A security administrator must implement a system to allow clients to securely negotiate encryption keys with the company’s server over a public unencrypted communication channel. Which of the following implements the required secure key negotiation? (Select TWO).

A. PBKDF2 B. Symmetric encryption C. Steganography D. ECDHE E. Diffie-Hellman

Correct Answer: D,E Section: Cryptography

Explanation:
Elliptic curve Diffie–Hellman (ECDH) is an anonymous key agreement protocol that allows two parties, each having an elliptic curve public-private key pair, to establish a shared secret
over an insecure channel. This shared secret may be directly used as a key, or better yet, to derive another key which can then be used to encrypt subsequent communications using a
symmetric key cipher. It is a variant of the Diffie–Hellman protocol using elliptic curve cryptography.
Note: Adding an ephemeral key to Diffie-Hellman turns it into DHE (which, despite the order of the acronym, stands for Ephemeral Diffie-Hellman).
Adding an ephemeral key to Elliptic Curve Diffie-Hellman turns it into ECDHE (again, overlook the order of the acronym letters; it is called Ephemeral Elliptic Curve Diffie-Hellman). It is
the ephemeral component of each of these that provides the perfect forward secrecy.

Incorrect Answers:
A: PBKDF2 is to strengthen keys, but it would resolve the problem with the key exchange on an unsecure channel.
PBKDF2 (Password-Based Key Derivation Function 2) is part of PKCS #5
v. 2.01. It applies some function (like a hash or HMAC) to the password or passphrase along with Salt to produce a derived key.
B: Symmetric encryption would not in itself help on an unsecure channel.
C: Steganography is the process of hiding one message in another. Steganography is not used for secure key negotiation.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 248, 249-251, 254, 256