What is key management? Key management is the set of techniques and procedures

supporting the establishment and maintenance of keying relationships between authorized parties.

A keying relationship is the state wherein communicating entities share common data(keying material) to facilitate cryptography techniques. This data may include public or secret keys, initialization values, and additional non-secret parameters.

Key management encompasses techniques and procedures supporting:

1. initialization of systems users within a domain;

2. generation, distribution, and installation of keying

material;

3. controlling the use of keying material;

4. update, revocation, and destruction of keying material;

and

5. storage, backup/recovery, and archival of keying

material.

Objectives

The objective of key management is to maintain

keying relationships and keying material in a

manner that counters relevant threats

In practice an additional objective is conformance to

a relevant security policy

Threats

1. compromise of confidentiality of secret keys

2. compromise of authenticity of secret or public keys.

3. unauthorized use of public or secret keys

Security Policy

Security policy explicitly or implicitly defines the

threats a system is intended to address

Security policy may affect the stringency of

cryptographic requirements, depending on the

susceptibility of the environment in questions to

various types of attack.

Key management techniques

Public-key techniques

Primary advantages offered by public-key techniques for applications related to key management include:

1. simplified key management

2. on-line trusted server not required

3. enhanced functionality

Key management techniques Key management

a) Symmetric-key encryption

encryption decryptionplaintext

plaintext

symmetric key

generator

secret key secret key

ciphertext

Key management techniquesb) public-key encryption

encryption decryption

asymmetric key pair generation

plaintext ciphertext plaintext

public key

private key

secure channel (private and authentication)

secure channel (authentication only)

unsecured channel (no protection)

Key management techniques Techniques for distributing confidential keys

Key layering and symmetric-key certificatesKey layering:

1. master keys – keys at the highest level in the hierarchy

2. key-encrypting keys – symmetric keys or encryption public

keys used for key transport or storage of other keys

3. data keys – used to provide cryptographic operations on user

data

Key management techniquessymmetric-key certificates:

Symmetric-key certificates provide a means for a KTC(Key Translation Center) to avoid the requirement of either maintaining a secure database of user secrets (or duplicating such a database for multiple servers), or retrieving such keys from a database upon translation requests.

Key management life cycle1. user registration

2. user initialization

3. key generation

4. key installation

5. key registration

6. normal use

7. key backup

8. key update

9. archival

10. key de-registration and destruction

11. key recovery

12. key revocation

Key Distribution given parties A and B have various key distribution

alternatives:

1. A can select key and physically deliver to B

2. third party can select & deliver key to A & B

3. if A & B have communicated previously can use previous key to encrypt a new key

4. if A & B have secure communications with a third party C, C can relay key between A & B

Key Distribution Task

Key Distribution Scenario

Key Distribution Issues hierarchies of KDC’s required for large networks, but

must trust each other

session key lifetimes should be limited for greater security

use of automatic key distribution on behalf of users, but must trust system

use of decentralized key distribution

controlling key usage

Simple Secret Key Distribution Merkle proposed this very simple scheme

allows secure communications

no keys before/after exist

Secret Key Distribution with Confidentiality and Authentication

Distribution of Public Keys can be considered as using one of:

public announcement

publicly available directory

public-key authority

public-key certificates

Public Announcement users distribute public keys to recipients or broadcast

to community at large eg. append PGP keys to email messages or post to news

groups or email list

major weakness is forgery anyone can create a key claiming to be someone else and

broadcast it

until forgery is discovered can masquerade as claimed user

Publicly Available Directory can obtain greater security by registering keys with a

public directory

directory must be trusted with properties: contains {name,public-key} entries

participants register securely with directory

participants can replace key at any time

directory is periodically published

directory can be accessed electronically

still vulnerable to tampering or forgery

Public-Key Authority improve security by tightening control over

distribution of keys from directory

has properties of directory

and requires users to know public key for the directory

then users interact with directory to obtain any desired public key securely does require real-time access to directory when keys are

needed

may be vulnerable to tampering

Public-Key Authority

Public-Key Certificatescertificates allow key exchange without real-time

access to public-key authority

a certificate binds identity to public key usually with other info such as period of validity, rights

of use etc

with all contents signed by a trusted Public-Key or Certificate Authority (CA)

can be verified by anyone who knows the public-key authorities public-key

Public-Key Certificates