Key Distribution Center (KDC)

KDC is where the user could request #private key from the other user. The scheme is shown as following:

Before distributing the public key to the user upon a request, KDC need to sign it with its own private key, so the key could be verified using KDC’s public key on the user side to be from the KDC itself.

However, due the centralise nature of KDC, if KDC has been compromised, the keys stored in there will be compromised too.

Links to this page

Key Distribution

If there are secure communications with a third party# on both sides, then the third party could relay the key between them

third party# involvement on key selection and distribution

Using the method 2 and 3, session key and master key are necessary to verify and secure the Key Distribution from possible intruder. Session key is a temporary key used for encryption of data between users. It will be discarded once the session is over, hence the name. Master key is a key that is used to encrypt the session key, which is shared by the users and Key Distribution Center (KDC)#.
Hybrid Key Distribution

Hybrid Key Distribution is an #Asymmetric Cryptography used for #master key distribution by relying on Key Distribution Center (KDC)#. It has a better performance and is backward compatible.
Asymmetric Cryptography

It addresses two issues faced by Symmetric Cryptography: Key Distribution# and Digital Signature#. One doesn’t need to have a secure channel or a third party to distribute public keys as it will not sufficient to undermine the security of the encrypted message. Public keys could be distributed by either Public Announcement#, Publicly Available Directory#, Public-Key Authority#, or Public-Key Certificate#. We can verify whether the message is coming from the intended sender using the public key, thus able to authenticate the author. That being said, it is vulnerable to quantum computing.

#cryptography