to find the path in the tree is beyond

our scope
A acquires B certificate using chain:
X<<W>>W<<V>>V<<Y>>Y<<Z>>Z<
<B>>
B acquires A certificate using chain:
Z<<Y>>Y<<V>>V<<W>>W<<X>>X<
<A>>

Certificate Revocation
(invalidating)
Why ?
The users private key is assumed to be compromised.
The user is no longer certified by this CA. Reasons for this include that the subjects name has
changed, the certificate is superseded, or the certificate was not issued in conformance with the CAs
policies.
The CAs certificate is assumed to be compromised.

Each CA must maintain a list (CRL) consisting of all revoked but not expired certificates
issued by that CA
Each certificate revocation list (CRL) posted to the directory is signed by the issuer.
CRL includes

the issuers name,

the date the list was created,
the date the next CRL is scheduled to be issued
An entry for each revoked certificate. (Certificate is identified by its serial number)

Public Key Infrastructure

37

Thank You