Browse Prior Art Database

Method for Validating a Key Data Set using a Modification Detection Code and a Tree Authentication Algorithm

IP.com Disclosure Number: IPCOM000104328D
Original Publication Date: 1993-Apr-01
Included in the Prior Art Database: 2005-Mar-19
Document File: 4 page(s) / 137K

Publishing Venue

IBM

Related People

Johnson, DB: AUTHOR [+5]

Abstract

This article describes a method of verification of encrypted keys stored in a system-managed cryptographic key data set. Each encrypted key is stored in a key record. The method verifies an entire key record as one integral operation. The method is based on a tree authentication algorithm originally described in [1] and uses a DEA-based modification detection code MDC algorithm [2] as the one-way function required by the tree authentication algorithm. An advantage of the method is that the verification step depends only on non-secret data, and thus there is no opportunity for an insider adversary to subvert security by discovering a secret parameter value. However, the integrity of the verification procedure depends on maintaining the integrity of a single 128-bit root MDC value.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 49% of the total text.

Method for Validating a Key Data Set using a Modification Detection Code and a Tree Authentication Algorithm

      This article describes a method of verification of encrypted
keys stored in a system-managed cryptographic key data set.  Each
encrypted key is stored in a key record.  The method verifies an
entire key record as one integral operation.  The method is based on
a tree authentication algorithm originally described in [1]  and uses
a DEA-based modification detection code MDC algorithm [2] as the
one-way function required by the tree authentication algorithm.  An
advantage of the method is that the verification step depends only on
non-secret data, and thus there is no opportunity for an insider
adversary to subvert security by discovering a secret parameter
value.  However, the integrity of the verification procedure depends
on maintaining the integrity of a single 128-bit root MDC value.

      Fig. 1 illustrates a cryptographic system consisting of a
cryptographic facility (CF) 1 capable of executing a set of
cryptographic instructions in crypto instruction execution engine 2,
a key storage 3, a cryptographic facility access program (CFAP) 4,
and application programs (APPLs) 5.  The key storage 3 is divided in
a cryptographic key data set 6 and a modification detection data set
7.  The cryptographic key data set 6 consists of relatively stable,
long-life keys stored in encrypted form under a system master key
(KM).  The modification detection data set 7 consists of
precalculated MDC values used to validate keys stored in the
cryptographic key data set 6.  The cryptographic facility 1 also has
a secure front panel interface 8 with a capability for the manual
entry of keys, such as a master key KM stored in master key storage 9
and a root MDC stored in root MDC storage 10.  KM and the root MDC
are entered into the cryptographic facility 1 via a hand-held key
entry device 11.

      An MDC is a 128-bit value calculated on data using a public
one-way encryption function.  If function F represents an MDC
algorithm and X a data input, then an MDC is calculated on X by
applying F to X, i.e., F(X) = MDC.  An MDC algorithm with properties
suitable for implementing the described method of validating a key
data set is described in [2]

      Fig. 2 illustrates key data set 6 and MDC data set 7 in greater
detail.  Key data set 6 consists of n records, specified as key
record 1 through key record n.  MDC data set 7 consists of n MDC
values, specified as MDC1 through MDCn.  The MDC values in MDC data
set 7 are calculated from the key records in key data set 6 using an
MDC utility program 12 (Fig. 1).  A GEN-MDC 13 instruction (Fig. 1)
permits MDCs to be calculated.  More particularly, MDC1 is calculated
by applying MDC function F to key record 1, MDC2 is calculated by
applying MDC function F to key record 2, etc.  The MDC utility
program 12 (in Fig. 1) also calculates a root MDC by applying MDC
function F to...