TLS-PSK
Encyclopedia
Transport layer security
pre-shared key
ciphersuites (TLS-PSK) is a set of cryptographic protocol
s that provide secure
communication based on pre-shared keys (PSKs). These pre-shared keys are symmetric keys shared in advance among the communicating parties.
There are several ciphersuites: The first set of ciphersuites uses only symmetric key operations for authentication
. The second set uses a Diffie-Hellman key exchange
authenticated with a pre-shared key. The third set combines public key authentication of the server with pre-shared key authentication of the client.
Usually, TLS uses public key certificate
s or Kerberos for authentication. TLS-PSK uses symmetric keys, shared in advance among the communicating parties, to establish a TLS connection. There are several reasons to use PSKs:
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
pre-shared key
Pre-shared key
In cryptography, a pre-shared key or PSK is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used. To build a key from shared secret, the key derivation function should be used. Such systems almost always use symmetric key...
ciphersuites (TLS-PSK) is a set of cryptographic protocol
Cryptographic protocol
A security protocol is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods.A protocol describes how the algorithms should be used...
s that provide secure
Security
Security is the degree of protection against danger, damage, loss, and crime. Security as a form of protection are structures and processes that provide or improve security as a condition. The Institute for Security and Open Methodologies in the OSSTMM 3 defines security as "a form of protection...
communication based on pre-shared keys (PSKs). These pre-shared keys are symmetric keys shared in advance among the communicating parties.
There are several ciphersuites: The first set of ciphersuites uses only symmetric key operations for authentication
Authentication
Authentication is the act of confirming the truth of an attribute of a datum or entity...
. The second set uses a Diffie-Hellman key exchange
Key exchange
Key exchange is any method in cryptography by which cryptographic keys are exchanged between users, allowing use of a cryptographic algorithm....
authenticated with a pre-shared key. The third set combines public key authentication of the server with pre-shared key authentication of the client.
Usually, TLS uses public key certificate
Public key certificate
In cryptography, a public key certificate is an electronic document which uses a digital signature to bind a public key with an identity — information such as the name of a person or an organization, their address, and so forth...
s or Kerberos for authentication. TLS-PSK uses symmetric keys, shared in advance among the communicating parties, to establish a TLS connection. There are several reasons to use PSKs:
- Using pre-shared keys can, depending on the ciphersuite, avoid the need for public key operations. This is useful if TLS is used in performance-constrained environments with limited CPU power.
- Pre-shared keys may be more convenient from a key management point of view. For instance, in closed environments where the connections are mostly configured manually in advance, it may be easier to configure a PSK than to use certificates. Another case is when the parties already have a mechanism for setting up a shared secret key, and that mechanism could be used to “bootstrap” a key for authenticating a TLS connection.
Standards
- RFC 4279: “Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)”.
- RFC 4785: “Pre-Shared Key (PSK) Ciphersuites with NULL Encryption for Transport Layer Security (TLS)”.