Possible ways to distribute keys
1, a Select a key after the physical way to pass to B
2, the third party to select the key after the physical transmission to A and b
3. If A and B have previously or recently used a key, one party may send the Xinmi key with the old key to the other party
4, if A and B to third party C has an encrypted connection, C can send a key on the encrypted connection to a, b
Analysis:
Both 1 and 2 require manual delivery, which is feasible for link encryption (device-to-one connection) and not feasible for network communication because network traffic involves a large number of keys
For 3, once an attacker obtains a key, all subsequent keys are no longer secure.
4 requires a third-party Key distribution center, which has been widely used in network communication.
Key Distribution Scheme
Rationale: The Key Distribution center the KDC and each end user share a pair of unique master keys (in a physical way, such as U-shield). For each session between end users, a unique session key is requested from the KDC, and the session key is passed by encrypting the master key shared with the KDC.
Typical Scenario Description
1. A The session key request packet is sent to the KDC in clear text form. This includes the identity of both A and b of the call and the unique identification of the N1, called the Temporary Interaction Number (nonce).
The temporary interaction number can select a timestamp, a random number, or a counter. The KDC can design an anti-replay mechanism based on the temporary interaction number.
2. The information returned by the KDC consists of two parts.
The first part is a want to obtain the information, with A's master key Ka encryption, including call key KS and the KDC received the request packet content to verify whether the message before the KDC was modified or re-spared.
The second part is the information B wants to obtain, with B's master key KB encryption, including the call key KS and a identity. A after receiving this part of the message is sent to B.
3, in order to ensure that A to B session key information is not replayed attack, A, b use Session key for final verification.
b Use the new session key KS to encrypt the temporary interaction number N2 and issue a. A after a function transformation is performed on N2, a session key is sent to B authentication.
For large networks, the KDC hierarchy can be established to minimize the overhead of primary key distribution.
Transparent key control scheme
The central idea is to complete the ability to represent hosts, get session keys, and encrypt session messages by setting up a dedicated session security Unit (SSM)
A Distributed key control scheme
The core idea of the program is to have each terminal work part-time with the KDC. This significantly increases the number of master keys (N (N-1)/2) and is suitable for small and medium-sized systems with high security requirements for KDC.
KM is a master key shared by AB.
Session key Life cycle
For object-oriented protocols, use the same session key throughout the lifetime of the session to use the new session key for each new session. If a session has a long life cycle, the session key is periodically changed.
For a non-connected protocol such as a transaction-oriented protocol, you can assign a different session key to a time or quantity
Controlling the use of keys
Objective:
1. Distinguish the type and scope of use of the key by some kind of identification
2. Avoid the security risk of the master key as the data encryption key
Control Vector Solution:
1. The KDC generates the session key KS and uses a control vector CV to describe the usage and limitations of the session key according to the agreed specification. The message is then generated with the following formula returned to the user.
C = E ([Km⊙H (CV)], Ks) | | CV h is a hash function km is the user master key
2. The user can restore the session key directly by reverse operation Ks = D ([km⊙H (CV)], E ([km⊙H (CV)], KS))
In this way, the use of the session key is also regulated by having the master key and CV different or avoiding the possible exposure of the master key.
Symmetric key distribution with symmetric encryption