Scribd
Upload
25 views37 pages

Key Management and KDC, Kerberos

The document discusses key management, focusing on its importance in cryptography and the threats associated with key compromise. It covers key management techniques, the key management life cycle, and the roles of symmetric and asymmetric cryptography. Additionally, it explains the Key Distribution Center (KDC) and the Kerberos authentication protocol, highlighting their functionalities and limitations.

Uploaded by

sanjaykumarjh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
25 views37 pages

Key Management and KDC, Kerberos

The document discusses key management, focusing on its importance in cryptography and the threats associated with key compromise. It covers key management techniques, the key management life cycle, and the roles of symmetric and asymmetric cryptography. Additionally, it explains the Key Distribution Center (KDC) and the Kerberos authentication protocol, highlighting their functionalities and limitations.

Uploaded by

sanjaykumarjh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 37

Key Management : KDC

and Kerberos

Presented by
PAWAN KUMAR
206123023
Content…
 What is key management ?
 Why we are talking about key management ?
 Threats
 Key management techniques
 Key Management Life cycle
 Distribution of Public Key
 KDC
 How Useful is a KDC ?
 What is Karberas
What is Key Management?

 Key management is the management of


cryptographic keys in a cryptosystem.
 This Includes dealing with the generation,
exchange, storage, use, and replacement of keys.
 It includes cryptographic protocol design, key
servers, user procedures, and other relevant
protocols.
 It deals with entire key life cycle.
Why we are talking about key management?
 With the rise of Cybercrime, companies are investing
significant amounts in Information Security in order to
protect themselves, their employees and partners, but
in the end that might not be enough.

Threats:
 compromise of confidentiality of secret keys
 compromise of authenticity or secret or public keys.
 unauthorized use of public or secret keys.
Key management techniques
 In cryptography, it is a very tedious task to distribute
the public and private keys between sender and
receiver. If the key is known to the third party
(forger/eavesdropper) then the whole security
mechanism becomes worthless. So, there comes the
need to secure the exchange of keys.
 There are two aspects for Key Management:
 Distribution of public keys.
 Use of public-key encryption to distribute secrets.
Symmetric-key

• symmetric key is one that


is used both to encrypt and
decrypt information.
• This means that to decrypt
information, one must have
the same key that was
used to encrypt it.
Symmetric-key…
The benefits of symmetric cryptography
include:
 Speed
 Exceptionally safe
 Acceptance
 Requires low computer resources
 Minimizes message compromises
Asymmetric key

 Asymmetric cryptography, also known as


public-key cryptography.
 is a process that uses a pair of related key
one public key and one private key .
 to encrypt and decrypt a message and
protect it from unauthorized access or use.
Asymmetric key
The benefits of asymmetric cryptography include:

 The key distribution problem is eliminated because


there's no need for exchanging keys.
 Security is increased since the private keys don't ever
have to be transmitted or revealed to anyone.
 The use of digital signatures is enabled so that a
recipient can verify that a message comes from a
particular sender.
Key Management Life cycle
Creation :Key creation is the first step in the key
management
life cycle ,which involves the generation of
Cryptographic keys.

Backup : It provides a source for key recovery.


And storage during Operational use.

Deployment : A newly generated key is often stored


in the repository along with the old keys.
 Monitoring : It is important to monitor for unauthorized
administrative access to the ensure that
unapproved key management operation
are not performed.

 Rotation : Key rotation is when you retire an encryption key


and replace the old key by generating the new
keys.
 Expiration : This phase of key management represent the
beginning of the deprecation period for the
key.
 Archival : It refers to offline long term storage
for keys that are no longer in
operation.

 Destruction : This method removes an instance


of a key forms at a specific
location.
Key distribution
Two parties A and B, the key distribution can be achieved in
a number of ways :

1. A can select a key and physically deliver it to B.


2. A third party can select the key and physically deliver it to A
and B.
3. If A and B have previously and recently used a key, one
party can transmit the new key to the other, encrypted
using the old key.
4. If A and B each has an encrypted connection to a third party
C, C can deliver a key on the encrypted links to A and B
DISTRIBUTION OF PUBLIC KEYS

 Public announcement
 Publicly available directory
 Public-key authority
 Public-key certificates
Advantages of Key management system.
 Better key security protects
your facility.
 More security also protects
your assets.
 Better tracking of who is using
keys.
 Reduced risk of key losses.
 It reduces direct costs .
 Digital access control for offline
keys
 Improved control over temp
workers
Disadvantages of Key management system.
 It consumes a lot of time, even in simple
cases
 If you have hundreds of keys to watch,
this is a problem
 It is error-prone: for instance, no one can
guarantee that you install the right key or
trusted certificate
 If you made a mistake, it can pause, stop
or destroy your business
 Security audits are very difficult to
implement
Key-Distribution Center: KDC
 Trusted third party
 Secret key established between KDC
and member

 Alice send request to KDC stating it


need session secret key between him
and bob.
 KDC informs bob about Alice’s
request.
 If Bob agrees, session key created
Secret Key Session Keys
 KDC creates a secret key for Session key created by
each member. KDC with their secret keys
with center
 This secret key can be used only
A session symmetric key
between the member and the between two parties is used
KDC, not between two only once
members. Session key is used for the
 N secret keys needed and it can duration of logical
be delivered physically connection
Flat Multiple KDCs.
Hierarchical Multiple KDCs
Simple Protocol Using a KDC

Step1:
• A -> KDC: { PT }
• PT has A and B’s
registered identity
• Not encrypted
Simple Protocol Using a KDC

Step2:
 KDC creates ticket
 Ticket – E(KB,[A,B,KS])
 KDC -> A: E(KA,
[Ticket,KS])
 A decrypts and extracts
session key
 A can’t decrypt B’s ticket
 Ticket is for B not for A
Simple Protocol Using a KDC Step3:
• A -> B: E(KB,
[A,B,KS])
• B decrypts and
get session key
and knows A
needs to send
message

Limitations
• Willingness of B
is not confirmed
• Replay attack
How Useful is a KDC ?
 Must always be online to support secure
communication
 KDC can expose our session keys to others!
 Centralized trust and point of failure.

In practice, the KDC model is mostly used within


single organizations (e.g. Kerberos) but not
more widely.
What is Kerberos

 In an open network computing environment, a


workstation cannot be trusted to identify its Users
correctly.
 Trusted third-party authentication service. 12
Monstrous three-headed guard dog of Hades.
 Authentication protocol for trusted hosts on un-trusted
networks.
 Provide reliable authentication over open and insecure
networks.
 Uses secret-key cryptography with symmetric
Needham-Schroeder protocol.
Motivation of Kerberos
 It must be secure.
 It must be reliable.
 It should be transparent.
 It should be scalable.
Thank you

You might also like