It’s time to introduce some more keys. Each member in each shared space has a Diffie-Hellman public/private key pair. These Diffie-Hellman keys (which are authenticated via the identity key pairs mentioned previously) are used to establish pairwise symmetric keys—that is, keys shared between each pair of members within a shared space. Through the magic of Diffie-Hellman, the pairwise keys aren’t sent over the wire. Instead, they’re independently computed by each pair of members. Bob computes a Bob/Carol pairwise key from his Diffie-Hellman private key and Carol’s Diffie-Hellman public key. Carol computes the same pairwise key from her private key and Bob’s public key.

There are two kinds of
pairwise
keys between members M_{i} and
M_{j}. A cipher pairwise key,
K_{ij}, encrypts the group keys
(K_{G}, L_{G}) for
distribution. A MAC
pairwise key, L_{ij}, assures the data origin
authenticity/integrity of messages in a suspicious shared space.

Recall that in the trusting case, a MAC is attached to each message.
It’s a MAC of the header and body of the message, protected in
the group key:
{X}L_{G}. Rather than a group-level MAC,
suspicious mode uses a set of individual MACs denoted as
{X}L_{ij}, one for each pair of members. Each of
these uses
HMAC-SHA1 to authenticate a message
using the pairwise key shared between a pair of members. The
resulting MACs are called authenticators (or
multiauthenticators). These are
symmetric-key analogues of public-key signatures.

Start Free Trial

No credit card required