SlideShare a Scribd company logo

Key Management, key management three tools ,

Download as PPTX, PDF
S
salutiontechnology

key management types

Education
1 of 17
Key Management
Key Management One of the major roles of public-key encryption has been to address the problem of key distribution. Two distinct aspects to use of public key encryption are present. • The distribution of public keys. • Use of public-key encryption to distribute secret keys
cont… • Distribution of Public Keys The most general schemes for distribution of public keys are given below • PUBLIC ANNOUNCEMENT OF PUBLIC KEYS • Here any participant can send his or her public key to any other participant or broadcast the key to the community at large. For example, many PGP users have adopted the practice of appending their public key to messages that they send to public forums.
Cont.. • Though this approach seems convenient, it has a major drawback. Anyone can forge such a public announcement. • Some user could pretend to be user A and send a public key to another participant or broadcast such a public key. Until the time when A discovers about the forgery and alerts other participants, the forger is able to read all encrypted messages intended for A and can use the forged keys for authentication.
PUBLICLY AVAILABLE DIRECTORY • A greater degree of security can be achieved by maintaining a publicly available dynamic directory of public keys. Maintenance and distribution of the public directory would have to be the responsibility of some trusted entity or organization. It includes the following elements: 1. The authority maintains a directory with a {name, public key} entry for each participant. 2. Each participant registers a public key with the directory authority. Registration would have to be in person or by some form of secure authenticated communication.
• 3. A participant may replace the existing key with a new one at any time, either because of the desire to replace a public key that has already been used for a large amount of data, or because the corresponding private key has been compromised in some way. • 4. Participants could also access the directory electronically. For this purpose, secure, authenticated communication from the authority to the participant is mandatory. This scheme has still got some vulnerabilities. If an adversary succeeds in obtaining or computing the private key of the directory authority, the adversary could authoritatively pass out counterfeit public keys and subsequently impersonate any participant and eavesdrop on messages sent to any participant. Or else, the adversary may tamper with the records kept by the authority.
PUBLIC-KEY AUTHORITY • Stronger security for public-key distribution can be achieved by providing tighter control over the distribution of public keys from the directory. This scenario assumes the existence of a public authority (whoever that may be) that maintains a dynamic directory of public keys of all users. • The public authority has its own (private key, public key) that it is using to communicate to users. Each participant reliably knows a public key for the authority, with only the authority knowing the corresponding private key. For example, consider that Alice and Bob wish to communicate with each other and the following steps take place and are also shown in the figure below:
• 1.) Alice sends a timestamped message to the central authority with a request for Bob’s public key (the time stamp is to mark the moment of the request) • 2.) The authority sends back a message encrypted with its private key (for authentication) –message contains Bob’s public key and the original message of Alice – this way Alice knows this is not a reply to an old request; • 3.) Alice starts the communication to Bob by sending him an encrypted message containing her identity IDA and a nonce N1 (to identify uniquely this transaction) • 4.) Bob requests Alice’s public key in the same way (step 1) • 5.) Bob acquires Alice’s public key in the same way as Alice did. (Step-2) • 6.) Bob replies to Alice by sending an encrypted message with N1 plus a new generated nonce N2 (to identify uniquely the transaction) • 7.) Alice replies once more encrypting Bob’s nonce N2 to assure bob that its correspondent is Alice • Thus, a total of seven messages are required. However, the initial four messages need be used only infrequently because both A and B can save the other's public key for future use, a technique known as caching. Periodically, a user should request fresh copies of the public keys of its correspondents to ensure currency.
PUBLIC-KEY CERTIFICATES • The above technique looks attractive, but still has some drawbacks. For any communication between any two users, the central authority must be consulted by both users to get the newest public keys i.e. the central authority must be online 24 hours/day. • If the central authority goes offline, all secure communications get to a halt. This clearly leads to an undesirable bottleneck. • A further improvement is to use certificates, which can be used to exchange keys without contacting a public-key authority, in a way that is as reliable as if the keys were obtained directly from a public-key authority. A certificate binds an identity to public key, with all contents signed by a trusted Public-Key or Certificate Authority (CA). • A user can present his or her public key to the authority in a secure manner, and obtain a certificate. The user can then publish the certificate. Anyone needed this user's public key can obtain the certificate and verify that it is valid by way of the attached trusted signature. A participant can also convey its key information to another by transmitting its certificate.
• Other participants can verify that the certificate was created by the authority. This certificate issuing scheme does have the following requirements: • Any participant can read a certificate to determine the name and public key of the certificate's owner. • Any participant can verify that the certificate originated from the certificate authority and is not counterfeit. • Only the certificate authority can create and update certificates. • Any participant can verify the currency of the certificate.
• Application must be in person or by some form of secure authenticated communication. For participant A, the authority provides a certificate of the form CA = E(PRauth, [T||IDA||PUa]) where PRauth is the private key used by the authority and T is a timestamp. • A may then pass this certificate on to any other participant, who reads and verifies the certificate as follows: D(PUauth, CA) = D(PUauth, E(PRauth, [T||IDA||PUa])) = (T||IDA||PUa) • The recipient uses the authority's public key, PUauth to decrypt the certificate. Because the certificate is readable only using the authority's public key, this verifies that the certificate came from the certificate authority. • The elements IDA and PUa provide the recipient with the name and public key of the certificate's holder. The timestamp T validates the currency of the certificate. • The timestamp counters the following scenario. A's private key is learned by an adversary. A generates a new private/public key pair and applies to the certificate authority for a new certificate. Meanwhile, the adversary replays the old certificate to B. If B then encrypts messages using the compromised old public key, the adversary can read those messages. • In this context, the compromise of a private key is comparable to the loss of a credit card. The owner cancels the credit card number but is at risk until all possible communicants are aware that the old credit card is obsolete. Thus, the timestamp serves as something like an expiration date. If a certificate is sufficiently old, it is assumed to be expired. • One scheme has become universally accepted for formatting public-key certificates: the • X.509 standard. X.509 certificates are used in most network security applications, including IP security, secure sockets layer (SSL), and secure electronic transactions (SET).
SECRET KEY DISTRIBUTION WITH CONFIDENTIALITY AND AUTHENTICATION • It is assumed that A and B have exchanged public keys by one of the schemes described earlier. Then the following steps occur:
• 1. A uses B's public key to encrypt a message to B containing an identifier of A (IDA) and a nonce (N1), which is used to identify this transaction uniquely. • 2. B sends a message to A encrypted with PUa and containing A's nonce (N1) as well as a new nonce generated by B (N2) Because only B could have decrypted message (1), the presence of N1 in message (2) assures A that the correspondent is B. • 3. A returns N2 encrypted using B's public key, to assure B that its correspondent is A. • 4. A selects a secret key Ks and sends M = E(PUb, E(PRa, Ks)) to B. Encryption of this message with B's public key ensures that only B can read it; encryption with A's private key ensures that only A could have sent it. • 5. B computes D(PUa, D(PRb, M)) to recover the secret key. • The result is that this scheme ensures both confidentiality and authentication in the exchange of a secret key.

Recommended

Is unit-4-part-1
Is unit-4-part-1Is unit-4-part-1
Is unit-4-part-1vmuniraja
 
Unit 5
Unit 5Unit 5
Unit 5KRAMANJANEYULU1
 
Presentation on digital signatures & digital certificates
Presentation on digital signatures & digital certificatesPresentation on digital signatures & digital certificates
Presentation on digital signatures & digital certificatesVivaka Nand
 
Mutual Authentication For Wireless Communication
Mutual Authentication For Wireless CommunicationMutual Authentication For Wireless Communication
Mutual Authentication For Wireless Communicationmanish kumar
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
Jerad Bates - Public Key Infrastructure (1).ppt
Jerad Bates - Public Key Infrastructure (1).pptJerad Bates - Public Key Infrastructure (1).ppt
Jerad Bates - Public Key Infrastructure (1).pptMehediHasanShaon1
 
Public Key Distribution
Public Key DistributionPublic Key Distribution
Public Key DistributionAzaharulIslamAsik
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its UsesMohsin Ali
 

Recommended

Is unit-4-part-1
Is unit-4-part-1Is unit-4-part-1
Is unit-4-part-1vmuniraja
 
Unit 5
Unit 5Unit 5
Unit 5KRAMANJANEYULU1
 
Presentation on digital signatures & digital certificates
Presentation on digital signatures & digital certificatesPresentation on digital signatures & digital certificates
Presentation on digital signatures & digital certificatesVivaka Nand
 
Mutual Authentication For Wireless Communication
Mutual Authentication For Wireless CommunicationMutual Authentication For Wireless Communication
Mutual Authentication For Wireless Communicationmanish kumar
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
Jerad Bates - Public Key Infrastructure (1).ppt
Jerad Bates - Public Key Infrastructure (1).pptJerad Bates - Public Key Infrastructure (1).ppt
Jerad Bates - Public Key Infrastructure (1).pptMehediHasanShaon1
 
Public Key Distribution
Public Key DistributionPublic Key Distribution
Public Key DistributionAzaharulIslamAsik
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its UsesMohsin Ali
 
Authentication: keys, MAC
Authentication: keys, MACAuthentication: keys, MAC
Authentication: keys, MACShafaan Khaliq Bhatti
 
Digital signature
Digital signatureDigital signature
Digital signatureAJAL A J
 
Public key infrastructure
Public key infrastructurePublic key infrastructure
Public key infrastructureAditya Nama
 
Ch14
Ch14Ch14
Ch14Francis Alamina
 
Key management.ppt
Key management.pptKey management.ppt
Key management.pptSou Jana
 
Genia Solution
Genia SolutionGenia Solution
Genia SolutionKitipan Kitbamroong Ph.D. CISA
 
Lec 10 - Key Management.ppt
Lec 10 - Key Management.pptLec 10 - Key Management.ppt
Lec 10 - Key Management.pptIshaKanwal4
 
Information and network security 47 authentication applications
Information and network security 47 authentication applicationsInformation and network security 47 authentication applications
Information and network security 47 authentication applicationsVaibhav Khanna
 
1165839977.pptx
1165839977.pptx1165839977.pptx
1165839977.pptxssuser000e54
 
Digital signature.pptx
Digital signature.pptxDigital signature.pptx
Digital signature.pptxDaveN31
 
PKI & SSL
PKI & SSLPKI & SSL
PKI & SSLRitaThakkar1
 
Unit 4 (Part II) - Authentication Framework for PKC.pptx
Unit 4 (Part II) - Authentication Framework for PKC.pptxUnit 4 (Part II) - Authentication Framework for PKC.pptx
Unit 4 (Part II) - Authentication Framework for PKC.pptxRAMESHMRA21130030110
 
Information and data security key management and distribution
Information and data security key management and distributionInformation and data security key management and distribution
Information and data security key management and distributionMazin Alwaaly
 
Network Security.ppt
Network Security.pptNetwork Security.ppt
Network Security.pptChSheraz3
 
crypto2ssh
crypto2sshcrypto2ssh
crypto2sshHasan Sharif
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptographyRutvik Mehta
 
BAIT1103 Chapter 3
BAIT1103 Chapter 3BAIT1103 Chapter 3
BAIT1103 Chapter 3limsh
 
Computer security module 4
Computer security module 4Computer security module 4
Computer security module 4Deepak John
 
Authentication and Authorization Models
Authentication and Authorization ModelsAuthentication and Authorization Models
Authentication and Authorization ModelsCSCJournals
 
Module 5-Key management in security in computing
Module 5-Key management in security in computingModule 5-Key management in security in computing
Module 5-Key management in security in computingAparnaSunil24
 
Ch1 Cryptography network security slides.pptx
Ch1 Cryptography network security slides.pptxCh1 Cryptography network security slides.pptx
Ch1 Cryptography network security slides.pptxsalutiontechnology
 
Lecture 1 database system notes full.pptx
Lecture 1 database system notes full.pptxLecture 1 database system notes full.pptx
Lecture 1 database system notes full.pptxsalutiontechnology
 

More Related Content

Similar to Key Management, key management three tools ,

Digital signature
Digital signatureDigital signature
Digital signatureAJAL A J
 
Public key infrastructure
Public key infrastructurePublic key infrastructure
Public key infrastructureAditya Nama
 
Key management.ppt
Key management.pptKey management.ppt
Key management.pptSou Jana
 
Lec 10 - Key Management.ppt
Lec 10 - Key Management.pptLec 10 - Key Management.ppt
Lec 10 - Key Management.pptIshaKanwal4
 
Information and network security 47 authentication applications
Information and network security 47 authentication applicationsInformation and network security 47 authentication applications
Information and network security 47 authentication applicationsVaibhav Khanna
 
Digital signature.pptx
Digital signature.pptxDigital signature.pptx
Digital signature.pptxDaveN31
 
Unit 4 (Part II) - Authentication Framework for PKC.pptx
Unit 4 (Part II) - Authentication Framework for PKC.pptxUnit 4 (Part II) - Authentication Framework for PKC.pptx
Unit 4 (Part II) - Authentication Framework for PKC.pptxRAMESHMRA21130030110
 
Information and data security key management and distribution
Information and data security key management and distributionInformation and data security key management and distribution
Information and data security key management and distributionMazin Alwaaly
 
Network Security.ppt
Network Security.pptNetwork Security.ppt
Network Security.pptChSheraz3
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptographyRutvik Mehta
 
BAIT1103 Chapter 3
BAIT1103 Chapter 3BAIT1103 Chapter 3
BAIT1103 Chapter 3limsh
 
Computer security module 4
Computer security module 4Computer security module 4
Computer security module 4Deepak John
 
Authentication and Authorization Models
Authentication and Authorization ModelsAuthentication and Authorization Models
Authentication and Authorization ModelsCSCJournals
 
Module 5-Key management in security in computing
Module 5-Key management in security in computingModule 5-Key management in security in computing
Module 5-Key management in security in computingAparnaSunil24
 

Similar to Key Management, key management three tools , (20)

Authentication: keys, MAC
Authentication: keys, MACAuthentication: keys, MAC
Authentication: keys, MAC
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Public key infrastructure
Public key infrastructurePublic key infrastructure
Public key infrastructure
 
Ch14
Ch14Ch14
Ch14
 
Key management.ppt
Key management.pptKey management.ppt
Key management.ppt
 
Genia Solution
Genia SolutionGenia Solution
Genia Solution
 
Lec 10 - Key Management.ppt
Lec 10 - Key Management.pptLec 10 - Key Management.ppt
Lec 10 - Key Management.ppt
 
Information and network security 47 authentication applications
Information and network security 47 authentication applicationsInformation and network security 47 authentication applications
Information and network security 47 authentication applications
 
1165839977.pptx
1165839977.pptx1165839977.pptx
1165839977.pptx
 
Digital signature.pptx
Digital signature.pptxDigital signature.pptx
Digital signature.pptx
 
PKI & SSL
PKI & SSLPKI & SSL
PKI & SSL
 
Unit 4 (Part II) - Authentication Framework for PKC.pptx
Unit 4 (Part II) - Authentication Framework for PKC.pptxUnit 4 (Part II) - Authentication Framework for PKC.pptx
Unit 4 (Part II) - Authentication Framework for PKC.pptx
 
Information and data security key management and distribution
Information and data security key management and distributionInformation and data security key management and distribution
Information and data security key management and distribution
 
Network Security.ppt
Network Security.pptNetwork Security.ppt
Network Security.ppt
 
crypto2ssh
crypto2sshcrypto2ssh
crypto2ssh
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptography
 
BAIT1103 Chapter 3
BAIT1103 Chapter 3BAIT1103 Chapter 3
BAIT1103 Chapter 3
 
Computer security module 4
Computer security module 4Computer security module 4
Computer security module 4
 
Authentication and Authorization Models
Authentication and Authorization ModelsAuthentication and Authorization Models
Authentication and Authorization Models
 
Module 5-Key management in security in computing
Module 5-Key management in security in computingModule 5-Key management in security in computing
Module 5-Key management in security in computing
 

More from salutiontechnology

Ch1 Cryptography network security slides.pptx
Ch1 Cryptography network security slides.pptxCh1 Cryptography network security slides.pptx
Ch1 Cryptography network security slides.pptxsalutiontechnology
 
Lecture 1 database system notes full.pptx
Lecture 1 database system notes full.pptxLecture 1 database system notes full.pptx
Lecture 1 database system notes full.pptxsalutiontechnology
 
databasesystemsconollyslide1-151102101031-lva1-app6892.pptx
databasesystemsconollyslide1-151102101031-lva1-app6892.pptxdatabasesystemsconollyslide1-151102101031-lva1-app6892.pptx
databasesystemsconollyslide1-151102101031-lva1-app6892.pptxsalutiontechnology
 
Intrusion detection system and intrusion prevention system
Intrusion detection system and intrusion prevention systemIntrusion detection system and intrusion prevention system
Intrusion detection system and intrusion prevention systemsalutiontechnology
 
smart grid, traditional power grids.pptx
smart grid, traditional power grids.pptxsmart grid, traditional power grids.pptx
smart grid, traditional power grids.pptxsalutiontechnology
 
Information security software security presentation.pptx
Information security software security presentation.pptxInformation security software security presentation.pptx
Information security software security presentation.pptxsalutiontechnology
 
imageenhancementtechniques-140316011049-phpapp01 (1).pptx
imageenhancementtechniques-140316011049-phpapp01 (1).pptximageenhancementtechniques-140316011049-phpapp01 (1).pptx
imageenhancementtechniques-140316011049-phpapp01 (1).pptxsalutiontechnology
 
Big data analytics with R tool.pptx
Big data analytics with R tool.pptxBig data analytics with R tool.pptx
Big data analytics with R tool.pptxsalutiontechnology
 
Group 2 Handling and Processing of big data.pptx
Group 2 Handling and Processing of big data.pptxGroup 2 Handling and Processing of big data.pptx
Group 2 Handling and Processing of big data.pptxsalutiontechnology
 

More from salutiontechnology (14)

Ch1 Cryptography network security slides.pptx
Ch1 Cryptography network security slides.pptxCh1 Cryptography network security slides.pptx
Ch1 Cryptography network security slides.pptx
 
Lecture 1 database system notes full.pptx
Lecture 1 database system notes full.pptxLecture 1 database system notes full.pptx
Lecture 1 database system notes full.pptx
 
databasesystemsconollyslide1-151102101031-lva1-app6892.pptx
databasesystemsconollyslide1-151102101031-lva1-app6892.pptxdatabasesystemsconollyslide1-151102101031-lva1-app6892.pptx
databasesystemsconollyslide1-151102101031-lva1-app6892.pptx
 
Intrusion detection system and intrusion prevention system
Intrusion detection system and intrusion prevention systemIntrusion detection system and intrusion prevention system
Intrusion detection system and intrusion prevention system
 
smart grid, traditional power grids.pptx
smart grid, traditional power grids.pptxsmart grid, traditional power grids.pptx
smart grid, traditional power grids.pptx
 
Information security software security presentation.pptx
Information security software security presentation.pptxInformation security software security presentation.pptx
Information security software security presentation.pptx
 
Lec2.pptx
Lec2.pptxLec2.pptx
Lec2.pptx
 
Distributed Systems.pptx
Distributed Systems.pptxDistributed Systems.pptx
Distributed Systems.pptx
 
3.pptx
3.pptx3.pptx
3.pptx
 
new.pptx
new.pptxnew.pptx
new.pptx
 
imageenhancementtechniques-140316011049-phpapp01 (1).pptx
imageenhancementtechniques-140316011049-phpapp01 (1).pptximageenhancementtechniques-140316011049-phpapp01 (1).pptx
imageenhancementtechniques-140316011049-phpapp01 (1).pptx
 
aip.pptx
aip.pptxaip.pptx
aip.pptx
 
Big data analytics with R tool.pptx
Big data analytics with R tool.pptxBig data analytics with R tool.pptx
Big data analytics with R tool.pptx
 
Group 2 Handling and Processing of big data.pptx
Group 2 Handling and Processing of big data.pptxGroup 2 Handling and Processing of big data.pptx
Group 2 Handling and Processing of big data.pptx
 

Recently uploaded

ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,Virag Sontakke
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfadityarao40181
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...jaredbarbolino94
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 

Recently uploaded (20)

ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdf
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...
 
ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 

Key Management, key management three tools ,

  • 2. Key Management One of the major roles of public-key encryption has been to address the problem of key distribution. Two distinct aspects to use of public key encryption are present. • The distribution of public keys. • Use of public-key encryption to distribute secret keys
  • 3. cont… • Distribution of Public Keys The most general schemes for distribution of public keys are given below • PUBLIC ANNOUNCEMENT OF PUBLIC KEYS • Here any participant can send his or her public key to any other participant or broadcast the key to the community at large. For example, many PGP users have adopted the practice of appending their public key to messages that they send to public forums.
  • 4.
  • 5. Cont.. • Though this approach seems convenient, it has a major drawback. Anyone can forge such a public announcement. • Some user could pretend to be user A and send a public key to another participant or broadcast such a public key. Until the time when A discovers about the forgery and alerts other participants, the forger is able to read all encrypted messages intended for A and can use the forged keys for authentication.
  • 6. PUBLICLY AVAILABLE DIRECTORY • A greater degree of security can be achieved by maintaining a publicly available dynamic directory of public keys. Maintenance and distribution of the public directory would have to be the responsibility of some trusted entity or organization. It includes the following elements: 1. The authority maintains a directory with a {name, public key} entry for each participant. 2. Each participant registers a public key with the directory authority. Registration would have to be in person or by some form of secure authenticated communication.
  • 7. • 3. A participant may replace the existing key with a new one at any time, either because of the desire to replace a public key that has already been used for a large amount of data, or because the corresponding private key has been compromised in some way. • 4. Participants could also access the directory electronically. For this purpose, secure, authenticated communication from the authority to the participant is mandatory. This scheme has still got some vulnerabilities. If an adversary succeeds in obtaining or computing the private key of the directory authority, the adversary could authoritatively pass out counterfeit public keys and subsequently impersonate any participant and eavesdrop on messages sent to any participant. Or else, the adversary may tamper with the records kept by the authority.
  • 8.
  • 9. PUBLIC-KEY AUTHORITY • Stronger security for public-key distribution can be achieved by providing tighter control over the distribution of public keys from the directory. This scenario assumes the existence of a public authority (whoever that may be) that maintains a dynamic directory of public keys of all users. • The public authority has its own (private key, public key) that it is using to communicate to users. Each participant reliably knows a public key for the authority, with only the authority knowing the corresponding private key. For example, consider that Alice and Bob wish to communicate with each other and the following steps take place and are also shown in the figure below:
  • 10.
  • 11. • 1.) Alice sends a timestamped message to the central authority with a request for Bob’s public key (the time stamp is to mark the moment of the request) • 2.) The authority sends back a message encrypted with its private key (for authentication) –message contains Bob’s public key and the original message of Alice – this way Alice knows this is not a reply to an old request; • 3.) Alice starts the communication to Bob by sending him an encrypted message containing her identity IDA and a nonce N1 (to identify uniquely this transaction) • 4.) Bob requests Alice’s public key in the same way (step 1) • 5.) Bob acquires Alice’s public key in the same way as Alice did. (Step-2) • 6.) Bob replies to Alice by sending an encrypted message with N1 plus a new generated nonce N2 (to identify uniquely the transaction) • 7.) Alice replies once more encrypting Bob’s nonce N2 to assure bob that its correspondent is Alice • Thus, a total of seven messages are required. However, the initial four messages need be used only infrequently because both A and B can save the other's public key for future use, a technique known as caching. Periodically, a user should request fresh copies of the public keys of its correspondents to ensure currency.
  • 12. PUBLIC-KEY CERTIFICATES • The above technique looks attractive, but still has some drawbacks. For any communication between any two users, the central authority must be consulted by both users to get the newest public keys i.e. the central authority must be online 24 hours/day. • If the central authority goes offline, all secure communications get to a halt. This clearly leads to an undesirable bottleneck. • A further improvement is to use certificates, which can be used to exchange keys without contacting a public-key authority, in a way that is as reliable as if the keys were obtained directly from a public-key authority. A certificate binds an identity to public key, with all contents signed by a trusted Public-Key or Certificate Authority (CA). • A user can present his or her public key to the authority in a secure manner, and obtain a certificate. The user can then publish the certificate. Anyone needed this user's public key can obtain the certificate and verify that it is valid by way of the attached trusted signature. A participant can also convey its key information to another by transmitting its certificate.
  • 13. • Other participants can verify that the certificate was created by the authority. This certificate issuing scheme does have the following requirements: • Any participant can read a certificate to determine the name and public key of the certificate's owner. • Any participant can verify that the certificate originated from the certificate authority and is not counterfeit. • Only the certificate authority can create and update certificates. • Any participant can verify the currency of the certificate.
  • 14.
  • 15. • Application must be in person or by some form of secure authenticated communication. For participant A, the authority provides a certificate of the form CA = E(PRauth, [T||IDA||PUa]) where PRauth is the private key used by the authority and T is a timestamp. • A may then pass this certificate on to any other participant, who reads and verifies the certificate as follows: D(PUauth, CA) = D(PUauth, E(PRauth, [T||IDA||PUa])) = (T||IDA||PUa) • The recipient uses the authority's public key, PUauth to decrypt the certificate. Because the certificate is readable only using the authority's public key, this verifies that the certificate came from the certificate authority. • The elements IDA and PUa provide the recipient with the name and public key of the certificate's holder. The timestamp T validates the currency of the certificate. • The timestamp counters the following scenario. A's private key is learned by an adversary. A generates a new private/public key pair and applies to the certificate authority for a new certificate. Meanwhile, the adversary replays the old certificate to B. If B then encrypts messages using the compromised old public key, the adversary can read those messages. • In this context, the compromise of a private key is comparable to the loss of a credit card. The owner cancels the credit card number but is at risk until all possible communicants are aware that the old credit card is obsolete. Thus, the timestamp serves as something like an expiration date. If a certificate is sufficiently old, it is assumed to be expired. • One scheme has become universally accepted for formatting public-key certificates: the • X.509 standard. X.509 certificates are used in most network security applications, including IP security, secure sockets layer (SSL), and secure electronic transactions (SET).
  • 16. SECRET KEY DISTRIBUTION WITH CONFIDENTIALITY AND AUTHENTICATION • It is assumed that A and B have exchanged public keys by one of the schemes described earlier. Then the following steps occur:
  • 17. • 1. A uses B's public key to encrypt a message to B containing an identifier of A (IDA) and a nonce (N1), which is used to identify this transaction uniquely. • 2. B sends a message to A encrypted with PUa and containing A's nonce (N1) as well as a new nonce generated by B (N2) Because only B could have decrypted message (1), the presence of N1 in message (2) assures A that the correspondent is B. • 3. A returns N2 encrypted using B's public key, to assure B that its correspondent is A. • 4. A selects a secret key Ks and sends M = E(PUb, E(PRa, Ks)) to B. Encryption of this message with B's public key ensures that only B can read it; encryption with A's private key ensures that only A could have sent it. • 5. B computes D(PUa, D(PRb, M)) to recover the secret key. • The result is that this scheme ensures both confidentiality and authentication in the exchange of a secret key.