Abstract
As discussed in Chap. 3, keys must remain protected from would be attackers in order to provide security. However, they must be accessed by trusted users or devices in order for security computations to be performed. These security computations include protocols not only for communicating or establishing temporary keys but also for communicating confidential messages, signatures, etc. This chapter will introduce the basic protocols which use keys to transport confidential messages, establish keys, to authenticate messages, or to create a digital signature. General protocols are introduced first for both shared key or symmetric keys and public key security. Detailed mathematics are also introduced for public key cryptography, specifically integer factorization, and discrete logarithms. Elliptic curve cryptography (ECC) is covered in a separate chapter. Implications for embedded systems will be discussed at the end of Chap. 5 so that the techniques in this chapter are compared to that of ECC.
In cryptographic theory, there are two general types of keys: symmetric keys and asymmetric keys. The symmetric key schemes utilize the same key value at both ends of the communication channel. Asymmetric key schemes are referred to as public key schemes, where a public key is paired with a private key and both are used in the application. In this case, the owner of the public and private key pair must always maintain confidentiality of the private key, but the public key can be made available to anyone. For example, in order to communicate over a channel with another party only the public key of both parties is required. There are different approaches to implementing public key schemes such as those based upon integer factorization (such as RSA), discrete logarithms (DSA, ElGamal), and elliptical curve discrete logarithms (ECC). The later will be covered in Chap. 5 since it is viewed as most efficient and thus important for embedded systems. It is assumed in all protocols covered in this chapter that an attacker is capable of seeing data transferred from one user to another user in the communication channel (such as an eavesdropper). Also an attacker is able to substitute the data being transmitted or stop a transmission or create a transmission to any user. A box with latches or a lock which can hold messages (Singh 1999) will be used in this chapter to illustrate several concepts.
Key transport refers to the secure transfer of a key from one party to another party. Key establishment or agreement refers to two or more parties separately deriving the same secret key without other parties being able to derive or obtain this key. In addition to Alice and Bob who wish to communicate, there is typically a third party involved which is known as a key distribution center, or KDC, for symmetric key operations. In general, there may also be a key translation center, or KTC, which for example receives an encrypted session key from Alice, proceeds to decrypt the session key with Alice’s key, reencrypts the session key with Bob’s key, and finally sends the reencrypted session key to Bob. There may also be “key access” servers which operate similar to a KTC by sending encrypted keys to authenticated users. In asymmetric key operations, the third party is referred to as a certificate authority (CA). This third party must be a trusted source, in other words it should never be compromised and any user should not be able to masquerade as a KDC or CA.
Diffie imagined two strangers meeting via the Internet, and wondered how they could send each other an encrypted message.
(Singh 1999)
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The Euler function is the number of integers in the interval [1,n] which are relatively prime to n. Further we say integers a and b are relatively prime if gcd(a, b) = 1.
References
Branstad DK (1987) Considerations for security in the OSI architecture. IEEE Netw Mag 1(2): 34–39
Denning DE, Sacco GM (1981) Timestamps in key distribution protocols. Commun ACM 24: 533–536
Diffie W (1988) The first ten years of public key cryptography. Proc IEEE 76(5):560–577
Diffie W, Hellman ME (1976) New directions in cryptography. IEEE Trans Inform Theory IT-22 6:644–654
FIPS186-3 (2009) Digital signature standard (DSS) Federal information processing standards publication. National Institute of Standards and Technology, Gaithersburg, MD
Menezes A, van Oorschot P, Vanstone S (1996) Handbook of applied cryptography. CRC, Boca Raton, FL
Rabin MO (1979) Digitalized signatures and public-key functions as intractable as factorization. http://publications.csail.mit.edu/lcs/pubs/pdf/MIT-LCS-TR-212.pdf MIT/LCS/TR-212:1–16
Rivest R, Shamir A, Adleman L (1978) A method for obtaining digital signatures and public-key cryptosystems. Commun ACM 21(2):120–126. http://people.csail.mit.edu/rivest/Rsapaper.pdf
Schneier B (1996) Applied cryptography. Wiley, New York
Singh S (1999) The code book the science of secrecy from ancient egypt to quantum cryptography. Anchor Books, New York, NY
Smith RE (2002) Authentication from passwords to public keys. Addison-Wesley, Reading, MA
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2010 Springer Science+Business Media, LLC
About this chapter
Cite this chapter
Gebotys, C.H. (2010). Using Keys. In: Security in Embedded Devices. Embedded Systems. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-1530-6_4
Download citation
DOI: https://doi.org/10.1007/978-1-4419-1530-6_4
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-1529-0
Online ISBN: 978-1-4419-1530-6
eBook Packages: EngineeringEngineering (R0)