From the course: CompTIA Security+ (SY0-701) Cert Prep: 1 General Security Concepts
Key exchange
From the course: CompTIA Security+ (SY0-701) Cert Prep: 1 General Security Concepts
Key exchange
As we've discussed, every encryption algorithm relies upon the use of encryption and decryption keys, and it's critical to keep some of those keys secret. In the case of symmetric encryption, the sender and receiver share a single secret key that nobody else should know. Before the sender and receiver can begin to communicate using a symmetric algorithm, they must somehow agree upon and exchange the shared secret key that they're going to use for that communication session. If you stop and think about it for a moment, this can be a real challenge. Let's say that Alice and Bob would like the ability to communicate secretly with each other. They hope to achieve two of the goals of cryptography; confidentiality for their communications, and an assurance of authentication that they are really talking to each other. How can they exchange an encryption key? Alice might go ahead and randomly select a secret key, which is fine, but then she has to somehow send it to Bob. She doesn't yet have a secure channel to communicate with Bob, so she can't just encrypt the key. If she sends it by email or some other unencrypted means, a third party like Mal might intercept the key in transit, and then use that key to eavesdrop on all of the subsequent communications between Alice and Bob. Compounding this problem, what would Bob do when he received this key from Alice? He doesn't have any way to verify that the person sending him the key really is Alice. If Mal is clever, Mal could impersonate Bob and send a fake key to Alice and then impersonate Alice to send the same fake key to Bob. This would have the same effect as intercepting the key that Alice was sending to Bob legitimately, and Mal would be able to eavesdrop on all of their communications. The simple answer to this problem is to use out-of-band key exchange. This simply means that Alice and Bob exchanged the key in some way that they both trust that uses a different communications channel. For example, Alice and Bob might simply meet in person. If they know each other by sight, they could then create the key together and save it on each of their devices. Or Alice could create a key, save it on a USB drive, and then mail that drive to Bob at a trusted physical address. If Alice and Bob know each other's voices, they can even exchange a key over the telephone. These methods come with their own challenges, however, as they're all time-consuming. Alice and Bob might be separated by a great distance, making a physical meeting impractical. Sending a letter by physical mail takes a few days, and attempting to read a lengthy encryption key over the phone is very difficult. The solution to this problem is to use an in-band key exchange algorithm that allows Alice and Bob to exchange a secret key over the network, even if they don't have a secure way to communicate with each other in advance. We'll explore one way to do that with the Diffie-Hellman algorithm in the next video.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.