After authentication in order
to protect message security,
Alice and Bob will need to establish
a shared secret key for each session.
This can be accomplished
in several ways.
Supposed Alice and
Bob share a master secret key.
Then Alice can use this master
secret to encrypt a new key and
send the encrypted new key to Bob.
Or Alice and Bob can also use
public keys to encrypt a new key.
We say that Alice and
Bob should establish a shared key for
each new session.
This is true even if Alice and
Bob already has a shared secret key.
Typically, Alice and
Bob share a long term secret key.
And we call it the master key.
For example, the master key can
be derived from a password.
For each session, Alice and
Bob would use the master secret key
to authenticate and
establish a new key for the session.
Then all messages in the session
are protected using the session key.
The main benefit of using session
key is that if the key is leaked or
broken, the impact is limited
only to the current session.
Intuitively, the more a secret is used,
the higher a chance that
the secret can be leaked.
Therefore, we should limit the use
of the long term master secret.
And only use it at the beginning of
a session for authentication and
establishing the session key.
Here's an example.
Suppose Alice and
Bob already share a master key, Kab.
The first three steps are just for
Alice to authenticate Bob,
say Bob is a server.
Then, both Bob and
Alice computer save session key
that is based on the sheer master key
and something about the current session.
So that the session key is both
a secret and unique to the session.
So for example,
they can add 100 to the master key and
use the result as the key to encrypt
all which is a challenge used
in this session to authenticate Alice
to Bob, and the result of encrypting R
using a modified master key
is the shared session key.
Alice and Bob can also use their public
keys to exchange a shared session key.
For example, Alice can send to
Bob a key, encrypt it using Bob's
public key so that only Bob
can decrypt and get the key.
And then signs the result
using Alice's private key.
So Bob knows that the key
is sent by Alice.
Or Alice and Bob can use their
private keys to sign the public
messages that they exchange in the
Diffie-Hellman key exchange protocol.
And this can prevent the man
in the middle attack,
that is when Alice sends Bob
the public message, she signs it.
Likewise when Bob sends
Alice the public message,
he signs it with his private key.
