RFID Guardian Security Protocols sym
From RFID Wiki
In symmetric key protocols the same key is used for both encryption
and decryption. This implies that the symmetric key is shared between
both of the two parties that are communicating. This key is typically
generated either by the participants who are involving in the
communication, or by a third party who is trusted by both of the
parties.
The authentication phase for symmetric key protocols is more
complicated than asymmetric ones, because the precious key cannot be
delivered over an insecure network. There are various so-called
``Strong Symmetric Key Protocols which can generate secure session
keys and do mutual authentication for both parties.
Needham-Schroeder protocol is one which is briefly described here.
Assume that there is a server (called S), which is trusted by
Alice and Bob. S also shares symmetric keys with Alice and Bob, which
are noted as K_AS and K_BS. Then the basic steps for N-S
protocl are shown below
Assume that there is a server (called S), which is trusted by Alice and Bob. S also shares symmetric keys with Alice and Bob, which are noted as K_AS and K_BS.
1, Alice sends a message to the server identifying herself and Bob, telling the server she wants to communicate with Bob.
2, The server generates a key K_AB and sends back to Alice a copy encrypted under K_BS for Alice to forward to Bob and also a copy for Alice. Since Alice may be requesting keys for several different people, the nonce assures Alice that the message is fresh and that the server is replying to that particular message and the inclusion of Bob's name tells Alice who she is to share this key with.
3, Alice forwards the key to Bob who can decrypt it with the key he shares with the server, thus authenticating the data.
4, Bob sends Alice a nonce N_B encrypted under K_AB to show that he has the key.
5, Alice performs a simple operation on the nonce, re-encrypts it and sends it back verifying that she is still alive and that she holds the key.
However, finding an online trusted server is very difficult and not applicable in most cases. So another interesting strong symmetric key protocol is Encryption Key Exchange, or EKE, which is a password based protocol. If we assume that Alice and Bob already shares a password P, then
1, A generates a random public key E_A and encrypts it in a symmetric cryptosystem with P. And sends that message to B.
2, Sharing the password, B is able to decrypt to obtain E_A, generates a random secret key R, and encrypts in in both E_A and P.
3, A generates a unique challenge Chanllenge_A and sends it to B.
4, B decrypts that message to obtain Chanllenge_A, generates a unique challenge Chanllenge_B, and sends both challenges back to A.
5, A decrypts to obtain Chanllenge_A and Chanllenge_B and compares the former against her earlier challenge. If it matches, she encrypts Chanllenge_B with R and sends that back to B.
In summary, strong symmetric key protocols either involve third party (Needham-Schroeder Protocol), or are password-based (EKE). Even if the two communicating parties have some long-term symmetric keys, they should avoid using these keys directly, but try to use short-term or even one-time session keys. Otherwise eavesdroppers can intercept their messages and perform a Dictionary Attack.
