Foundations of Computer SecurityLecture 51: Key ExchangeDr. Bill YoungDepartment of Computer SciencesUniversity of Texas at AustinLecture 51: 1 Key ExchangeThe Key Exchange ProblemSuppose you want to establish a secure communication channelwith someone you don’t know. We call this a situation of mutualsuspicion. This is extremely common.You submit your income tax on-line.You send your credit card information to a shopping website.You wish to exchange encrypted email with another party.Once you agree on a shared secret (key) the communication canproceed. But how do you exchange the key? This is the keyexchange problem.Lecture 51: 2 Key ExchangeKey Exchange: Attempt 1Suppose both parties S and R have a public / private RSA keypair for asymmetric communication. Say S chooses a newsymmetric key K and sends to R the following message:{K }K−1S.R can decrypt the message using S’s public key to retrieve K .What is wrong with this scheme?Answer: Any eavesdropper can intercept the message and decryptit using S’s public key to retrieve K .Lecture 51: 3 Key ExchangeKey Exchange: Attempt 2Instead, suppose S sends to R the following message:{K }KR.Since only R can decrypt this message, confidentiality is assured.What’s wrong this time?Now R doesn’t have any assurance that the message actually camefrom S. An intruder may be “spoofing” (pretending to be S) toobtain information that R intends only for S.Can we preserve both confidentiality and authentication with onetransaction?Lecture 51: 4 Key ExchangeKey Exchange (Cont.)A third attempt is for S to send R the following:{{K }K−1S}KR.How does R extract K? What assurances does this provide?1Since, no one but R can decrypt the message, confidentialityis assured.2No one but S could have performed the inner encryption, soauthentication is accomplished.This notion of nested encryptions is very useful in a variety ofcryptographic protocols. Could you have done the encryptions inthe other order?Lecture 51: 5 Key ExchangeLessonsPublic key cryptosystems can be used for key exchange, butyou have to do it carefully.Key exchange requires both confidentiality and authentication.Next lecture: Diffie-Hellman Key ExchangeLecture 51: 6 Key
View Full Document