CSC 774 -- Network Security - Dr. Peng Ning
CSC 774 -- Network Security - Dr. Peng Ning
CSC 774 -- Network Security - Dr. Peng Ning
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
SKIP (Cont’d)<br />
Two types of keys:<br />
1. KEK<br />
2. Packet key<br />
Certificate<br />
repository<br />
Bob’s certificate<br />
Alice’s certificate<br />
Alice<br />
Bob<br />
K p encrypted with KEK.<br />
Payload encrypted with K p .<br />
Computer Science<br />
<strong>Dr</strong>. <strong>Peng</strong> <strong>Ning</strong> <strong>CSC</strong> <strong>774</strong> <strong>Network</strong> <strong>Security</strong> 15<br />
SKIP (Cont’d)<br />
• KEK should be changed periodically<br />
– Minimize the exposure of KEK<br />
– Prevent the reuse of compromised packet keys<br />
• SKIP’s approach<br />
– KEK = h (K AB , n), where h is a one-way hash<br />
function, K AB is the the long term key between A<br />
and B, and n is a counter.<br />
Computer Science<br />
<strong>Dr</strong>. <strong>Peng</strong> <strong>Ning</strong> <strong>CSC</strong> <strong>774</strong> <strong>Network</strong> <strong>Security</strong> 16