[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: On shared keys (was RE: SOI: identity protection and DOS)

To: "Sandy Harris" <sandy@storm.ca>, "'IPsec WG'" <ipsec@lists.tislabs.com>
Subject: Re: On shared keys (was RE: SOI: identity protection and DOS)
From: "david chen" <ietf_davidchen@hotmail.com>
Date: Fri, 30 Nov 2001 13:14:45 -0500
References: <3.0.3.32.20011130021842.00db66d8@mail> <3C07A170.448E1597@storm.ca>
Sender: owner-ipsec@lists.tislabs.com

Here is my observation:

The RSA puliblic/private key (RSA key) is better than symmetric pre-shared
key (SPSK) in the following way:
Suppose both the RSA key and SPSK all using centerally managed server in a
domain and
further assume that the SPSK is one for each device (not one for each pair
of device).
Let's say there are 500 devices in this domain:
Then there will be 500 keys for SPSK so is RSA keys.
Each device will either have 499 public keys or 499 SPSKs.
Given the key management (add/delete/remove) are *almost* equal, the SPSK
has
a not ignorable drawback than RSA Key structure:
To break RSA key, attacker has to break into the device that hold the
private key or
break into the device that itself is the victim of MIM attack.
The device has to responsible for its own security.
(Given the real world that the security of a device are not created equal,
this is a reasonable requirement)

On the other hand, to break a SPSK, the attacker can choose any of the 500
devices to breakin.
The risk is much higher for a device due to it demand all other participated
devices have the
same security level.

Sure, the SPSK can increase the number of keys that limited the key to only
two parties
(and increase the complexicity of the key management)
but still it is 200% risk more than RSA key due to it demands the same level
of security level on
peer.

--- David

----- Original Message -----
From: "Sandy Harris" <sandy@storm.ca>
To: "'IPsec WG'" <ipsec@lists.tislabs.com>
Sent: Friday, November 30, 2001 10:10 AM
Subject: Re: On shared keys (was RE: SOI: identity protection and DOS)

> Alex Alten wrote:
>
> > I will re-iterate my position.  If a network security system is properly
> > designed then either Public Key or Symmetric/Private Key cryptography
> > will work fine in establishing trust.
>
> So far, so good.
>
> > I furthermore claim that Symmetric/Private Key cryptography
> > will scale to great numbers of users
>
> Sorry, but this is nonsense. The classic problem with symmetric crypto is
> key management. It neither scales well nor works well across
administrative
> boundaries.
>
> Consider n sites which all want to communicate.
>
> For symmetric ciphers, you need n*(n-1)/2 unique keys, each of which is
> known to exactly two players and none of the others. Moreover, you have
> to communicate those keys securely to the second player in each case, and
> then keep it secure on both systems.
>
> With public key, you need only n key pairs. There is no need to
communicate
> keys securely; the system is designed to work even if the enemy knows the
> public keys. Nor do you have to manage security for multiple keys, or keep
> track of who each key is shared with. You just need to keep your private
> key secure, not shared with anyone.
>
> Of course you can build a kerberos-like system using symmetric ciphers
> that has many of the advantages of public key. Using a central key server
> reduces the number of keys to n client-to-server keys and may simplify
> management. However, I doubt such a centralised model is appropriate for
> Internet infrastructure.
>
> > and I use the bank ATM secure network using DES as an excellent example.
> > ...
>
> I think that's an irrelevant example. A tightly controlled single purpose
> terminal-to-mainframe network under a single administrative authority
> bears no useful resemblanmce to the Internet. Someone gave a good detailed
> analysis earlier in the thread. You should re-read it.
>
> > As far as I'm concerned this should be the end of the discussion
>
> I agree, but for opposite reasons.
>
> > about whether or not Symmetric/Private Key cryptography can scale to
> > large numbers of users in
> > an efficient, easy to use by ordinary people, inexpensive to implement
> > manner and
> > interoperable between devices made by different manufacturers and
> > maintained by
> > different organizations.  It has been done for the past 20 years by what
is
> > probably the most successful world-wide commercial networked security
system.
> >
> > Anyone who still claims that Public Key is superior to Symmetric/Private
Key
> > cryptography, or that it is the only way to scale, is a *damn fool* and
should
> > be treated as such.
>
> How about "obviously superior for some purposes, including most key
> distribution applications" and "almost always the best way to build
> scalable systems"?
>
> Methinks you'll consider me a fool. I heartily return the sentiment.
>

References:

RE: On shared keys (was RE: SOI: identity protection and DOS)

From: Alex Alten <Alten@home.com>

Re: On shared keys (was RE: SOI: identity protection and DOS)

From: Sandy Harris <sandy@storm.ca>

Prev by Date: Re: ipsec in tunnel mode and dynamic routing
Next by Date: Re: ipsec in tunnel mode and dynamic routing
Prev by thread: Re: On shared keys (was RE: SOI: identity protection and DOS)
Next by thread: RE: On shared keys (was RE: SOI: identity protection and DOS)
Index(es):
- Main
- Thread