Cryptography Reference
In-Depth Information
Derived UKPT scheme
. This scheme is supported by Visa, amongst others, and
answers the three questions as follows:
1. The initial value is a unique initial key that is installed in the terminal.
2. The transaction key is derived by the terminal from the contents of the terminal
key register, a transaction counter, and the terminal's unique identifier. The
host has a special base (master) key. The host does not need to maintain a
key register, but can calculate this same transaction key from the base key, the
transaction counter and the terminal identifier.
3. At the end of the protocol the new terminal key register value is derived from
the old key register value and the transaction counter. The host does not
need to store this value because it can compute transaction keys directly,
as just described.
One of the most attractive features of the Racal UKPT scheme is that it has an
in-built audit trail. If a transaction is successful then, since it relies on all previous
transactions, this also confirms that the previous transactions were successful.
A potential problem with the Racal UKPT scheme is synchronisation in the event
that a transaction does not complete successfully.
The Derived UKPT scheme has the significant advantage that the host does not
need to maintain key registers and can derive transaction keys directly. However,
it suffers from the problem that an attacker who compromises a terminal (and thus
obtains the value in the key register) will be able to compute future transaction
keys for that terminal. In the Racal UKPT scheme such an attacker would also
need to capture all the future card data. The Derived UKPT scheme also requires
a careful initialisation process, since compromise of the terminal initial key leads
to the compromise of all future transactions keys.
The problems with these UKPT schemes can all be addressed through careful
management. UKPT schemes are very effective key management systems for
addressing the difficulties associated with key establishment in the types of
environment for which they are designed.
10.4.3
Quantum key establishment
We close our discussion of key establishment with a few words about a technique
that has captured the public attention, but whose applicability remains to be
determined.
MOTIVATION FOR QUANTUM KEY ESTABLISHMENT
In Section 3.1.3 we discussed one-time pads and argued that they represented
'ideal' cryptosystems that offered perfect secrecy. However, in Section 3.2.1 we
pointed out substantial practical problems with implementing a one-time pad.
These were all essentially key management problems, perhaps the most serious
being the potential need to establish long, randomly generated symmetric keys
at two different locations.
