Department of Computer Science Southern Illinois University Carbondale CS 591

1
Department of Computer ScienceSouthern Illinois
University Carbondale CS 591 Wireless
Network SecurityLecture 12 Key Management in
Wired Networks
Dr. Kemal Akkaya E-mail kemal_at_cs.siu.edu
2
Key Management

• Key management is the set of techniques and
  procedures supporting the establishment and
  maintenance of keying relationships between
  authorized parties.
• Key management encompasses techniques and
  procedures supporting
• initialization of systems users within a domain
• generation, distribution, and installation of
  keying material
• controlling the use of keying material
• update, revocation, and destruction of keying
  material
• storage, backup/recovery, and archival of keying
  material.

3
Key Distribution/Establishment

• How to have two parties agree on an encryption
  key securely?
• A can select key and physically deliver to B
• third party can select deliver key to A B
• if A B have communicated previously can use
  previous key to encrypt a new key
• if A B have secure communications with a third
  party C, C can relay key between A B
• Public key encryption Solves the problem against
  passive attackers.
• e.g. DH Key ExchangeTrudy cant get
  gab mod p.

4
Active Attacks

• Attacker can intercept, modify, insert, delete
  messages on the network.
• E.g., Man-in-the-Middle attack against
  DHTrudy can translate messages between
  Alice Bob without being noticed
• Similar attacks possible on RSA other PKC
  protocols.

5
Trusted Third Parties

• Solution against active attackers Trusted Third
  Parties (TTPs)
• Symmetric key solution KDC
• Everyone registers with the KDC, shares a secret
  key.
• When A B want to communicate, they contact the
  KDC obtain a session key.
• Public key solution CA
• Everyone registers with the CA, obtains a
  certificate for his/her public key.
• Certificate A document signed by the CA,
  including the ID and the public key of the
  subject.
• People obtain each others certificates thru a
  repository, a webpage, or at the beginning of the
  protocol,
• and use the certified public keys in the
  protocols.

6
KDC vs. CA

• KDC
• faster (being based on symmetric keys)
• has to be online
• Preferred for LANs
• CA
• doesnt have to be online
• if crashes, doesnt disable the network
• much simpler
• scales better
• certificates are not disclosure-sensitive
• a compromised CA cant decrypt conversations
• Preferred for WANs (e.g., the Internet).

7
Key Distribution with KDC

• A simple protocol
• KA, KB Long-term secret keys of Alice,
  Bob.KAm Encryption of m with KA.
• Problems with this protocol
• possible delayed delivery of KBA,B,KAB.
• No freshness guarantee for B (i.e., Trudy can
  replay KBA,B,KAB for a previously compromised
  KAB).

8
Key Distribution with CA

• A simple protocol
• certificates are obtained in advance
• session key transport with public key encryption
• mX Encryption of message m with the public key
  of X
• mX Signature on message m with the public key
  of X
• Problems with this protocol
• B doesnt authenticate A
• No freshness guarantee for B

9
Station-to-Station Protocol

• Authenticated DH protocol basis for many
  real-life apps.
• Certified PKs are used for signing the public DH
  parameters. A slightly simplified
  versionwhere x ga mod p, y gb mod p,
  k gab mod p.
• STS vs. encrypted key transport STS (DH)
  provides perfect forward secrecy.(In encrypted
  transport, if the long-term RSA key is
  compromised, the session keys are also
  compromised.)

10
Multiple Domains with KDC

• A to talk to B
• contacts KDCA
• KDCA contacts KDCB, or tells A how to contact
  KDCB (e.g. generates a session key for A KDCB)
• KDCB generates a session key for A B, passes it
  to them.

11
Multiple Domains with CA

• A, to authenticate the public key of B,
• verifies Bs cert. issued by CAB,
• verifies CABs cert. issued by CAA,
• B does vice versa to authenticate As key