Authenticated Key Exchange

Authenticated Key Exchange (AKE), Authenticated Key Agreement (AKA) or Authentication and Key Establishment (AKE) is the exchange or creation of a session key in a key exchange protocol which also authenticates the identities of parties involved in key exchange.[1] AKE typically occurs at the beginning of a communication session.[2] Features of AKE protocols include determination of which keys already exist and can be used, how new keys will be generated, and how many users the protocol is applicable to.[2]

AKE protocols make use of long term keys that exist prior to the protocol, and session keys, which are typically symmetric keys established during the execution of the protocol.[2] AKE protocols can be divided into four categories, based on the different types of long term keys used:[2]

  1. Pre-shared keys
  2. Public–private key pairs
  3. Identity-based keys
  4. Passwords

The use of Transport Layer Security (TLS) to secure HTTP connections is perhaps the most widely deployed AKE protocol.[3]

  1. ^ Diffie, W.; van Oorschot, P.; Wiener, M. (June 1992). "Authentication and authenticated key exchanges". Designs, Codes and Cryptography. 2 (2): 107–125. CiteSeerX 10.1.1.59.6682. doi:10.1007/BF00124891. S2CID 7356608.
  2. ^ a b c d Boyd, C., Mathuria, A., & Stebila, D. (2020). Protocols for authentication and Key Establishment. Springer Berlin Heidelberg.
  3. ^ Eric Rescorla (August 2018). "The Transport Layer Security (TLS) Protocol Version 1.3". Mozilla. The Internet Engineering Task Force. Archived from the original on 14 May 2021.