Cryptography Reference
In-Depth Information
13.1 Introduction
In this section we introduce some terminology, some thoughts on key freshness and
a very basic key distribution scheme. The latter is helpful for motivating the more
advanced methods which will follow in this chapter.
13.1.1 Some Terminology
Roughly speaking, key establishment deals with establishing a shared secret be-
tween two or more parties. Methods for this can be classified into
key transport
and
key agreement
methods, as shown in Fig. 13.1. A key transport protocol is a tech-
nique where one party securely transfers a secret value to others. In a key agreement
protocol two (or more) parties derive the shared secret where all parties contribute
to the secret. Ideally, none of the parties can control what the final joint value will
be.
Fig. 13.1
Classification of key establishment schemes
Key establishment itself is strongly related to identification. For instance, you
may think of attacks by unauthorized users who join the key establishment protocol
with the aim of masquerading as either Alice or Bob with the goal of establishing a
secret key with the other party. To prevent such attacks, each party must be assured
of the identity of the other entity. All of these issues are addressed in this chapter.
13.1.2 Key Freshness and Key Derivation
In many (but not all) security systems it is desirable to use cryptographic keys which
are only valid for a limited time, e.g., for one Internet connection. Such keys are
called
session keys
or
ephemeral keys
. Limiting the period in which a cryptographic
key is used has several advantages. A major one is that there is less damage if the
