Key Exchange Issues. (Present technologies vs. StealthKey Patent # 6,590,891) Hugo Fruehauf. October 2006

Transcription

1 Key Exchange Issues (Present technologies vs. StealthKey Patent # 6,590,891) Hugo Fruehauf hxf@fei-zyfer.com October 2006

2 Key Exchange Issues (presently in use) Symmetric Crypto Same Key Encrypts Must move Symmetric Key across somehow Decrypts Symmetric Keying is technology of choice, because it supports high data rates Key Exchange Method Verbal (not secure) Phone (not secure) unless secure phone (STU) Mail (not secure) Courier (better) Open Network (Ok if not being targeted) With PKI (Public Key Infrastructure - Secure)

3 Key Exchange Issues (presently in use) RSA Asymmetric Crypto No Key moves across Two Math Related Keys - One Encrypts & One Decrypts (or visa-versa) (is one of two PKI methods Public Key Infrastructure) Key Exchange Method N/A (not a Symmetric Key) RSA Encryption of a Symmetric Key Symmetric Key moves across securely Key Exchange Method Symmetric key encrypted by RSA key and transferred via RSA PKE (Secure)

4 Key Exchange Issues (presently in use) DH Asymmetric Crypto No Key moves across Independently generate Encrypts same Symmetric Key (is one of two PKI methods Public Key Infrastructure) Decrypts Key Exchange Method N/A, no key exchange Hashing Crypto Plain or Ciphertext, Text Hash Value Value part of data Hash Value, Text Message Digest for Integrity, authentication Must move Symmetric Key across somehow Key Exchange Method for keyed hash (HMAC) Key Exchange Method for keyed hash (HMAC) Same issues as with Symmetric key

5 Key Exchange Issues (presently in use) Initialized Synchronized Symmetric Crypto Key Exchange Method No Key moves across - -Goal- PNs generate Keys at all terminals and initiator sends Initialization Parameters to mark where to start. Repeat when re-keying Problems Flag in data stream; key material moves across -- Start-latency and interruption of data traffic when re-keying -- Need long-term Key (Setup Parameters) PNs generated Keys at all terminals and synchronously change keys (time or event activated) Problems loss since clocks cannot be perfectly synchronized (at 10 Gps, 10 Mbits are lost from a sync error of 1 Microsecond -- Need long-term Key (Setup Parameters) PN Pseudo Random Number Generator

6 StealthKey Infrastructure (presently not in use) the StealthKey Patent NON Initialized Synchronized Symmetric Crypto No Key moves across Symmetric Crypto Solution ( Non( Non-Precision Sync Method) PNs always generate 3 Keys at all terminals (key for the present crypto period, the previous, and the next) Sending terminal uses present crypto period key Receiving terminal(s) decrypt with all 3 keys simultaneously Encrypted PN-generated header match determines the right key at the receiving terminals (can be DH, ESP-SN, etc) Terminal sync need only be slightly better than key-change period Computer clock good enough for sync of all terminals, aided by a periodic NTP check (or other clock options)

7 Non-Initialized, Non-Precision Sync Process Long- Term Key Setup Time/ Event Sync Long- Term Key Setup Time/ Event Sync Generation of Short- Term Symmetric Keys Prior Present Next Time Time Time PC Generation of Short- Term Symmetric Keys Prior Present Next Time Time Time PC In Encrypt Network Encrypt In s s Out Out (1) Patent No. 6,590,981; July 8, 2003; StealthKey TM

8 Non-Initialized, Non-Precision Sync Process 8:00:00 8:00:15 8:00:30 A B C D Key Gen Engine Encryptor Key B 8:00:15 Time Offset Expected between and s Network 8:00:00 8:00:15 8:00:30 A B C D Ahead Key Gen Engine Key A 8:00:00 Key B 8:00:15 Key C 8:00:30 & s Key Period Match

9 Non-Initialized, Non-Precision Sync Process PKG 8:00:00 8:00:15 8:00:30 A B C D Key Gen Engine Encryptor Key B 8:00:15 Time Offset Expected between and s Network 8:00:00 8:00:15 8:00:30 B C D Ahead Key Gen Engine Key B 8:00:15 Key C 8:00:30 Key D switches to next Key Period uses Previous Key Period to Match

10 Non-Initialized, Non-Precision Sync Process PKG 8:00:00 8:00:15 8:00:30 A B C D Key Gen Engine Encryptor Key C 8:00:30 Time Offset Expected between and s Network 8:00:00 8:00:15 8:00:30 B C D Ahead Key Gen Engine Key B 8:00:15 Key C 8:00:30 Key D Switches to next increment & s Key Period Match

11 StealthKey Infrastructure Issues NON Initialized Synchronized Symmetric Crypto (continued) No Key moves across PROS No key material (flags) in data stream, no initialization, no latency No interruption of data traffic when changing key No data loss at key change ( In-Band re-keying) No precision sync required, runs on a computer-type clock CONS Still need long-term Key (Setup Parameters) Need 32-bit header for crypto period ID per packet (but may come from an existing source (i.e. ESP-SN)

12 Things you don t t want in the digital data stream for Security Reasons Don t t want REPEATS of bit sequences (often called collisions) Repeats of ciphertext related to the ECB encryption mode or the encryption algorithm used Replaying of frames after reset of the ESP Sequence Number Repeats in the CBC encryption mode (reset of permutation sequences) Counter reset in the Counter Mode encryption mode Packet sequence number rollovers Don t t want FLAGS followed by an event Flags or bit sequences related to a Key-Change Time ticks, time marks, or TOD related to key changes Initialization preambles Don t t want Precision SYNCHRONIZATION elements in general

13 Conclusion NON Initialized, NON-Precision Synchronized StealthKey Symmetric Crypto : is the method of choice for high data rate cryptographic traffic in a network

14 Need for 10 Gbps Replaying of frames after reset of ESP Sequence Number (SN) Collisions in CBC Mode Counter reset in Counter Mode (CM) Same key for the 2 32 or 2 64 set of frames: 32 bit SN: 2 32 frames 64 bit SN: 2 64 frames Re-keying: 32 bit SN, frames of 64 bytes: 220 seconds 32 bit SN, frames of 2112 bytes: 121 min 64 bit SN: Not relevant Same key for the 2 32 or 2 64 set of blocks: 3DES: 2 32 blocks AES-128: 2 64 blocks Re-keying: 3DES: 27.5 seconds AES-128: Not relevant Re-keying must be before counter reset! Re-keying: 3DES, AES-128, frames of 64 bytes: 220 seconds 3DES, AES-128, frames of 2112 bytes: 121 min

15 Exhaustive Key Search Key Size (bits) Time (1ųs/test) Time (1ųs/10 6 test) mins 2.15 msec days 550 msec years 10.0 hours 64 ~500,000 years 107 days x years 5 x years For comparison, the lifetime of the universe (assuming it is closed) is estimated at years