The core principle of secret key cryptography is to use a shared secret key between two parties to encrypt and decrypt messages. The same key is used to scramble and unscramble messages so that only the intended recipient can read them. This is done by using a cryptographic algorithm that performs mathematical operations on the plaintext message and the secret key to produce the ciphertext, which appears as random and unreadable characters. The recipient then uses the same key and algorithm to decrypt the ciphertext back to the original plaintext message. The strength of the secret key algorithm lies in the secrecy of the key, as anyone who does not possess the key will not be able to decipher the message. The algorithm itself, such as AES, is available as a public standard. Find the previous blog post here.
Secret key-based authentication is a method of verifying the identity of a user by indirectly comparing a secret key, which is a shared secret between the user and the system. This method of authentication is widely used in computer systems when the system needs to verify the identity of the user before granting access to sensitive data or resources.
In this authentication method, the secret key is known only to the user and the system. The key is typically a random value exchanged securely between the user and the system at the time of enrollment of the user. The user and the system then later use this key to process data exchanged during the authentication flow.
One common authentication method is the challenge-response method, in which the system sends a random, non-repeatable message (the challenge) to the user to prove their identity by requiring them to use the shared key to encrypt the message. The user then responds to the challenge by providing the encrypted message with the key. The system runs the same operation over the same message. If the result matches, it means both the user and the system used the same key, which makes the user trustworthy since only that user is supposed to know the key value. Besides, eavesdropping the communication between the user and the system does not reveal any information about the key. This is by design: an encryption algorithm key cannot be calculated from the knowledge of a clear text and the corresponding ciphertext. These algorithms make it so that an attacker would have to try all the possible key values. Since typical key lengths are 128 bits, that makes 2128 possible key values, which corresponds to 3.4x1038. If a computer could try one billion keys per second (109), it would take approximately 1022 years which is more than the age of the universe. Typical algorithms used for this purpose are AES (a special flavor named AES-MAC), or again HMAC (Hashed-based MAC). Those are special constructions using encryption in a one-way flavor, which takes an arbitrary clear-text message as an input, and generates a fixed-size signature called “message authentication code” (MAC) as an output, instead of a ciphertext.
By verifying that the secret key known by the user matches the key stored in the system, the system can be sure that the user is who they claim to be.
Figure 1 - Challenge-Response authentication using a secret-key based MAC algorithm
A crucial benefit of secret key-based authentication is simplicity because the user and the system share the same secret key, the key management is easier: each user has a unique key, and the system knows the key of each user. To reduce the key storage requirements, the system may choose to use a unique root key, from which each user’s key is calculated by combining the root key with the user’s identity. Then it is not necessary to maintain a database of (user, key) pairs, but to recalculate the user’s key from the user’s identity and the root key every time it is needed.
One potential drawback of secret key-based authentication is the need for the user and the system to share the same secret key. This can be challenging when the user and the system are in different physical locations or are not able to communicate securely. However, some techniques using public-key-based cryptographic protocols exist (Diffie-Hellmann) to perform a secure secret key exchange over an insecure network.
Another caveat is that, if the secret key is compromised, then the security of the whole authentication method can be compromised as well, especially when the system uses a root key. The disclosure of the sole root key would allow an attacker to impersonate any user just by knowing their identity, which breaks the entire system.
Secret key-based authentication is a widely used method of verifying the identity of a user in computer systems like Kerberos. It is simple, secure, and can be performed quickly with minimal overhead, but presents challenges in terms of key distribution, and resilience to the divulgation of a key.
Find the last blog in this series here.