Key Distribution Management

So far we have covered the two types of cryptography:

  1. Symmetric key encryption uses a secret key shared by sender and recipient. It is good for encrypting large amounts of data.
  2. Asymmetric (public) key encryption uses two keys, a public and a private key. It is less inefficient for large amounts of data, but it is good for authentication.

Now, the question is (1) How to share symmetric keys? and (2) How to distribute public keys?

Symmetric Key Distribution Using Symmetric Encryption

The objective is for two entities to share the same secret key. For two parties, let’s call $A$ and $B$, key distribution can be achieved in a number of ways, as follows:

  1. $A$ can select a key and physically deliver it to $B$.
  2. A third party can select the key and physically deliver it to $A$ and $B$.
  3. If $A$ and $B$ have previously and recently used a key, one party can transmit the new key to the other, encrypted using the old key.
  4. If $A$ and $B$ each has an encrypted connection to a third party $C$, $C$ can deliver a key on the encrypted links to $A$ and $B$.

Analyzing the four key distribution options:

Link and end-to-end encryption are two distinct strategies for securing confidentiality in a network.

Figure 4.1 Link and end-to-end encryption.

Figure 4.1 Link and end-to-end encryption.

  1. Link-level encryption typically involves symmetric key cryptography.
    1. Encrypts data over individual links in network.
    2. Each link end-point shares a secret key.
    3. Encryption and decryption occur at each device in the communication path.