350 rub
Journal Highly available systems №3 for 2014 г.
Article in number:
Keys management protocols based on symmetric cryptography for users of high availability information systems
Authors:
V. I. Budzko - Dr.Sc. (Eng.), Professor, Deputy Director, Institute of Information Problems, Russian Academy of Sciences. E-mail: vbudzko@ipiran.ru
D. А. Melnikov - Ph.D. (Eng.), Senior Research Scientist, Deputy Head of Sub-Facukty 43, MEPhI. E-mail: DAMelnikov@mephi.ru
V. M. Fomichev - Dr.Sc. (Phys.-Math.), Professor, Leading Research Scientist, Institute of Information Problems, Russian Academy of Sciences. E-mail: fomichev@nm.ru
D. А. Melnikov - Ph.D. (Eng.), Senior Research Scientist, Deputy Head of Sub-Facukty 43, MEPhI. E-mail: DAMelnikov@mephi.ru
V. M. Fomichev - Dr.Sc. (Phys.-Math.), Professor, Leading Research Scientist, Institute of Information Problems, Russian Academy of Sciences. E-mail: fomichev@nm.ru
Abstract:
The role of cryptographic techniques to protect against disclosure or modification of data from the violators is steadily increasing in the modern information technology (IT) and IT systems. Cryptographic functions (algorithms), cryptographic protocols and key management subsystem are base of the cryptographic system foundation. The level of data protection that provided the cryptographic protection methods depends directly on the meeting of all the necessary algorithms, protocols, and key management subsystem of cryptographic system requirements.
Key management subsystem is designed to provide users of high-availability IT systems of the cryptographic keys used to protect the information. The providing user with cryptographic keys is implemented as a set of technological procedures and protocols that form so-called keys life-time and according to the security policy in force. The most important component of key management subsystem is used methods of generation (establishing) keys.
The known methods of the keys establishing (key protocols) used in modern high-availability systems are systematically described in the paper. The mathematical key establishment models are grouped into three clusters:
- point-to-point key establishment (user-to-user);
- mechanisms using a Key Distribution Centre (KDC);
- mechanisms using a Key Translation Centre (KTC).
The first model is based on the ability of users to generate the secret and other random parameters, ensuring the security of information exchange, and send them to each other in encrypted form. In the second model, KDC performs key generation and provides the user keys using symmetric cryptography algorithms. In the third model, a combination is used: users generate secret keys and random parameters, and the KTC performs the function of data transporting.
Within the these three models, 6, 4 and 3 key establishment mechanisms based on ISO/IEC standards and functionally differed, are described respectively. For performing of some mechanisms, one-way or mutual authentication of the parties can be performed in addition to the key establishing.
When establishing the key participants of the protocols perform the message encryption, decryption, and forwarding. The paper describes the structure of messages, delivering key information for establishing the key, systematized the main characteristics of the considered protocols (key establishment mechanisms).
The considered protocols are used to build a wide class of cryptographic systems that ensure the confidentiality and authenticity of information in high-availability systems. These key establishment mechanisms can be used in development of advanced cryptographic systems.
Pages: 36-51
References
- ISO, «Information technology - Security techniques - Key management ? Part 1: Framework». ISO/IEC 11770-1. 2010-12-01.
- ISO, «Information technology - Security techniques - Key management ? Part 2: Mechanisms using symmetric techniques». ISO/IEC 11770-2. 2008-06-15.
- ISO, «Information Processing Systems - Open Systems Interconnection Reference Model - Part 2: Security Architecture». ISO/IEC 7499-2.
- ITU-T, «Information technology - Open Systems Interconnection - Security frameworks for open systems: Overview». Recommendation Kh.810. 1995.
- ITU-T, «Information technology - Open Systems Interconnection - Security frameworks for open systems: Authentication framework». Recommendation X.811. 1995.
- Melnikov D., Jones A. "Masquerade" attacks and a process for their detection // Proceedings of the 3rd European Conference on Information Warfare and Security. Royal Holloway University of London, UK. 28-29 June 2004. P. 269.
- Mel'nikov D.A. Informatsionnaya bezopasnost' otkrytykh sistem: Uchebnik. M.: FLINTA, Nauka. 2013.
- Alferov A.P., Zubov A.Yu., Kuz'min A.S., Cheremushkin A.V. Osnovy kriptografii. M.: Gelios ARV. 2001.
- Fomichev V.M. Metody diskretnoy matematiki v kriptologii. M.: Dialog-MIFI. 2010. 424 s.