This question is from Computer Network Secuirty (Applied Cryptography), In this

Question

This question is from Computer Network Secuirty (Applied Cryptography),

In this exercise, we want to analyze some variants of key derivation. In practice, one masterkey k-MK is exchanged in a secure way (e.g. certificate-based DHKE) between the involved parties. Afterwards, the session keys are regularly updated by use of key derivation. For this purpose, three different methods are at our disposal: k_0 = k_MK: k_i+1 = k_i+1 k_0 =h(k_MK);k_+1 =h(k_i) k_0 = h(k_MK); k_i+1 =h(k_MK | |i||k_i) where h() marks a (secure) hasg function, and k_i is the ith session key.

Explanation / Answer

1. Diff between the three methods.
(1) Session keys are derived by a linear and invertible(!) operation of the previous session key.
(2) Usage of hash functions, thus a non-linear correlation of the session keys.
(3) Usage of the masterkey and the previous session key for every derivation of the next session key.

2. Which method provides Perfect Forward Secracy?
Methods (2) and (3), because the old session keys cannot be extracted from the recent session key.

3. Which sessions can be decrypted?

(1) every session, since PFS is missing
(2) every session using the hacked session key Kn and every following session
(3) only the recent session, since the (unknown) masterkey is used for every furterh key derivation

4. Which method is the most secure?

No one because all the session keys can be calculated.

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.