Cryptography Reference
In-Depth Information
13.2 Key Establishment Using Symmetric-Key Techniques
Symmetric ciphers can be used to establish secret (session) keys. This is somewhat
surprising because we assumed for most of the topic that symmetric ciphers them-
selves need a secure channel for establishing their keys. However, it turns out that it
is in many cases sufficient to have a secure channel only when a new user joins the
network. This is in practice often achievable for computer networks because at set-
up time a (trusted) system administrator might be needed in person anyway who can
install a secret key manually. In the case of embedded devices, such as cell phones,
a secure channel is often given during manufacture, i.e., a secret key can be loaded
into the device “in the factory”.
The protocols introduced in the following all perform key transport and not key
agreement.
13.2.1 Key Establishment with a Key Distribution Center
The protocols developed in the following rely on a
Key Distribution Center (KDC)
.
This is a server that is fully trusted by all users and that shares a secret key with each
user. This key, which is named the
Key Encryption Key
(KEK), is used to securely
transmit session keys to users.
Basic Protocol
A necessary prerequisite is that each user
U
shares a unique secret key KEK
k
U
with the key distribution center which predistributed through a secure channel. Let's
look what happens if one party requests a secure session from the KDC, e.g., Alice
wants to communicate with Bob. The interesting part of this approach is that the
KDC
encrypts the session key
that will eventually be used by Alice and Bob. In
a basic protocol, the KDC generates two messages,
y
A
and
y
B
, for Alice and Bob,
respectively:
y
A
=
e
k
A
(
k
ses
)
y
B
=
e
k
B
(
k
ses
)
Each message contains the session key encrypted with one of the two KEKs. The
protocol looks like this:
