A major short coming of using pairwise
key exchange based on a shared secret,
is that it cannot scale.
That is, suppose we use a shared
master keys as a way to establish and
exchange a new session key.
This scheme does not scale easily.
That is Alice needs to share
a master key with Bob, and
then another master key with Carol,
and so on and so forth.
Using a Key Distribution Center, or KDC,
can solve this scalability problem.
Each party has his or
her own master key shared with the KDC.
That is, the KDC has many master keys,
one for each party.
But each party only keeps one
master key that is shared with KDC.
So, for example,
Alice has KA that is shared with KDC.
And Bob has KB that is shared with KDC.
Now, suppose Alice and Bob wants to
have a secure session, therefore,
they need a session key KS.
First, Alice sends a request
to KDC saying that,
I need a key to talk to Bob
along with a nonce and 1.
A nonce is a random value.
Then, the KDC sends a message
back to Alice that's encrypted
using the master key KA that is
shared between Alice and KDC.
This message contains the session
key KS that the KDC just created for
Alice and Bob to share.
The message also contains the same
request that Alice sent to KDC
along with the same nonce value,
N1 and a message record ticket.
The ticket is encrypted
using the master key KP that
is shared between Bob and the KDC.
And it contains session key KS and
the ID of Alice.
When Alice gets back
the message from the KDC,
she can decrypt it because
she has the master key, KA.
And so,
she can extract the session key KS.
And she knows that the message is from
the KDC, and it's fresh, that is,
it is not a replay, because only
the KDC can use KA to equip properly
a message that contains the original
request and the nonce that she just set.
Alice then sends the ticket to Bob.
Note that only Bob can decrypt
the ticket, because it is encrypted
using KB, the master key shared
between Bob and the KDC.
In fact, when Bob decrypts the ticket,
he knows that the ticket is created
by the KDC because only the KDC can
encrypt the ID of Alice properly.
And he knows that the session key,
KS was created by KDC and
is for communication with Alice.
Then Bob sends a message that contains
a nonce N2, which is a random value,
and it's ID encrypted,
using the session key KS to Alice.
When Alice receives this message,
she knows that
she is communicating with Bob, because
only he can decrypt the ticket and
get a session key, Ks, and
encrypt the ID properly.
Alice then performs an agreed
upon transformation on N2.
Say, add 100 to N2 and
encrypt the result using KS,
and sends it back to Bob.
This proves to Bob that he
is communicating with Alice
because only she has the session key KS.
