Key Distribution

The major problem in using cryptography lies in distributing the keys to the entities that need them and not to any other entities. The keys used in symmetric algorithms need to be distributed with confidentiality. Of course the best way to provide confidentiality is to use cryptography. Keys that are used to encipher and decipher data are called <#802#> data encrypting<#802#> keys. Other keys are used to encipher data encrypting keys so that they can be distributed and held in computer systems - these keys are called <#803#> key encrypting<#803#> keys. If a data encrypting key is compromised then all of the data protected by that key may be compromised. If a key encrypting key is compromised then all the data encrypting keys protected by that key and consequently all the data protected by all of the data keys is compromised. It is important to protect the key encrypting keys and often more expensive and secure algorithms are used. Just as key encrypting keys can be used to protect data encrypting keys when they are distributed it is possible to use further key encrypting keys to distribute key encrypting keys. A hierarchy of keys is used to make up a whole scheme so that keys can be changed and distributed as required. The requirements for the key distribution system will be set out in the security policy and are therefore different for each system. Since the keys may be distributed through the same communication channels that is used for the data, and consequently need protecting in the same way as the data, it is not possible to distribute all of the keys in this way. One or two keys at the top of the key encrypting key pyramid have to be distributed by some other means, often a courier or special letter. The invention of public keys was meant to alleviate the problem of key distribution by allowing one of the keys to made public. The public key does not need to be protected so no key encrypting keys are needed to keep it confidential. Unfortunately a key also needs to be distributed with authentication. If someone wanted to carry out a fraud they would only have to intercept the distribution of the public key and substitute their own. When using a public key, for instance in the authentication mode above, it is essential that the recipient uses the real public key of the sender, otherwise someone else could pretend to be the sender simply by supplying their own public key at the appropriate time. The need to distribute public keys with authentication also requires the use of cryptography. Schemes have been worked out to store and distribute public keys, one such scheme has been made into a standard as part of the ISO directory service []. Public key mechanisms do have some advantages in their distribution (for instance they can be placed on letter headings and widely published to overcome the authentication problem), but their implementation results in very slow processing rates. Currently it can take half a minute to process 512 bits using a software version of the RSA algorithm. The secret key mechanism has distribution problems but implementations are quite efficient now and a software version can easily do 100,000 bits/second. For these reasons, public key mechanisms are usually limited to use in key distribution systems and secret key mechanisms are used to protect the actual data in a system.