Simple key establishment models
The following key distribution problem motivates more efficient key establishment models. The n2 key distribution problem
In a system with n users involving symmetric-key techniques, if each pair of users may potentially need to communicate securely, then each pair must share a distinct secret key. In this case, each party must have n — 1 secret keys; the overall number of keys in the system, which may need to be centrally backed up, is then n(n - l)/2, or approximately n2. As the size of a system increases, this number becomes unacceptably large.
In systems based on symmetric-key techniques, the solution is to use centralized key servers: a star-like or spoked-wheel network is set up, with a trusted thud party at the center or hub of communications (see Remark 13.3). This addresses the n2 key distribution problem, at the cost of the requirement of an on-line trusted server, and additional communications with it. Public-key techniques offer an alternate solution.
Point-to-point and centralized key management
Point-to-point communications and centralized key management, using key distribution centers or key translation centers, are examples of simple key distribution (communications) models relevant to symmetric-key systems. Here “simple” implies involving at most one third party. These are illustrated in Figure 13.1 and described below, where Kxy denotes a symmetric key shared by X and Y.
Figure 13.1: Simple key distribution models (symmetric-key).
- 1. point-to-point mechanisms. These involve two parties communicating directly (see §12.3.1).
- 2. key distribution centers (KDCs). KDCs are used to distribute keys between users which share distinct keys with the KDC, but not with each other.
A basic KDC protocol proceeds as follows. Upon request from A to share a key with B, the KDC T generates or otherwise acquires a key K, then sends it encrypted under К at to A, along with a copy of К (for B) encrypted under Kbt- Alternatively, T may communicate К (secured under Kbt) to В directly.
3. key translation centers (KTCs). The assumptions and objectives of KTCs are as for KDCs above, but here one of the parties (e.g., A) supplies the session key rather than the trusted center.
A basic KTC protocol proceeds as follows. A sends a key К to the KTC T encrypted under К at- The KTC deciphers and re-enciphers К under Kbt. then returns this to A (to relay to B) or sends it to В directly.
KDCs provide centralized key generation, while KTCs allow distributed key generation. Both are centralized techniques in that they involve an on-line trusted server.
- 13.2 Note (initial keying requirements) Point-to-point mechanisms require that A and В share a secret key a priori. Centralized key management involving a trusted party T requires that A and В each share a secret key with T. These shared long-term keys are initially established by non-cryptographic, out-of-band techniques providing confidentiality and authenticity (e.g., in person, or by trusted courier). By comparison, with public keys confidentiality is not required; initial distribution of these need only guarantee authenticity.
- 13.3 Remark (centralized key management - pros and cons) Centralized key management involving thud parties (KDCs or KTCs) offers the advantage of key-storage efficiency: each party need maintain only one long-term secret key with the trusted third party (rather than one for each potential communications partner). Potential disadvantages include: vulnerability to loss of overall system security if the central node is compromised (providing an attractive target to adversaries); a performance bottleneck if the central node becomes overloaded; loss of service if the central node fails (a critical reliability point); and the requirement of an on-line trusted server.