Browse Prior Art Database

Scheme to Prevent Unauthorized use of Authentication Keys

IP.com Disclosure Number: IPCOM000015841D
Original Publication Date: 2002-May-21
Included in the Prior Art Database: 2003-Jun-21
Document File: 1 page(s) / 38K

Publishing Venue

IBM

Abstract

In a network of nodes, it is often necessary to provide nodes with an authentication keys during times such as network initialization. (These authentication keys are provided by the system administrator during network initialization/configuration.) Later, when a node needs to interchange important information with another node, it sends a packet to the other node and incudes the authentication key in the packet. When the recipient node receives the packet, it checks the authentication key for validity before accepting the packet. One common problem with the use of this scheme in a physically unsecured network is that a third party can observe the key. The third party can use that key to send packets which include the key, thereby falsely authenticating itself whenever it sends a packet.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 51% of the total text.

Page 1 of 1

Scheme to Prevent Unauthorized use of Authentication Keys

In a network of nodes, it is often necessary to provide nodes with an authentication keys during times such as network initialization. (These authentication keys are provided by the system administrator during network initialization/configuration.) Later, when a node needs to interchange important information with another node, it sends a packet to the other node and incudes the authentication key in the packet. When the recipient node receives the packet, it checks the authentication key for validity before accepting the packet. One common problem with the use of this scheme in a physically unsecured network is that a third party can observe the key. The third party can use that key to send packets which include the key, thereby falsely authenticating itself whenever it sends a packet.

A specific example of this problem is in an Infiniband (IB) network, where authentication keys are included only in request packets sent to a management or service entity when requesting services. Before responding to the request, the management or service entity checks the key. A partial protection against unauthorized use of a key may be provided by giving nodes with different network addresses different keys. This prevents a node from using the key of another node because it allows the recipient to use the sender's address to validate the key. This scheme does not prevent an unauthorized logical entity (such as a separate operating system or application) within the same node as an authorized logical entity from using the key inappropriately.

While there are numerous encryption schemes to prot...