Symmetric Key Distribution Protocol

withHybrid Crypto Systems

Tony Nguyen

Key Distribution ProtocolUtilized symmetric and asymmetric algorithm

to complement each other weaknesses.

Using digital certificate, MD5 and session key to meet the goal of security in terms of authenticity, integrity and confidentiality.

07/29/2009 Hybrid Crypto Systems CS691 Page 1/15

Symmetric Encryption One key for encryption and decryption.

Faster than asymmetric cryptography.

Some algorithms: DES, 3DES, Blowfish, AES.

Key length: 64-256 bits

Asymmetric Encryption Public key for encryption and private key for decryption. Key management is easier than symmetric. Some algorithms: RSA and ElGammal Key length: At least 3072 bits to be secure.

Digital Certificate Verify that the public key belongs to an individual.

Generate self-sign certificate using openssl.

Request public key certificate sign by trusted authority such as Thawte or Verisign.

Digital certificate usually have a time expiration on it.

Hybrid Crypto Protocol – Step 1

Alice is sending its digital certificate to Bob.Bob receives and verifies the certificate with

CA’s public key.

Hybrid Crypto Protocol – Step 2

Bob send its digital certificate to Alice.Alice receives Bob’s certificate and verify it

with CA.

Hybrid Crypto Protocol – Step 3

Alice encrypting the nonce and unique identifier with Bob’s public key and send it to Bob.

Bob decrypt the message from Alice with Bob’s private key and keep the nonce value and verify the unique identifier.

Hybrid Crypto Protocol – Step 4

Bob sends the nonce value which it received from Alice and its own nonce value encrypting it with Alice’s public key.

Alice decrypted the message with secret key and verify the nonce value from Bob to assure that the correspond is Bob because only Bob can decrypt this message.

Hybrid Crypto Protocol – Step 5

• Alice sends secret key (session key) with the nonce value from Bob and encrypt this message with Bob’s public key to ensure that Bob is the only one can read the message and to assure Bob that the sender is Alice.

• Bob receive the message and decrypt with private key. Compare the incoming nonce that he has originally sent to confirm the correspondent is Alice.

Discussion• Is it possible for an attacker to break in the

middle?

• What if the attacker has compromised the CA?

ConclusionSecurely transmit private key with mutual

authentication and trusted third party.Provides confidentiality, authenticity and

integrity.

References• http://en.wikipedia.org/wiki/Key_(cryptograp

hy)• http://www.akadia.com/services/ssh_test_cer

tificate.html• http://portal.acm.org/citation.cfm?id=948737.

948764