IS

Key establishment

Key management

Generation of keys

Distribution of keys

Protection of keys

Destruction of keys

Types of keys

Long-term keys (or static keys): intended to be used for a long time - depending upon the application this may be a few hours or a few months or a few years.

Short-term keys: (or session keys): intended to be used over a short period - depending upon the application this may be a few seconds or a few hours or a day.

Are used to protect distribution of session keys.

Are used to protect communications in a session, for example with authenticated encryption.

Common approaches

Key pre-distribution

Using an online server with symmetric long-term keys

Using asymmetric long-term keys

Security goals

Authentication: If a party completes the protocol and believes that the key is shared with party B then it should
not be the case that the key is actually shared with a different party C.

Confidentiality: The adversary is unable to obtain the session key accepted by a particular party.

Mutual and unilateral authentication