Cryptography Reference
In-Depth Information
hardware security modules (HSMs) to store master keys. These top-level keys will
never leave the HSMs in unprotected form. HSMs will be discussed in more detail
in Section 10.5.3.
The generation of master keys is an extremely critical operation. Master keys
are commonly generated, established and backed up in component form. We
discussed component form in Section 10.3.3 and will discuss the establishment
process for a master key from components in Section 10.7.2. If a master key needs
to be shared between two different HSMs then one option is to generate the same
master key from components separately on each HSM. An alternative is to run
a key agreement protocol (see Section 9.4.2) between the two HSMs in order to
establish a shared master key.
SCALABLE KEY HIERARCHIES
The notion of a key hierarchy works fine for a relatively simple network, but
quickly becomes unmanageable for large networks. Consider a simple two-level
hierarchy consisting of only master and data keys. If we have a network of n
users, then the number of possible pairs of users is
1
2 n ( n 1). This means that,
for example, if there are 100 users then there are 2 × 100 × 99 = 4950 possible
pairs of users. Hence, in the worst case, we might have to establish 4950 separate
master keys amongst the 100 HSMs in the network, which is not practical.
Alternatively, we could install the same master key in all HSMs. Data keys for
communication between Alice and Bob could then be derived from the common
master key and Alice and Bob's identities. However, compromise of Alice's HSM
would now not only compromise data keys for use between Alice and Bob,
but data keys between any pair of users in the network. This is not normally
acceptable.
In such cases it is common to deploy the services of a trusted third party, whom
all the users trust, which we will refer to as a key centre (KC). The idea is that each
user in the network shares a key with the KC, which acts as a 'go between' any time
any pairs of users require a shared key. In this way we reduce the need for 4950
master keys in a network of 100 users to just 100 master keys, each one shared
between a specific user and the KC.
There are two key distribution appoaches to acquiring shared keys from a KC.
We illustrate these using a very simple scenario. In each case we assume that
Alice wishes to establish a shared data key K with Bob. We will also assume that
both Alice and Bob have respectively established master keys K AC and K BC with
the KC, and that a simple two-level key hierarchy is being employed. The two
approaches are:
Key translation . In this approach the KC simply translates an encrypted key from
encryption using one key to encryption using another. In this case the KC is
acting as a type of switch . This process is depicted in Figure 10.3 and runs as
follows:
1. Alice generates a data key K , encrypts it using K AC and sends this to KC.
 
Search WWH ::




Custom Search