信息安全基础密码编码学与网络安全.ppt

Chapter4KeyManagement 2012 FoundationofInformationSecurity Manageallstagesofkeysinthewholelifecycle includingthegeneration storage distribution organization employment suspension update destruction 产生 存储 分配 组织 使用 停用 更换 销毁 KeyManagement 1 2 3 Overview Principle KeyManagementforSymmetricCipher KeyManagementforAsymmetricCipher All aroundSecurity全程安全MinimalRight最小权利ResponsibilitySeparation责任分离KeyClassification密钥分级KeyReplacement密钥更换EnoughLength足够长度Differentcryptosystem differentmanagementpolicy针对不同密码体制采取不同管理策略 1Principle Centralization KDCdistributessessionkeyforeverysessionandtendstobethebottleneckandtheattackingaim 2KeyManagementforSymmetricCipher Classification ElementaryKey初级密钥 usedforencrypting decryptingdataKc forcommunication Ks forsession Kf forfile SecondaryKey二级密钥 usedforprotectingEKKNC KNS KNF N node MasterKey主密钥 thetopmostlevelKM KeyOrganization ElementaryKey Keyforencryption decryption Kcforcommunication Ksforsession KfforfilestorageGeneratedbyhardwareorsoftwareofthesystem canalsobespecifiedbyuserKc Ksisone timepad whilethelifecycleofKfisaslongasthefileKisprotectedbyKNduringitslifecycle SecondaryKey Keytoprotectelementarykey KNCforKc KNSforKs KNFforKfGeneratedbyhardwareorsoftwareLifecycleislongKNisprotectedbyKMduringitslifecycle MasterKey ThemaximalkeyinkeymanagementsystemGeneratedbyhardwareandinstalled distributedbysecurityexpertsHavethelongestlifecycle KeyGeneration DifferentstrategiesfordifferentlevelkeysRandomicity long period non linear equal probability uncertainHigh levelkey real randomicityLow levelkey pseudo randomicity GenerationofMasterKey Real randomicitysequenceswithhighqualityMeans transformtherandomsimulationsignalsfromthenatureintodigitals basedonthemechanicsnoisesourceortheelectronicsnoisesource GenerationofSecondaryKey EncrypttherandomnumbersKN E E E E i RN1 RN2 RN1 RN3 iisaordinalnumber RN1 RN2isreal random RN3ispseudo random GenerationofElementaryKey Decryptpseudo randomnumbersbyKNKc D RN1 KNC Ks D RN2 KNS Kf D RN3 KNF Veryfast KeyDistribution MasterKey bymanpower notpracticalforlargenetworkSecondaryKey encryptedbymasterkey thentransformtheciphertextviathenetworkElementaryKey transformthegeneratedrandomnumberdirectly recoverythekeybydecryptingthenumberusingthesecondarykey KeyDistributionforSecondaryKey KeyDistributionforElementaryKey ByDiffie Hellmanin1976alongwiththeexpositionofpublickeyconceptsApracticalmethodforpublicexchangeofasecretkey usedinanumberofcommercialproductsMathematicalbasis basedonexponentiationinafinitefield moduloaprime easy securityreliesonthedifficultyofcomputingdiscretelogarithms离散对数 similartofactoring hard Diffie HellmanKeyExchange Steps Public q YA YBPrivate XA XBK YB XAmodq XBmodq XAmodq XB XAmodq XBXAmodq XA XBmodq XAmodq XBmodq YA XBmodq CannotbeusedtoexchangeanarbitrarymessageassessionkeybutapowerKnownonlytothetwoparticipantsValueofkeydependsontheparticipants theirprivateandpublicinformation Attackerneedsanx mustsolvediscretelogproblem AnalysisofDiffie Hellman Diffie HellmanExample q 97 5 primitiverootofqAandBselectssecretkeysXA 36andXB 58Eachcomputespublickey YA 536 50mod97 YB 558 44mod97Afterexchangingpublickeys eachcomputethecommonsecretkey K YB XAmod97 4436 75mod97K YA XBmod97 5058 75mod97 TheattackerDarthgeneratestworandomprivate information XD1 XD2 andcomputesthecorrespondingpublic information YD1 YD2AlicetransformsherYAtoBobDarthinterceptsYAandtransformYD1toBob andcalculatesK2 YA XD2modqBobreceivesYD1 andcalculatesK1 YD1 XBmodqBobtransformsYBtoAliceDarthinterceptsYBandtransformYD2toAlice andcalculatesK1 YB XD1modqAlicereceivesYD2 andcalculatesK2 YD2 XAmodqResult Bob DarthshareK1 Alice DarthshareK2 Middle manAttackagainstDiffie Hellman Alice Bob Darth YA YD1 K1 YD1 XBmodq K2 YD2 XAmodq K2 YA XD2modq YB K1 YB XD1modq YD2 Tocountersuchanattack end to endauthentication theuseofdigitalsignaturesorpublic keycertificates isrequired KeyStorage Backup Principle plaintextsofkeysareforbiddenoutofthekeymanagementequipmentsPhysicalassurance reliablestoragemediumManagingassurance secureaccess control访问控制mechanism KeyStorage MasterKey storetheplaintextintheappropriative专用的cipherequipments orstoretheportionsdiscretelyinseveralequipmentsevenindifferentplaces MinimalRight SecondaryKey storetheciphertextinthememorizer存储器ElementaryKey storetheciphertextofKfinthememorizer storetheciphertextofKc Ksinthememory内存 KeyBackup Backupisalsoastorageindifferentequipments differentplacesThebackupedkeysareassecureastheoriginalkeysThelow classkeysshouldbeprotectedbyhigh classkeysinciphertextThehigh classkeysinplaintextstorageshouldbeseparatedinportionsThebackupshouldberecoveredconvenientlyLog日志recordedforaudit审计 KeyUpdate MasterKey alldescendants后代 secondary elementarykeysshouldbeupdatedSecondaryKey alldescendants correlativeelementarykeysshouldbeupdatedElementaryKeyforKc Ks one timepad noextraoperationforKf decryptwithformerkey encryptwithrenewedkey KeySuspension停用 Destruction Keysshouldbesecurelystored protectedaftersuspensiontomanagetheinformationencryptedbythemuntiltheirdestructionDestructionincludesthebackupedkeys PU public integrity authenticityPR secret confidentiality integrity authenticityThecorrespondingrelationofPU user sidentityisprotectedbysignature 3KeyManagementforAsymmetricCipher KeyGeneration Notrandomnumber meetgivenalgorithm KeyDistribution Ensuretheauthenticity integrityofPUinPKDBbydigitalsignatureCertificate thesignatureoftheuser sidentifierandhisPUbyatrustedentityCA CertificationAuthority 认证中心 thetrustedentitywhosubscribesthesignaturesofPU Definesframeworkforauthenticationservices directorymaystorepublic keycertificates includespublickeyofuser signedbycertificationauthoritywithitsPRUsespublic keycrypto digitalsignatures algorithmsnotstandardised butRSArecommendedPublic keycertificateisthetrustedcarrierofPUanddistributePUsecurely usedinE commerce E government X 509AuthenticationService IssuedbyaCertificationAuthority认证中心 CA containing version 1 2 or3 serialnumber uniquewithinCA identifyingcertificate signaturealgorithmidentifier issuerX 500name CAname periodofvalidity from todates subjectX 500name nameofowner subjectpublic keyinfo algorithm parameters key issueruniqueidentifier v2 subjectuniqueidentifier v2 extensionfields v3 signature subscribehashofallfieldsincertificate CA denotescertificateforAsignedbyCA X 509Certificates ObtainingaCertificate AnyuserwithaccesstoCAcangetanycertificatefromitOnlytheCAcanmodifyacertificateBecausecannotbeforged certificatescanbeplacedinapublicdirectory VerifyingaCertificate AuserobtainCA spublickeyinCA scertificate thencanverifythesecurityofotherusers publickeysincertificatesCA scertificateissubscribedbyitselforitsparentCA IfbothusersshareacommonCAthentheyareassumedtoknowCA scertificate otherwiseCAsmustformahierarchyUsecertificateslinkingmembersofhierarchytovalidateotherCAs certificatesEachclienttrustsparentscertificates trustbetweenCAsdependsontheircertificatesforeachother CAHierarchy层次结构 GivenX1 X2 forA Bhowtoauthenticateeachother X1X2subscribetheotherside forA certificateslinkingX1 X2 forB certificateslinkingX2 X1 Example CertificateshaveaperiodofvalidityMayneedtorevokebeforeexpiry到期 eg user sprivatekeyiscompromised userisnolongercertifiedbythisCA CA scertificateiscompromisedCAmaintainslistofrevokedcertificatesbysignature theCertificateRevocationList CRL Userssh