Browse Prior Art Database

Closed Network Cryptography by Varying Algorithm

IP.com Disclosure Number: IPCOM000113129D
Original Publication Date: 1994-Jul-01
Included in the Prior Art Database: 2005-Mar-27
Document File: 4 page(s) / 184K

Publishing Venue

IBM

Related People

Copson, KJ: AUTHOR [+4]

Abstract

Disclosed is an algorithm which cryptographically isolates networks while maintaining interoperation with full DES-capable nodes. It provides suggested implementations for varying weakening parameters in the Commercial Data Masking (CDM) algorithm to separate networks. Three figures published here are numbered 11, 12 and 13 to correlate logically with references and figure numbers in associated (*).

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 34% of the total text.

Closed Network Cryptography by Varying Algorithm

      Disclosed is an algorithm which cryptographically isolates
networks while maintaining interoperation with full DES-capable
nodes.  It provides suggested implementations for varying weakening
parameters in the Commercial Data Masking (CDM) algorithm to separate
networks.  Three figures published here are numbered 11, 12 and 13 to
correlate logically with references and figure numbers in associated
(*).

      This disclosure recognizes that there is a business need to
cryptographically isolate entire networks from each other.  To meet
this need, the CDM concept is extended by permitting parameters to be
selected or arbitrarily created and subsequently installed into each
implementation.  Each network will operate at a factual cryptographic
security level equivalent to the CDM, but to a differently
initialized network, the security level would appear almost
equivalent to that of full DES protection.

      The key weakening function of CDM is designed so that an
assailant with a full DES processor must search the full 56 bit key
space in order to find the key in use on a CDM network; but an
assailant with a CDM processor requires to search only a 40 bit key
space as the 56 bit keys are mapped into 40 bit space.  Varying the
mapping creates isolation between networks, such that assailants
using CDM processors from two different networks with different
mappings still require to search the full 56 bit key space, while an
assailant using CDM processor with knowledge of the mapping in use
requires to search only a 40 bit key space to find the key in use.
In each of Figures 11, 12 and 13 which describe the original CDM
function, there is a different undesignated 'predetermined constant'.
The present disclosure describes the variation of these values.  Each
of the three constants are designated by the reference number of the
function to which they apply; and they will be designated P640, P650
and P660 respectively in this disclosure.

      Three key weakening parameters P640, P650 AND P660, which are
defined as predetermined constants in Figs. 11, 12 and 13 of (*)
have the following characteristics.

      640 One Way Function - This prevents the derivation of the
original CDM key K (501) from any subsequent values that may be
derived (e.g., 505, 655 and 645).  It also protects the Key
Encrypting Keys used for the exchange of the CDM key K (501) from any
dictionary attack.  The CDM has full DES strength for the Key
Management dialogues, and this function and parameter assure that
strength.  Varying the parameter P640 will cause the derivation of
different I_protect keys (645), and so different I_weak Keys (655)
for a given CDM Key K (501).  In this sense, suppose that the Key
Encrypting Keys used in the key management process had been exposed
in one network when they were first installed in clear parts.  This
information could not be used to undermine the security...