Key management through symmetric-key techniques

One solution which employs symmetric-key techniques involves an entity in the network which is trusted by all other entities. As in §1.8.3, this entity is referred to as a trusted third party (TTP). Each entity A, shares a distinct symmetric key k_t with the TTP. These keys are assumed to have been distributed over a secured channel. If two entities subsequently wish to communicate, the TTP generates a key к (sometimes called a session key) and sends it encrypted under each of the fixed keys as depicted in Figure 1.16 for entities A and A$.

Figure 1.16: Key management using a trusted third party (TTP).

Advantages of this approach include:

• 1. It is easy to add and remove entities from the network.
• 2. Each entity needs to store only one long-term secret key. Disadvantages include:
• 1. All communications require initial interaction with the TTP.
• 2. The TTP must store n long-term secret keys.

• 3. The TTP has the ability to read all messages.
• 4. If the TTP is compromised, all communications are insecure.

Key management through public-key techniques

There are a number of ways to address the key management problem through public-key techniques. Chapter 13 describes many of these in detail. For the purpose of this chapter a very simple model is considered.

Each entity in the network has a public/private encryption key pair. The public key along with the identity of the entity is stored in a central repository called a public file. If an entity A wishes to send encrypted messages to entity A₀, A retrieves the public key ec of A_(i from the public file, encrypts the message using this key, and sends the ciphertext to A_(i. Figure 1.17 depicts such a network.

Figure 1.17: Key management using public-key techniques.

Advantages of this approach include:

• 1. No trusted third party is required.
• 2. The public file could reside with each entity.
• 3. Only it public keys need to be stored to allow secure communications between any pair of entities, assuming the only attack is that by a passive adversary.

The key management problem becomes more difficult when one must take into account an adversary who is active (i.e. an adversary who can alter the public file containing public keys). Figure 1.18 illustrates how an active adversary could compromise the key management scheme given above. (This is directly analogous to the attack in §1.8.2.) In the figure, the adversary alters the public file by replacing the public key e₆ of entity A_G by the adversary’s public key e*. Any message encrypted for A₀ using the public key from the public file can be decrypted by only the adversary. Having decrypted and read the message, the adversary can now encrypt it using the public key of A_G and forward the ciphertext to A_G. A however believes that only A_G can decrypt the ciphertext c.

Figure 1.18: An impersonation of A_G by an active adversary with public key e*.

To prevent this type of attack, the entities may use a TTP to certify' the public key of each entity. The TTP has a private signing algorithm Sp and a verification algorithm Vp (see §1.6) assumed to be known by all entities. The TTP carefully verifies the identity of each entity, and signs a message consisting of an identifier and the entity’s authentic public key. This is a simple example of a certificate, binding the identity of an entity to its public key (see §1.11.3). Figure 1.19 illustrates the network under these conditions. A uses the public key of A_G only if the certificate signature verifies successfully.

Figure 1.19: Authentication of public keys by a TTP. || denotes concatenation.

Advantages of using a TTP to maintain the integrity of the public file include:

• 1. It prevents an active adversary from impersonation on the network.
• 2. The TTP cannot monitor communications. Entities need trust the TTP only to bind identities to public keys properly.
• 3. Per-communication interaction with the public file can be eliminated if entities store certificates locally.

Even with a TTP, some concerns still remain:

• 1. If the signing key of the TTP is compromised, all communications become insecure.
• 2. All trust is placed with one entity.