Key Establishment

Key establishment is the process of getting cryptographic keys to the locations where they will be used. This part of the key lifecycle tends to be either relatively straightforward or very hard to manage. Key establishment is generally hard when keys need to be shared by more than one party, as is the case for most symmetric keys. It’s relatively straightforward when:

• The key doesn’t need to be shared: This applies to all keys that can be locally generated and do not need to be transferred anywhere, such as symmetric keys for encrypting data on a local machine. Of course, if such keys are not locally generated, the key establishment becomes hard again! We’ll consider this issue for private keys later.

• The key doesn’t need to be secret: This applies mainly to public keys. Key establishment is more of a logistical problem than a security issue in this case.

• The key can be established in a controlled environment: In some cryptographic applications, it is possible to establish all the required keys within a controlled environment before the devices containing the keys are deployed. This is often termed key predistribution. While this makes key establishment fairly easy, there are still issues:

  • Some key establishment problems are transformed into ‘device establishment’ problems. However, these may be less sensitive. For example, key predistribution can be used to preload keys onto mobile phones or set-top boxes for digital television services. In this case, the provider still needs to keep track of which customer receives which device, but this is likely to be a simpler problem than trying to load cryptographic keys onto a device already in the hands of a customer.

  • In environments suited to key predistribution, it can be challenging to conduct post-deployment key management operations, such as key change. In such cases, it may be necessary to establish entirely new devices.

We have already discussed some important techniques for key establishment:

• We discussed AKE protocols. Many symmetric keys are established using an AKE protocol of some sort. We noted that AKE protocols could be classified into key distribution and agreement protocols.

• We discussed the Diffie–Hellman protocol, which forms the basis for the majority of AKE protocols based on key agreements.

• We discussed hybrid encryption, which is a very common method of key establishment in environments where public-key cryptography is supported.

The rest of this section will focus on some special techniques for conducting symmetric key establishment, which could be regarded as particular types of AKE protocol.

Key hierarchies

One of the most widely used techniques for managing symmetric keys is to use a key hierarchy. This consists of ranking keys, with high-level keys being more ‘important’ than low-level ones. Keys at one level are used to encrypt keys at the level beneath. We will see how this concept can facilitate symmetric key establishment shortly.

Philosophy behind key hierarchies

There are two clear advantages of deploying keys in a hierarchy:

• Secure distribution and storage: By using keys at one level to encrypt keys at the level beneath, most keys in the system can be protected by the keys above them. This allows keys to be securely distributed and stored in encrypted form.

• Facilitating scalable key change: There are many reasons why keys may need to be changed. Some of these reasons are concerned with the risk of a key being compromised, which is arguably more likely to happen to ‘front-line facing’ keys directly used to perform cryptographic computations, such as the encryption of transmitted data. Using a key hierarchy makes it relatively easy to change these low-level keys without replacing the high-level keys, which are expensive to establish.

However, one significant problem remains: how to distribute and store the keys at the top level of the hierarchy? A key hierarchy focuses the key management problems onto these top-level keys. Effort can therefore be concentrated on key management solutions for the top-level keys. The payoff is that if we get the top-level keys ‘right,’ the rest of the keys can be taken care of using the key hierarchy.

A simple key hierarchy

The idea of a key hierarchy is best illustrated by looking at a simple example. The ‘simple’ example shown in the illustration provides a key hierarchy that is good enough (maybe even more complex than necessary) for the majority of applications.