A hybrid session key exchange algorithm for highly-sensitive IP-based institutional communications

Session key exchange has become an addressed topic in the field of communications security, particularly for the IP-based call session that travels through the public network. This paper proposes a hybrid algorithm for session key exchange. The algorithm is designed based on most of the well-proven algorithms, including RSA, D-H, MAC authentication and SHA one-way function, and most of the popular security concepts such as digital signature, digital certificates and verifications under PKI. With an integration of these security concepts and algorithms, the proposed algorithm inherits the properties of these algorithms and realizes highly secure session key exchanging, to meet the required security level of institutions for sensitive communications. It not only improves the possible deficiencies of the algorithms that are singly based on RSA or D-H, but also expands the limits when a hybrid algorithm is applied. Moreover, using MAC codes to ensure the authenticity of the call itself (in addition to ensuring the authenticity of the call parties) meets the communications security concern (in addition to the information security concerns) which relevant algorithms might fail to consider.