Page 45

PQC_for_Dummies

CHAPTER 4 Be Prepared 45 Alice forwards the session key to Bob. Bob can decrypt the message and he trusts it, as both pieces of information are encrypted with KBS, i.e., they came from a trusted third party. A → B∶ {KAB, A}∕KBS Bob replies with a nonce, encrypted with the session key. B → A∶ {NB}∕KAB �� − 1, validating And Alice responds with a variation of the nonce �� that she is in possession of the session key. A → B∶ {NB − 1}∕KAB Kerberos is used all over the map. The Windows Active Directory (AD) uses it. Apples iOS single sign-on (SSO) solution uses it, and so do Red Hat, IBM, and many others. One size does not fit all Apparently, using an all-symmetric solution is a valid choice in a number of scenarios. Especially in the IoT field, where nodesmay not have a lot of computational power andmay be hard to update, symmetric schemes based on AES or lightweight cryptography can be attractive. Relying on a trusted third party bears a risk though. The key escrow problem cannot be assumed away. Breaching the security of the KDC will have wide-ranging effects. For protocols such as TLS and DNSSEC that lay the foundation of trust in the World Wide Web, asynchronous cryptography based on certificates (and on private keys known only to their respective owners) is a hard requirement though.


PQC_for_Dummies
To see the actual publication please follow the link above