Question

One local area network vendor provides a key distribution facility, as illustrated in Figure 14.18.

a. Describe the scheme.
b. Compare this scheme to that of Figure 14.3. What are the pros and cons?

Fig 14.18:

Key Distribution Center (KDC) (2) IDA, E(Kn、Na), IDB, E(K, Nb) 1) IDA, E(Kas Na 4) E(Ka [K,, IDB, Nal

Fig 14.3:

Answer 1

a.

A sends a connection request to B. This connection request includes an event marker or nonce (Na) encrypted with the key that A shares with the KDC.

Now, if B is to accept the connection, it sends a request to the KDC for a session key. This connection request consists of A's encrypted nonce along with a nonce generated by B (Nb). Further, the connection request is encrypted with the key that B shares with the KDC.

The KDC returns two encrypted blocks to B. One encrypted block is directly targeted for B and includes the session key, A's identifier, and B's nonce. The second encrypted block is intended for A, which is first passed from the KDC to B, and then to A. Both, A and B, have securely obtained the session key and, due to the nonces, are assured of authenticity of each other.

b.

The proposed scheme seems to provide the same level of security as that depicted in Figure 14.3. The main advantage of the proposed scheme is that if due to some or other reasons B rejects the connection from A, in that case the overhead of an interaction with the KDC can be avoided.