Cryptography Reference
In-Depth Information
Establishment of a common symmetric key
, regardless of whether symmetric or
public-key techniques are used to do this.
It should not come as a surprise that these two objectives are required together in
one protocol.
Need to authenticate key holders
. Key establishment makes little sense without
entity authentication. It is hard to imagine any applications where we would
want to establish a common symmetric key between two parties without at
least one party being sure of the other's identity. Indeed, in many applications
mutual entity authentication is required. The only argument for not featuring
entity authentication in a key establishment protocol is for applications where
the authentication has already been conducted prior to running the key
establishment protocol.
Prolonging authentication
. The result of entity authentication can be prolonged
by simultaneously establishing a symmetric key. Recall from Section 8.3.1 that
a problem with entity authentication is that it is achieved only for an instant in
time. In practice, we often desire this achievement to be extended over a longer
period of time (a
session
). One way of doing this is to bind the establishment of
a symmetric key to the entity authentication process. In this way, later use of the
key during a session continues to provide confidence that the communication
is being conducted between the parties who were authenticated at the instant
in time that the key was established. Thus we can maintain, at least for a while,
the security context achieved during entity authentication. Of course, exactly
how long
this can be maintained is a subjective and application-dependent
issue.
9.4.1
Typical AKE protocol goals
We now break down the general security objectives of an AKE protocol being
run between Alice and Bob into more precise security goals. These will not be
universal for all AKE protocols, hence we will refer to these as 'typical' security
goals that are to be achieved on completion of an AKE protocol:
Mutual entity authentication
. Alice and Bob are able to verify each other's
identity to make sure that they know with whom they are establishing
a key.
Mutual data origin authentication
. Alice and Bob are able to be sure that
information being exchanged originates with the other party and not an
attacker.
Mutual key establishment
. Alice and Bob establish a common symmetric key.
Key confidentiality
. The established key should at no time be accessible to any
party other than Alice and Bob.
Key freshness
. Alice and Bob should be happy that (with high probability) the
established key is not one that has been used before.
