Notes for Lecture-32

MCA 206: Advanced Computer Networks

1. Key Distribution

To use ciphers and authenticators the communicating participants need to know what keys to
use. The answers differ because of different types of keys. Some keys are short-lived and some
are long-lived keys.

Session Key: The session key is used to secure short episode of communication known as
session. It is always a symmetric key for speed. The session key establishment protocol is used.

2. Predistribution of Asymmetric (Public) Keys: Public key cryptography is an extremely

powerful technology, but it depends on the distribution of public keys. The problem of getting
keys to people who need them in such a way that they can be sure that the key is legitimate (i.e.,
that it belongs to the entity that it purports to belong to) turns out to be a challenging problem. So
many algorithms are available to generate a matched pair of public and private keys. But the
problem lies in publicizing the public key. The basic solution to the problem relies on the use of
digital certificates. The ownership of a predistributed public key by a certain party can be
attested to by a public key certificate that is digitally signed by a trusted party.

2.1 Public Key Infrastructure: PKI is a complete scheme for bindings between public keys and
identities – what key belongs to whom.PKI verifies the identity and bind it to the key out of
band. “Out of Bound” means something outside the network and the computers that comprise it.
A certificate is just a special type of digitally signed document. The document says, in effect, “I
certify that the public key in this document belongs to the entity named in this document, signed
X.” X in this case could be anyone with a public key. It is commonly the case that X would be a
certification authority (CA), that is, an administrative entity that is in the business of issuing
certificates. It should be clear that this certificate is only useful to a participant who already holds
the public key for X because that key is needed to verify the signature. Thus, certificates do not
in themselves solve the key distribution problem, but they give us a way to make inroads on it. A
well-known certification authority is VeriSign.

2.1.1 Certification Authorities

A certification Authority (CA) is an entity claimed (by someone) to be trustworthy for verifying
identities and issuing public key certificates. The idea of certificates allows the building of
“chains of trust.” If X certifies that a certain public key belongs to Y, and then Y goes on to
certify that another public key belongs to Z, then there exists a chain of certificates from X to Z,
even though X and Z may have never met. If Z wants to provide his public key to A, he can
provide the complete chain of certificates—the certificate for Y’s public key issued by X, and the
certificate for Z’s key issued by Y. If A has the public key for X, he can use the chain to verify
that the public key of Z is legitimate.
With this idea of building chains of trust, public key distribution becomes somewhat more
tractable. A popular way to build such chains is to arrange them in a tree-structured hierarchy. If
everyone has the public key of the root CA, then any participant can provide a chain of
certificates to another participant and know that it will be sufficient to build a chain of trust for
that participant. There are still significant issues with building chains of trust. First of all, even if
you are certain that you have the public key of the root CA, you need to be sure that every CA
from the root on down is doing its job properly. If some CA is willing to issue certificates to
individuals without verifying their identity, then what looks like a valid chain of certificates
becomes meaningless.

2.1.2 Web of Trust

In this model, trust is a matter of degree. The PK certificate includes a confidence level
indicating how confident the signer is of the key binding claimed in the certificate, so a given
user may have to have several certificates attesting to the same key binding before he is willing
to trust it. This can be exemplified by PGP security system for e-mail. It recognizes that the
problem of establishing trust is quite a personal matter.

2.1.3 Certificate Revocation

One issue that arises with certificates is how to revoke, or undo, a certificate. There may be any
number of certificates in the universe that assert that you are the owner of the public key
corresponding to that private key. The person who discovered your private key thus has
everything he needs to impersonate you: valid certificates and your private key. To solve this
problem, it would be nice to be able to revoke the certificates that bind your old, compromised
key to your identity, so that the impersonator will no longer be able to persuade other people that
he is you. The basic solution to the problem is simple enough. A certification authority can issue
a certificate revocation list (CRL), which is a digitally signed list of certificates that have been
revoked. The CRL is periodically updated and made publicly available. Because it is digitally
signed, it can just be posted on a website. Now, when participant A receives a certificate for B
that he wants to verify, A will first consult the latest CRL issued by the CA. As long as the
certificate has not been revoked, it is valid. Note that if all certificates have unlimited life spans,
the CRL would always be getting longer, since you could never take a certificate off the CRL for
fear that some copy of the revoked certificate might be used. However, by attaching an
expiration date to a certificate when it is issued, we can limit the length of time that a revoked
certificate needs to stay on a CRL. As soon as its original expiration date is passed, it can be
removed from the CRL.

2.2 X.509

One of the major standards for certificates is known as X.509. This standard leaves a lot of
details open, but specifies a basic structure for certificates. Components of a certificate clearly
must include
 the name of the entity being certified
 the public key of the entity
 the name of the certificate authority
  a digital signature

X.509 certificates may use a number of different digital signature algorithms, so the certificate
must specify which algorithm it uses. Another possible component is an expiration time for the
certificate.

3. Predistribution of Symmetric Keys

Predistribution of the secret key is more difficult than public key predistribution. There are the
reasons for this.
1. If there are N entities, N(N-1)/2 key are required.
2. Unlike public key, these keys must be kept secret.
The solution to this Key Distribution Center (KDC). It is a trusted entity that shares a secret key
with each other entity. By this approach, the number of keys comes down to (N-1).
KDC participates in a protocol that authenticates Alice and Bob using the keys that the KDC
shares with each of them.
KDC generates a new session key for them to use. Then, Alice and Bob communicate directly
using their session key. The example is Kerberos.