2. What is key management?
1. Key management is the set of techniques and
procedures supporting the establishment and
maintenance of keying relationships between
authorized parties.
2. A keying relationship is the state wherein
communicating entities share common data(keying
material) to facilitate cryptography techniques. This
data may include public or secret keys, initialization
values, and additional non-secret parameters.
3. Key management encompasses
techniques and procedures supporting:
1. initialization of systems users within a domain;
2. generation, distribution, and installation of keying
material;
3. controlling the use of keying material;
4. update, revocation, and destruction of keying material;
and
5. storage, backup/recovery, and archival of keying material.
4. Threats:
1. compromise of confidentiality of secret keys
2. compromise of authenticity of secret or public
keys.
3. unauthorized use of public or secret keys
5. Key management techniques:
Public-key techniques :
Primary advantages offered by public-key techniques
for applications related to key management include:
1. simplified key management
2. on-line trusted server not required
3. enhanced functionality
6. Key management life cycle:
1. user registration
2. user initialization
3. key generation
4. key installation
5. key registration
6. normal use
7. key backup
8. key update
7. Key Distribution:
Given parties A and B have various key distribution
alternatives:
1. A can select key and physically deliver to B
2. third party can select & deliver key to A & B
3. if A & B have communicated previously can use
previous key to encrypt a new key
4. if A & B have secure communications with a third party
C, C can relay key between A & B
8. Key Distribution Issues:
1. Hierarchies of KDC’s required for large networks, but
must trust each other
2. Session key lifetimes should be limited for greater security
3. Use of automatic key distribution on behalf of users, but
must trust system
4. Use of decentralized key distribution
5. Controlling key usage
9. Public-Key Authority:
1. Improve security by tightening control over distribution of
keys from directory
2. Has properties of directory and
3. Requires users to know public key for the directory then
4. Users interact with directory to obtain any desired public key
securely
5. Does require real-time access to directory when keys are
needed
6. May be vulnerable to tampering