Key Management

Session and Interchange Keys

Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and the generation, maintenance, and revoking of such keys

Solves problem of propagating authentication

Interchange key – cryptographic key associated with a principal to a communication

Session key - cryptographic key associated with the communication

Key Exchange

Goal is two allow two parties to communicate secretly using a shared cryptographic key

1. Key cannot be transmitted in the clear (must be encipher when sent or derived without an exchange of data used to derive the key)

2. Sender and receiver may decide to trust a third party

3. Cryptosystems and protocols are publicly known. The only secret data is the keys involved.

Cryptographic Key Infrastructures

Certificate- token that binds an identity to a cryptographic key

X.509: Directory Authentication Framework – defines certificate formats and certification validation (see security notes for details)

Certification authority (CA) – entity that issues certificates

PGP (Pretty Good Privacy) – enchipherment program widely used to provide privacy for electronic mail (see web link to www.pgp.org)

Storing and Revoking Keys

If stored in a file, easy to compromise, even if enchiphered

Store on one or more smart cards (ROM)

Digital Signatures

Digital signatures – authenticates both the origin and content of a message

Uses public key cryptography

Provides nonrepudiation

RSA Digital Signature (some problems)

El Gamal Digital Signature