Deck 14: Key Management and Distribution

Although public announcement of public keys is convenient, anyone can forge a public announcement.

Because certificates are forgeable they cannot be placed in a directory without the need for the directory to make special efforts to protect them.

Frequent key changes are usually desirable to limit the amount of data compromised if an attacker learns the key.

Some sort of mechanism or protocol is needed to provide for the secure distribution of keys.

X.509 defines the format for private-key certificates.

X.509 is an important standard because the certificate structure and authentication protocols defined in X.509 are used in a variety of contexts.

Master keys can be distributed in some noncryptographic way such as physical delivery.

Each user must share a unique key with the key distribution center for purposes of key distribution.

The distribution of session keys delays the start of any exchange and places a burden on network capacity.

The topics of cryptographic key management and cryptographic key distribution are complex,involving cryptographic,protocol, and management considerations.

For link encryption manual delivery is awkward.

A random number would not be a good choice for a nonce.

A public-key certificate scheme alone does not provide the necessary security to authenticate the public key.

Typically the session key is used for the duration of a logical connection,such as a frame relay connection or transport connection,and then it is permanently stored.

A __________ attack is when a protocol is insecure against an adversary who can intercept messages and can either relay the intercepted message or substitute another message.

If A and B each has an encrypted connection to a third party C,C can deliver a key on the encrypted links to A and B.A _________ center is responsible for distributing keys to pairs of users as needed.

Session keys are transmitted in encrypted form using a __________ key that is shared by the key distribution center and an end system or user.

If encryption is done at the __________ level a key is needed for every pair of users or processes that require communication.

Several techniques have been proposed for the distribution of public keys.The proposals can be grouped into the following four general schemes: public announcement,publicly available directory,public-key certificates,and ____________.

A unique identifier for a transaction is a __________ and this identifier may be a timestamp,a counter or a random number,with the minimum requirement being that it differs with each request.

Public-key encryption schemes are secure only if the authenticity of the ___________ is assured.

A _________ is defined as the set of hardware,software,people,policies,and procedures needed to create,manage,store,distribute,and revoke digital certificates based on asymmetric cryptography.

Used in a variety of applications,__________ defines the format for public-key certificates.

__________ is the function that delivers a key to two parties who wish to exchange secure encrypted data.

__________ is the process whereby a user first makes itself known to a certification authority prior to that certification authority issuing a certificate for that user.

__________ certificates are used in most network security applications including IP security,transport layer security and S/MIME.

A _________ is a generic term used to denote any method for storing certificates and CRLs so that they can be retrieved by end entities.

The directory entry for each certification authority includes two types of certificates: forward certificates and ___________ .

A __________ consists of a public key,an identifier of the key owner,and the whole block signed by a trusted third party and can be used by participants to exchange keys without contacting a public key authority in a way that is as reliable as if the keys were obtained directly from a public key authority.