KEY MANAGEMENT OTHER PUBLICKEY CRYPTOSYSTEMS Chapter 10 KEY
KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 • KEY MANAGEMENT • DIFFIE-HELLMAN KEY EXCHANGE • ELLIPTIC CURVE ARITHMETIC • ELLIPTIC CURVE CRYPTOGRAPHY
KEY MANAGEMENT Two Aspects: Distribution of, • Public Keys • Secret Keys using PKC encryption
DISTRIBUTION OF PUBLIC KEYS • PUBLIC ANNOUNCEMENT - easy to forge (e. g. append public key to email) • PUBLICLY AVAILABLE DIRECTORY - [name, public-key], secure registration/access • PUBLIC-KEY AUTHORITY - shared public/private key pair with each user • PUBLIC-KEY CERTIFICATES - exchange authentic keys without contacting authority
UNCONTROLLED PUBLIC-KEY DISTRIBUTION 4
PUBLIC-KEY PUBLICATION 5
PUBLIC-KEY DISTRIBUTION SCENARIO 6
EXCHANGE OF PUBLIC-KEY CERTIFICATES 7
EXCHANGE OF PUBLIC-KEY CERTIFICATES § Any participant can read certificate to determine name and public key of cert. owner § Any participant can verify that cert. is not counterfeit. § Only the certificate authority can create and update certs. § Any participant can verify currency of certificate. 8
![EXCHANGE OF PUBLIC-KEY CERTIFICATES To read and verify: DKUauth[CA] = DKUauth[EKRauth[T, IDA, KUa]] =](http://slidetodoc.com/presentation_image_h2/c729077aa152f740b43d5bba67297db2/image-9.jpg "EXCHANGE OF PUBLIC-KEY CERTIFICATES To read and verify: DKUauth[CA] = DKUauth[EKRauth[T, IDA, KUa]] =")
EXCHANGE OF PUBLIC-KEY CERTIFICATES To read and verify: DKUauth[CA] = DKUauth[EKRauth[T, IDA, KUa]] = (T, IDA, KUa) Timestamp counteracts: A’s private key learned by opponent A updates private/public key pair Opponent replays old cert. to B B encrypts using old public key 9
PKC TO ESTABLISH SESSION KEY 10
PKC TO ESTABLISH SESSION KEY KUa and KRa discarded afterwards Advantage: No keys before or after protocol But, A [KUa, IDa] E [KUe, IDe] B B EKUe[Ks] E EKUa[Ks] A E learns Ks A and B unaware 11
PUBLIC-KEY DISTRIBUTION OF SECRET KEYS 12
PUBLIC-KEY DISTRIBUTION OF SECRET KEYS • N 1 || N 2 prevent eavesdropping • Scheme ensures confidentiality and authentication 13
DIFFIE-HELLMAN KEY EXCHANGE 14
DIFFIE-HELLMAN KEY EXCHANGE 15
ELLIPTIC CURVES INSTEAD OF RSA § Replace multiplication with ’addition’ (a x a …. x a) mod n replaced by (a + a … + a) mod {elliptic curve} • Multiplicative order (size of ’circle’) replaced by #points on elliptic curve • Elliptic curve defined by cubic equation: y 2 + xy = x 3 + ax 2 + b 16
EXAMPLE OF ELLIPTIC CURVES 17
ELLIPTIC CURVE E 23(1, 1) 18
ECC KEY EXCHANGE 19
ELLIPTIC CURVE vs RSA TABLE 10. 2 20
- Slides: 20