 Now let us begin the session on key management, myself Rashmi Dixit. So learning outcome at the end of this session, students will be able to explain different key distribution strategies. So let us begin the session. Now look at here at a diagram, Alice and Bob want to form a some kind of communication. It might be business or it could be even personal, but whatever else it must be confidential. And the third person in this relationship is Eve. And as her name suggests, she is an Eve's dropper who want to know what is going on between Alice and Bob. To do that she has to intercept their information. So Alice and Bob can prevent or can protect themselves using encryption. The most obvious form of encryption is called as symmetric encryption, which uses a single key to encrypt a plain text or to decrypt a cipher text back from plain text. Similarly symmetric encryption suffered one enormous shortcoming that is it was necessary for either sender or receiver to create a key and then send to the other party. While the key was in transits, it could be stolen or copied by third party who would be then able to decrypt any cipher text encrypted with the key. And another problem is that the large number of keys, key pairs are needed between communicating parties that is n multiplied by n minus 1 by 2 where n is the number of communicating parties. One of the major roles of public key encryption has been to address the problem of key distribution. There are two aspects for key management. Distribution of public keys and use of public key encryption to distribute secret keys. So asymmetric cryptography, better known as public key cryptography, tied steps. The key distribution problem as each user creates their own keys, the private key and the public key. Together the two keys are known as key pair. There are different techniques for distribution of public key, public announcement, publicly available directory, public key authority, public key certificate. Now we will discuss one by one. So public announcement, user distributes public key to recipient or broadcast to community at a large. On the face it is a public key. So no problem with that. Now PGP, one of the better known algorithm means technique, pretty good privacy, appended public keys to email messages or post to new groups or email list. Now what is a major weakness for this is forgery. Anyone can create a key claiming to be someone else and broadcast it. Until forgery is discovered can masquerade as claimed user for authentication. So public announcement as name suggests the broadcast, A, B, broadcast their key anyone can use who want to communicate with them. The next one is publicly available directory. So like phone directory, the third party or a trusted party create directory which store the name of the user and their public key. A greater degree of security can be achieved by maintaining a publicly available dynamic directory of public keys. Maintenance and distribution of the public directory would have to be responsibility of some trusted entity or organization. Participants register securely with the directory. Participants can replace their key at any time and directory is periodically published and directory can be accessed electronically. But it is still vulnerable to tempering or forgery, okay. Means anyone can put their name and public key, any hacker can put their name and public key and start communication with node present in that set. Now the third one is public key authority, stronger security for public key distribution. It improves security by tightening control over distribution of keys from directory. It requires users to know public key for the directory. And users interact with the directory to obtain the desired public key securely and it requires real time access to directory when keys are needed, okay. Now just check out the flow of what happens in public key authority. So A, B, A want to start a communication with a B, huh. So trusted third party which is act as a public key authority. So A sends a timestamp message to the public key authority containing a request for the B's public key. The authority responds with a message that is encrypted using the authority's private key that is PR auth, huh. A stores B's public key and also uses it to encrypt a message which A is going to send for B. So communication start from A side to B. Now it is time of a B to find out or to retry use A's public key from the authority in the same manner as retry B's public key, okay. So first step one, A request B, step two authority send a public key of B, step three A stores B's public key and now start communication, step four and five B retrieves A's public key from the authority in the same manner and at this point the public keys have been securely delivered to A and B and now communication response start from B side. So step six and seven B sends a message to A encrypted with P authority means that is public key of A returns knowns that is N2 means short message encrypted using B's public key to assure B that it is A that is important here two things are important confidentiality as well as authentication. Now taking public key is simple but keeping that communication between the authenticated user is important. Now the fourth one is public key certificates means higher to that the public key authority could be a bottleneck in the system certificates allow key exchange without real time access to public key authority. A certificate binds identity to public key and all contains signed by a trusted public key or certificate authority which is called as CA which certifies the authority and only the CA can make the certificate, okay. Now this is the fourth technique for distribution of public key. Now we will see one by one now here is a flow how that work happens any participant can read a certificate to determine the name and public key of the certificate owner any participant can verify that the certificate originated from the certificate authority and it is not counterfeit only the certificate authority can create and update certificate and any participant can verify the currency of the certificate sorry so these are the characteristic of certificate authority. So A communicate with the certificate authority to get a certificate to start the communication with B then B get a certificate from certificate authority to start or to reply to B what is advantage it avoid the bottleneck and there is a one trusted authority certificate authority which deliver a certificate to the particular nodes. Public key distribution of secret key public key algorithms are slow. So usually want to use private key encryption to protect message contain and this particular need a session key. Now simple secret key distribution it is proposed by Merkel in 1979 A generates a new temporary public key pair A sends B the public key and their identity B generates a session key and send it to A encrypted using the supplied public key and A decrypt the session key and they both use the same session key or secret key for that particular session. Look at here the public key distribution of secret key first securely exchange public key using a previous method. So A sends a message which is encrypted using the public key of B containing the nodes and the identity of A and in return B sends a message containing the nodes send by A along with B's nodes which is encrypted using the public key of A. So now with the help of nodes send by A A gets that the B is the same with which that A wants to start a communication. Now again A sends a nodes which is encrypted using the public key of B so that the B identify that it is the A only and it is a type of encryption that is a KS session key which is encrypted using the private key of A and double encrypted using the public key of B. This is important for giving two way security. Now dear student please pause the video and try to answer which one of the following is not a public key distribution means public key certificate hashing certificate publicly available directory and public key authority please try to recall whatever we have seen in the video. So public key certificate is not a public key distribution mean so this is a reference.