Join the 40,000+ candidates in over 58 countries that have found a faster, better way to pass their certification exam.
Comprehensive practice exam engine!
All features in the FREE plan, plus:
Welcome to our Secure Symmetric Key Exchange module. When we use symmetric encryption, we use a single key that is used to both encrypt and decrypt the data. We must get this key from the sender to the receiver in a secure fashion, so that no unauthorized persons are able to obtain a copy of the key.
We can use a key exchange protocol to simplify the process and agree upon a shared key to use for symmetric encryption. Once we agree upon a secret symmetric key, we can then use that to encrypt our messages. The best way to do this is only use the key for a single session and then destroy it.
This way, if an individual compromises the key, they will not be able to decrypt future communications, because we have changed the key. Once we generate a key and successfully exchange it with the recipient, we can then use that key to encrypt the data using AES. One method of key exchange is Diffie-Hellman, which does not require a PKI or Public Key Infrastructure.
RSA is probably one of the most popular key exchange protocols and that uses a public key infrastructure. ECC or Elliptic Curve Cryptography can be used for key exchange on smartphones. ECC is designed to use less resources. And therefore, works very well on portable devices. You should remember for the CISSP examination that ECC is the type of encryption commonly used on smartphones.
IPsec uses IKE or Internet Key Exchange, or the Internet Security Association and Key Management Protocol with the Oakley protocol in order to exchange keys. And with wireless technology, TKIP or Temporal Key Integrity Protocol is used to generate and exchange keys for Wi-Fi protected access and Wi-Fi protected access to security and we may see a shift in the future towards quantum key cryptography.
Internet protocol security or IPsec is a protocol that is open source and can be used to secure communications at the network layer of the OSI model across IP-based networks. With IPsec, we use manual keys that are configured on both endpoints and the administrator can configure systems with keying materials and security association information.
We use the Oakley protocol, which is based on a hybrid Diffie-Hellman key exchange and we also use internet key exchange or IKE as our defacto standard. Here we can automatically negotiate services between the client and the server, and we can use the hybrid of Internet Security Association and Key Management Protocol or ISAKMP and the Oakley key exchange protocol.
There's two phases during this process and during the first phase, the IKE peers will establish an authenticated secure channel, so that the IP sect negotiation can take place. In phase two, the security association is negotiated for the keying material and parameter negotiation. IPsec uses dynamic rekeying to control the generation of new keys during communication based on a configured key lifecycle.
We also share symmetric keys during SSL and TLS public key infrastructure such as what is used with HTTPS traffic. Here, we're using known algorithms and a protected private key that we can use to secure a session key. In this case, a client PC is attempting to access a site on a web server.
The client will request a certificate from the web server, then verify the authenticity of that certificate and then generate a 128-bit key that they will later use to secure data between them and the web server. The client then uses that 128-bit key encrypts it with the RSA algorithm using the server's public key to secure the data.
By using the server's public key, only the server's private key will be able to decrypt the data. They then transmit the encrypted data to the web server once it gets to the web server and web server can decrypt the data using the RSA algorithm, and the web servers private key.
Once the web server decrypts the data, they are now able to use the same 128-bit session key that the client created to encrypt any further communications between the client and the web server. Ensuring that the security of the communications will not be violated by unauthorized individuals. Quantum cryptography is a new technology that allows you to securely exchange keys with complete security.
With classic public key cryptography, we relied on complex mathematical formulas such as integer factorization in order to generate our keys. Quantum cryptography is a set of protocols and procedures that we can use to create and distribute secret keys rather than using mathematics to develop the cryptosystem, quantum cryptography uses physics.
Quantum cryptography is very advanced and can detect when an attacker is trying to gain knowledge of the keys that are being exchanged. It uses photons to transmits the keys and by harnessing the unpredictable nature of matter at the quantum level, physicists have been able to figure out a better way to exchange information about secret keys.
It is a new technology that we may see being used in the future. This concludes our Secure Symmetric Key Exchange module. Thank you for watching.
Classified by skill and ranked by difficulty. Choose to answer questions in STUDY MODE to review and you go.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.
Don’t forget what you’ve just studied! Use the intelligent reinforcement questions to stay fresh.
THANK YOU! Just bloody thank you! I’m doing the CEH minor at my college and well...I’ve learned more from this site in a few hours than I’ve learned from my school in 9 weeks about the subject. Keep up the good work!
Skillset’s Exam Engine continuously assesses your knowledge and determines when you are ready take and pass your exam. When Skillset learns that there is a gap between your knowledge and what you need to know to pass, we present you with a focused training module that gets you up to speed quickly. No fluff! Find your knowledge gaps and fill them.
Skillset is confident that we can help anyone pass their exam. If you reach 100% readiness, and you do not pass your exam, we will refund you plus pay for a replacement exam voucher. That’s how powerful our learning system is, we can offer this guarantee and stand behind our products with this no risk to you guarantee. See terms and conditions.
Don’t waste time studying concepts you have already mastered. Focus on what you need to know to pass. The Skillset Competency Diagnostic aligns our Exam Engine and Learning Plan to your baseline knowledge. This saves an average of 31% of the time required to prep for a professional certification exam.
More PRO benefits are being built all the time!