ks@a.cs.okstate.edu (Kurt F. Sauer) (08/05/87)
Create a hypothetical TAC access scheme where we have four primitives: Ek() ... Encrypt using key 'k' Dk() ... Decrypt using key 'k' OneWay() .. Perform a one-way transform KG() ... Generate a key, 'kg,' which is random to an acceptable deg. Presume, also, that all communications are tapped (i.e. over packet radio). Does the following schema seem plausible? A. TAC knows only: a. User names b. Each user's password, in encrypted form: OneWay(pw) c. Each user's personal key-encrypting key: kek B. TAC users each know only: a. User names b. Their password, in unencrypted form: pw c. Their personal key-encrypting key: kek A login session might well operate thus: 1. User requests a network connection from TAC host. 2. TAC host is alive and asks for a username. 3. User sends username. 4. TAC host looks up the tuple (username, OneWay(pw), kek). Then the host applies KG()--which generates a new kg--and encrypts it using the user's key-encrypting key to form Ekek(kg), which is sent to the user. The host remembers this session's kg value. 5. User decrypts thus: Dkek(Ekek(kg)) = kg. Then user uses his user-supplied password (upw) to generate the response: Ekg(OneWay(upw)). 6. TAC host decrypts thus: Dkg(Ekg(OneWay(upw))) = OneWay(upw) which the host compares against its stored OneWay(pw) for sameness. 7. If OneWay(upw) matches OneWay(pw), access is granted. If they do not match, access is denied. Question: Do you believe this to be a reasonable way to proceed? My incli- nation is to use DES functions...which seems to have suitable properties for this sort of operation. Comments solicited. Kurt F. Sauer Tulsa, OK ks@a.cs.okstate.edu okstate!ks
galvin@udel.EDU (James M Galvin) (08/05/87)
In article <2312@okstate.UUCP> ks@okstate.UUCP (Kurt F. Sauer) writes: >Create a hypothetical TAC access scheme where we have four primitives: >... >Presume, also, that all communications are tapped (i.e. over packet radio). >Does the following schema seem plausible? >... >Question: Do you believe this to be a reasonable way to proceed? My incli- > nation is to use DES functions...which seems to have suitable > properties for this sort of operation. Question: How do you propose to initially distribute the key encrypting keys to both the TAC and the user? All keys need a cryptoperiod, defined by time and number of uses. How do you propose to distribute new key encrypting keys? Jim -- James M Galvin