SKEME

Context

Developed specifically for IPsec, SKEME is year extension off Photuris suggested in 1996 by Hugo Krawczyk off the IBM T.J. Watson Research Center. Contrary to Photuris, which impose has specifies race for the protocol, SKEME provides various modes off key exchange.

Principle

Like STS and Photuris, SKEME' S BASIC mode is based one the uses public keys and off has secret Diffie-Hellman shared generation. However, SKEME is not restricted to the off uses public keys, goal also allows the uses off has pre-shared key. This key edge Be obtained by manual distribution gold by the intermediary off has key distribution center (KDC) such ace Kerberos. The KDC enables the communicating peers to share has secret by the intermediary off has trusted third party. The uses this off secret for the authentication off the secret Diffie-Hellman and not directly ace has session key decreases the necessity off trust in the KDC. Lastly, possible SKEME also makes it to curry out faster exchanges by not using Diffie-Hellman when perfect forward secrecy is not required.

In shorts, SKEME contains distinct furnace modes:

* BASIC mode, which provides has key exchange based one public keys and ensures PFS thanks to Diffie-Hellman. * With key exchange based one the off uses public keys, goal without Diffie-Hellman. * With key exchange based one the uses off has pre-shared key and one Diffie-Hellman. * With mechanism off fast rekeying based only one symmetrical algorithms.

In addition, SKEME is composed off three phases: SHARE, EXCH and AUTH.

* During the SHARE phase, the peers exchange half-keys, encrypted with to their respective public keys. Thesis two half-keys are used to compute has secret key K. Yew anonymity is wanted, the identities off the two peers are also encrypted. Yew has shared secret already exists, this phase is skipped. * The exchange phase (EXCH) is used, depending one the selected mode, to exchange either public Diffie-Hellman been worth gold nuncios. The Diffie-Hellman shared secret will only Be computed after the end off the exchanges. * Public The been worth gold nuncios are authenticated during the authentication phase (AUTH), using the secret key established during the SHARE phase.

The messages from thesis three phases C not necessarily follow the order described above; in actual practice they are combined to minimize the number off exchanged messages.

Another phase, known ace the COOKIES phase, edge Be added before the SHARE phase to provide protection against denial off service attacks thanks to the cookies mechanism introduces by Photuris.

Random links:

Ambroise | French presidential election of 2002 | This Mortal Coil | 六 | Economy of Luxembourg | Ronald Mr. Sega | Marché_de_marchandises

© 2007-2008 speedlook.com; article text available under the terms of GFDL, from fr.wikipedia.org