Cryptography Reference
In-Depth Information
We
have
already
discussed
some
important
techniques
for
key
establishment:
• In Section 9.4 we discussed AKE (Authentication and Key Establishment)
protocols. Many symmetric keys are established by means of an AKE protocol
of some sort. We noted that AKE protocols can be classified into key distribution
and key agreement protocols.
• In Section 9.4.2 we discussed the Diffie-Hellman protocol, which forms the
basis for the majority of AKE protocols based on key agreement.
• In Section 5.5.2 we discussed hybrid encryption, which is a very common
method of key establishment in environments where public-key cryptography
is supported.
The rest of this section will focus on some special techniques for conducting
symmetric key establishment, all of which could be regarded as being particular
types of AKE protocol.
10.4.1
Key hierarchies
One of the most widely used techniques for managing symmetric keys is to use
a
key hierarchy
. This consists of a ranking of keys, with high-level keys being
more 'important' than low-level keys. Keys at one level are used to encrypt keys
at the level beneath. We will see shortly how this concept can be used to facilitate
symmetric key establishment.
PHILOSOPHY BEHIND KEY HIERARCHIES
There are two clear advantages of deploying keys in a hierarchy:
Secure distribution and storage
. By using keys at one level to encrypt keys at
the level beneath, most keys in the system can be protected by the keys above
them. This allows keys to be securely distributed and stored in encrypted
form.
Facilitating scalable key change
. As we will discuss further in Section 10.6.2,
there are many reasons why keys may need to be changed. Some of these
reasons are concerned with the risk of a key being compromised, which is
arguably more likely to happen to 'front-line facing' keys that are directly used
to perform cryptographic computations, such as encryption of transmitted
data. Use of a key hierarchy makes it relatively easy to change these low-level
keys without the need to replace the high-level keys, which are expensive to
establish.
However, one significant problem remains: how to distribute and store the keys
at the top level of the hierarchy? The use of a key hierarchy focusses the key
management problems onto these top-level keys. Effort can thus be concentrated
on key management solutions for the top-level keys. The payoff is that if we get
