Professional Documents
Culture Documents
Chap12_Network Security_2023
Chap12_Network Security_2023
E3
N
C
U
AC
08
E3
N
C
U
AC
Key Distribution
08
• given parties A and B have various key
distribution alternatives:
E3
1. A can select key and physically deliver to B
2. third party can select & deliver key to A & B
N
3. if A & B have communicated previously can
C
use previous key to encrypt a new key
U
4. if A & B have secure communications with a
third party C, C can relay key between A & B
AC
08
session key
temporary key
E3
used for encryption of data between
users for one logical session then
N
discarded
master key
C
U
used to encrypt session keys
AC
08
connect B (Identity of A and B, unique nonce
N1).
E3
2. The KDC responds with a message encrypted
using Ka ( one-time session key Ks, the original
request message of A to match response with
N
appropriate request, info for B)
C
3. A stores the session key and forwards to B;
E(Kb ,[Ks || IDA]).
U
Two additional steps are desirable:
AC
08
E3
N
C
U
AC
08
in-the-middle attack
E3
N
C
U
AC
Public-Key Certificates 238
08
certificates allow key exchange without real-
E3
time access to public-key authority
a certificate binds identity to public key
N
usually with other info such as period of validity,
rights of use etc
C
U
with all contents signed by a trusted Public-
AC
08
E3
N
C
U
AC
08
distributed servers maintaining user info database
E3
defines framework for authentication services
directory may store public-key certificates
N
with public key of user signed by certification
authority C
U
also defines authentication protocols
AC
08
X.509
E3
Certificate
N
Use
C
U
AC
08
• issued by a Certification Authority (CA), containing:
• version V (1, 2, or 3)
E3
• serial number SN (unique within CA) identifying certificate
• signature algorithm identifier AI
N
• issuer X.500 name CA)
• period of validity TA (from - to dates)
•
C
subject X.500 name A (name of owner)
U
• subject public-key info Ap (algorithm, parameters, key)
• issuer unique identifier (v2+)
AC
08
E3
N
C
U
AC
08
• have considered:
E3
• symmetric key distribution using symmetric
encryption
N
• symmetric key distribution using public-key
encryption
C
• distribution of public keys
U
• announcement, directory, authrority, CA
AC