In cryptography, there are two common methods for sharing cryptographic keys among two or more nodes wishing to communicate encrypted data/traffic: public key encryption and private (shared) key encryption. In public key systems, session keys are generated based on some temporal constraints and exchanged through the use of a public key exchange (PKE) protocol. Modern PKE schemes are based on asymmetric encryption, which is extremely computationally intensive.
In some applications, exchange of keys can be performed using private key encryption. In private key encryption, a “master” key (called a Key Exchange Key, or KEK) is somehow pre-loaded into all nodes and subsequent data encryption keys (typically called “session keys”) are shared by encrypting/decrypting them with the KEK.
Thus, in “pre-shared” key systems, both sides (nodes) of a secure communication channel use the same pre-defined key. Such as system is easy to use. However, if the key is compromised (through non-invasive side channel attacks), the whole system is compromised. In particular, software can always take the received Session Key, load it into the system as Ciphertext (rather than as a key) and run a standard Decrypt operation to recover the Session Key “in the clear.”
Thus, there exists a need for a secure way of storing and using the KEK without risk of exposing it to software. Existing solutions use either pre-shared keys, which is efficient but lower security or public key exchange, which is more secure, but extremely computationally intensive.