Symmetric Key Distribution Protocol
with
Hybrid Crypto Systems
Tony Nguyen
Key Distribution Protocol
Utilized symmetric and asymmetric algorithm
to complement each other weaknesses.
Using digital certificate, MD5 and session key
to meet the goal of security in terms of
authenticity, integrity and confidentiality.
07/29/2009
Hybrid Crypto Systems
CS691 Page 1/15
Symmetric Encryption
 One key for encryption and decryption.
 Faster than asymmetric cryptography.
 Some algorithms: DES, 3DES, Blowfish, AES.
 Key length: 64-256 bits
Asymmetric Encryption




Public key for encryption and private key for decryption.
Key management is easier than symmetric.
Some algorithms: RSA and ElGammal
Key length: At least 3072 bits to be secure.
Digital Certificate
 Verify that the public key belongs to an individual.
 Generate self-sign certificate using openssl.
 Request public key certificate sign by trusted
authority such as Thawte or Verisign.
 Digital certificate usually have a time expiration on it.
Hybrid Crypto Protocol – Step 1
Alice is sending its digital certificate to Bob.
Bob receives and verifies the certificate with
CA’s public key.
Hybrid Crypto Protocol – Step 2
Bob send its digital certificate to Alice.
Alice receives Bob’s certificate and verify it
with CA.
Hybrid Crypto Protocol – Step 3
Alice encrypting the nonce and unique
identifier with Bob’s public key and send it to
Bob.
Bob decrypt the message from Alice with
Bob’s private key and keep the nonce value
and verify the unique identifier.
Hybrid Crypto Protocol – Step 4
Bob sends the nonce value which it received
from Alice and its own nonce value encrypting
it with Alice’s public key.
Alice decrypted the message with secret key
and verify the nonce value from Bob to assure
that the correspond is Bob because only Bob
can decrypt this message.
Hybrid Crypto Protocol – Step 5
• Alice sends secret key (session key) with the
nonce value from Bob and encrypt this
message with Bob’s public key to ensure that
Bob is the only one can read the message and
to assure Bob that the sender is Alice.
• Bob receive the message and decrypt with
private key. Compare the incoming nonce that
he has originally sent to confirm the
correspondent is Alice.
Discussion
• Is it possible for an attacker to break in the
middle?
• What if the attacker has compromised the CA?
Conclusion
Securely transmit private key with mutual
authentication and trusted third party.
Provides confidentiality, authenticity and
integrity.
References
• http://en.wikipedia.org/wiki/Key_(cryptograp
hy)
• http://www.akadia.com/services/ssh_test_cer
tificate.html
• http://portal.acm.org/citation.cfm?id=948737
.948764