Key Establishment Techniques: Key Distribution and Key Agreement

# Key Establishment Techniques: Key Distribution and Key Agreement

## Key Establishment Techniques: Key Distribution and Key Agreement

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
##### Presentation Transcript

1. Key Establishment Techniques:Key Distribution and Key Agreement Wade Trappe

2. Key Establishment: The problem • Securing communication requires that the data is encrypted before being transmitted. • Associated with encryption and decryption are keys that must be shared by the participants. • The problem of securing the data then becomes the problem of securing the establishment of keys. • Task: If the participants do not physically meet, then how do the participants establish a shared key? • Two types of key establishment: • Key Agreement • Key Distribution

3. Alice Bob Bob Calculates: Key Distribution • Key Agreement protocols: the key isn’t determined until after the protocol is performed. • Key Distribution protocols: one party generates the key and distributes it to Bob and/or Alice (Shamir’s 3pass, Kerberos). • Shamir’s Three-Pass Protocol: • Alice generates and Bob generates . • A key K is distributed by:

4. Step 1 Step 2 Step 3 Step 5 Step 4 Basic TTP Key Distribution KDC Kb Ka 1. A Sends: {Request || IDA || IDB || N1} 2. KDC Sends: EKa[ KAB|| {Request || IDA || IDB || N1}||EKb(KAB, IDA)] 3. A Sends: EKb(KAB, IDA) 4. B Sends: EKAB(N2) 5. A Sends: EKAB(f(N2))

5. Given a prime p, a generator g of , and elements and , it is computationally difficult to find . Key Agreement • In many scenarios, it is desirable for two parties to exchange messages in order to establish a shared secret that may be used to generate a key. • The Diffie-Hellman (DH) protocol is a basic tool used to establish shared keys in two-party communication. • Two parties, A and B, establish a shared secret by: • The security of the DH scheme is based upon the intractibility of the Diffie-Hellman Problem: • The Diffie-Hellman scheme can be extended to work on arbitrary groups (e.g. Elliptic Curves).

6. Begins DH Begins DH Calculates Calculates Calculates Encrypts data with KAE Intruder In The Middle • The Intruder-in-the-Middle attack on Diffie-Hellman is based upon the following strategy to improve one’s chess ranking: • Eve challenges two grandmasters, and uses GM1’s moves against GM2. Eve can either win one game, or tie both games. • Eve has and can perform the Intruder-in-the-Middle attack by: Alice Eve Bob Decrypts data with KAE, uses data and encrypts with KBE Decrypts data with KBE

7. Calculates Alice Bob Calculates Decrypts to get: Station-to-Station Protocol • Digital signatures can be used to prevent this protocol failure (STS Protocol). • A digital signature is a scheme that ties a message and its author together. • Private sig( ) function and Public ver( ) function. Verifies sig Verifies sig

8. N-to-N Group Key Establishment • Many group scenarios require contributory key establishment protocols. • 1-to-1 Key Establishment: Diffie-Hellman (DH) protocol • Two parties, A and B, establish a shared secret by: • Extensions to multi-user scenarios: • Ingemarsson: Requires N-1 rounds and O(N2) exponentiations • Burmester-Desmedt: Requires 2 rounds but full broadcast • GDH (Steiner et al.): Requires N rounds and O(N) exp.

9. Butterfly Group Diffie-Hellman Example: u1 u2 u3 u4 • Can be extended to arbitrary radix b using Ingemarsson as the basic building block. • Total Rounds: • Total Messages: • Optimal radix in both cases is 2. u5 u6 u7 u8

10. Ke K0 K1 K01 K10 K00 K11 The Conference Tree • Group key formation procedure is described by: • Communication flow diagram • Conference Tree • Conference tree describes the subgroups and subgroup keys. u1 u2 u3 u4 u5 u6 u7 K101 K001 K011 K100 K110 K000 K010 K111 u8

11. Making Primes • Fact: Let n be an odd prime and let , where r is odd. Let a be any integer such that gcd(a,n)=1. Then either or for some . • Definition: Let n be an odd composite with . Let . If either or , for some then n is a strong pseudoprime base a, and a is a strong liar for n. • Fact: If n is an odd composite integer, then at most 1/4 of the numbers a are strong liars for n. • We can use this in a Monte-Carlo algorithm to produce “primes”: • Test t different a’s. • Probability of falsely identifying a prime is