信息安全基础4(密码编码学及网络安全).ppt

Chapter 4 Key Management Key Management Manage all stages of keys in the whole lifecycle, including the generation, storage, distribution, organization, employment, suspension, update destruction(产生、存储、分配、组织、使用、停用、更换、销毁) Overview 1 Principle All-around Security 全程安全 Minimal Right 最小权利 Responsibility Separation 责任分离 Key Classification 密钥分级 Key Replacement 密钥更换 Enough Length 足够长度 Different cryptosystem, different management policy 针对不同密码体制采取不同管理策略 2 Key Management for Symmetric Cipher Centralization, KDC distributes session key for every session and tends to be the bottleneck and the attacking aim Key Organization Classification – Elementary Key初级密钥: used for encrypting decrypting data Kc (for communication), Ks (for session), Kf (for file) – Secondary Key二级密钥: used for protecting EK KNC, KNS, KNF (N----node) – Master Key主密钥: the topmost level KM Elementary Key Key for encryption decryption, Kc for communication, Ks for session, Kf for file storage Generated by hardware or software of the system, can also be specified by user Kc Ks is one-time pad, while the lifecycle of Kf is as long as the file K is protected by KN during its lifecycle Secondary Key Key to protect elementary key, KNC for Kc, KNS for Ks, KNF for Kf Generated by hardware or software Lifecycle is long KN is protected by KM during its lifecycle Master Key The maximal key in key management system Generated by hardware and installed/distributed by security experts Have the longest lifecycle Key Generation Different strategies for different level keys Randomicity: long-period, non-linear, equal-probability, uncertain High-level key: real-randomicity Low-level key: pseudo-randomicity Generation of Master Key Real-randomicity sequences with high quality Means: transform the random simulation signals from the nature into digitals, based on the mechanics noise source or the electronics noise source Generation of Secondary Key Encrypt the random numbers KN=E(E(E(E(i,RN1),RN2),RN1),RN3), i is a ordi