[2672] in Kerberos
Re: New Govt. Key Exchange Protocol..
daemon@ATHENA.MIT.EDU (Ganesan)
Mon Apr 19 16:10:50 1993
From: bf4grjc@socrates.MIT.EDU (Ganesan)
To: sommerfeld@apollo.hp.com
Date: Mon, 19 Apr 1993 15:50:52 -0500 (EDT)
Cc: kerberos@Athena.MIT.EDU
In-Reply-To: <m0nl1Dm-0000aoC@bagate.BELL-ATL.COM> from "sommerfeld@apollo.hp.com" at Apr 19, 93 03:04:23 pm
Reply-To: bf4grjc@bell-atl.com
> - device keys are reportedly a function of the device serial number
> and two "seeds", each entered by a representative of an escrow agency;
> the key parts are not generated independantly and programmed directly
> onto the chips, instead they're put onto a floppy disk.
Actually, (according to Denning's note), at key generation the serial number
and the two seeds are used to generate K1 and K2 which are then given to
the two 'agencies'. This is really odd, as the only real reason I can see
for this complicated method, is to bind the key to the serial number. But
if this 'binding' is to be preserved, then clearly S1 and S2 will have to
be kept around. Perhaps you are right then. One agency keeps K1 and S1 and
the other K2 and S2.
> - all chips contains a copy of a single "master key" which is used to
> encrypt the chip's serial number; anyone in posession of the master
> key can use it to do traffic analysis on arbitrary messages encrypted
> using the system.
Actually, to do 'traffic analysis' (as opposed to eavesdropping) you do
not need any keys. The computers/switches which are involved in setting
up calls, no exactly who you are calling when.
> Anyone with the appropriate tools and a good supply
> of these chips could possibly be able to destructively extract the
> master key from the chip.
Are you certain? My fabrication knowledge is several years old. What do
smart card vendors use.
> - as the encryption algorithm is unpublished, there is no way to
> verify that it isn't a trivial variant of XOR that can be
> cryptanalyzed without the cooperation of the escrow agencies.
>
If they do not release these details, then they are obviously nervoud
about the possibility of it being broken...which is not very
reassuring.
BTW: I assume that this whole thing is basically focussing on
telecommunications. It's fairly irrelveant to users at computers,
in this day and age of anonymous terminals.
Ravi
--
*******************************************************************************
Ravi Ganesan e-mail: ravi@socrates.bell-atl.com
IS SAS Corporate Network Planning v-mail: (301) 595-8439
Bell Atlantic Fax: (301) 595-1341
Note: If your e-mail reply to me bounces, try sending it explicitly to
ravi@socrates.bell-atl.com instead of using the 'reply' feature.
******************************************************************************
