Chapter 10- Key Management.ppt
《Chapter 10- Key Management.ppt》由会员分享,可在线阅读,更多相关《Chapter 10- Key Management.ppt(79页珍藏版)》请在麦多课文档分享上搜索。
1、June 1, 2004,Computer Security: Art and Science 2002-2004 Matt Bishop,Slide #10-1,Chapter 10: Key Management,Session and Interchange Keys Key Exchange Key Generation Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures,June 1, 2004,Computer Security: Art and Science 2002-200
2、4 Matt Bishop,Slide #10-2,Overview,Key exchange Session vs. interchange keys Classical, public key methods Key generation Cryptographic key infrastructure Certificates Key storage Key escrow Key revocation Digital signatures,June 1, 2004,Computer Security: Art and Science 2002-2004 Matt Bishop,Slide
3、 #10-3,Notation,X Y : Z | W kX,Y X sends Y the message produced by concatenating Z and W enciphered by key kX,Y, which is shared by users X and Y A T : Z kA | W kA,T A sends T a message consisting of the concatenation of Z enciphered using kA, As key, and W enciphered using kA,T, the key shared by A
4、 and T r1, r2 nonces (nonrepeating random numbers),June 1, 2004,Computer Security: Art and Science 2002-2004 Matt Bishop,Slide #10-4,Session, Interchange Keys,Alice wants to send a message m to Bob Assume public key encryption Alice generates a random cryptographic key ks and uses it to encipher m T
5、o be used for this message only Called a session key She enciphers ks with Bob;s public key kB kB enciphers all session keys Alice uses to communicate with Bob Called an interchange key Alice sends m ks ks kB,June 1, 2004,Computer Security: Art and Science 2002-2004 Matt Bishop,Slide #10-5,Benefits,
6、Limits amount of traffic enciphered with single key Standard practice, to decrease the amount of traffic an attacker can obtain Prevents some attacks Example: Alice will send Bob message that is either “BUY” or “SELL”. Eve computes possible ciphertexts “BUY” kB and “SELL” kB. Eve intercepts encipher
7、ed message, compares, and gets plaintext at once,June 1, 2004,Computer Security: Art and Science 2002-2004 Matt Bishop,Slide #10-6,Key Exchange Algorithms,Goal: Alice, Bob get shared key Key cannot be sent in clear Attacker can listen in Key can be sent enciphered, or derived from exchanged data plu
8、s data not known to an eavesdropper Alice, Bob may trust third party All cryptosystems, protocols publicly known Only secret data is the keys, ancillary information known only to Alice and Bob needed to derive keys Anything transmitted is assumed known to attacker,June 1, 2004,Computer Security: Art
9、 and Science 2002-2004 Matt Bishop,Slide #10-7,Classical Key Exchange,Bootstrap problem: how do Alice, Bob begin? Alice cant send it to Bob in the clear! Assume trusted third party, Cathy Alice and Cathy share secret key kA Bob and Cathy share secret key kB Use this to exchange shared key ks,June 1,
10、 2004,Computer Security: Art and Science 2002-2004 Matt Bishop,Slide #10-8,Simple Protocol,Alice,Cathy, request for session key to Bob kA,Alice,Cathy, ks kA | ks kB,Alice,Bob, ks kB,June 1, 2004,Computer Security: Art and Science 2002-2004 Matt Bishop,Slide #10-9,Problems,How does Bob know he is tal
11、king to Alice? Replay attack: Eve records message from Alice to Bob, later replays it; Bob may think hes talking to Alice, but he isnt Session key reuse: Eve replays message from Alice to Bob, so Bob re-uses session key Protocols must provide authentication and defense against replay,June 1, 2004,Co
12、mputer Security: Art and Science 2002-2004 Matt Bishop,Slide #10-10,Needham-Schroeder,Alice,Cathy,Alice | Bob | r1,Alice,Cathy, Alice | Bob | r1 | ks | Alice | ks kB kA,Alice,Bob, Alice | ks kB,Alice,Bob, r2 ks,Alice,Bob, r2 1 ks,June 1, 2004,Computer Security: Art and Science 2002-2004 Matt Bishop,
13、Slide #10-11,Argument: Alice talking to Bob,Second message Enciphered using key only she, Cathy knows So Cathy enciphered it Response to first message As r1 in it matches r1 in first message Third message Alice knows only Bob can read it As only Bob can derive session key from message Any messages e
14、nciphered with that key are from Bob,June 1, 2004,Computer Security: Art and Science 2002-2004 Matt Bishop,Slide #10-12,Argument: Bob talking to Alice,Third message Enciphered using key only he, Cathy know So Cathy enciphered it Names Alice, session key Cathy provided session key, says Alice is othe
15、r party Fourth message Uses session key to determine if it is replay from Eve If not, Alice will respond correctly in fifth message If so, Eve cant decipher r2 and so cant respond, or responds incorrectly,June 1, 2004,Computer Security: Art and Science 2002-2004 Matt Bishop,Slide #10-13,Denning-Sacc
16、o Modification,Assumption: all keys are secret Question: suppose Eve can obtain session key. How does that affect protocol? In what follows, Eve knows ks,Eve,Bob, Alice | ks kB,Eve,Bob, r2 ks,Eve,Bob, r2 1 ks,June 1, 2004,Computer Security: Art and Science 2002-2004 Matt Bishop,Slide #10-14,Solution
17、,In protocol above, Eve impersonates Alice Problem: replay in third step First in previous slide Solution: use time stamp T to detect replay Weakness: if clocks not synchronized, may either reject valid messages or accept replays Parties with either slow or fast clocks vulnerable to replay Resetting
18、 clock does not eliminate vulnerability,June 1, 2004,Computer Security: Art and Science 2002-2004 Matt Bishop,Slide #10-15,Needham-Schroeder with Denning-Sacco Modification,Alice,Cathy,Alice | Bob | r1,Alice,Cathy, Alice | Bob | r1 | ks | Alice | T | ks kB kA,Alice,Bob, Alice | T | ks kB,Alice,Bob,
19、r2 ks,Alice,Bob, r2 1 ks,June 1, 2004,Computer Security: Art and Science 2002-2004 Matt Bishop,Slide #10-16,Otway-Rees Protocol,Corrects problem That is, Eve replaying the third message in the protocol Does not use timestamps Not vulnerable to the problems that Denning-Sacco modification has Uses in
20、teger n to associate all messages with particular exchange,June 1, 2004,Computer Security: Art and Science 2002-2004 Matt Bishop,Slide #10-17,The Protocol,Alice,Bob,n | Alice | Bob | r1 | n | Alice | Bob kA,Cathy,Bob,n | Alice | Bob | r1 | n | Alice | Bob kA | r2 | n | Alice | Bob kB,Cathy,Bob,n | r
21、1 | ks kA | r2 | ks kB,Alice,Bob,n | r1 | ks kA,June 1, 2004,Computer Security: Art and Science 2002-2004 Matt Bishop,Slide #10-18,Argument: Alice talking to Bob,Fourth message If n matches first message, Alice knows it is part of this protocol exchange Cathy generated ks because only she, Alice kno
22、w kA Enciphered part belongs to exchange as r1 matches r1 in encrypted part of first message,June 1, 2004,Computer Security: Art and Science 2002-2004 Matt Bishop,Slide #10-19,Argument: Bob talking to Alice,Third message If n matches second message, Bob knows it is part of this protocol exchange Cat
23、hy generated ks because only she, Bob know kB Enciphered part belongs to exchange as r2 matches r2 in encrypted part of second message,June 1, 2004,Computer Security: Art and Science 2002-2004 Matt Bishop,Slide #10-20,Replay Attack,Eve acquires old ks, message in third step n | r1 | ks kA | r2 | ks
24、kB Eve forwards appropriate part to Alice Alice has no ongoing key exchange with Bob: n matches nothing, so is rejected Alice has ongoing key exchange with Bob: n does not match, so is again rejected If replay is for the current key exchange, and Eve sent the relevant part before Bob did, Eve could
- 1.请仔细阅读文档,确保文档完整性,对于不预览、不比对内容而直接下载带来的问题本站不予受理。
- 2.下载的文档,不会出现我们的网址水印。
- 3、该文档所得收入(下载+内容+预览)归上传者、原创作者;如果您是本文档原作者,请点此认领!既往收益都归您。
下载文档到电脑,查找使用更方便
2000 积分 0人已下载
下载 | 加入VIP,交流精品资源 |
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- CHAPTER10KEYMANAGEMENTPPT
