Key Management and

Distribution
Key Distribution Technique
• Term that refers to the means of delivering a key
to two parties who wish to exchange data
without allowing others to see the key
• For symmetric encryption to work, the two
parties to an exchange must share the same key,
and that key must be protected from access by
others
• Frequent key changes are desirable to limit the
amount of data compromised if an attacker
learns the key
Symmetric Key Distribution

• A can select a key and physically deliver it to

Given parties
B A
and B,• key
A third party can select the key and
physically deliver it to A and B
distribution
• If A can
and B have previously and recently used
be achieved
a key,in
one party can transmit the new key
to the other, encrypted using the old key
a number
• If Aof
and B each has an encrypted connection
ways:to a third party C, C can deliver a key on the
encrypted links to A and B
 Hierarchical Key Control
• For communication among entities within the same local
domain, the local KDC is responsible for key distribution
• If two entities in different domains desire a shared key, then
the corresponding local KDC’s can communicate through a
global KDC

• The hierarchical concept can be extended to three or more

layers
• Scheme minimizes the effort involved in master key
distribution because most master keys are those shared by
a local KDC with its local entities
• Limits the range of a faulty or subverted KDC to its local area
only
 Session Key Lifetime

A security manager
must
For connection-oriented protocols one choice is to use balance
the same session key for the length of
time that the connection is open, using a new session key for each new session
competing
considerations:

The distribution of
The more frequently session keys delays
session
For a connectionless protocol there keys are
is no explicit connection initiation orthe start of any
termination, thus it is
not obvious how often onethe
exchanged, needs to change the session
more key and places a
exchange
secure they are burden on network
capacity
 Controlling Key Usage
• The concept of a key hierarchy and the use of
automated key distribution techniques greatly
reduce the number of keys that must be manually
managed and distributed
• It also may be desirable to impose some control on
the way in which automatically distributed keys are
used
• For example, in addition to separating master
keys from session keys, we may wish to
define different types of session keys on
the basis of use
 Key Controls
• Associate a tag with each key
• For use with DES and makes use of the extra 8 bits in each
64-bit DES key
• The eight non-key bits ordinarily reserved for parity checking
form the key tag
• Because the tag is embedded in the key, it is encrypted
along with the key when that key is distributed, thus
providing protection
Drawbacks:
• The tag length is limited to 8 bits,
limiting its flexibility and functionality
• Because the tag is not transmitted in
clear form, it can be used only at the
point of decryption, limiting the ways
in which key use can be controlled
Simple Secret Key Distribution
 Man-in-the-
Middle Attack
 Secret Key Distribution with
Confidentiality and Authentication
 A Hybrid Scheme
• In use on IBM mainframes

• Retains the use of a key distribution center (KDC)

that shares a secret master key with each user and
distributes secret session keys encrypted with the
master key
• A public-key scheme is used to distribute the master
keys

Rationale • Performance
: • Backward compatibility
Distribution of Public Keys
• Several techniques have been proposed for the
distribution of public keys. Virtually all these proposals
can be grouped into the following general schemes:

Public Publicly
announcemen available
t directory

Public-key Public-key
authority certificates
Public Announcement
Publicly Available Directory
 X.509 Certificates
• Part of the X.500 series of recommendations that define a directory service
• The directory is, in effect, a server or distributed set of servers that maintains
a database of information about users

• X.509 defines a framework for the provision of authentication services by

the X.500 directory to its users
• Was initially issued in 1988 with the latest revision in 2000
• Based on the use of public-key cryptography and digital signatures
• Does not dictate the use of a specific algorithm but recommends RSA
• Does not dictate a specific hash algorithm

• Each certificate contains the public key of a user and is signed with the
private key of a trusted certification authority
• X.509 defines alternative authentication protocols based on the use of
public-key certificates
 • Version
• Serial number
Certificates • Signature algorithm
identifier
• Issuer name
Created by a • Period of validity
trusted • Subject name
• Subject’s public-key
Certification information
Authority (CA) and • Issuer unique identifier
have the following • Subject unique
elements: identifier
• Extensions
• Signature
 Obtaining a Certificate
User • Any user with access to the public key of
certificates the CA can verify the user public key that
generated by a was certified
CA have the • No party other than the certification
authority can modify the certificate
following without this being detected
characteristics:
• Because certificates are unforgeable, they can be placed in a directory
without the need for the directory to make special efforts to protect
them
• In addition, a user can transmit his or her certificate directly to other
users

• Once B is in possession of A’s certificate, B has confidence that

messages it encrypts with A’s public key will be secure from
eavesdropping and that messages signed with A’s private key are
unforgeable
 Certificate Revocation
• Each certificate includes a period of validity
• Typically a new certificate is issued just before the expiration of the
old one

• It may be desirable on occasion to revoke a certificate before it

expires, for one of the following reasons:
• The user’s private key is assumed to be compromised
• The user is no longer certified by this CA
• The CA’s certificate is assumed to be compromised

• Each CA must maintain a list consisting of all revoked but not

expired certificates issued by that CA
• These lists should be posted on the directory
 X.509 Version 3
• Version 2 format does not convey
all of the information that recent
design and implementation Each extension consists of:
experience has shown to be
needed

• Rather than continue to add fields

to a fixed format, standards
developers felt that a more flexible
approach was needed
• Version 3 includes a number of An
Ancriticality
A extension
extension identifier
value
indicator
optional extensions

• The certificate extensions fall into

three main categories:
• Key and policy information
• Subject and issuer attributes
• Certification path constraints
Key and Policy Information
• These extensions convey additional information about the
subject and issuer keys plus indicators of certificate policy
• A certificate policy is a named set of rules that indicates the
applicability of a certificate to a particular community and/or
class of application with common security requirements
Included are:
• Authority key identifier
• Subject key identifier
• Key usage
• Private-key usage period
• Certificate policies
• Policy mappings
 Certificate Subject and
Issuer Attributes
• These extensions support alternative names, in
alternative formats, for a certificate subject or
certificate issuer
• Can convey additional information about the certificate
subject to increase a certificate user’s confidence that
the certificate subject is a particular person or entity
• The extension fields in this area include:
• Subject alternative name
• Issuer alternative name
• Subject directory attributes
Certification Path Constraints
• These extensions allow constraint specifications to
be included in certificates issued for CAs by other
CAs
• The constraints may restrict the types of
certificates that can be issued by the subject CA or
that may occur subsequently in a certification chain
• The extension fields in this area include:
• Basic constraints
• Name constraints
• Policy constraints
 PKIX Management
Functions
• PKIX identifies a number of management
functions that potentially need to be
supported by management protocols:
• Registration
• Initialization
• Certification
• Key pair recovery
• Key pair update
• Revocation request
• Cross certification
 Summary
• Symmetric key distribution • Distribution of public keys
using symmetric encryption • Public announcement of
• Key distribution scenario public keys
• • Publicly available
Hierarchical key control
• directory
Session key lifetime
• Public-key authority
• Transparent key control scheme
•
• Public-key certificates
Decentralized key control
• Controlling key usage • X.509 Certificates
• Symmetric key distribution • X.509 Version 3
using asymmetric encryption
• Public-key infrastructure
• Simple secret key distribution
• PKIX management
• Secret key distribution with
functions
confidentiality and
authentication • PKIX management
• Hybrid scheme protocols