Data security is of high importance in many contexts. As an example, organizations often utilize networks of computing devices to provide a robust set of services to their users and the services may utilize multiple different servers. Networks often span multiple geographic and other boundaries and often connect with other networks. An organization, for example, may support its operations using both internal networks of computing resources and computing resources managed by others. Computers of the organization may communicate with computers of other organizations to access and/or provide data while using services of another organization. In many instances, organizations configure and operate remote networks using hardware managed by other organizations, thereby reducing infrastructure costs and achieving other advantages. Further, organizations often have employees with flexible working arrangements which allows for use of organizational computing resources (e.g., servers) both within an internal network and form other locations where communications must traverse a public network, such as the Internet. With such configurations of computing resources, ensuring that access to the resources and the security of the data they hold can be challenging, especially as the size and complexity of such configurations grow.
Many techniques have been developed to enhance data security. For example, Secure Sockets Layer (SSL) Transport Layer Security (TLS) and other protocols allow secure communications over a network between computer systems using symmetric cryptographic keys. Such protocols, however, often involve various disadvantages. For example, handshake processes often involve significant computational resources, which ties up processing capacity and introduces additional latency into communications. Further, network boundaries often create issues whereby, when a computer moves from one network to another, sessions need to be renegotiated. While such techniques generally provide stronger assurances of data security, conventional implementations of such techniques can be subject to various attacks. In some examples, a man-in-the-middle can successful establish concurrent SSL/TLS sessions to provide the man-in-the-middle the ability to intercept communications from one entity to the other, decrypt the intercepted communications, and reencrypt the communications. While various techniques have been developed to guard against such men-in-the-middle, the ways in which men-in-the-middle operate become increasingly sophisticated.