Detecting Key-Dependencies

Gianluca Dini; C. Boyd; A. Helme; E. Dawson; Tage Stabell-Kulo

doi:10.1007/BFb0053747

Detecting Key-Dependencies

Gianluca Dini, C. Boyd (Editor), A. Helme, E. Dawson (Editor), Tage Stabell-Kulo

Research output: Contribution to conference › Paper › peer-review

177 Downloads (Pure)

Abstract

The confidentiality of encrypted data depends on how well the key under which it was encrypted is maintained. If a session key was exchanged encrypted under a long-term key, exposure of the long-term key may reveal the session key and hence the data encrypted with it. The problem of key-dependencies between keys can be mapped onto connectivity of a graph, and the resulting graph can be inspected. This article presents a structured method (an algorithm) with which key-dependencies can be detected and analysed. Several well-known protocols are examined, and it is shown that they are vulnerable to certain attacks exploiting key-dependencies. Protocols which are free from this defect do exist. That is, when a session is terminated it is properly closed.

Original language	Undefined
Pages	356-366
Number of pages	11
DOIs	https://doi.org/10.1007/BFb0053747
Publication status	Published - Jul 1998
Event	3rd Australasian Conference on Information Security and Privacy, ACISP 1998 - Brisbane, Australia Duration: 13 Jul 1998 → 15 Jul 1998 Conference number: 3

Conference

Conference	3rd Australasian Conference on Information Security and Privacy, ACISP 1998
Abbreviated title	ACISP
Country/Territory	Australia
City	Brisbane
Period	13/07/98 → 15/07/98

Keywords

IR-56226
EWI-1061

Access to Document

10.1007/BFb0053747

detecting_Stabell-Kulo

Cite this

@conference{d54a0ffc8ec245e1ae79f46a10073f20,

title = "Detecting Key-Dependencies",

abstract = "The confidentiality of encrypted data depends on how well the key under which it was encrypted is maintained. If a session key was exchanged encrypted under a long-term key, exposure of the long-term key may reveal the session key and hence the data encrypted with it. The problem of key-dependencies between keys can be mapped onto connectivity of a graph, and the resulting graph can be inspected. This article presents a structured method (an algorithm) with which key-dependencies can be detected and analysed. Several well-known protocols are examined, and it is shown that they are vulnerable to certain attacks exploiting key-dependencies. Protocols which are free from this defect do exist. That is, when a session is terminated it is properly closed.",

keywords = "IR-56226, EWI-1061",

author = "Gianluca Dini and C. Boyd and A. Helme and E. Dawson and Tage Stabell-Kulo",

note = "Imported from DIES; 3rd Australasian Conference on Information Security and Privacy, ACISP 1998 ; Conference date: 13-07-1998 Through 15-07-1998",

year = "1998",

month = jul,

doi = "10.1007/BFb0053747",

language = "Undefined",

pages = "356--366",

}

TY - CONF

T1 - Detecting Key-Dependencies

AU - Dini, Gianluca

AU - Helme, A.

AU - Stabell-Kulo, Tage

A2 - Boyd, C.

A2 - Dawson, E.

N1 - Conference code: 3

PY - 1998/7

Y1 - 1998/7

N2 - The confidentiality of encrypted data depends on how well the key under which it was encrypted is maintained. If a session key was exchanged encrypted under a long-term key, exposure of the long-term key may reveal the session key and hence the data encrypted with it. The problem of key-dependencies between keys can be mapped onto connectivity of a graph, and the resulting graph can be inspected. This article presents a structured method (an algorithm) with which key-dependencies can be detected and analysed. Several well-known protocols are examined, and it is shown that they are vulnerable to certain attacks exploiting key-dependencies. Protocols which are free from this defect do exist. That is, when a session is terminated it is properly closed.

AB - The confidentiality of encrypted data depends on how well the key under which it was encrypted is maintained. If a session key was exchanged encrypted under a long-term key, exposure of the long-term key may reveal the session key and hence the data encrypted with it. The problem of key-dependencies between keys can be mapped onto connectivity of a graph, and the resulting graph can be inspected. This article presents a structured method (an algorithm) with which key-dependencies can be detected and analysed. Several well-known protocols are examined, and it is shown that they are vulnerable to certain attacks exploiting key-dependencies. Protocols which are free from this defect do exist. That is, when a session is terminated it is properly closed.

KW - IR-56226

KW - EWI-1061

U2 - 10.1007/BFb0053747

DO - 10.1007/BFb0053747

M3 - Paper

SP - 356

EP - 366

T2 - 3rd Australasian Conference on Information Security and Privacy, ACISP 1998

Y2 - 13 July 1998 through 15 July 1998

ER -