Cryptography Reference
In-Depth Information
5.2 Keys
You know everyone is ignorant, only on different subjects.
Will Rogers (
1879
-
1935
)
, American actor and humorist
The term
key agreement
refers to a protocol where two entities, acting in
concert, contribute to the generation of a symmetric key. We have seen one of
the most famous of these in the DiKe-Hellman key-exchange protocol discussed
on page 166. This brings up the topic of the less accurate term
key-exchange
,
which is often used in reference to keyagreement, the reason being that two
entities perform an
exchange
of information resulting in their
agreement
on a
shared key.
Key establishment
is a means of using cryptography to establish a
shared secret (symmetric) key.
Key
distribution
, also called
key transfer
or
key transport
, is a protocol where
one entitygenerates a symmetric keyand sends it to other entities, usually
over a network. On page 162, we discussed keypredistribution and the issues
surrounding it from both perspectives of SKCs and PKCs. With an SKC, there
is the so-called
n
2
-problem
,onan
n
-user network, where the number of keys
required is
n
(
n
1)
/
2. To avoid this problem in an SKC, we can employTrent
who needs onlya single keyshared with each user. Also, we want protocols to
do more than just establish shared keys. We need to avoid impersonation, since
for instance, the DiKe-Hellman protocol is open to an impersonation attack (see
page 180), so we require protocols that playboth roles of establishing kes for
users and mutual entityauthentication.
The following is a keyauthentication and establishment protocol using only
SKC, and the employment of Trent, plus the introduction of some new characters
in our cryptographic play.
Kerberos is the three-headed dog of Greek mythology that stood guard at
the gates of Hades. It is also the name of an authentication protocol developed
at MIT in 1989. According to MIT, the initial intent was to have not only
authentication, but also accounting and auditing features. However, the last
two “heads” were never added. The Kerberos project originated from a larger
endeavor at MIT, called
Project Athena
, the purpose of which was secure com-
munication across a public network for student access of their files. Kerberos
is the authentication protocol aspect of Project Athena, and is based upon a
client-server-verifier model described as follows. (In Section 8.5, we look at the
client-server model as a general architecture, but for now, we will be content
with the informal description given below.)
We require the introduction of more in our cast of cryptographic characters.
First, a
client
, Carol, is a user (which might in realitybe software or a person)
with some goal to achieve, which could be as simple as sending e-mail or as
complex as installation of a system's software. A
server
(and verifier), Victor,
provides services to clients, which might involve anything from e-commerce to
accessing personal files.
−
Search WWH ::
Custom Search