Key exchange algorithms – Allied Telesis AT-S60 User Manual

Chapter 20: Encryption

Section III: Security Features

346

Key Exchange Algorithms

Key exchange algorithms are used by switches to securely generate and
exchange encryption and authentication keys with other switches.
Without key exchange algorithms, encryption and authentication
session keys must be manually changed by the system administrator.
Often, it is not practical to change the session keys manually. Key
exchange algorithms enable switches to re-generate session keys
automatically and on a frequent basis.

The most important property of any key exchange algorithm is that only
the negotiating parties are able to decode, or generate, the shared
secret. Because of this requirement, public key cryptography plays an
important role in key exchange algorithms. Public key cryptography
provides a method of encrypting a message which can only be
decrypted by one party. A switch can generate a session key, encrypt the
key using public key cryptography, transmit the key over an insecure
channel, and be certain that the key can only be decrypted by the
intended recipient. Symmetrical encryption algorithms can also be used
for key exchange, but commonly require an initial shared secret to be
manually entered into all switches in the secure network.

The Diffie-Hellman algorithm is one of the more commonly used key
exchange algorithms. It is not an encryption algorithm because
messages cannot be encrypted using Diffie-Hellman. Instead, it provides
a method for two parties to generate the same shared secret with the
knowledge that no other party can generate that same value. It uses
public key cryptography and is commonly known as the first public key
algorithm. Its security is based on the difficulty of solving the discrete
logarithm problem, which can be compared to the difficulty of factoring
very large integers.

A Diffie-Hellman algorithm requires more processing overhead than
RSA-based key exchange schemes, but it does not need the initial
exchange of public keys. Instead, it uses published and well tested
public key values. The security of the Diffie-Hellman algorithm depends
on these values. Public key values less than 768 bits in length are
considered to be insecure.

A Diffie-Hellman exchange starts with both parties generating a large
random number. These values are kept secret, while the result of a
public key operation on the random number is transmitted to the other
party. A second public key operation, this time using the random
number and the exchanged value, results in the shared secret. As long as
no other party knows either of the random values, the secret is safe.