tailieunhanh - Chapter 15: Key Management

Objectives of Chapter 15: To explain the need for a key-distribution center; to show how a KDC can create a session key; to show how two parties can use a symmetric-key agreement protocol to create a session key; to describe Kerberos as a KDC and an authentication protocol; to explain the need for certification authorities for public keys; to introduce the idea of a Public-Key Infrastructure (PKI) and explain some of its duties. | Cryptography and Network Security Chapter 15 Objectives Chapter 15 Key Management To explain the need for a key-distribution center To show how a KDC can create a session key To show how two parties can use a symmetric-key agreement protocol to create a session key To describe Kerberos as a KDC and an authentication protocol To explain the need for certification authorities for public keys To introduce the idea of a Public-Key Infrastructure PKI and explain some of its duties 15-1 SYMMETRIC-KEY DISTRIBUTION Symmetric-key cryptography is more efficient than asymmetric-key cryptography for enciphering large messages. Symmetric-key cryptography however needs a shared secret key between two parties. The distribution of keys is another problem. Key-Distribution Center KDC Figure Key-distribution center KDC Topics discussed in this section Key-Distribution Center KDC Session Keys 1 Continued A Simple Protocol Using a KDC Figure First approach using KDC Ka Encrypted with Alice-KDC secret key Kb Encrypted with Bob-KDC secret key Session key between Alice and Bob KDC Key-distribution center Continued Needham-Schroeder Protocol Continued Otway-Rees Protocol Figure Needham-Schroeder protocol Figure Otway-Rees protocol 15-2 KERBEROS Kerberos is an authentication protocol and at the same time a KDC that has become very popular. Several systems including Windows 2000 use Kerberos. Originally designed at MIT it has gone through several versions. Topics discussed in this section Servers Operation Using Different Servers Kerberos Version 5 Realms Servers Figure Kerberos servers 2 Continued Authentication Server AS The authentication server AS is the KDC in the Kerberos protocol. Ticket-Granting Server TGS The ticket-granting server TGS issues a ticket for the real server Bob . Real Server The real server Bob provides services for the user .