SlideShare a Scribd company logo

16974 ch 15 key management

Download as PPT, PDF
Debanjan Bhattacharya
Debanjan Bhattacharya
TechnologyEducation
1 of 18
Key management Key generation and key distribution A user must share the key for secure communication but if user want to communicate to million of users then he has to exchange the million keys Another solution is KDC Each person shares the secret key with KDC
KDC
• 1. A request to KDC for communication to B • 2. KDC ask to B about the A request if he will be agree then session key will be established. • • When the number of peoples increases then it will be difficult for KDC to manage all peoples
Flat Multiple KDC • Now multiple KDC will manage the people • Whole world is divided into domains and each domain contains the multiple KDC
Hierarchical Multiple KDC
Simple protocol using a KDC for session KEY
Needam Schroeder Protocol
Diffie-Hellman key agreement • User can create the session key between themselves without using KDC
Diffie-Hellman • all users agree on global parameters: – large prime integer or polynomial q – a being a primitive root mod q • each user (eg. A) generates their key – chooses a secret key (number): xA < q xA – compute their public key: yA = a mod q • each user makes public that key yA
• shared session key for users A & B is KAB: xA.xB KAB = a = y xB A xA B mod q mod q (which B can compute) = y mod q (which A can compute) • KAB is used as session key in private-key encryption scheme between Alice and Bob • if Alice and Bob subsequently communicate, they will have the same key as before, unless they choose new public-keys • attacker needs an x, must solve discrete log
Diffie-Hellman Example • users Alice & Bob who wish to swap keys: • agree on prime q=353 and a=3 • select random secret keys: – A chooses xA=97, B chooses xB=233 • compute respective public keys: 97 – yA=3 mod 353 = 40 (Alice) – yB=3 233 mod 353 = 248 (Bob) • compute shared session key as: x 97 – KAB= yB A mod 353 = 248 = 160 (Alice) – KAB= y xB A mod 353 = 40 233 = 160 (Bob)
• Key is formed by 3 parameters g,x,y (g is public) • Everyone knows one third of key • Other 2 parts must be added by 2 user to form key
Man in middle attack or bucket brigade • Protocol has other weakness (no need to find the secret of users x,y instead of that form 2 key with each user
Station to station key agreement • It is a method based on DH • It uses digital signature with public key certificate to establish a session key
• 1. calculate r1 and send to other user • 2. Calculate r2 and session key, concatenate r1,r2 and id after that sign the result with private key. Bob then send r2,sig,public key • 3. after calculate the session key if sig is verified now it will generate the sig by concatenate r1,r2 and bob id (encrypted with session key) •
Security of station to station key agreement • Attacker can not forge the signature of user or forged signature can not be verified by public key of user

Recommended

Elgamal Digital Signature
Elgamal Digital SignatureElgamal Digital Signature
Elgamal Digital SignatureSou Jana
 
Kerberos
KerberosKerberos
KerberosRahul Pundir
 
Elgamal digital signature
Elgamal digital signatureElgamal digital signature
Elgamal digital signatureMDKAWSARAHMEDSAGAR
 
X.509 Certificates
X.509 CertificatesX.509 Certificates
X.509 CertificatesSou Jana
 
Elliptic curve cryptography
Elliptic curve cryptographyElliptic curve cryptography
Elliptic curve cryptographyCysinfo Cyber Security Community
 
Kerberos Authentication Protocol
Kerberos Authentication ProtocolKerberos Authentication Protocol
Kerberos Authentication ProtocolBibek Subedi
 
kerberos
kerberoskerberos
kerberossameer farooq
 
Implementation of reed solomon codes basics
Implementation of reed solomon codes basicsImplementation of reed solomon codes basics
Implementation of reed solomon codes basicsRam Singh Yadav
 

Recommended

Elgamal Digital Signature
Elgamal Digital SignatureElgamal Digital Signature
Elgamal Digital SignatureSou Jana
 
Kerberos
KerberosKerberos
KerberosRahul Pundir
 
Elgamal digital signature
Elgamal digital signatureElgamal digital signature
Elgamal digital signatureMDKAWSARAHMEDSAGAR
 
X.509 Certificates
X.509 CertificatesX.509 Certificates
X.509 CertificatesSou Jana
 
Elliptic curve cryptography
Elliptic curve cryptographyElliptic curve cryptography
Elliptic curve cryptographyCysinfo Cyber Security Community
 
Kerberos Authentication Protocol
Kerberos Authentication ProtocolKerberos Authentication Protocol
Kerberos Authentication ProtocolBibek Subedi
 
kerberos
kerberoskerberos
kerberossameer farooq
 
Implementation of reed solomon codes basics
Implementation of reed solomon codes basicsImplementation of reed solomon codes basics
Implementation of reed solomon codes basicsRam Singh Yadav
 
Diffie Hellman.pptx
Diffie Hellman.pptxDiffie Hellman.pptx
Diffie Hellman.pptxSou Jana
 
Challenge Response Authentication
Challenge Response Authentication Challenge Response Authentication
Challenge Response Authentication AzaharulIslamAsik
 
Multimedia
MultimediaMultimedia
MultimediaAshish Yaduvanshi
 
Kerberos
KerberosKerberos
KerberosSparkbit
 
An Introduction to Kerberos
An Introduction to KerberosAn Introduction to Kerberos
An Introduction to KerberosShumon Huque
 
Kerberos
KerberosKerberos
KerberosSutanu Paul
 
Elgamal &amp; schnorr digital signature scheme copy
Elgamal &amp; schnorr digital signature scheme copyElgamal &amp; schnorr digital signature scheme copy
Elgamal &amp; schnorr digital signature scheme copyNorth Cap University (NCU) Formely ITM University
 
DES Simplified
DES SimplifiedDES Simplified
DES SimplifiedShiraz316
 
Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication rajakhurram
 
Digital Signature Standard
Digital Signature StandardDigital Signature Standard
Digital Signature StandardSou Jana
 
Serial Digital Interface (SDI), From SD-SDI to 24G-SDI, Part 1
Serial Digital Interface (SDI), From SD-SDI to 24G-SDI, Part 1Serial Digital Interface (SDI), From SD-SDI to 24G-SDI, Part 1
Serial Digital Interface (SDI), From SD-SDI to 24G-SDI, Part 1Dr. Mohieddin Moradi
 
Elliptic Curve Cryptography Message Exchange
Elliptic Curve Cryptography Message ExchangeElliptic Curve Cryptography Message Exchange
Elliptic Curve Cryptography Message ExchangeJacopoMariaValtorta
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)Kalpesh Kalekar
 
Networking Protocols for Internet of Things
Networking Protocols for Internet of ThingsNetworking Protocols for Internet of Things
Networking Protocols for Internet of Thingsrjain51
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 
MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication CodesDarshanPatil82
 
MIPI DevCon 2016: MIPI CSI-2 Application for Vision and Sensor Fusion Systems
MIPI DevCon 2016: MIPI CSI-2 Application for Vision and Sensor Fusion SystemsMIPI DevCon 2016: MIPI CSI-2 Application for Vision and Sensor Fusion Systems
MIPI DevCon 2016: MIPI CSI-2 Application for Vision and Sensor Fusion SystemsMIPI Alliance
 
Elliptic Curve Cryptography
Elliptic Curve CryptographyElliptic Curve Cryptography
Elliptic Curve CryptographyJorgeVillamarin5
 
FTP - File Transfer Protocol
FTP - File Transfer ProtocolFTP - File Transfer Protocol
FTP - File Transfer ProtocolPeter R. Egli
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS Ghanshyam Patel
 
UNIT-IV.pptx
UNIT-IV.pptxUNIT-IV.pptx
UNIT-IV.pptxSunnyAnchews
 
KEY MGMT.ppt
KEY MGMT.pptKEY MGMT.ppt
KEY MGMT.pptRizwanBasha12
 

More Related Content

What's hot

Diffie Hellman.pptx
Diffie Hellman.pptxDiffie Hellman.pptx
Diffie Hellman.pptxSou Jana
 
Challenge Response Authentication
Challenge Response Authentication Challenge Response Authentication
Challenge Response Authentication AzaharulIslamAsik
 
An Introduction to Kerberos
An Introduction to KerberosAn Introduction to Kerberos
An Introduction to KerberosShumon Huque
 
DES Simplified
DES SimplifiedDES Simplified
DES SimplifiedShiraz316
 
Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication rajakhurram
 
Digital Signature Standard
Digital Signature StandardDigital Signature Standard
Digital Signature StandardSou Jana
 
Serial Digital Interface (SDI), From SD-SDI to 24G-SDI, Part 1
Serial Digital Interface (SDI), From SD-SDI to 24G-SDI, Part 1Serial Digital Interface (SDI), From SD-SDI to 24G-SDI, Part 1
Serial Digital Interface (SDI), From SD-SDI to 24G-SDI, Part 1Dr. Mohieddin Moradi
 
Elliptic Curve Cryptography Message Exchange
Elliptic Curve Cryptography Message ExchangeElliptic Curve Cryptography Message Exchange
Elliptic Curve Cryptography Message ExchangeJacopoMariaValtorta
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)Kalpesh Kalekar
 
Networking Protocols for Internet of Things
Networking Protocols for Internet of ThingsNetworking Protocols for Internet of Things
Networking Protocols for Internet of Thingsrjain51
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 
MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication CodesDarshanPatil82
 
MIPI DevCon 2016: MIPI CSI-2 Application for Vision and Sensor Fusion Systems
MIPI DevCon 2016: MIPI CSI-2 Application for Vision and Sensor Fusion SystemsMIPI DevCon 2016: MIPI CSI-2 Application for Vision and Sensor Fusion Systems
MIPI DevCon 2016: MIPI CSI-2 Application for Vision and Sensor Fusion SystemsMIPI Alliance
 
Elliptic Curve Cryptography
Elliptic Curve CryptographyElliptic Curve Cryptography
Elliptic Curve CryptographyJorgeVillamarin5
 
FTP - File Transfer Protocol
FTP - File Transfer ProtocolFTP - File Transfer Protocol
FTP - File Transfer ProtocolPeter R. Egli
 

What's hot (20)

Diffie Hellman.pptx
Diffie Hellman.pptxDiffie Hellman.pptx
Diffie Hellman.pptx
 
Challenge Response Authentication
Challenge Response Authentication Challenge Response Authentication
Challenge Response Authentication
 
Multimedia
MultimediaMultimedia
Multimedia
 
Kerberos
KerberosKerberos
Kerberos
 
An Introduction to Kerberos
An Introduction to KerberosAn Introduction to Kerberos
An Introduction to Kerberos
 
Kerberos
KerberosKerberos
Kerberos
 
Elgamal &amp; schnorr digital signature scheme copy
Elgamal &amp; schnorr digital signature scheme copyElgamal &amp; schnorr digital signature scheme copy
Elgamal &amp; schnorr digital signature scheme copy
 
DES Simplified
DES SimplifiedDES Simplified
DES Simplified
 
Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication
 
Digital Signature Standard
Digital Signature StandardDigital Signature Standard
Digital Signature Standard
 
Serial Digital Interface (SDI), From SD-SDI to 24G-SDI, Part 1
Serial Digital Interface (SDI), From SD-SDI to 24G-SDI, Part 1Serial Digital Interface (SDI), From SD-SDI to 24G-SDI, Part 1
Serial Digital Interface (SDI), From SD-SDI to 24G-SDI, Part 1
 
Elliptic Curve Cryptography Message Exchange
Elliptic Curve Cryptography Message ExchangeElliptic Curve Cryptography Message Exchange
Elliptic Curve Cryptography Message Exchange
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)
 
Networking Protocols for Internet of Things
Networking Protocols for Internet of ThingsNetworking Protocols for Internet of Things
Networking Protocols for Internet of Things
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication Codes
 
MIPI DevCon 2016: MIPI CSI-2 Application for Vision and Sensor Fusion Systems
MIPI DevCon 2016: MIPI CSI-2 Application for Vision and Sensor Fusion SystemsMIPI DevCon 2016: MIPI CSI-2 Application for Vision and Sensor Fusion Systems
MIPI DevCon 2016: MIPI CSI-2 Application for Vision and Sensor Fusion Systems
 
Elliptic Curve Cryptography
Elliptic Curve CryptographyElliptic Curve Cryptography
Elliptic Curve Cryptography
 
FTP - File Transfer Protocol
FTP - File Transfer ProtocolFTP - File Transfer Protocol
FTP - File Transfer Protocol
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS
 

Similar to 16974 ch 15 key management

ch10_key_management.ppt
ch10_key_management.pptch10_key_management.ppt
ch10_key_management.pptPanimalarK
 
ch10.KeyManagement.Diffie-Hellman.ECC.ppt
ch10.KeyManagement.Diffie-Hellman.ECC.pptch10.KeyManagement.Diffie-Hellman.ECC.ppt
ch10.KeyManagement.Diffie-Hellman.ECC.pptSibiSriram
 
Rsa diffi-network security-itt
Rsa diffi-network security-ittRsa diffi-network security-itt
Rsa diffi-network security-ittrameshvvv
 
11. Diffie-Hellman
11. Diffie-Hellman11. Diffie-Hellman
11. Diffie-HellmanSam Bowne
 
Distribution of public keys and hmac
Distribution of public keys and hmacDistribution of public keys and hmac
Distribution of public keys and hmacanuragjagetiya
 
CNIT 141 11. Diffie-Hellman
CNIT 141 11. Diffie-Hellman CNIT 141 11. Diffie-Hellman
CNIT 141 11. Diffie-Hellman Sam Bowne
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Unit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptxUnit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptxVishwanathMahalle
 
Information and data security other public key cryptosystems
Information and data security other public key cryptosystemsInformation and data security other public key cryptosystems
Information and data security other public key cryptosystemsMazin Alwaaly
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key CryptographyGopal Sakarkar
 
CNIT 141: 11. Diffie-Hellman
CNIT 141: 11. Diffie-HellmanCNIT 141: 11. Diffie-Hellman
CNIT 141: 11. Diffie-HellmanSam Bowne
 
Lec 10 - Key Management.ppt
Lec 10 - Key Management.pptLec 10 - Key Management.ppt
Lec 10 - Key Management.pptIshaKanwal4
 

Similar to 16974 ch 15 key management (20)

UNIT-IV.pptx
UNIT-IV.pptxUNIT-IV.pptx
UNIT-IV.pptx
 
KEY MGMT.ppt
KEY MGMT.pptKEY MGMT.ppt
KEY MGMT.ppt
 
Unit - 3.ppt
Unit - 3.pptUnit - 3.ppt
Unit - 3.ppt
 
ch10_key_management.ppt
ch10_key_management.pptch10_key_management.ppt
ch10_key_management.ppt
 
ch10.KeyManagement.Diffie-Hellman.ECC.ppt
ch10.KeyManagement.Diffie-Hellman.ECC.pptch10.KeyManagement.Diffie-Hellman.ECC.ppt
ch10.KeyManagement.Diffie-Hellman.ECC.ppt
 
ch13 ABCD.ppt
ch13 ABCD.pptch13 ABCD.ppt
ch13 ABCD.ppt
 
Rsa diffi-network security-itt
Rsa diffi-network security-ittRsa diffi-network security-itt
Rsa diffi-network security-itt
 
Ch10
Ch10Ch10
Ch10
 
11. Diffie-Hellman
11. Diffie-Hellman11. Diffie-Hellman
11. Diffie-Hellman
 
Distribution of public keys and hmac
Distribution of public keys and hmacDistribution of public keys and hmac
Distribution of public keys and hmac
 
Key management
Key managementKey management
Key management
 
CNIT 141 11. Diffie-Hellman
CNIT 141 11. Diffie-Hellman CNIT 141 11. Diffie-Hellman
CNIT 141 11. Diffie-Hellman
 
Public key cryptography and RSA
Public key cryptography and RSAPublic key cryptography and RSA
Public key cryptography and RSA
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
 
Unit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptxUnit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptx
 
CNS - Unit - 4 - Public Key Cryptosystem
CNS - Unit - 4 - Public Key Cryptosystem CNS - Unit - 4 - Public Key Cryptosystem
CNS - Unit - 4 - Public Key Cryptosystem
 
Information and data security other public key cryptosystems
Information and data security other public key cryptosystemsInformation and data security other public key cryptosystems
Information and data security other public key cryptosystems
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptography
 
CNIT 141: 11. Diffie-Hellman
CNIT 141: 11. Diffie-HellmanCNIT 141: 11. Diffie-Hellman
CNIT 141: 11. Diffie-Hellman
 
Lec 10 - Key Management.ppt
Lec 10 - Key Management.pptLec 10 - Key Management.ppt
Lec 10 - Key Management.ppt
 

Recently uploaded

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 

Recently uploaded (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 

16974 ch 15 key management

  • 1. Key management Key generation and key distribution A user must share the key for secure communication but if user want to communicate to million of users then he has to exchange the million keys Another solution is KDC Each person shares the secret key with KDC
  • 2. KDC
  • 3. • 1. A request to KDC for communication to B • 2. KDC ask to B about the A request if he will be agree then session key will be established. • • When the number of peoples increases then it will be difficult for KDC to manage all peoples
  • 4. Flat Multiple KDC • Now multiple KDC will manage the people • Whole world is divided into domains and each domain contains the multiple KDC
  • 6. Simple protocol using a KDC for session KEY
  • 8. Diffie-Hellman key agreement • User can create the session key between themselves without using KDC
  • 9. Diffie-Hellman • all users agree on global parameters: – large prime integer or polynomial q – a being a primitive root mod q • each user (eg. A) generates their key – chooses a secret key (number): xA < q xA – compute their public key: yA = a mod q • each user makes public that key yA
  • 10. • shared session key for users A & B is KAB: xA.xB KAB = a = y xB A xA B mod q mod q (which B can compute) = y mod q (which A can compute) • KAB is used as session key in private-key encryption scheme between Alice and Bob • if Alice and Bob subsequently communicate, they will have the same key as before, unless they choose new public-keys • attacker needs an x, must solve discrete log
  • 11. Diffie-Hellman Example • users Alice & Bob who wish to swap keys: • agree on prime q=353 and a=3 • select random secret keys: – A chooses xA=97, B chooses xB=233 • compute respective public keys: 97 – yA=3 mod 353 = 40 (Alice) – yB=3 233 mod 353 = 248 (Bob) • compute shared session key as: x 97 – KAB= yB A mod 353 = 248 = 160 (Alice) – KAB= y xB A mod 353 = 40 233 = 160 (Bob)
  • 12. • Key is formed by 3 parameters g,x,y (g is public) • Everyone knows one third of key • Other 2 parts must be added by 2 user to form key
  • 13.
  • 14. Man in middle attack or bucket brigade • Protocol has other weakness (no need to find the secret of users x,y instead of that form 2 key with each user
  • 15. Station to station key agreement • It is a method based on DH • It uses digital signature with public key certificate to establish a session key
  • 16. • 1. calculate r1 and send to other user • 2. Calculate r2 and session key, concatenate r1,r2 and id after that sign the result with private key. Bob then send r2,sig,public key • 3. after calculate the session key if sig is verified now it will generate the sig by concatenate r1,r2 and bob id (encrypted with session key) •
  • 17.
  • 18. Security of station to station key agreement • Attacker can not forge the signature of user or forged signature can not be verified by public key of user