Scheme to Prevent Unauthorized use of Authentication Keys
Original Publication Date: 2002-May-21
Included in the Prior Art Database: 2003-Jun-21
In a network of nodes, it is often necessary to provide nodes with an authentication keys during times such as network initialization. (These authentication keys are provided by the system administrator during network initialization/configuration.) Later, when a node needs to interchange important information with another node, it sends a packet to the other node and incudes the authentication key in the packet. When the recipient node receives the packet, it checks the authentication key for validity before accepting the packet. One common problem with the use of this scheme in a physically unsecured network is that a third party can observe the key. The third party can use that key to send packets which include the key, thereby falsely authenticating itself whenever it sends a packet. A specific example of this problem is in an Infiniband (IB) network, where authentication keys are included only in request packets sent to a management or service entity when requesting services. Before responding to the request, the management or service entity checks the key. A partial protection against unauthorized use of a key may be provided by giving nodes with different network addresses different keys. This prevents a node from using the key of another node because it allows the recipient to use the sender's address to validate the key. This scheme does not prevent an unauthorized logical entity (such as a separate operating system or application) within the same node as an authorized logical entity from using the key inappropriately. While there are numerous encryption schemes to protect against such unauthorized observation and usage of a key, the following simple scheme solves this problem in many cases, especially those in which the need to send authorized packets is infrequent. The scheme itself is simple. Instead of providing each node with a single authentication key, each node is provided with n keys. Each key is to be used only once, and then expired. If an observer observes a key and tries to reuse it, the key is then invalid. The recipient will recognize that the sender is inappropriately using the key, and it can take appropriate action. Of course, the number of keys provided to each node may be adjusted so that the amount of time taken to use n keys is arbitrarily long. If all the keys are eventually consumed, new keys may be entered by the system administrator in the same manner as the old keys were entered during network configuration.