- Introduction to Public Key Encryption
- Key Exchange Methods
- Encrypted Key Exchange (EKE) – Discrete Logs and Elliptic Curve methods
- Encryption Key Wrapping
- Authenticated Key Exchange – Discrete Logs and Elliptic Curve methods
- Secret Sharing using Chinese Remainder Theory (CRT)
In this video Professor Bill Buchanan explains ‘Authenticated Key Exchange’.
The Authenticated Key Exchange (AKE) method is also referred to as the Authenticated Key Agreement method.
At 1:38 he explains that this method involves the exchange of a session key in a key exchange in the protocol. In addition, this process would also authenticate the identity of the parties that are involved in the key exchange process.
Here, the session key is a symmetric key that can be used to encrypt all messages in a single communication session.
At 4:25 Bill states that the key exchange is a process where the keys get exchanged between two different parties allowing the usage of some type of cryptographic algorithm. He adds that if both the sender as well as the receiver desire to exchange messages that are encrypted, each of them must be equipped to perform the encryption and decryption. If a cipher is used for encryption/decryption, both parties will need a copy of the same key.
Diffie-Hellman Key Exchange
At 6:50 Bill explains the concept of Diffie-Hellman’s (DH) key exchange protocol. This protocol was introduced in 1976 by Whitfield Diffie and Martin Hellman.
The major purpose of this protocol was to allow the users to easily and securely exchange the secret keys even in scenarios where an opponent is monitoring the communication bridge. This protocol never addresses the authentication on its own. Authentication becomes a serious issue when an attacker can inspect as well as change messages in the communication bridge. This issue is commonly referred to as the man in the middle attack
MTI/BO key agreement
At 10:20 Bill states that the Diffie-Hellman algorithm in its simplest form is quite weak when observed from a security perspective. In the simplest form, there is a high probability of man in the middle attacks. One way to overcome this security issue is the MTI/AO key agreement.
Here, both the parties involved in the communication do a trusted key exchange as a one-time setup. The MTI/BO has a slightly different approach than the usual Diffie-Hellman protocol. In the MTI/BO approach, one party can create their public key for the entire session using the other party’s public key and raise this value to their own value.
We also have an MTI/CO approach where we raise the secret value instead of multiplying it by the public key value.
At 17:02 Bill mentions the main motivation behind creating this Diffie-Hellman Key protocol. This was introduced in order to securely develop shared secrets which can eventually be used to get keys. These keys can then be used with a symmetric-key algorithm in order to transfer the information in a well-protected manner. This protocol can establish both the private and public keys.
However, RSA is preferred more as it can also sign public key certificates which are not supported by the Diffie-Hellman key exchange protocol. In addition, this method is used often to implement some security protocols like IPsec, SSH, and TLS. The protocol helps in securing your connection to a website and also for the purpose of sending emails in an encrypted manner. The speaker mentions that the numbers involved in the protocol must be sufficiently random.
Always remember that if a random number generator results in a predictable output value, it can completely eradicate the security issues that could be caused by the Diffie-Hellman key exchange method. He adds that the number P should be 2048 bits long in order to ensure security. Base g can be relatively smaller. The only constraint is that it needs to come from an order of G which has a large prime factor.
At 19:17 Bill answers if the Diffie-Hellman key exchange method is safe to be followed. At first sight, the protocol may seem extremely complicated. It is definitely a good choice of protocol if you want to exchange data online in a secure way.
The performance of this protocol depends on the implementation strategy to a great extent. If this protocol is implemented along with a suitable authentication method, vulnerability to attacks will be reduced. In this video, the speaker has illustrated how the basic Diffie-Hellman key exchange would function, how it could be slightly modified.
In addition, the author has also provided some ideas on how the security issue can be undermined if the correct values for the parameters are chosen. In the end, he also mentions some of the applications where the protocol plays a role.