Do you think IIT Guwahati certified course can help you in your career?
Introduction
Hello Ninja, in this article, we will provide an introduction to key distribution, discuss the various terms required to understand the topic, like key predistribution, session key distribution, and key agreement, and discuss the attack models and adversarial goals with context to key distribution. This article will also discuss the various methods that arise while establishing secret keys.
If you're aware of the basics of security in cryptography, you would know that Public-key Cryptosystems are better than secret-key cryptosystems because to exchange a key, a secured channel is not required. Despite this advantage, public-key Cryptosystems are much slower than secret-key cryptosystems. Therefore, in actuality, secret-key cryptosystems are used for encrypting longer messages.
In a key distribution scheme, a trusted authority distributes the information related to the key before everyone is connected to the network. It should be noted that a secure channel is necessary while the keys are distributed. Network users can later use these secret keys to encrypt the messages they wish to transmit over the network.
Session Keys
This section of the article, Introduction to Key Distribution, will discuss Session keys, also known as symmetric keys. Session keys are used for encryption and decryption and are generated randomly to ensure the privacy of data exchanged between the users. They are called session keys because they are used for only one session, after which they are discarded, and a new session key is generated. Now you may ask what session the key is being developed for. When data is exchanged between the users and the web servers, the interaction between them is called a session. There are various reasons why session keys are helpful -
Session keys limit the amount of ciphertext that the attacker can access. This is because session keys are changed regularly.
Session keys limit exposure if the scheme is designed well. This enables session keys to be used in risky environments with high exposure possibilities.
Using session keys reduces the amount of long-term data that needs to be secured by each party. This is because these keys for two users are only constructed when it is required.
Session Key Distribution
In session key distribution, a session key is chosen and distributed online in an encrypted format at the request of the network users. This is done by an interactive protocol called a session key distribution scheme. Session key distribution schemes encrypt data for a specified amount of time.
Key Agreement
Key agreement is a situation where network users use an interactive protocol to construct a session key. This kind of protocol is called a key agreement scheme. They may be secret-key or public-key-based schemes and don't require a trusted authority.
Difference between Key Distribution and Key Agreement
This section of the article, Introduction to Key Distribution, will discuss the difference between Key Distribution and Key Agreement, given as follows -
Key distribution is a mechanism in which a trusted authority chooses, encrypts, and transmits session key(s) between one or more authorized parties. On the other hand, a key agreement is a protocol wherein network users collectively choose a session key by communicating through a public channel.
In the Key Agreement Scheme, the value of the key is determined as the function of secret information of users and inputs provided by the parties. There is also a protocol wherein the user chooses, encrypts, and sends the key to the other user. The situation described here is called Key transport.
Some of the key distribution problems can be avoided by using key agreement protocol.
Long-lived Keys
Long-lived keys, also known as LL keys, are secured safely after being pre-computed. These keys can also be computed without interaction from securely stored secret information. Long-lived keys act as secret keys between the users or the trusted authority and the user and can also act as private keys corresponding to public keys stored on the user's certificates.
The key predistribution scheme provides a method to distribute secret long-lived keys beforehand. A secure channel between the trusted authority and each network user is required to achieve this while the keys are being distributed. These users might use a key agreement scheme later to generate session keys. The amount of secret information stored in the network by the users must be considered in a key agreement scheme.
LL-keys are meant to satisfy various requirements. The requirement for LL keys depends on the scheme used to generate session keys. The storing need of users also depends on the generated session keys.
Key Agreement Scheme
A key agreement scheme may be a public/private-key-based or secret-key-based scheme. In this scheme, two parties are involved, but the presence of a trusted authority is not required.
However, a set of secret LL keys might have been distributed by an offline trusted authority, let's assume in a secret-key-based scheme. If this were based on a public-key-based scheme, then the trusted authority would've been required to issue certificates and maintain a suitable public-key infrastructure.
Note that a trusted authority doesn't take an active role in a session of a key agreement scheme.
Attack Models and Adversarial Goals
This section of the article, Introduction to Key Distribution, will discuss Attack Models and Adversarial Goals. Cyber Crime in today's world is everyday news. The network we communicate through is insecure and needs to be secure to keep attackers from stealing confidential information. For example - a user may be active or passive during the information-gathering phase. When this user plans on an attack later, they might be a passive adversary, meaning that their actions are harmless and limited only to eavesdropping on the messages transmitted through the network channel. The attack is harmless here, but we need to protect the information against the possibility of an active attack. An active adversary can perform several kinds of malicious actions, as listed below -
Breach of the authenticity of the data by altering it during transmission
Saving the messages and denying access to the statements later
Attempt to masquerade as several users in the network channel
The objectives of these active or passive adversaries are to fool the users into accepting an invalid key, to make the users believe they have exchanged a key that is not shared amongst them and to determine the information between the users.
This section of the article, Introduction to Key Distribution, will talk about Authenticated Key Agreement Schemes. In authenticated key agreement schemes, the users are first identified. Here, the users are required to possess a new secret key after the end of the session, whose value is unknown to the attacker.
Extended Attack Models
Given below are some of the extended attack models -
Known Session Key Attack: The attacker here gets access to the value of a particular session key. However, they would still need other session keys to remain secure.
Known LL-key Attack: The attacker here gets access to the LL-keys of the users. If this kind of attack happens, a new scheme must be set up immediately. We can, however, limit the damage done by this kind of attack by ensuring that the adversary does not get access to the previous session keys. This particular scheme is said to have the properties of perfect forward secrecy.
Frequently Asked Questions
What is a Public-key cryptosystem?
It is a system that uses public and private keys to encrypt and decrypt the ciphertext respectfully. This concept was first introduced in the 1970s.
What is a secret-key cryptosystem?
One secret key is mutually decided between the parties in this system. This private key is used to encrypt and decrypt data.
What is hybrid cryptography?
It is a technique that combines the benefits of both secret and public-key cryptosystems.
What is an Adversarial Goal?
Adversarial Goal is the second aspect of security in cryptography. It tells us what the attacker is attempting to do and the motive behind the attacks.
What is an Attack Model?
The first aspect of security in cryptography is the Attack Model. It tells us about the information that the attacker can access.
Conclusion
This article provided an introduction to key distribution, explored all the concepts related to key distribution, discussed the various terms required to understand the topic, like key predistribution, session key distribution, and key agreement, and discussed the attack models and adversarial goals with context to key distribution. If you want to dig deeper, here are some related articles -
570+ registered 
