Using purely symmetric key cryptography has three drawbacks, which affect the following:
- Security services Purely symmetric key cryptography provides confidentiality only, not authentication or nonrepudiation.
- Scalability As the number of people who need to communicate increases, so does the number of symmetric keys required, meaning more keys must be managed.
- Secure key distribution The symmetric key must be delivered to its destination through a secure courier.
Diffie-Hellman Algorithm
The Diffie-Hellman algorithm enables two systems to generate a symmetric key securely without requiring a previous relationship or prior arrangements. The algorithm allows for key
distribution, but does not provide encryption or digital signature functionality. The algorithm is based on the difficulty of calculating discrete logarithms in a finite field.
The original Diffie-Hellman algorithm is vulnerable to a man-in-the-middle attack.
The countermeasure to this type of attack is to have authentication take place before accepting someone’s public key. The basic idea is that we use some sort of certificate to attest the identity of the party on the other side before trusting the data we receive from it. One of the most common ways to do this authentication is through the use of the RSA cryptosystem, which we describe next.
