Secret Key Exchange
For symmetric key cryptography to work for online communications, the secret key must be securely shared with authorized communicating parties and protected from discovery and use by unauthorized parties. Public key cryptography can be used to provide a secure method for exchanging secret keys online. Two of the most common key exchange algorithms are the following:
Diffie-Hellman Key Agreement algorithm
RSA key exchange process
Both methods provide for highly secure key exchange between communicating parties. An intruder who intercepts network communications cannot easily guess or decode the secret key that is required to decrypt communications. The exact mechanisms and algorithms that are used for key exchange varies for each security technology. In general, the Diffie-Hellman Key Agreement algorithm provides better performance than the RSA key exchange algorithm.
Diffie-Hellman Key Agreement
Public key cryptography was first publicly proposed in 1975 by Stanford University researchers Whitfield Diffie and Martin Hellman to provide a secure solution for confidentially exchanging information online. Figure 14.5 shows the basic Diffie-Hellman Key Agreement process.
Figure 14.5 Diffie-Hellman Key Agreement
Diffie-Hellman key agreement is not based on encryption and decryption, but instead relies on mathematical functions that enable two parties to generate a shared secret key for exchanging information confidentially online. Essentially, each party agrees on a public value g and a large prime number p . Next, one party chooses a secret value x and the other party chooses a secret value y . Both parties use their secret values to derive public values, gx mod p and gy mod p, and they exchange the public values. Each party then uses the other party's public value to calculate the shared secret key that is used by both parties for confidential communications. A third party cannot derive the shared secret key because they do not know either of the secret values, x or y .
For example, Alice chooses secret value x and sends the public value gx mod p to Bob. Bob chooses secret value y and sends the public value gy mod p to Alice. Alice uses the value gxy mod p as her secret key for confidential communications with Bob. Bob uses the value gyx mod p as his secret key. Because gxy mod p equals gyx mod p , Alice and Bob can use their secret keys with a symmetric key algorithm to conduct confidential online communications. The use of the modulo function ensures that both parties can calculate the same secret key value, but an eavesdropper cannot. An eavesdropper can intercept the values of g and p , but because of the extremely difficult mathematical problem created by the use of a large prime number in mod p, the eavesdropper cannot feasibly calculate either secret value x or secret value y . The secret key is known only to each party and is never visible on the network.
Diffie-Hellman key exchange is widely used with varying technical details by Internet security technologies, such as IPSec and TLS, to provide secret key exchange for confidential online communications. For technical discussions about Diffie-Hellman key agreement and how it is implemented in security technologies, see the cryptography literature that is referenced under "Additional Resources" at the end of this chapter.
RSA Key Exchange
The Rivest-Shamir-Adleman (RSA) algorithms available from RSA Data Security, Inc., are the most widely used public key cryptography algorithms. For RSA key exchange, secret keys are exchanged securely online by encrypting the secret key with the intended recipient's public key. Only the intended recipient can decrypt the secret key because it requires the use of the recipient's private key. Therefore, a third party who intercepts the encrypted, shared secret key cannot decrypt and use it. Figure 14.6 illustrates the basic RSA key exchange process.
Figure 14.6 Basic RSA Key Exchange
The RSA key exchange process is used by some security technologies to protect encryption keys. For example, EFS uses the RSA key exchange process to protect the bulk encryption keys that are used to encrypt and decrypt files.