ISSN: 2277-3754 ISO 9001:2008 Certified International Journal of Engineering and Innovative Technology (IJEIT) Volume 2, Issue 2, August 2012 100 A Study on Asymmetric Key Exchange Authentication Protocols Dr. D. S. R. Murthy, B. Madhuravani, G. Sumalatha Abstract– Key exchange protocols enable the use of shared- key cryptography to protect transmitted data over insecure networks. The key exchange protocols are classified into i) symmetric ii) asymmetric (public key). Many public-key-based (asymmetric) key-exchange protocols already exist and have been implemented for a variety of applications and environments. We present a general framework for authentication problems and design principles of different asymmetric key exchange protocols. The analysis of these protocols also includes merits and demerits of each protocol. The study of these protocols emphasizes various observations that can motivate researchers in key management issues of networks. Index Terms– Asymmetric Cryptography, Key Exchange, Shared–key, Symmetric Cryptography. I. INTRODUCTION In communications security design, one of the most important questions is whether an opponent will ever have unsupervised access to the equipment. If the answer is no, then we can greatly simplify the design by storing long term secrets. However, the equipment will then have to be well guarded at all times. This may be feasible for military equipment, but in the commercial world, physical security procedures are generally insufficient to stop an opponent from getting occasional access. It follows that we must either use tamper resistant hardware, or avoid using long term secrets. Key establishment is the process by which two (or more) entities establish a shared secret key. The key may subsequently be used to achieve some crypto-graphic goal, such as confidentiality or data integrity. Ideally, the established key should have precisely the same attributes as a key established face-to-face for example, it should be shared by the (two) specified entities, it should be distributed uniformly at random from the key space, and no unauthorized entity should learn anything about the key. Key establishment protocols come in various flavors. In key transport protocols, a key is created by one entity and securely transmitted to the second entity, while in key agreement protocols both parties contribute information which is used to derive the shared secret key. In symmetric protocols the two entities a priori possess common secret information, while in asymmetric protocols the two entities share only public information that has been authenticated. II. KEY EXCHANGE A common cryptographic technique is to encrypt each individual conversation with a separate key. This is called a session key, because it is used for only one particular communications session [1]. Session keys are useful because they only exist for the duration of the communication. How this common session key gets into the hands of the conversant can be a complicated matter. A. Key Exchange with Symmetric Cryptography This protocol assumes that Alice and Bob, users on a network, each share a secret key with the Key Distribution Center (KDC). (1) Alice calls Trent and requests a session key to communicate with Bob. (2) Trent generates a random session key. He encrypts two copies of it: one in Alice’s key and the other in Bob’s key. Trent sends both copies to Alice. (3) Alice decrypts her copy of the session key. (4) Alice sends Bob his copy of the session key. (5) Bob decrypts his copy of the session key. (6) Both Alice and Bob use this session key to communicate securely. This protocol relies on the absolute security of Trent, who is more likely to be a trusted computer program than a trusted individual. If Mallory corrupts Trent, the whole network is compromised. He has all of the secret keys that Trent shares with each of the users; he can read all past communications traffic that he has saved, and all future communications traffic. All he has to do is to tap the communications lines and listen to the encrypted message traffic. The other problem with this system is that Trent is a potential bottleneck. He has to be involved in every key exchange. If Trent fails, that disrupts the entire system. B. Key Exchange with Public-Key Cryptography Alice and Bob use public-key cryptography to agree on a session key, and use that session key to encrypt data. In some practical implementations, both Alice’s and Bob’s signed public keys will be available on a database. This makes the key-exchange protocol even easier, and Alice can send a secure message to Bob even if he has never heard of her: (1) Alice gets Bob’s public key from the KDC. (2) Alice generates a random session key, encrypts it using Bob’s public key, and sends it to Bob. (3) Bob then decrypts Alice’s message using his private key. (4) Both of them encrypt their communications using the same session key.