In this video, Professor Bill Buchanan explains key exchange methods. With these key exchange methods, communication will happen through a shared key.
It’s more likely that the symmetric key encryption method is used for communication.
At 1:04 Bill mentions the basic methods including Diffie-Hellman(DF) method and the Elliptic Curve Diffie Hellman (ECDH) method along with the public key exchange. He then talks about some of the most common issues related to the key exchange methods.
The first issue is forward secrecy (FS). With forward secrecy, we need to ensure that if any elements of the key are released, then all of the previous keys that were related to it could also be released. In addition, we need to ensure that we have ephemeral keys. It is to be noted that we will not generate the same encryption keys given the same set of parameters that are involved in the key exchange.
Diffie Hellman method
At 3:45 Bill explains the DH method. There are different DH key exchange methods. With this, we will be using discrete logarithms. Discrete logarithms are in the form of g to the power of x modulus N where g is the generator and we have a mod of a prime number.
Due to the difficulty associated with discrete logs, the exponential value cannot be determined. In the end, an agreed key derivation function is used and we should end up with the same key on either side that is involved in the communication. During each of the turns, a new key will be generated which is known as a session key.
At 6:02 Bill mentions the downfall of this method. There is a possibility that someone in the middle of the communication can pass through the values on either side. Thereby this method suffers from an eve in middle attack.
Elliptical curve method
At 8:02, the professor talks about the Elliptical curve method. In this method, we have a curve in the form of y^3 = x^3 + ax + b (mod p). Here p represents the prime value. The curve itself has a base point called the G, so overall we will end up with a curve defined by a,b, G,p, and also n. N is called the order and it’s the number of points that we have on the curve.
Typical curves are Curve25519 and Secp256k1 as used in bitcoin. At 11;01, The elliptic curvature helmet method uses the same method but rather than using the discrete logs, it will use a multiplicative operation. Here, we take the base point on the curve. So if we have a curve, we add G a number of times. It is important to understand how we select the generator point value. This value relates to the prime number that we are going to select. Remember, we cannot select any value of G.
At 14:30, the professor states that for a given prime number, the typical values of g are two, three, and five. All these are quite small values. But when we raise these values to the power of this random number, it will actually end up being extremely large.
In this method, we can notice a unique mapping from our x to our value. This process will then repeat. At 15:18, he states that it is important to understand that not all values of the generator will work and that we need to create a generator that is efficient. A generator that will give us the full range of outputs and a unique output for all of the values. must be created. In the Diffie Hellman method, we have the strength of the key exchange.
These are often defined in terms of the group number. When open SSL is used, we will typically create one with a DH parameter and then define a key size to be able to create the required parameters of the method.
At 16:13 Bill talks about the third method. In this method, public encryption can be used. One way is to use RSA in order to exchange the key. Both Diffie Hellman (DH) and Elliptic Curve (EC) methods use the key exchange.
The downfall of the RSA method is that it suffers from ‘Forward Secrecy (FS)’ if someone were to discover the private key, then all of the previous keys that had been encrypted with that private key would be revealed.
In this video Bill summarizes how key exchange methods function, about the Diffie Hellman (DH), Elliptic curve (EC) method, and also briefs on how encryption is done through the RSA method.