Publishing Venue
Motorola
Related People
Authors:
Ken Fuchs
•
Don Beyer
•
Christopher Perrin
Abstract
Under certain circumstances, it is desirable to be able to perform an audit on radios that use encryp~ tion to determine the IDs of certain variables (e.g. encryption keys) and the characteristics of those keys (e.g. age of keys, usage of keys). It is also desirable to ascertain the background of security related events that have taken place within the radio, for example the number of attempts at entering a password or the last N sequence of events such as power down, power up and rekey requests.
MOTOROLA
Technical
Developments
METHOD
FOR LOGGING AND RETRIEVING SECURITY RELATED EVENTS AND AUDITING ENCRYPTION KEYS
EMBEDDED IN A CRYPTOGRAPHIC MODULE
by Ken
Fuchs, Don Beyer, Gary Schluckbier and Christopher Perrin
THE
PROBLEM
Under
certain circumstances, it is desirable to be able to perform an audit on radios
that use encryp~ tion to determine the IDs of certain variables (e.g.
encryption keys) and the characteristics of those keys (e.g. age of keys, usage
of keys). It is also desirable to ascertain the background of security related
events that have taken place within the radio, for example the number of
attempts at entering a password or the last N sequence of events such as power
down, power up and rekey requests.
The
ability to audit the crypto module provides the crypto officer or another
authority the opportunity to ensure that users are not using old keys,
compromised keys or encrypting too much traffic on a single key.
The
crypto officer can limit the exposure of certain keys and reduce the chance of
compromise by determining if a particular user does not use certain keys and
removing their access to those keys.
Finally
the officer can verify that a "lost and found" radio was not used for
secure transmissions during the period it was lost.
THE
SOLUTION
At the
present time, key variables are inserted into a crypto module using a Key
Variable Loader (KVL) or via Over- The-Air-Rekeying (OTAR) from a Key
Management Facility (KMF). The solution involves modifying bo...