UNIT-2

Chapter 6
IT 810
Cryptography Key Management
and
Network Security

Distribution of Public Keys

Application of Public Key Cryptography – Key Distribution Techniques to distribute public keys are Grouped into Four categories

Public Key Cryptography helps to address Key Distribution Problem 1. Public announcement

2. Publicly available directory

1. The distribution of Public keys 3. Public-key authority

4. Public-key certificates
2. The use of public-key encryption to distribute Secret keys

3 4

1. Public Announcement 2. Public Available Directory

• Users distribute his or her public key to any other participant or broadcast the key to the • A greater degree of security can be achieved by maintaining =>
community at large • Publicly Available Dynamic Directory of Public Keys
Example: Append PGP keys to email messages or post to news groups or email list • Maintenance and distribution of the public directory would have to be the responsibility
of some trusted entity or organization
• Disadvantage: Major weakness is Forgery of such public announcement by anyone • Scheme Includes Following elements
- The authority maintains a directory with a {name, public key} entry for each user
- Anyone can create a key claiming to be someone else and broadcast it - Each participant registers a public key with the directory authority (in person or by
- Until forgery is discovered can masquerade as claimed user some form of secure authenticated communication
- A participant may replace the existing key with a new one at any time => because the
corresponding private key has been compromised in some way
- Participants could also access the directory electronically

-Still Vulnerable to tampering and

Forgery – If an adversary succeeds
in obtaining or computing the
private key of the directory authority
-adversary could authoritatively pass
5
out counterfeit public keys and subse- 6
quently impersonate any participant

1
 3. Public Key Authority
• Improves security by providing tighter control over the distribution of public keys
1. A sends a timestamped message to the public-key authority containing a request for
from the directory
the current public key of B
• The scenario assumes that a central authority maintains a dynamic directory of public
2. The authority responds with a message that is encrypted using the authority's private
keys of all participants
key, PRauth
• Each participant reliably knows a public key for the authority with only the authority
3. A stores B's public key and also uses it to encrypt a message to B containing an
knowing the
identifier of A (IDA) and a nonce (N1), which is used to identify this transaction uniquely
corresponding
4. & 5. B retrieves A's public key from the authority in the same manner as A retrieved
private key
B's public key

At this point, public keys have been securely delivered to A and B, and they may begin their
protected exchange. However, two additional steps are desirable:
6. B sends a message to A encrypted with PUa and containing A's nonce (N1) as well as a
new nonce generated by B (N2) Because only B could have decrypted message (3), the
presence of N1 in message (6) assures A that the correspondent is B
7. A returns N2, encrypted using B's public key, to assure B that its correspondent is A

Thus, a total of seven messages are required. However, the initial four messages need be
7
used only infrequently because both A and8 B can save the other’s public key for future
use—a technique known as caching

4. Public Key Certificates

• To use Certificates that can be used by participants to exchange keys without real-time
Drawbacks of Public Key Authority access to Public-key Authority
• Certificate binds Identity to Public Key
• Certificate consists of a Public key, an identifier of the key owner, and the whole block
1. The public-key authority could be somewhat- bottleneck in the system signed by a trusted third party (CA)

2. Directory of names and public keys are vulnerable to tampering

3. Does require real-time access to directory when keys are needed

9 10

Distribution of Secret Keys Using Public Key Cryptography

Following requirements on this scheme 1. Simple Secret Key Distribution

• Any participant can read a certificate to determine the name and public key of the
Certificate’s Owner
• Any participant can verify that the certificate originated from the Certificate Authority 2. Secret Key Distribution with Confidentiality and
and is not counterfeit Authentication
• Only the Certificate Authority can create and update certificates
• Any participant can verify the currency of the certificate
3. A Hybrid Scheme
• For participant A, the authority provides a certificate of the form

• The recipient uses the authority’s public key to decrypt the certificate

- X.509 standard has universally accepted for formatting public-key certificates

- X.509 certificates are used in most network security applications

11 12

2
 1. Simple Secret Key Distribution

If A wishes to communicate with B following procedure is employed Man-in-the-Middle- Attack

1. A generates a public/private key pair {PUa, PRa} and transmits a message to B consisting
of PUa and an identifier of A -> IDA 1. A generates a public/private key pair {PUa, PRa} and transmits a message intended for B
2. B generates a secret key, Ks, and transmits it to A, encrypted with A's public key consisting of PUa and an identifier of A, IDA
3. A computes D(PRa, E(PUa, Ks)) to recover the secret key. Because only A can decrypt the
message, only A and B will know the identity of Ks 2. E intercepts the message, creates its own public/private key pair {PUe, PRe} and
4. A discards PUa and PRa and B discards PUa transmits PUe || IDA to B

No keys exist before the start of the communication and none exist after the completion of 3. B generates a secret key Ks, and transmits E(PUe, Ks)
communication
Drawback : Insecure against an adversary who can intercept messages and then either relay 4. E intercepts the message, and learns Ks by computing D(PRe, E(PUe, Ks))
the intercepted message or substitute another message – Man-in-the-Middle- Attack
5. E transmits E(PUa, Ks) to A

• Both A and B know Ks and are unaware that Ks has also been revealed to E
• Knowing Ks E can decrypt all messages, and both A and B are unaware of the problem

This simple protocol is only useful in an environment where the only threat is eavesdropping
13 14

2. Secret Key Distribution with Confidentiality and Authentication

• Provides protection against both Active and Passive attacks

• It is assumed that A and B have exchanged public keys by one of the schemes 3. A returns N2 encrypted using B's public key, to assure B that its correspondent is A

1. A uses B's public key to encrypt a message to B containing an identifier of A (IDA) and a 4. A selects a secret key Ks and sends M = E(PUb, E(PRa, Ks)) to B
nonce (N1), which is used to identify this transaction uniquely * Encryption of this message with B's public key ensures that only B can read it
* Encryption with A's private key ensures that only A could have sent it
2. B sends a message to A encrypted with PUa and containing A's nonce (N1) as well as a
new nonce generated by B (N2) Because only B could have decrypted message (1), the 5. B computes D(PUa, D(PRb, M)) to recover the Secret key Ks
presence of N1 in message (2) assures A that the correspondent is B

15 16

3. Hybrid Scheme Diffie-Hellman Key Exchange

• Used in IBM mainframes

• First Public- Key type scheme proposed for Key distribution only
• Three Level Approach • By Diffie & Hellman in 1976
• is a practical method for public exchange of a Secret key
• This scheme retains the use of a key distribution center (KDC) that shares a Secret • Used in number of Commercial products
Master key with each user and distributes Secret Session keys encrypted with the Master • The purpose of the algorithm is to enable two users to securely exchange a key that can
key then be used for subsequent encryption of messages

• A Public key scheme is used to distribute the Master keys The main idea behind the algorithm is to agree
on a key that two parties can use for a symmetric
• The following rationale is provided for using this three-level approach Encryption, in a such a way that an eavesdropper
cannot obtain the key
• Performance
• Backward Compatibility

17 18

3
 • Primitive root of a number:

primitive root of a prime number p as one whose powers modulo p generate all the
integers from 1 to p-1

That is, if a is primitive root of the prime number p , then the numbers

are distinct and consist of the integers from 1 through p-1 in some permutation

Example: Is 2 a primitive root of Prime number 5?

19 20

Example
1. Global Public Elements – Both parties agree on q and α
• Two parties agree upon one large Prime Number q and α Where α < q
and α is the primitive root of q
71 mod 11 
• Let q= 11 and α = 7 7 mod 11 7

• 7 is primitive root of 11 =>> 72 mod 11 49 mod 11 5 

73 mod 11 35 mod 11 2 

74 mod 11 14 mod 11 3 

75 mod 11 21 mod 11 10 

76 mod 11 70 mod 11 4 

77 mod 11 28 mod 11 6 

78 mod 11 42 mod 11 9 

79 mod 11 63 mod 11 8 

710 mod 11 56 mod 11 1 

21 22

Example Example
2. User-A Key Generation 4. Calculation of Secret Key by User-A
• Select Private XA => 3 where XA < q
• K = (YB)XA mod q
• Calculate Public YA => where YA = αXA mod q = (4)3 mod 11 = (4 x 16) mod 11 = 64 mod 11 = 9

YA = 73 mod 11 = 2 • Secret key = 9 computed by User-A

• User-A sends Public YA => 2 to User-B 5. Calculation of Secret Key by User-B

3. User-B Key Generation • K = (YA)XB mod q

• Select Private XB => 6 where XB < q = (2)6 mod 11 = (64) mod 11 = 64 mod 11 = 9

• Calculate Public YB => where YB = αXB mod q • Secret Key = 9 computed by User-B

YB = 76 mod 11 = 4
Therefore Shared Secret key for User-A and User-B is => 9
• User-B sends Public YB => 4 to User-A Key Exchange is complete
23 24

4
 Example
Man-in-the-Middle- Attack
1. Darth prepares for the attack by generating two random private keys XD1 and XD2 and then
computing the corresponding public keys YD1 and YD2
2. Alice transmits YA to Bob

3. Darth intercepts YA and transmits YD1 to Bob. Darth also calculates K2 = (YA)XD2 mod q

4. Bob receives YD1 and calculates K1 = (YD1)XB mod q

5. Bob transmits YB to Alice

6. Darth intercepts YB and transmits YD2 to Alice. Darth calculates K1 = (YB)XD1 mod q

7. Alice receives YD2 and calculates K2 = (YD2)XA mod q

At this point, Bob and Alice think that they share a secret key, but instead Bob and Darth
share secret key K1 and Alice and Darth share secret key K2. However, All future
25 communication between Bob and Alice is compromised
26 in the following way =>>

1. Alice sends an encrypted message M: E(K2, M)

2. Darth intercepts the encrypted message and decrypts it, to recover M.

3. Darth sends Bob E(K1, M) or E(K1, M'), where M' is any message
• In the first case, Darth simply wants to eavesdrop on the communication
without altering it
• In the second case, Darth wants to modify the message going to Bob.

27