Chapter 8

Key Management

1
 Key Management
• public-key encryption helps address key
distribution problems
• have two aspects of this:
– distribution of public keys
– use of public-key encryption to distribute secret
keys

2
 Distribution of Public Keys
• can be considered as using one of:
– public announcement
– publicly available directory
– public-key authority
– public-key certificates

3
 Public Announcement
• users distribute public keys to recipients or
broadcast to community at large
– eg. append PGP keys to email messages or post to
news groups or email list
• major weakness is forgery
– anyone can create a key claiming to be someone
else and broadcast it
– until forgery is discovered can masquerade as
claimed user

4
 Publicly Available Directory
• can obtain greater security by registering keys
with a public directory
• directory must be trusted with properties:
– contains {name,public-key} entries
– participants register securely with directory
– participants can replace key at any time
– directory is periodically published
– directory can be accessed electronically
• still vulnerable to tampering or forgery
5
 Public-Key Authority
• improve security by tightening control over
distribution of keys from directory
• has properties of directory
• and requires users to know public key for the
directory
• then users interact with directory to obtain
any desired public key securely
– does require real-time access to directory when
keys are needed

6
Public-Key Authority

7
 Steps
• A sends a timestamped message to the public-key authority
containing a request for the current public key of B.
• The authority responds with a message that is encrypted using the
authority's private key, PRauth ,latter A will decrypt it using
authorities public key. Message consists of :
- B's public key, PUb which A can use to encrypt messages
destined for B
- The original request, to enable A match it with the previous
- The original timestamp, so A can determine that this is not
an old message from the authority containing a key other than B's
current public key

8
 Cont…
• A stores B's public key and also uses it to encrypt a message to B
containing an identifier of A (IDA) and a nonce (N1), which is used to
identify this transaction uniquely.
• B retrieves A's public key from the authority in the same manner as A
retrieved B's public key
• B sends a message to A encrypted with PUa and containing A's nonce (N1)
as well as a new nonce generated by B (N2) Because only B could have
decrypted message (3), the presence of N1 in message (6) assures A that
the correspondent is B.
• A returns N2, encrypted using B's public key, to assure B that its
correspondent is A.

9
 Simple Secret Key Distribution
• A generates a public/private key pair {PUa, PRa} and transmits a
message to B consisting of PUa and an identifier of A, IDA.
• B generates a secret key, Ks, and transmits it to A, encrypted
with A's public key.
• A computes D(PRa, E(PUa, Ks)) to recover the secret key. Because
only A can decrypt the message, only A and B will know the
identity of Ks.
• A discards PUa and PRa and B discards PUa.

10
Simple Secret Key Distribution

11
 Certificate authority
In public key authority each time the user must
appeal to the authority for a public key
 Diffie-Hellman(D-H) Key Exchange
• first public-key type scheme proposed
• by Diffie & Hellman in 1976 along with the
exposition of public key concepts
– note: now know that Williamson (UK CESG)
secretly proposed the concept in 1970
• is a practical method for public exchange of a
secret key
• used in a number of commercial products

13
• Algorithm
two publicly known numbers, a prime number q and an
integer that is a primitive root of q.
Suppose user A and B wish to exchange a key
• User A selects a random integer XA < q and
computes YA = aXA mod q.
• Similarly, user B independently selects a
random integer XB < q and computes YB = aXB
mod q
14
• Each side keeps the X value private and makes
the Y value available publicly to the other side
• User A computes the key as K = (YB)XA mod q
• and user B computes the key as K = (YA)XB mod q

15
Summary of algorithm

16
17
 Primitive Root
• Order of integer ordn(a)
– The order of a modulo n is the smallest positive
k such that ak1 mod n
• Primitive Root
– Integer a is a primitive root of n if the order of
a modulo n is (n)
– Not all integers have primitive root
• Example n=pq for primes p and q
– Prime p has (p-1) primitive roots
18
 cont
• When primitive root exists
– Number n in format of p, 2p, pk, 2pk for some
integer k and prime number p
– Otherwise the primitive root does not exist
• Find a PR for p such that
a ak
p  1 q 1 1 .... q k
– Let a=2, i=1
– If i>k, a is a PR, otherwise go to step 3
– If a  1 m od p let i=i+1 and go to step 2;
( p 1)/ qi

otherwise let i=1, and a=a+1 and repeat this step 3.

19
 Diffie-Hellman Example
• users Alice & Bob who wish to swap keys:
• agree on prime q=353 and a=3
• select random secret keys:
– A chooses xA=97, B chooses xB=233
• compute respective public keys:
– yA=397 mod 353 = 40 (Alice)
– yB=3233 mod 353 = 248 (Bob)
• compute shared session key as:
– KAB= yBxA mod 353 = 24897 = 160 (Alice)
– KAB= yAxB mod 353 = 40233 = 160 (Bob)
20
 Key Exchange Protocols
• users could create random private/public D-H
keys each time they communicate
• users could create a known private/public D-H
key and publish in a directory, then consulted
and used to securely communicate with them
• both of these are vulnerable to a meet-in-the-
Middle Attack
• authentication of the keys is needed

21
 Elliptic Curve Cryptography(ECC)
• ECC was introduced by Victor Miller and
Neal Koblitz in 1985.
• For D-H, RSA we need larger key length.
• ECC requires significantly smaller key size
with same level of security.

• Benefits of having smaller key sizes :

22
 ECC Security
• relies on elliptic curve logarithm problem
• fastest method is “Pollard rho method”
• compared to factoring, can use much smaller
key sizes than with RSA etc
• for equivalent key lengths computations are
roughly equivalent
• hence for similar security ECC offers significant
computational advantages
23
Comparable Key Sizes in Terms of Computational
Effort for Cryptanalysis

Symmetric ECC-based RSA

56 112 512
80 160 1024
112 224 2048
128 256 3072
192 384 7680
256 512 15360
24