Key distribution center
From Wikipedia, the free encyclopedia
In cryptography, a key distribution center (KDC) is part of a cryptosystem intended to reduce the risks inherent in exchanging keys. KDCs often operate in systems within which some users may have permission to use certain services at some times and not at others.
Contents |
[edit] Security overview
For instance, an administrator may have established a policy that only certain users may use the tape backup facility. (Perhaps the administrator has concerns that unrestricted use might result in someone smuggling out a tape containing important information; but the precise
[edit] Operation
A typical operation with a KDC involves a request from a user to use some service. The KDC will use cryptographic techniques to authenticate requesting users as themselves. It will also check whether an individual user has the right to access to the service requested. If the authenticated user meets all prescribed conditions, the KDC can issue a ticket permitting access.
KDCs mostly operate with symmetric encryption.
In most (but not all) cases the KDC shares a key with each of all the other parties.
The KDC produces a ticket based on a server key.
The client receives the ticket and submits it to the appropriate server.
The server can verify the submitted ticket and grant access to the user submitting it.
Security systems using KDCs include Kerberos.
[edit] Benefits
- Easier key distribution
- Scalability
[edit] Drawbacks
- A KDC can become a single point of failure
- Everybody must trust the KDC
