1. Key Establishment Techniques: Key Distribution and Key Agreement
Wade Trappe

2. Key Establishment: The problem
Securing communication requires that the data is encrypted before being transmitted.
Associated with encryption and decryption are keys that must be shared by the participants.
The problem of securing the data then becomes the problem of securing the establishment of keys.
Task: If the participants do not physically meet, then how do the participants establish a shared key?
Two types of key establishment:
Key Agreement
Key Distribution

3. Key Distribution
Key Agreement protocols: the key isn’t determined until after the protocol is performed.
Key Distribution protocols: one party generates the key and distributes it to Bob and/or Alice (Shamir’s 3pass, Kerberos).
Shamir’s Three-Pass Protocol:
Alice generates and Bob generates
A key K is distributed by:
Alice
Bob
Bob Calculates:

4. Basic TTP Key Distribution
KDC Kb Ka
Step 1
Step 2
Step 3
Step 4
Step 5
1. A Sends: {Request || IDA || IDB || N1}
2. KDC Sends: EKa[ KAB|| {Request || IDA || IDB || N1}||EKb(KAB, IDA)]
3. A Sends: EKb(KAB, IDA)
4. B Sends: EKAB(N2)
5. A Sends: EKAB(f(N2))

5. Key Agreement
In many scenarios, it is desirable for two parties to exchange messages in order to establish a shared secret that may be used to generate a key.
The Diffie-Hellman (DH) protocol is a basic tool used to establish shared keys in two-party communication.
Two parties, A and B, establish a shared secret by:
The security of the DH scheme is based upon the intractibility of the Diffie-Hellman Problem:
The Diffie-Hellman scheme can be extended to work on arbitrary groups (e.g. Elliptic Curves).
Given a prime p, a generator g of , and elements and ,
it is computationally difficult to find

6. Intruder In The Middle Alice Eve Bob
The Intruder-in-the-Middle attack on Diffie-Hellman is based upon the following strategy to improve one’s chess ranking:
Eve challenges two grandmasters, and uses GM1’s moves against GM2. Eve can either win one game, or tie both games.
Eve has and can perform the Intruder-in-the-Middle attack by:
Alice
Eve
Bob
Begins DH
Calculates
Decrypts data with KAE, uses data and encrypts with KBE
Encrypts data with KAE
Decrypts data with KBE

7. Station-to-Station Protocol
Digital signatures can be used to prevent this protocol failure (STS Protocol).
A digital signature is a scheme that ties a message and its author together.
Private sig( ) function and Public ver( ) function.
Alice
Bob
Calculates
Calculates
Decrypts to get:
Verifies sig
Verifies sig

8. N-to-N Group Key Establishment
Many group scenarios require contributory key establishment protocols.
1-to-1 Key Establishment: Diffie-Hellman (DH) protocol
Two parties, A and B, establish a shared secret by:
Extensions to multi-user scenarios:
Ingemarsson: Requires N-1 rounds and O(N2) exponentiations
Burmester-Desmedt: Requires 2 rounds but full broadcast
GDH (Steiner et al.): Requires N rounds and O(N) exp.

9. Butterfly Group Diffie-Hellman
Example: u1 u2 u3 u4 u5
Can be extended to arbitrary radix b using Ingemarsson as the basic building block.
Total Rounds:
Total Messages:
Optimal radix in both cases is 2. u6 u7 u8

10. The Conference Tree Group key formation procedure is described by:
Communication flow diagram
Conference Tree
Conference tree describes the subgroups and subgroup keys. u1
K00
K01
K10
K11 K0 K1 Ke u2 u3 u4 u5 u6 u7
K000
K001
K010
K011
K100
K101
K110
K111 u8

11. Making Primes
Fact: Let n be an odd prime and let , where r is odd. Let a be any integer such that gcd(a,n)=1. Then either or for some
Definition: Let n be an odd composite with Let
. If either or , for some then n is a strong pseudoprime base a, and a is a strong liar for n.
Fact: If n is an odd composite integer, then at most 1/4 of the numbers a are strong liars for n.
We can use this in a Monte-Carlo algorithm to produce “primes”:
Test t different a’s.
Probability of falsely identifying a prime is