ks@a.cs.okstate.edu (Kurt F. Sauer) (08/05/87)
Create a hypothetical TAC access scheme where we have four primitives:
Ek() ... Encrypt using key 'k'
Dk() ... Decrypt using key 'k'
OneWay() .. Perform a one-way transform
KG() ... Generate a key, 'kg,' which is random to an acceptable deg.
Presume, also, that all communications are tapped (i.e. over packet radio).
Does the following schema seem plausible?
A. TAC knows only:
a. User names
b. Each user's password, in encrypted form: OneWay(pw)
c. Each user's personal key-encrypting key: kek
B. TAC users each know only:
a. User names
b. Their password, in unencrypted form: pw
c. Their personal key-encrypting key: kek
A login session might well operate thus:
1. User requests a network connection from TAC host.
2. TAC host is alive and asks for a username.
3. User sends username.
4. TAC host looks up the tuple (username, OneWay(pw), kek). Then the host
applies KG()--which generates a new kg--and encrypts it using the user's
key-encrypting key to form Ekek(kg), which is sent to the user. The
host remembers this session's kg value.
5. User decrypts thus: Dkek(Ekek(kg)) = kg. Then user uses his user-supplied
password (upw) to generate the response: Ekg(OneWay(upw)).
6. TAC host decrypts thus: Dkg(Ekg(OneWay(upw))) = OneWay(upw) which the
host compares against its stored OneWay(pw) for sameness.
7. If OneWay(upw) matches OneWay(pw), access is granted. If they do not
match, access is denied.
Question: Do you believe this to be a reasonable way to proceed? My incli-
nation is to use DES functions...which seems to have suitable
properties for this sort of operation.
Comments solicited.
Kurt F. Sauer
Tulsa, OK
ks@a.cs.okstate.edu
okstate!ksgalvin@udel.EDU (James M Galvin) (08/05/87)
In article <2312@okstate.UUCP> ks@okstate.UUCP (Kurt F. Sauer) writes: >Create a hypothetical TAC access scheme where we have four primitives: >... >Presume, also, that all communications are tapped (i.e. over packet radio). >Does the following schema seem plausible? >... >Question: Do you believe this to be a reasonable way to proceed? My incli- > nation is to use DES functions...which seems to have suitable > properties for this sort of operation. Question: How do you propose to initially distribute the key encrypting keys to both the TAC and the user? All keys need a cryptoperiod, defined by time and number of uses. How do you propose to distribute new key encrypting keys? Jim -- James M Galvin