Transport Layer Security pre-shared key ciphersuites (TLS-PSK) is a set of

cryptographic protocol A security protocol (cryptographic protocol or encryption protocol) is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods, often as sequences of cryptographic primitives. A protocol descr ...

s that provide

secure Secure may refer to: * Security, being protected against danger or loss(es) **Physical security, security measures that are designed to deny unauthorized access to facilities, equipment, and resources **Information security, defending information ...

communication based on pre-shared keys (PSKs). These pre-shared keys are

symmetric key Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext. The keys may be identical, or there may be a simple transformation to go between t ...

s shared in advance among the communicating parties. There are several cipher suites: The first set of ciphersuites use only

operations for

authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicatin ...

. The second set use a Diffie–Hellman

key exchange Key exchange (also key establishment) is a method in cryptography by which cryptographic keys are exchanged between two parties, allowing use of a cryptographic algorithm. If the sender and receiver wish to exchange encrypted messages, each ...

authenticated with a pre-shared key. The third set combine

public key Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic al ...

authentication of the server with pre-shared key authentication of the client. Usually,

Transport Layer Security Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securi ...

(TLS) uses public key certificates or Kerberos for authentication. TLS-PSK uses symmetric keys, shared in advance among the communicating parties, to establish a TLS connection. There are several reasons to use PSKs: * Using pre-shared keys can, depending on the ciphersuite, avoid the need for public key operations. This is useful if TLS is used in performance-constrained environments with limited CPU power. * Pre-shared keys may be more convenient from a key management point of view. For instance, in closed environments where the connections are mostly configured manually in advance, it may be easier to configure a PSK than to use certificates. Another case is when the parties already have a mechanism for setting up a shared secret key, and that mechanism could be used to “bootstrap” a key for authenticating a TLS connection.

Standards

* : "Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)". * : "Pre-Shared Key (PSK) Ciphersuites with NULL Encryption for Transport Layer Security (TLS)". * : "Pre-Shared Key Cipher Suites for TLS with SHA-256/384 and AES Galois Counter Mode". * : "ECDHE_PSK Cipher Suites for Transport Layer Security (TLS)".

References

{{Reflist Transport Layer Security

Standards

See also

References