Hybrid/Session Key Systems
• When we compare symmetric and asymmetric encryption, here’s essentially what we come up with:
- Symmetric encryption is faster but less secure
- Asymmetric encryption is slower but more secure
• To get the best of both worlds, we introduce a Session key system (also known as a hybrid system).
- Hybrid systems use both symmetric and asymmetric encryption
- Two parties agree on how they are going to encrypt/decrypt their messages.
- The method they agree on is called a session key.
• Secure Socket Layer (SSL) is probably the most popular form of a hybrid system.
- Pretty Good Privacy (PGP) is another popular form of hybrid system.
- Yet another is S/MIME (Secure/Multipurpose Internet Mail Extension)
• Just to help you keep track: when using a hybrid system you end up with three keys:
- Your private key
- Their public key
- The agreed session key
• The following example demonstrates the steps of how a hybrid system works:
1) Mulder and Scully establish communication using asymmetric encryption.
2) Mulder gives Scully his public and Scully gives Mulder her public key. Now, Mulder can encrypt
messages to Scully using her public key (which she will decrypt using her private key). And vice versa when
Scully sends Mulder data.
3) Using this slower (but more secure) form of communication, Mulder and Scully discuss what type of
symmetric communication that they would rather communicate with.
4) Mulder and Scully agree on a symmetric key that they will use to communicate with for the remainder
of their conversation. The symmetric key that they have agreed on is referred to as the session key.
5) When Mulder and Scully are finished with their conversation, the key’s life is over. If Mulder and
Scully want to start a new conversation, then they will have to renegotiate a new session key.
• This system works so well because it get the best of both worlds.
- It gets the added security of using asynchronous key distribution and the speed of symmetric
encryption.
- Users can secretly establish a method of temporary symmetric encryption.
- Hackers won’t know what key is being used because it was established during asymmetric
communication.
Key Agreement
• Another form of communication can be established using a key agreement.
- Like asymmetric encryption, we want to avoid sending out our private key.
- And like a session key, we want to negotiate a symmetric key that we can use for faster communication.
- Key agreement allows participants to create a shared private key together.
• The most popular type of key agreement is the Diffie-Hellman Key Agreement.
• A key agreement is similar to a session key. Here’s how it works:
1) Mulder sends Scully his public key.
2) Scully sends Mulder her public key.
3) Mulder uses his private key and Scully’s public key to generate a shared key.
4) Scully uses the same algorithm with her private key and Mulder’s public key to make a shared key.
5) Mulder’s shared key is identical to Scully’s shared key – thus using symmetric encryption.
Message Digests
• Switching gears, recall that earlier we were discussing that data integrity revolves around two basic
concepts:
1) To hide data
2) To protect data from tampering
• The purpose of message digests is to ensure that the data being sent or received has not been tampered
with.
- Just to let you know, this is the beginning of a vicious cycle.
- On that note, you can place message digests in either the data integrity or authentication portion of our
security cycle in the beginning of the chapter.
• Message digests are also known as a hash or secure hash (or checksum).
- An algorithm is used to take pieces of the message before it is sent and use those pieces to create a hash.
- This hash is then sent with the message.
- The receiver then uses the same algorithm to take the respective pieces of the received data to create
another hash.
- If the hash that the receiver creates is equal to the hash that was sent with the data, then the receiver
knows that the data has not been tampered with.
• The following illustrates the basic concept of a message digest:
• For example:
1) Mulder writes Scully a message. He then counts up how many times each letter of the alphabet
occurs in his message (i.e. ‘a’ occurs 24 times, ‘b’ occurs 11 times, etc.).
2) Mulder attaches the “digest” to his message.
3) Mulder gives the message to a courier to deliver to Scully.
4) Scully receives the message.
5) Scully then counts all the letters in Mulder’s message and checks to see if her count is the same as
Mulder’s hash/digest.
6) If her digest is the same then she knows that the message that she received has not been tampered with.
• …So, Scully can be confident that the message she received is authentic, right?
Unfortunately, no.
- The courier could have written a message with the same number of letters to match Mulder’s digest.
- More easily, the courier could have replaced the entire message and created his own hash.
- When Scully received the replaced message, she would validate it by checking against the replaced hash!
• To protect against this, let’s take the next step in our circle.
• When we compare symmetric and asymmetric encryption, here’s essentially what we come up with:
- Symmetric encryption is faster but less secure
- Asymmetric encryption is slower but more secure
• To get the best of both worlds, we introduce a Session key system (also known as a hybrid system).
- Hybrid systems use both symmetric and asymmetric encryption
- Two parties agree on how they are going to encrypt/decrypt their messages.
- The method they agree on is called a session key.
• Secure Socket Layer (SSL) is probably the most popular form of a hybrid system.
- Pretty Good Privacy (PGP) is another popular form of hybrid system.
- Yet another is S/MIME (Secure/Multipurpose Internet Mail Extension)
• Just to help you keep track: when using a hybrid system you end up with three keys:
- Your private key
- Their public key
- The agreed session key
• The following example demonstrates the steps of how a hybrid system works:
1) Mulder and Scully establish communication using asymmetric encryption.
2) Mulder gives Scully his public and Scully gives Mulder her public key. Now, Mulder can encrypt
messages to Scully using her public key (which she will decrypt using her private key). And vice versa when
Scully sends Mulder data.
3) Using this slower (but more secure) form of communication, Mulder and Scully discuss what type of
symmetric communication that they would rather communicate with.
4) Mulder and Scully agree on a symmetric key that they will use to communicate with for the remainder
of their conversation. The symmetric key that they have agreed on is referred to as the session key.
5) When Mulder and Scully are finished with their conversation, the key’s life is over. If Mulder and
Scully want to start a new conversation, then they will have to renegotiate a new session key.
• This system works so well because it get the best of both worlds.
- It gets the added security of using asynchronous key distribution and the speed of symmetric
encryption.
- Users can secretly establish a method of temporary symmetric encryption.
- Hackers won’t know what key is being used because it was established during asymmetric
communication.
Key Agreement
• Another form of communication can be established using a key agreement.
- Like asymmetric encryption, we want to avoid sending out our private key.
- And like a session key, we want to negotiate a symmetric key that we can use for faster communication.
- Key agreement allows participants to create a shared private key together.
• The most popular type of key agreement is the Diffie-Hellman Key Agreement.
• A key agreement is similar to a session key. Here’s how it works:
1) Mulder sends Scully his public key.
2) Scully sends Mulder her public key.
3) Mulder uses his private key and Scully’s public key to generate a shared key.
4) Scully uses the same algorithm with her private key and Mulder’s public key to make a shared key.
5) Mulder’s shared key is identical to Scully’s shared key – thus using symmetric encryption.
Message Digests
• Switching gears, recall that earlier we were discussing that data integrity revolves around two basic
concepts:
1) To hide data
2) To protect data from tampering
• The purpose of message digests is to ensure that the data being sent or received has not been tampered
with.
- Just to let you know, this is the beginning of a vicious cycle.
- On that note, you can place message digests in either the data integrity or authentication portion of our
security cycle in the beginning of the chapter.
• Message digests are also known as a hash or secure hash (or checksum).
- An algorithm is used to take pieces of the message before it is sent and use those pieces to create a hash.
- This hash is then sent with the message.
- The receiver then uses the same algorithm to take the respective pieces of the received data to create
another hash.
- If the hash that the receiver creates is equal to the hash that was sent with the data, then the receiver
knows that the data has not been tampered with.
• The following illustrates the basic concept of a message digest:
• For example:
1) Mulder writes Scully a message. He then counts up how many times each letter of the alphabet
occurs in his message (i.e. ‘a’ occurs 24 times, ‘b’ occurs 11 times, etc.).
2) Mulder attaches the “digest” to his message.
3) Mulder gives the message to a courier to deliver to Scully.
4) Scully receives the message.
5) Scully then counts all the letters in Mulder’s message and checks to see if her count is the same as
Mulder’s hash/digest.
6) If her digest is the same then she knows that the message that she received has not been tampered with.
• …So, Scully can be confident that the message she received is authentic, right?
Unfortunately, no.
- The courier could have written a message with the same number of letters to match Mulder’s digest.
- More easily, the courier could have replaced the entire message and created his own hash.
- When Scully received the replaced message, she would validate it by checking against the replaced hash!
• To protect against this, let’s take the next step in our circle.
Hybrid/Session Key Systems
Table of Contents
Copyright (c) 2008. Intertech, Inc. All Rights Reserved. This information is to be used exclusively as an
online learning aid. Any attempts to copy, reproduce, or use for training is strictly prohibited.
online learning aid. Any attempts to copy, reproduce, or use for training is strictly prohibited.
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Courseware
Training Resources
Tutorials