[Cfrg] question on secure key distribution
"Dan Harkins" <dharkins@lounge.org> Thu, 12 October 2006 05:09 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GXsog-00008x-Tp; Thu, 12 Oct 2006 01:09:10 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GXsof-00007p-1l for cfrg@ietf.org; Thu, 12 Oct 2006 01:09:09 -0400
Received: from colo.trepanning.net ([69.55.226.174] helo=mail1.trepanning.net) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GXsod-00061S-Ka for cfrg@ietf.org; Thu, 12 Oct 2006 01:09:08 -0400
Received: from www.trepanning.net (localhost [127.0.0.1]) by mail1.trepanning.net (Postfix) with ESMTP id 124D91FA6154 for <cfrg@ietf.org>; Wed, 11 Oct 2006 22:09:04 -0700 (PDT)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Wed, 11 Oct 2006 22:09:04 -0700 (PDT)
Message-ID: <39855.69.12.173.8.1160629744.squirrel@www.trepanning.net>
Date: Wed, 11 Oct 2006 22:09:04 -0700
From: Dan Harkins <dharkins@lounge.org>
To: cfrg@ietf.org
User-Agent: SquirrelMail/1.4.8
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Priority: 3 (Normal)
Importance: Normal
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 50a516d93fd399dc60588708fd9a3002
Subject: [Cfrg] question on secure key distribution
X-BeenThere: cfrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:cfrg@ietf.org>
List-Help: <mailto:cfrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
Errors-To: cfrg-bounces@ietf.org
Hi,
I have a question on a technique to distrubute a secret key. This
technique is being proposed in an 802.11 task group (task group r)
to have a centralized key holder distribute keys to wireless access
points.
Assuming Alice, and a set of {Bob, Bill, Brian}, and Trent.
Alice shares some secret with Trent, Kat, and wants Trent to distribute
keys to Bob, Bill, and Brian. Further, Trent has a "secure session"
with each of {Bob, Bill, and Brian}-- the B's-- such that their identities
have been authenticated and communication between Trent and each of
the B's have the properties of confidentiality, data integrity
protection, and data source authentication. Also there is a key
confirmation handshake HS(Alice, B) that will indicate whether Alice
and B (one of the B's) share a key.
Is it adequate for Trent to use Kat as a master key to derive
specific keys to each of {Bob, Bill, Brian} using some pseudo-random
function that takes a key, k, and a message, m-- prf(k, m)-- namely,
key for Bob: Kbob = prf(Kat, "Bob"...)
key for Bill: Kbill = prf(Kat, "Bill"...)
key for Brian: Kbrian = prf(Kat, "Brian"...)
and have each of those delivered over the "secure session" by Trent
to the appropriate recipient? Alice derives the keys herself and then
uses HS(Alice, B) to confirm that B has the right key.
The idea being promoted is that Trent is giving a key that is based
on a particular identity to an entity that has proven it is that
identity. Furthermore, Trent would not give Bill's key to Bob or Brian.
If Alice is able to successfully perform HS(Alice, B) with one of the
B's then she can assume that B is a trusted and authorized entity since
it got the correct key from Trent (whom she trusts). Is this adequate?
Is there a flaw here anywhere?
thanks,
Dan.
_______________________________________________
Cfrg mailing list
Cfrg@ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg
- [Cfrg] question on secure key distribution Dan Harkins
- Re: [Cfrg] question on secure key distribution David McGrew