Presentation on Key management

1. Key Management and
Distribution
Submitted To: Asst.Prof.Richa Sharma
Submitted By: Viraj Rathod
(RSU1908032)

2. What is keymanagement?
 Key management is the set of techniques and
procedures supporting the establishment and
maintenance of keying relationship between
authorized parties.
 A keying relationship is the state wherein
communicating entities share common data(keying
material) to facilitate cryptography techniques. This
data may include public or secret keys, initialization
values, and additional non-secret parameters.

3.  Key management encompasses techniques and
procedures supporting:
1. Initialization of systems users within adomain;
2. Generation, distribution, and installation of keying
material;
3. Controlling the use of keying material;
4. Update, revocation, and destruction of keying material; &
5. Storage, backup/recovery, and archival of keying
material.

4. OBJECTIVES
 The objective of key management is to maintain
keying relationships and keying material in a
manner that counters relevant threats
 In practice an additional objective is conformance to
a relevant security policy

5. THREATS
1. Compromise of confidentiality of secret keys.
2. Compromise of authenticity of secret or publickeys.
3. Unauthorized use of public or secret keys.

6. SECURITYPOLICY
 Security policy explicitly or implicitly definesthe
threats a system is intended to address.
 Security policy may affect the stringency of
cryptographic requirements, depending on the
susceptibility of the environment in questionsto
various types of attack.

7. KEY Management Techniques
 Key management
(a). Symmetric-key encryption
encryption decryption
plaintext plaintextciphertext
secretkeysecretkey
symmetric key
generator

8. (b) public-key encryption
Asymmetric
key pair
generator
Secure channel (private & authentication)
Secure channel (authentication only)
Unsecured channel (no protection)
decryptionencryption
plaintext plaintext
ciphertext
Privatekey
Public key

9.  Public-key techniques
Primary advantages offered by public-key techniques for
applications related to key management include:
1. Simplified key management.
2. On-line trusted server not required.
3. Enhanced functionality.
KEY Management Techniques

10.  Techniques for distributing confidential keys
Key layering and symmetric-key certificates
Key layering:
1.master keys –keys at the highest level in the hierarchy
2.key-encrypting keys –symmetric keys or encryption
public keys used for key transport or storage of other
keys
3.data keys –used to provide cryptographic operations on
user data
Cont…

11. Symmetric-key certificates provide a means for a
KTC(KeyTranslation Center) to avoid the
requirement of either maintaining a secure
database of user secrets (or duplicating such a
database for multiple servers), or retrieving such
keys from a database upon translation requests.
Symmetric key certificates

12. 1. User Registration
2. User Initialization
3. Key Generation
4. Key Installation
5. Key Registration
6. Normal Use
7. Key Backup
8. Key Update
9. Archival
10. Key De-registration & Destruction
11. Key Recovery
12. Key Revocation
KEY Management lifecycle

13.  Given parties A and Bhave various key distribution
alternatives:
1. A can select key and physically deliver toB
2. third party can select & deliver key to A &B
3. if A & B have communicated previously can use
previous key to encrypt a new key
4. if A & B have secure communications with a third
party C, C can relay key between A & B
KEY distribution

14. KEY distributionTASk

15. KEY distributionscenario

16.  Hierarchies of KDC’s required for large networks, but
must trust eachother.
 Session key lifetimes should be limited for greater
security.
 Use of automatic key distribution on behalf of users,
but must trust system.
 Use of decentralized key distribution.
 Controlling key usage.
KEY distributionissues

17.  Merkle proposed this very simple scheme that
 allows secure communications
 no keys before/after exist
Simple secret KEY distribution

18. secret KEY distributionWith
confidentiality & authentication

19.  It can be considered as using one ofthe
following:
• Public Announcement.
• Publicly Available Directory.
• Public-key Authority.
• Public-key Certificates.
Distributionof public keys

20.  users distribute public keys to recipients or broadcast to
community atlarge
 eg. append PGP keys to email messages or post to
news groups or email list
 major weakness is forgery
 anyone can create a key claiming to be someone else
and broadcast it
 until forgery is discovered can masquerade as
claimed user
1). public Announcement

21. 2). publicly Availabledirectory
 can obtain greater security by registering keys with a
public directory
 directory must be trusted with properties:
 contains {name,public-key} entries
 participants register securely with directory
 participants can replace key at anytime
 directory is periodically published
 directory can be accessed electronically
 still vulnerable to tampering orforgery

22. 3). public-KEYAUTHORITY
 Improve security by tightening control over
distribution of keys from directory.
 Has properties of directory.
 Requires users to know public key for thedirectory.
 Then users interact with directory to obtain any
desired public key securely
 Does require real-time access to directory when
keys are needed.
 May be vulnerable to tampering.

23. pkacont..

24. 4). Public-key certificates
 Certificates allow key exchange withoutreal-time
access to public-keyauthority.
 A certificate binds identity to publickey
 Usually with other info such as period of validity,
rights of use etc.
 With all contents signedby a trusted public-key or
certificate authority (CA).
 Can be verified by anyone who knows thepublic-key
authorities public-key.

25. pkc cont..

26. Thank you..!!