Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Efficient negotiation of shared secret key bundle over an insucure network

IP.com Disclosure Number: IPCOM000032442D
Original Publication Date: 2004-Nov-05
Included in the Prior Art Database: 2004-Nov-05
Document File: 2 page(s) / 51K

Publishing Venue

IBM

Abstract

This article discloses an algorithm that enables efficient negotiation of shared secret bundle over an insecure communication channel. It does not result in reduction of the strength of negotiated bundles compared with an equivalent set of secret negotiated separately using a conventional approach.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 2

Efficient negotiation of shared secret key bundle over an insucure network

Disclosed here is an algorithm that enables efficient negotiation of shared secret bundle over an insecure communication channel. The efficiency comes from negotiating secret in bundles rather than one at a time, which is the conventional approach. The overhead for negotiating a bundle is roughly twice as much as that of the conventional approach. The strength of the negotiated bundles is equivalent to that of an equivalent set of secret negotiated separately using the conventional approach.

    Secure transmission of data over a network link normally involves an advanced negotiation of a shared session secret. The negotiation is normally repeated periodically to obtain a new secret as there is always a risk that a secret is compromised after a period of time. If the current secret is used for renegotiation and the algorithm used is not designed properly, a compromised current secret may result in the disclosure of previous or future session secrets (lacking of forward or backward secrecy), leading to the disclosure of previous or future encrypted messages.

    One common approach for preserving forward and backward secrecy is to perform a renegotiation from scratch (without using the current secret) using the Diffie-Hellman algorithm. This algorithm is designed for negotiating shared secret over an insecure communication channel. Apart from costing a round of communication dialogue, it is also computationally intensive. In order to obtain n shared secrets, the Diffie-Hellman algorithm has to be performed n times!

    Instead of negotiating a single session secret each time, the disclosed algorithm aims at negotiating a bundle of session secret. The bundle is constructed in such a way that the information obtained from compromised session...