[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Russ's re:[4]: SIPP and SKIP. 2 subjects.
I'll like to add to Russ's answer to Ashar:
>>SAID specified a key encryption key. The MDF contained the traffic key
>>(and possibly an integrity algorithm key as well), and the key(s) were
>>encrypted in the key encryption key specified by the SAID.
Ashar asks:
A>
A>I am not sure I understand this. If the MDF is to remain constant
A>for a security association, and the SAID identifies the
A>key-encrypting key, then the only time the traffic key (which is in
A>the MDF) can be changed is when the key-encrypting-key changes. What
A>is the value of separating the two keys then?
Russ replies (and I agree):
>In the IEEE 802.10 model,the SAID denotes a shared symmetric key and its
associated attributes. In the case where the MDF is used, the key is the
>key encrypting key (KEK), and the MDF value determines the traffic
>encryption key (TEK). This scheme offeres two possible advantages:
>
>1. The traffic in each direction can be encrypted in two different TEKs,
>while a single KEK is used.
>
>2. When there are many security associations in place between the same two
>hosts,the same KEK can be used for all of them, while different TEKs are
>used to cryptographically separate each of them.
Let me just add: another reason is to speed up the operation of
an hardware encryption implementation. DEC has a hardware DES design
that makes use of the fact that the key is encrypted as a part of the
data stream, so it does not have to be fetched by software and loaded.
I suspect this was one of the main reasons that DEC were opting for
this option. Personally, I find this neat.
Best, Amir
[E92] `A High speed DES...', Hans Eberle (DEC), Crypto' 92, pp. 521-
539, see section 5.1.