Cryptography – Particular algorithmic function encoding – Nbs/des algorithm
Patent
1996-01-24
1998-03-17
Barron, Jr., Gilberto
Cryptography
Particular algorithmic function encoding
Nbs/des algorithm
380 30, H04L 932
Patent
active
057296081
DESCRIPTION:
BRIEF SUMMARY
TECHNICAL FIELD
The present invention relates in general to secure communication systems and in particular to secure cryptographic key distribution in a communication system. Still more particularly, this invention relates to secure authenticated key distribution in a communication system.
BACKGROUND OF THE INVENTION
Authentication protocols and key distribution protocols are known in the art.
A two-party authentication protocol (hereafter simply referred to as 2PAP) is described in R. Bird, I. Gopal, A. Herzberg, P. Janson, S. Kutten, R. Molva, M. Young: Systematic Design of Two-Party Authentication Protocols, Proceeding of Crypto '91, August 1991. In the described 2PAP, two users authenticate each other by transmitting challenges and using a shared secret key. This protocol has been shown to be secure against an important class of attacks known as interleaving attacks. Such attacks are based upon the adversary's ability to use either:
A family of key distribution protocols (hereinafter simply referred to as KDP) has been subsequently realized in an actual network security service, KryptoKnight, described in R. Molva, G. Tsudik, E. Van Herreweghen, S. Zatti: KriptoKnight Authentication and Key Distribution Service, Proceeding of ESORICS 92, October 1992, Toulouse, France.
In a two-party key distribution protocol (hereinafter simply referred to as 2PKDP) a user distributes to another user a new secret key, using an already previously secret shared key.
In a three-party key distribution protocol (hereinafter simply referred to as 3PKDP) and in a multi-party key distribution protocol (hereinafter simply referred to as MPKDP), as described in U.S. Pat. No. 4,649,233, there is a user (often called "server") that shares a corresponding master user key with each of the other users; each master user key is known only to the server and the corresponding user. When a group of users (two or more) want to exchange secrets, since they do not share a common key, they have to rely on collaboration with the server. On request, the server generates and distributes a new group key for two (or more) selected users.
Key distribution is particularly difficult--because of time constraints--in communication system that provide for dynamic routing functions, enabling the continuation of routing, broadcasting, and multicasting (sending a message to a sub-set of users along a path or a set of paths) in the presence of changes. Such dynamic routing functions are per se known in the art, see for example Bertsekas-Gallager: Data Networks, Prentice-Hall, 1987, section 5.3.
SUMMARY OF THE INVENTION
There are some drawbacks with this prior art. The key distribution protocols known in the art have not been shown sufficiently secure; at least not insofar as the 2PAP described by Bird et al., i.e., they are believed but have not been shown to resist any kind of attacks such as inlet leaving attacks or cut-and-splice attacks, for instance.
In addition, some do not guarantee integrity of the key being distributed, i.e. they do not guarantee that the key being distributed cannot be modified by an adversary. These limitations are particularly true of protocols with minimal-length messages for secure authenticated key distribution.
The above drawbacks of the prior art are overcome by the invention as claimed.
The present invention provides a method and system that have been mathematically demonstrated to be as secure as 2PAP, in particular against interleaving attacks, owing to a braided structure of the protocol messages. The basic two-party key distribution (and authentication) protocol can in turn be used as a basic building block for constructing more elaborate, e.g. three-party, multi-party or inter-domain, key distribution protocols. The braided structure, in addition, guarantees the integrity of the key being distributed. Besides, this authenticated key distribution protocol requires minimal length protocol messages, and it is as compact as possible in both the number and the size of messages exchanged.
All this can be achieved wi
REFERENCES:
patent: 4649233 (1987-03-01), Bass et al.
patent: 5124117 (1992-06-01), Tatebayashi et al.
patent: 5222140 (1993-06-01), Beller et al.
patent: 5251258 (1993-10-01), Tanaka
patent: 5369705 (1994-11-01), Bird et al.
Computer Security--Esorics 92.Second European Symposium on Research in Computer Security Proceedings, Nov. 23-25, 1992, Toulouse, France; .box-solid.Kryptoknight Authentication and Key Distribution System.box-solid., R. Molva et al, pp. 155-174.
IEEE Journal on Selected Areas in Communication, vol. 11, No. 5, Jun. 1993, New York, .box-solid.Systematic Design of a Family of Attack-Resistant Authentication Protocols.box-solid., R. Bird et al, pp. 679-693.
Janson Philippe
Tsudik Gene
Barron Jr. Gilberto
International Business Machines Corp.
Ray-Yarletts Jeanine S.
LandOfFree
Method and system for providing secure key distribution in a com does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for providing secure key distribution in a com, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for providing secure key distribution in a com will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-965092