public key encryption has its own difficulties, in particular the problem of obtaining someone's true public key. Both of these problems – determining a shared key for symmetric key cryptography, and securely obtaining the public key for public key cryptography – can be solved using a trusted intermediary. For symmetric key cryptograghy , the trusted intermediary is called a Key Distribution Center (KDC), which is a single, trusted network entity with whom one has established a shared secret key. We will see that one can use the KDC to obtain the shared keys needed to communicate securely with all other network entities. For public key cryptography, the trusted intermediary is called a Certification Authority (CA). A certification authority certifies that a public key belongs to a particular entity (a person or a network entity). For a certified public key, if one can safely trust the CA that the certified the key, then one can be sure about to whom the public key belongs. Once a public key is certified, then it can be distributed from just about anywhere, including a public key server, a personal Web page or a diskette.
The Key Distribution Center
Suppose once again that Bob and Alice want to communicate using symmetric key cryptography. They have never met (perhaps they just met in an on-line chat room) and thus have not established a shared secret key in advance. How can they now agree on a secret key, given that they can only communicate with each other over the network? A solution often adopted in practice is to use a trusted Key Distribution Center (KDC).
The KDC is a server that shares a different secret symmetric key with each registered user. This key might be manually installed at the server when a user first registers. The KDC knows the secret key of each user and each user can communicate securely with the KDC using this key. Let's see how knowledge of this one key allows a user to securely obtain a key for communicating with any other registered user. Suppose that Alice and Bob are users of the KDC; they only know their individual key, KA-KDC and KB-KDC, respectively, for communicating securely with the KDC. Alice takes the first step, and they proceed as illustrated in Figure 7.5-1.
Setting up a one-time session key using a Key Distribution Center
- Using KA-KDC to encrypt her communication with the KDC, Alice sends a message to the KDC saying she (A) wants to communicate with Bob (B). We denote this message, KA-KDC (A,B) . As part of this exchange, Alice should authenticate the KDC (see homework problems), e.g., using an authentication protocol (e.g., our protocol ap4.0) and the shared key KA-KDC .
- The KDC, knowing KA-KDC , decrypts KA-KDC (A,B) . The KDC then authenticates Alice. The KDC then generates a random number, R1. This is the shared key value that Alice and Bob will use to perform symmetric encryption when they communicate with each other. This key is referred to as a one-time session key (see section 7.5.3 below), as Alice and Bob will use this key for only this one session that they are currently setting up. The KDC now needs to inform Alice and Bob of the value of R1. The KDC thus sends back an encrypted message to Alice containing the following:
- R1, the one-time session key that Alice and Bob will use to communicate;
- a pair of values: A, and R1, encrypted by the KDC using Bob's key, KB-KDC . We denote this KB-KDC(A,R1). It is important to note that KDC is sending Alice not only the value of R1 for her own use, but also an encrypted version of R1 and Alice's name encrypted using Bob's key. Alice can't decrypt this pair of values in the message (she doesn't know Bob's encryption key), but then she doesn't really need to. We'll see shortly that Alice will simply forward this encrypted pair of values to Bob (who can decrypt them).
These items are put into a message and encrypted using Alice's shared key. The message from the KDC to Alice is thus KA-KDC(R1,KB-KDC(R1)). - Alice receives the message from the KDC, verifies the nonce, extracts R1 from the message and saves it. Alice now knows the one-time session key, R1. Alice also extracts KB-KDC(A,R1) and forwards this to Bob.
- Bob decrypts the received message, KB-KDC(A,R1), using KB-KDC and extracts A and R1. Bob now knows the one-time session key, R1, and the person with whom he is sharing this key, A. Of course, he takes care to authenticate Alice using R1 before proceeding any further.
No comments:
Post a Comment