IS
Key establishment
Key management
Generation of keys
Distribution of keys
Protection of keys
Destruction of keys
Types of keys
Long-term keys (or static keys): intended to be used for a long time - depending upon the application this may be a few hours or a few months or a few years.
Short-term keys: (or session keys): intended to be used over a short period - depending upon the application this may be a few seconds or a few hours or a day.
Are used to protect distribution of session keys.
Are used to protect communications in a session, for example with authenticated encryption.
Common approaches
Key pre-distribution
Using an online server with symmetric long-term keys
Using asymmetric long-term keys
Security goals
Authentication: If a party completes the protocol and believes that the key is shared with party B then it should
not be the case that the key is actually shared with a different party C.
Confidentiality: The adversary is unable to obtain the session key accepted by a particular party.
Mutual and unilateral authentication