tcp-ip-protocal-stack Private Key - Pros and Cons public-key-algorithms Last page Web Security Overview

Encryption Key Distribution and Management

The main problem with private key systems, and the whole reason for the development of public key systems is the so called key management problem. Specifically how do you transmit the private key to the intended recipient so that it can be used to encrypt the data? A secure link is needed to transmit the private key, but how do you secure the link without already having a private key that both parties know? Conversely if you already have a secure link to transmit the private key what do you need the private key for?

Even given a secure distribution mechanism there is the added problem of the number of keys that must be held, in general n users need n(n + 1)/2 keys to intercommunicate.

Traditionally these problems were dealt with through methods such as using such as a secure courier service to distribute media containing the private key. This is of course time-consuming and does not lend itself to real-time communications. Often a master key, session key design is used where a master key is couriered between sites, it in turn is only used to encrypt session keys which can then be changed more readily and securely transmitted for as long as the master key is secure.

Solutions - Diffie Hellman

A practical solution to this problem was proposed in a paper by Diffie and Hellman in 1976. They proposed a scheme known as exponential key exchange, this scheme enables the two parties to set-up a secure channel across which they can then transmit data. The scheme relies the two parties using a known value, they each generate a secret value and combine this with the known value using modulo arithmetic (this makes factoring difficult). Each party then combines the value they have been sent with their secret value such that: (gb)a mod p = (gb)a mod p = k.

Exponential key exchange is used to derive a private key which that may then be securely used for the rest of that session of communication. Their early work provided the foundations upon which Rivest, Shamir and Adleman created the RSA public key cryptosystem and founded RSA Data Security, who now supply the encryption technology used in most modern Internet systems.

Contents ] DNS ] p6spy ] Weblogic Tuning ] Cactus ] The Grinder ] Word to PDF ]

©1994-2006 All text and images copyright: www.abcseo.com; last updated: