2

I am using a Key Distributed Center (KDC) and a key distribution protocol such as Kerberos. In order to limit the amount of ciphertext produced with the same key, I want to renew the session keys every 2 minutes. However, for performance reasons I only want to involve the KDC once per hour.

I thought about extending this protocol by making use of the Diffie-Hellman key exchange but this would require generating a new alpha and a prime number each time which is quite expensive, considering it has to be carried out once every two minutes.

Any suggestion how I can extend this protocol in an efficient way please?

CXB
  • 341
  • 1
  • 2
  • 4

1 Answers1

2

Look into the Signal protocol and its associated Double Ratchet algorithm. This changes DH keys after every message without much overhead. As no prime generation is involved in generating new DH keys, there is no expensive processing that would make this impractical. If you don't want to change as often as once per message, you can perform the ratchet once every n messages, or once every two minutes.

The Double Ratchet algorithm is designed to be what the designers describe as "self-healing". That is, if an attacker manages to transiently compromise the system at any point in time, they will be unable to retrieve any previous messages. Likewise they will not be able to decrypt any future messages. The protocol is fairly complex and must be in order to provide all the necessary security properties and recover from compromise. Simply regenerating your public keys every so often isn't always sufficient.

To improve security even further, you can also generate a new DH modulus from time to time, e.g. once a month. This does require generating new primes and can take a long time, but doing this makes precomputation attacks like logjam less feasible, even if attacking a non-export key becomes possible.

forest
  • 15,626
  • 2
  • 49
  • 103