Browse Prior Art Database

Integrity of Stored Public Key

IP.com Disclosure Number: IPCOM000060706D
Original Publication Date: 1986-May-01
Included in the Prior Art Database: 2005-Mar-09
Document File: 2 page(s) / 33K

Publishing Venue

IBM

Related People

Matyas, SM: AUTHOR

Abstract

This article describes a method for protecting the integrity of a public key 10 stored in a terminal 12 on the basis of a secret key 14 stored in that terminal. A terminal with only a public key, but no secret key, cannot be tested to ensure its integrity. The obvious attack against a terminal with only an installed public key is to replace that public key with a public key selected by the adversary. The adversary thus selects a public key for which the corresponding secret key is known, thereby allowing data encrypted with that public key to be decrypted by the adversary using the known secret key. This basic attack can take several forms. The diagram illustrates a network in which the terminal device 12 is connected to a key distribution center (KDC) 16.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 2

Integrity of Stored Public Key

This article describes a method for protecting the integrity of a public key 10 stored in a terminal 12 on the basis of a secret key 14 stored in that terminal. A terminal with only a public key, but no secret key, cannot be tested to ensure its integrity. The obvious attack against a terminal with only an installed public key is to replace that public key with a public key selected by the adversary. The adversary thus selects a public key for which the corresponding secret key is known, thereby allowing data encrypted with that public key to be decrypted by the adversary using the known secret key. This basic attack can take several forms. The diagram illustrates a network in which the terminal device 12 is connected to a key distribution center (KDC) 16. The KDC is responsible for distributing cryptographic keys to the various connected terminal devices, and it also has a responsibility for maintaining network security. The KDC 16 has a public and private key pair, denoted PKkdc and SKkdc, which are used with a so- called public key algorithm. This key pair is initialized at the KDC 16, and the public key PKkdc is initialized at the terminal 12. Also initialized at the KDC 16 and terminal 12 is the unique secret terminal key SKterm 14. The cryptographic keys 10 and 14 are stored in a memory in a protected cryptographic facility with installed tamper-detection sensing devices. These tamper-detection devices are connected to circuitry 18 within the cryptographic facility which will cause the secret key SKterm 14 to be automatically erased from 12 if tampering is detected by any one of the sensing devices. Some examples of the sensing devices are motion detectors, trip switches, microwave, photoelectric, and thermal detectors. As long as the s...