6.2 KEY DISTRIBUTION

Team-Fly

6.2 KEY DISTRIBUTION

Most of the security services that are enumerated in the OSI security architecture are based on cryptographic mechanisms, and the use of these mechanisms generally requires a corresponding key management infrastructure. According to RFC 2828, the term key management refers to the "process of handling and controlling cryptographic keys and related material (such as initialization values) during their life cycle in a cryptographic system, including ordering, generating, distributing, storing, loading, escrowing, archiving, auditing, and destroying the material" [9]. As such, key distribution is certainly an important part of key management, and key distribution has often turned out to be the Achilles heel of any network security architecture. Key distribution is carried out with protocols, and many of the important properties of key distribution protocols do not depend on the underlying cryptographic algorithms, but rather on the structure of the messages exchanged. Therefore, security leaks and vulnerabilities do not come from weak cryptographic algorithms, but rather from mistakes in higher levels of the protocol design.

The Institute of Electrical and Electronic Engineers (IEEE) WG 802.10 was formed in May 1988 to address the security needs of local and metropolitan area networks and to specify standards for interoperable LAN/MAN security (SILS).[5] The WG was cosponsored by the IEEE Technical Committee on Computer Communications and by the IEEE Technical Committee on Security and Privacy. Within IEEE 802.10, work on cryptographic key management began in May 1989 and was formally approved in 1998 [10]. As such, the IEEE 802.10 WG is in "hibernation" but can still be contacted for assistance.

The key management model and protocols specified in IEEE 802.10 support three classes of key distribution techniques: manual key distribution, center-based key distribution, and certificate-based key distribution. This classification is useful and also used in this book.

6.2.1 Manual Key Distribution

Manual key distribution techniques are the simplest techniques one can use to distribute cryptographic keys. Using manual key distribution, off-line delivery methods are used to establish pairwise or multicast cryptographic keys among the communicating peers.

Manual key distribution techniques are simple and straightforward. They are appropriate for small numbers of communicating peers. If the number of communicating peers increases beyond a certain threshold, however, the scalability problems become obvious and the use of manual key distribution techniques is too cumbersome. Also, manual key distribution techniques do not provide any authentication other than that provided by the corresponding off-line delivery method. Therefore, the strength of the procedures used for off-line delivery of the cryptographic keys is extremely important. In many cases, manual delivery of cryptographic keys is required at least once per user, and distribution of additional keying material can be performed using the manually distributed key as a key encryption key (KEK). The encrypted keying material can then be distributed using any convenient method.

6.2.2 Center-Based Key Distribution

Center-based key distribution techniques may be used to establish pairwise or multicast cryptographic keys among communicating peers by way of trusted third parties (TTPs). A TTP, in turn, may act as:

  • A key distribution center (KDC);

  • A key translation center (KTC).

In either case, the TTP shares a secret with each principal in its domain. This secret is used to establish a secure channel between the TTP and the principal. In the case of a KDC, the TTP generates the cryptographic keys and distributes them to either principal using a secure channel. In the case of a KTC, the TTP receives the cryptographic keys from one secure channel and forwards them to another. In this case, the TTP simply acts as a relay that possibly decrypts and reencrypts the cryptographic keys.

Most existing center-based key distribution methods have been tailored to specific scenarios and applications. For example, any scheme relying on time stamps favors the local environment, where all users have access to a commonly trusted time server. While requiring tightly synchronized clocks in the wide area is conceivable, it is certainly harder. More important, existing schemes make specific assumptions about network configuration and connectivity models. For instance, they may dictate a specific communication paradigm for contacting a trusted server or KDC. When a principal A needs a key to communicate with another principal B, Kerberos, for example, requires that A obtain the desired key from the KDC before communicating with B. This paradigm is sometimes referred to as the pull model. By contrast, in the same situation, the U.S. standard for financial institution key management (ANSI X9.17) specifies that A must contact B first, and let B get the necessary key from the KDC. This paradigm is sometimes referred to as the push model. In short, A pushes B to contact the KDC and request a session key accordingly. It is important to note that neither the push model nor the pull model is better than the other, and that both models are justified in their respective environments. In a local area environment, for which Kerberos was originally designed, requiring clients to obtain the keys makes a lot of sense because it distributes the burden over many clients, thus alleviating the task of the few shared servers. In a wide area environment for which X9.17 was designed, however, the opposite approach is justified because there are typically many more clients than servers, and KDCs are typically located closer to servers than clients. Under such circumstances, the amount of system definition in terms of configuration, and the costs of the connections between clients and the KDCs required by the Kerberos approach may become prohibitive in a wide area environment. It is even possible to combine the two approaches and to come up with a mixed model for center-based key distribution.

6.2.3 Certificate-Based Key Distribution

Certificate-based key distribution techniques may be used to establish pairwise cryptographic keys. In this case, the use of public keys and public key certificates is mandatory. There are two classes of certificate-based key distribution techniques to be distinguished:

  • A public key cryptosystem is used to encrypt a locally generated cryptographic key and to protect it while it is being transferred to a remote key management entity. This is called a key transfer.

  • A cryptographic key is cooperatively generated at both the local and remote key management entity. This is called a key exchange or key agreement. The best example for a key agreement protocol is the Diffie-Hellman key exchange as discussed earlier in this chapter.

We postpone the discussion of public keys and public key certificates to Chapter 19, when we elaborate on public key infrastructures (PKIs).

In general, certificate-based key distribution techniques may not be directly used to establish multicast keys. However, once pairwise cryptographic keys are established, they can be used to further protect the distribution of multicast keys.

[5]http://grouper.ieee.org/groups/802/10/


Team-Fly


Internet and Intranet Security
Internet & Intranet Security
ISBN: 1580531660
EAN: 2147483647
Year: 2002
Pages: 144

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net