Another objective of the negotiation phase is key exchange between peer entities. This exchange should be done in a secure manner. In this key exchange, ``a public key certificate,'' discussed later, is introduced in order to protect this key exchange against eavesdroppings. After the key exchange, peer entities share session keys for datagram integrity and confidentiality.
Before a procedure of the key exchange is carried out, peer entities of communication have a public key certificate that is signed by a reliable certificate authority(CA).
We explain symbols and notations used throughout the rest of this paper. They are summarized in Table 2.
Table 2: Symbols used in key distribution
Figure 3: Key Issue and Exchange Procedures
Public Key Certificate Issue \ The procedure to issue a public key certificated by CA to a host is shown in Figure 3(a).
CA makes PKca available to the public and maintains its own secret key SKca. The procedure for issuing a public key certificated is put into practice as follows.
Procedure of Key Exchange \ The procedure of shared session keys exchange is illustrated in Figure 3(b).
The procedure is carried out as follows.