1. Symmetric Key Distribution
Network Security

2. Symmetric Key Distribution
Objectives of the Topic
After completing this topic, a student will be able to
describe how symmetric key can be distributed with symmetric encryption.

3. Symmetric Key Distribution
Figures and material in this topic have been adapted from
“Network Security Essentials: Applications and Standards”, 2014 by William Stalling.

4. Symmetric Key Distribution
For symmetric encryption to work, the two parties to an exchange must share the same key, and that key must be protected from access by others.

5. Symmetric Key Distribution
Frequent key changes are usually desirable to limit the amount of data compromised if an attacker learns the key.

6. Symmetric Key Distribution
The strength of any cryptographic system rests with the “key distribution technique” --- the means of delivering a key to two parties that wish to exchange data, without allowing others to see the key.

7. Symmetric Key Distribution
Key Distribution Options
For two parties A and B, there are the following options:
1. A key could be selected by A and physically delivered to B.

8. Symmetric Key Distribution
2. A third party could select the key and physically deliver it to A and B.
3. If A and B have recently used a key, one party could transmit the new key to the other, using the old key to encrypt the new key.

9. Symmetric Key Distribution
4. If A and B each have an encrypted connection to a third party C, C could deliver a key on the encrypted links to A and B.

10. Symmetric Key Distribution
Options 1 and 2 call for manual delivery of a key.
For link encryption, this is a reasonable requirement, because each link encryption device is only going to be exchanging data with its partner on the other end of the link.

11. Symmetric Key Distribution
However, for end-to-end encryption over a network, manual delivery is awkward.

12. Symmetric Key Distribution
In a distributed system, any given host may need to engage in exchanges with many other hosts over time.
Each device needs a number of keys supplied dynamically.
Difficult in a wide-area distributed system.

13. Symmetric Key Distribution
Option 3 is a possibility for either link encryption or end-to-end encryption, but if an attacker ever succeeds in gaining access to one key, then all subsequent keys are revealed.

14. Symmetric Key Distribution
To provide keys for end-to-end encryption, option 4 is preferable.
For option 4 , two kinds of keys are used:

15. Symmetric Key Distribution
Session key: When two end systems wish to communicate, they establish a logical connection.
For the duration of that logical connection, called a session, all user data are encrypted with a one-time session key.

16. Symmetric Key Distribution
At the conclusion of the session, the session key is destroyed.
Permanent key: is a key used between entities for the purpose of distributing session keys.

17. Symmetric Key Distribution
A necessary element of option 4 is a key distribution center (KDC) .
The operation of a KDC proceeds as follows:

18. Symmetric Key Distribution
1. When host A wishes to set up a connection to host B, it transmits a connection request packet to the KDC.
Communication bet. A and KDC is encrypted using a master key shared only by A and the KDC.

19. Symmetric Key Distribution
2. If KDC approves the connection request, it generates a unique one-time session key.
It encrypts the session key using the permanent key it shares with A and delivers the encrypted session key to A.

20. Symmetric Key Distribution
Similarly, it encrypts the session key using the permanent key it shares with B and delivers the encrypted session key to B.

21. Symmetric Key Distribution
3. A and B can now set up a logical connection and exchange messages and data, all encrypted using the temporary session key.
End