This Article 
 Bibliographic References 
 Add to: 
A Protocol for Establishing Secure Communication Channels in a Large Network
February 1994 (vol. 6 no. 1)
pp. 188-191

Knowledge exchange and information access in a truly distributed network often require transmitting of data through open media. Consequently, data presented through such an environment are vulnerable to attacks. To minimize such vulnerability, data transformation or encryption/decryption techniques are often utilized among senders and receivers to achieve secure communication. Since data encryption/decryption requires sharing of a secret session key, finding an efficient way to distribute the session key in a large-scale, truly distributed network has been a nontrivial task. This paper presents a protocol for efficiently distributing session keys in such an environment to establish a secure channel. We assume the target network consists of many locally trusted centers, and each center has many users attached to it. The scheme incorporates the public-key distribution concept and the RSA encryption scheme as the basic mathematical tools, but eliminates the storage problem associated with huge public-key files. In addition, the proposed scheme has the added feature of providing the authenticate session key to the two parties in a secure communication.

[1] W. Diffie and M. Hellman, "New directions in cryptography,"IEEE Trans. Inform. Theory, vol. IT-22, pp. 644-654, 1976.
[2] L. M. Kohnfelder, "Towards a practical public-key cryptosystem." B.S., M.I.T., Cambridge.
[3] R. C. Merkle, "Protocols for public key cryptosystem," inProc. IEEE Symp. Security and Privacy, 1980, pp. 122-134.
[4] A. D. Birrell, B. W. Lampson, R. M. Needham, and M. D. Schroeder, "A global authentication service without global trust," inProc. IEEE Symp. Security and Privacy, 1986, pp. 223-230.
[5] A. Shamir, "Identity-based cryptosystems and signature schemes," inAdv. in Cryptol.-Crypto '84, Santa Barbara, CA, Aug. 1984, pp. 47-53.
[6] E. Okamoto, "Proposal for identity-based key distribution systems,"Electron. Lett., vol. 22, pp. 1283-1284, 1986.
[7] K. Koyama and K. Ohta, "Identity-based key conference key distribution systems," inAdv. in Cryptol.-Crypto'87. New York: Springer-Verlag, 1987, pp. 175-184.
[8] E. Okamoto, "Key distribution systems based on identification information," inAdv. in Cryptol.-Crypto'87, Santa Barbara, CA, May 1987, pp. 194-202.
[9] S. Tsujii and T. Itoh, "An ID-based cryptosystem based on the discrete logarithm problem,"IEEE J. Select. Areas Commun., vol. 7. pp. 467-473, May 1989.
[10] E. Okamoto and T. Tanaka, "Key distribution system based on identification information,"IEEE J. Select Areas Commun., vol. 7, pp. 481-485, May 1989.
[11] G. J. Popek and C. S. Kline, "Encryption protocols, public key algorithms, and digital signatures in computer networks," inFoundations of Secure Computation, pp. 133-153.
[12] Roger Needham and Michael Schroeder, "Using Encryption for Authentication in Large Networks of Computers,"Comm. ACM, Vol. 21, No. 12, Dec. 1978, pp. 993- 999.
[13] R.L. Rivest, A. Shamir, and L. Adleman, "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems,"Comm. ACM, Vol. 21, No. 2, Feb. 1978, pp. 120-126.
[14] G. J. Simmons, "An impersonation-proof identity verification scheme," inAdv. In Cryptol.-Crypto'87, Aug. 1987, pp. 211-215.
[15] D.E. Denning,Cryptography and Data Security, Addison-Wesley Publishing Co., Reading, Mass., 1982.

Index Terms:
telecommunication channels; security of data; public key cryptography; computer networks; protocols; protocol; secure communication channels; open media; knowledge exchange; information access; large distributed network; data attack vulnerability; data transformation; data encryption/decryption techniques; secret session key; key distribution; locally trusted centers; multi-user system; public-key distribution; RSA encryption scheme; data storage; authentication
L. Harn, D. Huang, "A Protocol for Establishing Secure Communication Channels in a Large Network," IEEE Transactions on Knowledge and Data Engineering, vol. 6, no. 1, pp. 188-191, Feb. 1994, doi:10.1109/69.273037
Usage of this product signifies your acceptance of the Terms of Use.