Key management includes all of the provisions made in a crypto-system design, in cryptographic protocols in that design, in user procedures, and so on, which are related to generation, exchange, storage, safeguarding, use, vetting, and replacement of keys.

Key distribution

out of band key exchange

• use of physical means, including ordinary mail and couriers

online key distribution

• hierarchical symmetric key distribution

  • top level = master key (exchanged rarely)
  • master key serves for encryption of session keys that are frequently exchanged and have short life-times

• public key distribution

  • a public key of the intended recipient is used to encrypt a session key
  • session key can be decrypted by the holder of corresponding private key
  • authenticated public key exchange has to take place beforehand (accomplished with CAs)

• Diffie-Hellman (DH)

  • public key algorithm
  • first generates public component
  • private component is generated separately by each party
  • each private value is merged with the public component and sent over the network
  • it is not possible to derive secret values from merged value
  • recipient uses private value to compute a session key

complementary management activities

• storage

  • on tamper-resistant devices
  • in practice keys are encrypted by a symmetric algorithm and stored on a local hard disk

• archiving

• recovery

  • when a user is not present to provide the key, when key is lost or when organization wants to monitor encrypted traffic
  • key recovery techniques

• destruction

Security infrastructure

Public key infrastructure (PKI)

PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique for each CA. The binding is established through the registration and issuance process, which, depending on the level of assurance the binding has, may be carried out by software at a CA, or under human supervision. The PKI role that assures this binding is called the Registration Authority (RA) . For each user, the user identity, the public key, their binding, validity conditions and other attributes are made unforgeable in public key certificates issued by the CA.

PKI requires a synchronized time base system via Network Time Protocol (NTP) - protocol for synchronizing the clocks of computer systems.

The term trusted third party (TTP) may also be used for certificate authority (CA). The term PKI is sometimes erroneously used to denote public key algorithms, which do not require the use of a CA.

X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm.

Structure of X.509

• Certificate
  
  • Version
  • Serial Number
  • Algorithm ID
  • Issuer
  • Validity
    • Not Before
    • Not After
  • Subject
  • Subject Public Key Info
    
    • Public Key Algorithm
    • Subject Public Key
  • Issuer Unique Identifier (Optional)
  • Subject Unique Identifier (Optional)
  • Extensions (Optional)
  • ...
• Certificate Signature Algorithm
• Certificate Signature

Certificate revocation list (CRL) is a list of certificates (more accurately: their serial numbers) which have been revoked, are no longer valid, and should not be relied on by any system user. The CRL is always issued by the CA which issues the corresponding certificates. To prevent spoofing or denial-of-service attacks, CRLs are usually signed by the issuing CA and therefore carry a digital signature. To validate a specific CRL prior relying on it, the certificate of its corresponding CA is needed, which can usually be found in a public directory.

Authentication and authorization infrastructure

Authentication is provided by certificates, while authorization is a matter of policy. The two concepts should be dealt with separately.

Private key infrastructure (PKI) - provides means for authentication

Authentication and authorization infrastructure (AAI)

• uses PKI for the authentication part
• similar to PKI but AAI uses attribute certificates that are logical bound to public certificates
• idea is to enable use of resources in a global networked environment with a single sign-on procedure
• still in research (there is no widely used internet-wide AAI)
• local environment implementations of AAI exist (Kerberos)

Authorization certificate (also known as an attribute certificate) is a digital document that describes a written permission from the issuer to use a service or a resource that the issuer controls or has access to use.

Kerberos

Suite of free software published by Massachusetts Institute of Technology (MIT) that implements network authentication protocol with the same name. Its designers aimed primarily at a client-server model, and it provides mutual authentication — both the user and the server verify each other's identity.

• AS = Authentication Server
• TGS = Ticket Granting Server
• SS = Service Server
• TGT = Ticket Granting Ticket

The client authenticates to AS using a long-term shared secret and receives a ticket from the AS. Later the client can use this ticket to get additional tickets for SS without resorting to using the shared secret. These tickets can be used to prove authentication to SS.

more on wikipedia