Ask
Login
0
4.5kviews
How are the keys distributed in conventional encryption systems.
written 7.8 years ago by gravatar for teamques10 teamques10 64k modified 2.2 years ago by gravatar for pedsangini276 pedsangini276 4.7k

Similar questions

Short note on: Key Distribution Center

Marks: 10 M

Year: May 2012, Dec 2012
data compression and encryption
ADD COMMENT EDIT
1 Answer
1
65views
written 7.8 years ago by gravatar for teamques10 teamques10 64k
  1. For symmetric encryption two parties must have same key.
  2. The key must be protected from access to others.
  3. Also frequently key changes are usually desirable to limit the attacker.
  4. The strength of any cryptographic system rests with the key distribution.
  5. Definition: It is the means of delivering key to two parties who wish to exchange data without allowing others to see the key.

For two parties A and B a key distribution can be achieved by following ways:

a) A can select a key and physically deliver it to B.

b) The third party can select the key and physically deliver it to B and A.

c) If A and B have previously and recently used a key, one party can transmit the new key to the other, encrypted using old key.

d) If A and B each has an encrypted connection to a third party C. It can deliver the key on the encrypted links to A and B.

There are 2 types of keys:

  1. Communication between end systems using a temporary key often referred to as a session key.
  2. Session key is used to for the duplexer of logical connection and then discarded.
  3. Each session’s key is obtained from a Key Distribution Cenre (KDC).
  4. Session keys are transmitted in an encrypted from using a “ Master Key” that is shared by KDC and an end user. The Master key is unique for each end user that it shares with KDC.

enter image description here

Example: Let User ‘A’ wishes to establish a logical connection with ‘B’ and requires one time session key to protect the data transmitted over the communication.

A has master key Ka only known to itself and it is only known to a KDC.

B has master key to known only to B and KDC.

The following steps occur:

enter image description here

  1. A issues a request to KDC for a session key to protect logical connection to B

    The message includes the identity of A and B and a unique identification N1 for this transaction which is referred to as “Nounce”. Nounce may be a timestamp , a counter or a random number a minimum requirement is that it differs with each request. Also to prevent masquerade it should be difficult for an opponent to guess the nounce.

  2. KDC responds with a message encrypted using Ko. This A is only one who can successfully read the message and A knows that it originated at KDC. The message includes two items for A.

    • One time session key Ks to be used for session.
    • Original request message, including ‘nounce’ to enable A to match this response with appropriate requirement.
    • Thus A can verify that its orginal message has not been altered before reception by KDC.

    • In addition it includes 2 items for B :

      i. One time session key Ks.

      ii. Identification of A IDA

    • The last two items are encrypted with Kbc Master key Kb that KDC shares with B

  3. A stores the session key for use in upcoming session and forwards it to B. E (Kb, [Ks || I$D_A$]] B knows that session key is Ks and other party is A [from I$D_A$]
ADD COMMENT EDIT
Please log in to add an answer.