Thursday, July 29, 2021

Public Key Distribution in Network Security


There are four methods of public key distribution:

1.    Public Announcement of Public Keys

In a public key cryptography, such as RSA, any user can send his/her key to any other user or broadcast it to the group as shown in figure. This type of approach is having a biggest drawback. Any user can pretend to be a user A and send a public to another user or broadcast it. Until user A has got this thing and alerts to other user, a pretender is able to read all encrypted message of other users.

Figure : Public Announcement of Public Keys

2.    Publicly Available Directory

A dynamic publicly available directory is used to achieve the security. Maintenance and distribution of public directory is controlled by a trust entity. This technique is explained as follows and shown in figure.

1.    A trusted entity maintains a directory for each user as <name, public key>

2.    Each user has to register a public key with the directory.

3.    A user can replace the existing key with a new one at any time for any particular reason.

It is more secure than public announcement but still having some weakness. A hacker can obtain the private key of directory or temper with the information kept by directory.

Figure : Publicly Available Directory

3.    Public-Key Authority

It gives stronger security. As shown in figure a central authority keeps a dynamic directory of public keys of all users. Additionally, each user knows the public key of authority.

Step – 1: A sends a time stamped message to the public-key authority containing a request for the current public key of B.

Step – 2: The authority responds with a message that is encrypted using the authority’s private key, PRauth. Thus, A is able to decrypt the message using the authority’s public key. Therefore, A is assured that the message originated with the authority.

The message includes the following: B’s public key, PUb, which A can use to encrypt messages destined for B. The original request used to enable A to match this response with the corresponding earlier request and to verify that the original request was not altered before reception by the authority. The original timestamp given so A can determine that this is not an old message from the authority containing a key other than B’s current public key.

Step – 3: A stores B’s public key and also uses it to encrypt a message to B containing an identifier of A (IDA) and a nonce (N1), which is used to identify this transaction uniquely.

Step – 4 & 5: B retrieves A’s public key from the authority in the same manner as A retrieved B’s public key.

Step – 6: B sends a message to A encrypted with PUa and containing A’s nonce (N1) as well as a new nonce generated by B (N2). Because only B could have decrypted message (3), the presence of in message (6) assures A that the correspondent is B.

Step – 7: A returns N2, which is encrypted using B’s public key, to assure B that its correspondent is A.

Figure : Public Key Authority

4.    Public-Key Certificates

The directory of names and public keys maintained by the authority is vulnerable to tampering. An alternative approach, first suggested by Kohnfelder, is to use certificates. In essence, a certificate consists of a public key, an identifier of the key owner, and the whole block signed by a trusted third party. Typically, the third party is a certificate authority, such as a government agency or a financial institution that is trusted by the user community. A user can present his or her public key to the authority in a secure manner and obtain a certificate. The user can then publish the certificate. Anyone needing this user’s public key can obtain the certificate and verify that it is valid by way of the attached trusted signature. A participant can also convey its key information to another by transmitting its certificate. Other participants can verify that the certificate was created by the authority.

We can place the following requirements on this scheme:

Step – 1: Any participant can read a certificate to determine the name and public key of the certificate’s owner.

Step – 2: Any participant can verify that the certificate originated from the certificate authority and is not counterfeit.

Step – 3: Only the certificate authority can create and update certificates.

Step – 4: Any participant can verify the certificate.

Figure : Public Key Certificates

        To learn more about Public Key Distribution, Watch below video

Video : Symmetric Key Distribution using Symmetric Encryption

Watch more videos click here.

No comments:

Post a Comment