Two different methods to meet the criteria for a secure exchange of the secret key whilst limiting the possibility of interception and it being manipulated whilst in transit are The Public Key Encryption and Diffie-Hellman.
Public Key Encryption requires both Alice and Bob to exchange their Public Keys and a secret key to be generated by either party and for this discussion Alice will initiate the secret key. Alice will encrypt the secret key using her Private Key and thereafter encrypt it once more with Bob’s Public Key before sending it to Bob.
On receiving the encrypted message Bob will first decrypt the message using his Private Key, then using Alice’s Public Key which was sent to him earlier, he can decrypt the message revealing the secret key which then will be used to transmit the messages.
The disadvantage of using Public Key Encryption is the requirement of Certificates which you need to apply for through a Certificate Authority causing delays but once obtained the advantage is that the sender is nonrepudiatable.
Diffie-Hellman Key Exchange Protocol is a method for two computer users to generate a shared key which they then use to exchange information across an insecure channel.
Alice and Bob agree on very large prime number and a lessor integer, after which they each generate a secret number and use that in the Diffie-Hellman Algorithm which will leave a remainder.
Alice transmits her remainder to Bob and vice versa, these remainders will respectively be used as a base number in the algorithm resulting in identical remainder numbers for both Alice and Bob’s calculations, which will form the new shared secret key.
The disadvantage of Diffie-Hellman is its susceptibility to active attacks (man in the middle attacks) but an advantage would be the shared key itself is never transmitted.
Cisco Networking Academy (2015), ‘188.8.131.52 Activity – Identify the steps of the DH Process’, T828 CCNA Security: Implementing Network Security 2.0, Chapter 7 Cryptographic Systems [Online]. Available at https://static-course-assets.s3.amazonaws.com/CCNAS2/en/index.html#184.108.40.206
(Accessed 14 February 2016)
Santos, Omar and Stuppi, John, (2015) CCNA Security 210-260 Cisco Certified Networking Associate – Security, Cisco
Stewart, James M., Chapple, Mike and Gibson, Darril, (2012) CISSP, Certified Information Systems Security Professional Study Guide, 6th edition