Key Management: Challenges and Solutions in Cryptography

1. Chapter 8: Key Management Dulal C Kar Based on Bruce Schneier

2. Introduction • Hardest part of cryptography • Keeping keys secret is hard • Cryptanalysts often attack key management protocols and algorithms

3. Generating Keys • Security rests on keys • Key generation algorithm can be under attack • Reduced key spaces • DES has a 56-bit key • Fixing some of the bits reduces key space • Example: Key for Norton Discreet for MS-DOS actually reduces to a 40-bit key, 10000 times easier to break

4. Generating Keys (cont’d) • Poor Key Choices • Same as poor password choices • Subject to dictionary attack • Dictionary attack is much more effective when used against a key of files and not a single key

5. Generating Keys (cont’d) • Random Keys • Best keys but how to generate them • Use reliable random source such as noise from audio or radioactive decay or cryptographically secure pseudo random-bit generator • Discard weak keys. DES has only 16 weak keys. • Generating keys for public-key cryptography is harder due to math

6. Generating Keys (cont’d) • Pass Phrases • Use easy to remember phrase • Then use a one-way hash function to obtain a pseudo-random-bit string from the phrase • Information theory • About 1.3 bits of info per character in standard English • For 64-bit key, a pass phrase of about 49 characters should be sufficient

7. Generating Keys (cont’d) • ANSI X9.17 Key generation • “Not east to remember” keys • Suitable for sessions • Uses triple-DES to generate keys • Algorithm Let EK(X) be triple-DES encryption of X with key K. K: special key reserved for key generation V0: secret 64-bit seed T: timestamp To generate random key Ri, calculate Ri = EK(EK(Ti) xor Vi) To generate Vi+1, calculate Vi+1 = EK(EK(Ti) xor Ri) To turn Ri into DES key, simply adjust every eight bit for parity.

8. Generating Keys (cont’d) • DoD Key generation • Recommends using DES in OFB (output feedback) mode • Generate a DES key from system interrupt vectors, system status registers, and system counters • Generate an initialization vector from the system clock, system ID, and date and time • For plaintext, use an externally generated 64-bit quantity (or type eight characters) • Use the output as your key

9. Transferring Keys • Public key cryptography solves the problem • Some systems use alternate channels known to be secure • Two types of keys by X9.17 standard • Data keys (distributed more often) • Key encryption keys (manually distributed, tamper proof smart card) • Key distribution • Split key using secret splitting scheme • Send each share over a different channel

10. Transferring Keys (cont’d) • Key distribution in large networks • Total number key exchanges for n-users is n(n-1)/2 • Better to create a central key server (or servers)

11. Verifying Keys • When Bob receives a key, how does he know it came from Alice and not from some-one pretending to be Alice? • Alice can use a digital signature protocol to sign the key • Bob has to trust public-key database to verify Alice’s signature • KDC can sign Alice’s public key • Bob has to trust KDC’s public key he has • In this sense, some people argue that public-key cryptography is useless

12. Verifying Keys (cont’d) • Error detection during key transmission • Send key as well as a known constant 2 to 4 bytes encrypted by the key • At the receiving do the same to verify • Key-error detection during decryption • For ASCII plaintext, decrypt and see whether you can read • For random plaintext • Attach a verification block header, a known header encrypted by the key • Decrypt at the receiver to verify