[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: On shared keys (was RE: SOI: identity protection and DOS)



At 9:24 AM -0800 11/27/01, Alex Alten wrote:
>At 01:34 AM 11/27/2001 +0200, Hugo Krawczyk wrote:
>>Everyone agrees that public key is the ONLY way to a scalable
>>Internet-wide protocol. No question about it. In particular,
>>any key-exchange protocol for IPsec MUST provide a PK-based exchange.
>>
>
>No.  I STRONGLY disagree.  I'll give a counter example.  The banking
>ATM network uses DES keys.  It has scaled, in practice, world wide.
>
>And BTW, it's security & trust model is excellent.  Have you ever heard
>of a major compromise, say on the scale of 25,000 card #'s being stolen
>(like with Visa?).  Certainly nobody distrusts it because it uses
>symmetric keys for authentication.  In fact I'm certain YOU trust it
>at least a couple a times a month.  :-)
>
>- Alex

Alex,

There are multiple ATM networks, not one. They operate separately, 
with a small number of well-defined interconnects.

My recollection (from a few years ago) is that DES Keys are used for 
ATM to bank communication, to generate and check a MAC on each 
transaction. The key is pairwise, between each ATM and the bank (or 
network) that operates it, and is managed by that bank (or network), 
which is a relatively easy thing to do because it is all in one 
administrative domain.

DES keys also are used for inter-bank (or inter-ATM net) 
communication, to securely relay the MAC of the transaction (with the 
PIN XORed into it) between banks (or between an ATM net and a bank), 
when you use your card at an ATM that is not owned by the bank that 
issued it.  This too is a pairwise shared key (that probably is not 
changed very often), although it is a bit harder to distribute in 
that it crosses an administrative boundary (analogous to Kerberos 
inter-realm keys).

The point is that the ATM example is not very representative of 
general Internet communication. The number of ATMs per bank is small 
for small banks, large for large banks, and the there are 
bank-independent ATM nets. When your bank says it is part of Cirrus 
or some other ATM net, what that means is that there is a key shared 
between your bank and a "gateway" for the net, to allow inter-bank 
communication, not that there are keys to allow direct communication 
between that ATM and every bank belonging to the ATM net in question. 
So, although there are lots of ATMs out there, and lots of banks, the 
communication paths are restrictive and that makes key management 
much easier.

Steve

P.S.  I'm sure Lynn will correct any errors in my possibly 
oversimplified (may out of date) description.


References: