Methods for key distribution and key agreement are known generally (see [1]). One particular problem there is that keys need to be distributed, exchanged or agreed over an (insecure) communications path. To allow this, the following requirements are of particular significance:
1. Confidentiality
It is necessary to ensure that the exchanged key is accessible only to the authorized subscribers and processes. Secret keys need to be kept secret during their generation, distribution, storage and—where possible—even during implementation.
2. Identification of Data Intactness
It is necessary to take measures to ensure that the exchanged keys are available to the authorized subscribers in an unaltered and error-free state. If a transmission channel is subject to a high level of interference, error-correcting methods may be necessary.
3. Identification of Repetition and Delays
One risk is that keys which have already been used will be used a second time, because it may then not even be possible to distinguish the next communication from an earlier one. This risk exists particularly if a key exchange protocol has been subjected to tapping. Accordingly, particularly delays during key distribution can be regarded as suspicious.
4. Authentication of the Origin of the Key or Subkey
Key agreement without authentication may be pointless, because this might be done with a potential hacker. This is prevented by virtue of additional authentication subsequently being carried out using keys which have already been exchanged or agreed securely beforehand.
5. Acknowledgement of Receipt and Verification of the Agreed Key
The acknowledgement of receipt is intended to prove to the sender that the rightful recipient has received the key correctly. Since the exchanged keys are frequently not used directly, but rather serve as subkeys, references, etc., dynamically agreed keys need to be tested before they are used. This verification can be carried out explicitly by reciprocal transformation of prescribed data or implicitly by redundancy added to the protocol elements of the exchange protocol.
The result of this list of requirements, which is not conclusive (inclusive), is that, when they are observed, key distribution which can be implemented with a high level of security is possible.
A particular peculiarity of today's electronic systems is that they are implemented in distributed form. Consequently, a plurality of computers (also: entities, processes, processors, nodes, subscribers) are amalgamated in a network, with the computers being able to communicate with one another. Within the context of key distribution, it is also known practice for the subscribers in the network to be provided with a hierarchical structure. In this context, a particularly popular structure is a tree structure including a root node, branches and nodes, with the nodes, which themselves have no nodes on a lower level, being referred to as leaves of the tree structure.
If a method for key distribution is applied to a hierarchical structure of nodes, in particular to a tree structure, then the alteration of a node needs to involve negotiation of at least one new key for the entire system, that is to say the entire tree, and the new key needs to be communicated to all the nodes of the tree. In this context, a particular drawback is that every node receives a new key and that the same key is always used between two respective nodes. Even if just one particular key (or a symmetrical key pair) is used between two respective nodes, it is a drawback that received data need to be recoded separately for each key and recipient.