Browse Prior Art Database

Method of Thwarting Cryptographic Instruction Manipulation Attacks by Employing an Automatic Built-In Time Delay

IP.com Disclosure Number: IPCOM000104189D
Original Publication Date: 1993-Mar-01
Included in the Prior Art Database: 2005-Mar-18
Document File: 4 page(s) / 109K

Publishing Venue

IBM

Related People

Johnson, DB: AUTHOR [+6]

Abstract

Discribed is a method of thwarting cryptographic instruction manipulation attacks by employing an automatic built-in time delay. This method provides added protection to encryption functions that have a low frequency of usage and that can "run" slow and still meet application performance requirements.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 52% of the total text.

Method of Thwarting Cryptographic Instruction Manipulation Attacks by Employing an Automatic Built-In Time Delay

      Discribed is a method of thwarting cryptographic instruction
manipulation attacks by employing an automatic built-in time delay.
This method provides added protection to encryption functions that
have a low frequency of usage and that can "run" slow and still meet
application performance requirements.

      Fig. 1 illustrates a cryptographic system consisting of a
cryptographic facility 1 containing a crypto instruction execution
unit 2 capable of executing a set of cryptographic instructions, an
encrypted PIN file 3, and a login utility 4 that directly interfaces
to cryptographic facility 1 and encrypted PIN file 3.  The
cryptographic facility has a master key register 5 for storage of a
system master key (KM).  Encrypted PIN file 3 contains a collection
of records where each record contains at least a user identifier, ID,
and an encrypted PIN of the form eKM(PIN).  The notation eKM(PIN)
denotes the encryption of PIN with master key KM.  In an alternate
embodiment of the invention, PIN may be encrypted with a variant
master key KM', where KM' is formed as the Exclusive OR product of a
control vector C or a variant mask V.  However, this level of detail
is omitted from the present discussion.  Crypto instruction execution
unit 2 contains an Encrypt PIN instruction 6 which causes an input
clear PIN to be encrypted under the master key KM 5.

      In Fig. 1, the steps to authenticate a user can be traced as
follows.  At 10, the user i invokes the login utility 4, passing IDi
and PINi as inputs.  In response, login utility 4 invokes the Encrypt
PIN instruction 6 at 11, passing PINi as an input.  In response,
Encrypt PIN instruction 6 encrypts PINi under master key KM to
produce encrypted value eKM(PINi) and, after a specified delay,
returns the encrypted PIN at 12 to login utility 4.  Upon receiving
the encrypted PIN value, eKM(PINi), at 12, login utility 4 accesses
user i's encrypted PIN value of reference from Encrypted PIN file 3.
This involves passing IDi at 13 and reading the encrypted PIN value
of reference, eKM(PINi), at 14.  Login utility 4 now compares the
encrypted PIN value obtained at 12 with the encrypted PIN value of
reference obtained at 14 for equality.  If the comparison is
favorable, the login request is permitted.  Otherwise, if the
comparison is unfavorable, the login request is denied.

      Fig. 2 is a block diagram illustration of the Encrypt PIN
instruction 6.  Encrypt PIN instruction 6 consists of an encryption
step and a...