MUTUAL TRUST

Symmetric key distribution using symmetric encryption:

A key distribution senerio:

‘A’ wishes to establish a logical connection with ‘B’ and requires a one-time session key to
protect the data transmitted over the connection.

A has a master key, Ka, known only to itself and the KDC; similarly, B shares the master key
Kb with the KDC. The following steps occur

Step1: ’ A’ issues a request to the KDC for a session key to protect a logical connection to ‘B’.
The message includes the identity of A and B and a unique identifier, N1, for this
transaction, which we refer to as a nonce. The nonce may be a timestamp, a counter, or a
random number; the minimum requirement is that it differs with each request. Also, to
prevent masquerade, it should be difficult for an opponent to guess the nonce. Thus, a
random number is a good choice for a nonce.

Step2: The KDC responds with a message encrypted using Ka. Thus, A is the only one who
can successfully read the message, and A knows that it originated at the KDC.

The message includes two items intended for A:

■ The one-time session key, Ks, to be used for the session

■ The original request message, including the nonce, to enable A to match this response
with the appropriate request

Thus, A can verify that its original request was not altered before reception by the KDC and,
because of the nonce, that this is not a replay of some previous request

In addition, the message includes two items intended for B:

■ The one-time session key, Ks, to be used for the session

■ An identifier of A (e.g., its network address), IDA

These last two items are encrypted with Kb (the master key that the KDC shares with B).
They are to be sent to B to establish the connection and prove A’s identity.

Step3:A stores the session key for use in the upcoming session and forwards to B the
information that originated at the KDC for B, namely, E(Kb,[Ks } IDA]). Because this
information is encrypted with Kb, it is protected from eavesdropping. B now knows the
session key (Ks), knows that the other party is A (from IDA), and knows that the information
originated at the KDC (because it is encrypted using Kb).
Step4: Using the newly minted session key for encryption, B sends a nonce, N2, to A.

Step5: Also, using Ks, A responds with f(N2), where f is a function that performs some
transformation on N2 (e.g., adding one).

A transparent key control scheme:

The approach assumes that communication makes use of a connection- oriented end-to-end
protocol, such as TCP.

This approach is a session security module (SSM), which may consist of functionality at one
protocol layer, that performs end-to-end encryption and obtains session keys on behalf of
its host or terminal.

 When one host wishes to set up a connection to another host, it transmits a

connectionrequest packet
 The SSM saves that packet and applies to the KDC for permission to establish the
connection
 The communication between the SSM and the KDC is encrypted using a master key
shared only by this SSM and the KDC.
 If the KDC approves the connection request, it generates the session key and delivers
it to the two appropriate SSMs, using a unique permanent key for each SSM.
 The requesting SSM can now release the connection request packet, and a
connection is set up between the two end systems.
  All user data exchanged between the two end systems are encrypted by their
respective SSMs using the one-time session key.

Decentralized approach(no key distribution center):

A decentralized approach requires that each end system be able to communicate in a secure
manner with all potential partner end systems for purposes of session key distribution.

1. A issues a request to B for a session key and includes a nonce, N1.

2. B responds with a message that is encrypted using the shared master key. The response
includes the session key selected by B, an identifier of B, the value f(N1), and another nonce,
N2.

3. Using the new session key, A returns f(N2) to B.

Control key usage:

we may wish to define different types of session keys on the basis of use, such as

■ Data-encrypting key, for general communication across a network

■ PIN-encrypting key, for personal identification numbers (PINs) used in electronic funds
transfer and point-of-sale applications

 File-encrypting key, for encrypting files stored in publicly accessible locations

The control vector is cryptographically coupled with the key at the time of key generation at
the KDC

As a first step, the control vector is passed through a hash function that produces a value
whose length is equal to the encryption key length.

Hash value = H = h(CV)

Key input = Km ⊕ H

Ciphertext = E([Km ⊕ H], Ks)

where Km is the master key and Ks is the session key

Symmetric key distribution using Assymmetric encryption:

Simple secret key distribution:

If A wishes to communicate with B,

1.A generates a public/private key pair {PUa, PRa} and transmits a message to B consisting
of PUa and an identifier of A, IDA.

2. B generates a secret key, Ks, and transmits it to A, which is encrypted with A’s public key

3. A computes D(PRa, E(PUa, Ks)) to recover the secret key. Because only A can decrypt the
message, only A and B will know the identity of Ks.

4. A discards PUa and PRa and B discards PUa.

5. A and B can now securely communicate using conventional encryption and the session
key Ks. At the completion of the exchange, both A and B discard Ks.

6. No keys exist before the start of the communication and none exist after the completion
of communication.

Disadvantage:

It can effect by an attack called Man-In-The-Middle.

How man in the middle attack takes place?

1. A generates a public/private key pair {PUa, PRa} and transmits a message intended for B
consisting of PUa and an identifier of A, IDA.

2. D intercepts the message, creates its own public/private key pair {PUd, PRd} and
transmits PUd } IDA to B.

3. B generates a secret key, Ks, and transmits E(PUd, Ks).

4. D intercepts the message and learns Ks by computing D(PRd, E(PUd, Ks)).

5. D transmits E(PUa, Ks) to A.

Simple secret key distribution with confidentiality and authentication:

Assumed that A and B have exchanged public keys

1. A uses B’s public key to encrypt a message to B containing an identifier of A(IDA) and a
nonce (N1), which is used to identify this transaction uniquely.

2. B sends a message to A encrypted with PUa and containing A’s nonce (N1) as well as a
new nonce generated by B (N2). Because only B could have decrypted message (1), the
presence of N1 in message (2) assures A that the correspondent is B.

3. A returns N2, encrypted using B’s public key, to assure B that its correspondent is A.

4. A selects a secret key Ks and sends M = E(PUb, E(PRa, Ks)) to B. Encryption of this
message with B’s public key ensures that only B can read it; encryption with A’s private key
ensures that only A could have sent it.

5. B computes D(PUa, D(PRb, M)) to recover the secret key

Distribution of public keys:

There are four different ways:

■ Public announcement

■ Publicly available directory

■ Public-key authority

■ Public-key certificates

1.Public announcement of public key:

Any participant can send his or her public key to any other participant or broadcast the key
to the community at large .

There are some major disadvantages like That is, some user could pretend to be user A and
send a public key to another participant or broadcast such a public key.

2.Publicly available directory:

Maintenance and distribution of the public directory would have to be the responsibility of
some trusted entity or organization.

1. The authority maintains a directory with a {name, public key} entry for each participant.

2. Each participant registers a public key with the directory authority. Registration would
have to be in person or by some form of secure authenticated communication.

3. A participant may replace the existing key with a new one at any time, either because of
the desire to replace a public key that has already been used for a large amount of data, or
because the corresponding private key has been compromised in some way.
4. Participants could also access the directory electronically.

3.Public-key authority:

1. A sends a timestamped message to the public-key authority containing a request for the
current public key of B.

2. The authority responds with a message that is encrypted using the authority’s private
key, PRauth. Thus, A is able to decrypt the message using the authority’s public key.
Therefore, A is assured that the message originated with the authority. The message
includes the following:

■ B’s public key, PUb, which A can use to encrypt messages destined for B

■ The original request used to enable A to match this response with the corresponding
earlier request and to verify that the original request was not altered before reception by
the authority ■ The original timestamp given so A can determine that this is not an old
message from the authority containing a key other than B’s current public key

4, 5. B retrieves A’s public key from the authority in the same manner as A retrieved B’s
public key. At this point, public keys have been securely delivered to A and B, and they may
begin their protected exchange. However, two additional steps are desirable:

6. B sends a message to A encrypted with PUa and containing A’s nonce (N1) as well as a
new nonce generated by B (N2). Because only B could have decrypted message (3), the
presence of N1 in message (6) assures A that the correspondent is B.

7. A returns N2, which is encrypted using B’s public key, to assure B that its correspondent
is A.
4.Public-key certificates:

Approach, first suggested by Kohnfelder,is to use certificates that can be used by

participants to exchange keys without contacting a public-key authority, in a way that is as
reliable as if the keys were obtained directly from a public-key authority.

A certificate consists of a public key, an identifier of the key owner, and the whole block
signed by a trusted third party.

The third party is a certificate authority, such as a government agency or a financial

institution, that is trusted by the user community.

A user can present his or her public key to the authority in a secure manner and obtain a
certificate. The user can then publish the certificate.

Anyone needing this user’s public key can obtain the certificate and verify that it is valid by
way of the attached trusted signature.

A participant can also convey its key information to another by transmitting its certificate.

1. Any participant can read a certificate to determine the name and public key of the
certificate’s owner.

2. Any participant can verify that the certificate originated from the certificate authority
and is not counterfeit.

3. Only the certificate authority can create and update certificates

4. Any participant can verify the time validity of the certificate

X.509 Certificate:
In x.509 the directory may serve as a repository of public-key certificates .

Each certificate contains the public key of a user and is signed with the private key of a
trusted certification authority.

X.509 is based on the use of public-key cryptography and digital signatures

 Here the hash code is generated on the unsigned certificate contains user’sID,users
public key.
 This is encrypted using the private key of trusted organization. then they obtained
the signed certificate
 If any one want the bob’s public key . then decrypt the signed certificate using
authorities public key and compare it with the hash code computed on the unsigned
certificate.
CERTIFICATE:
1. Version: Differentiates among successive versions of the certificate format; the
default is version 1
2. Serial number: An integer value unique within the issuing CA that is unambiguously
associated with this certificate
3. Signature algorithm identifier: The algorithm used to sign the certificate together
with any associated parameters. Because this information is repeated in the
signature field at the end of the certificate.
4. Issuer name: X.500 name of the CA that created and signed this certificate.
5. Period of validity: Consists of two dates: the first and last on which the certificate is
valid.
6. Subject name: The name of the user to whom this certificate refers. That is, this
certificate certifies the public key of the subject who holds the corresponding private
key
7. Subject’s public-key information: The public key of the subject, plus an identifier of
the algorithm for which this key is to be used, together with any associated
parameters
8. Issuer unique identifier: An optional-bit string field used to identify uniquely the
issuing CA in the event the X.500 name has been reused for different entities.
9. Subject unique identifier: An optional-bit string field used to identify uniquely the
subject in the event the X.500 name has been reused for different entities.
10. Extensions: A set of one or more extension fields. Extensions were added in version
3 and are discussed later in this section.
11. Signature: Covers all of the other fields of the certificate. One component of this
field is the digital signature applied to the other fields of the certificate. This field
includes the signature algorithm identifier
Public key infrastructure:
Public Key Infrastructure X.509 (PKIX)

■ End entity: A generic term used to denote end users, devices (e.g., servers, routers), or
any other entity that can be identified in the subject field of a public-key certificate. End
entities typically consume and/or support PKIrelated services.

■ Certification authority (CA): The issuer of certificates and (usually) certificate revocation
lists (CRLs). It may also support a variety of administrative functions, although these are
often delegated to one or more Registration Authorities.

■ Registration authority (RA): An optional component that can assume a number of

administrative functions from the CA. The RA is often associated with the end entity
registration process but can assist in a number of other areas as well.

■ CRL issuer: An optional component that a CA can delegate to publish CRLs.

■ Repository: A generic term used to denote any method for storing certificates and CRLs
so that they can be retrieved by end entities

PKIX management function:?