Carl Heinz Wilhelm Meyer

A cryptographic key management scheme for implementing the data encryption standard

Data being transmitted through a communications network can be protected by cryptography. In a data processing environment, cryptography is implemented by an algorithm which utilizes a secret key, or sequence of bits. Any key-controlled cryptographic algorithm, such as the Data Encryption Standard, requires a protocol for the management of its cryptographic keys. The complexity of the key management protocol ultimately depends on the level of functional capability provided by the cryptographic system. This paper discusses a possible key management scheme that provides the support necessary to protect communications between individual end users (end-to-end encryption) and that also can be used to protect data stored or transported on removable media.

Generation, distribution, and installation of cryptographic keys

A key controlled cryptographic system requires a mechanism for the safe and secure generation, distribution, and installation of its cryptographic keys. This paper discusses possible key generation, distribution, and installation procedures for the key management scheme presented in the preceding paper.

Message Authentication with Manipulation Detection Code

In many applications of cryptography, assuring the authenticity of communications is as important as protecting their secrecy. A well known and secure method of providing message authentication is to compute a Message Authentication Code (MAC) by encrypting the message. If only one key is used to both encrypt and authenticate a message, however, the system is subject to several forms of cryptographic attack. Techniques have also been sought for combining secrecy and authentication in only one encryption pass, using a Manipulation Detection Code generated by noncryptographic means. Previous investigations have shown that a proposed MDC technique involving block-by-block Exclusive-ORing is not secure when used with the Cipher Block Chaining (CBC) mode of operation of the Data Encryption Standard (DES]. It is shown here that the Cipher Feedback (CFEI) mode of operation exhibits similar weaknesses. A linear addition modulo 264 MDC is analyzed, including discussion of several novel attack scenarios. A Quadratic Congruential Manipulation Detection Code is proposed to avoid the problems of previous schemes.

Some cryptographic principles of authentication in electronic funds transfer systems

One essential requirement of an Electronic Funds Transfer (EFT) system is that institutions must be able to join together in a common EFT network such that a member of one institution can initiate transactions at entry points in the domain of another institution. The use of such a network is defined as interchange . Cryptographic implementations are developed for such a network in such a way as to keep personal verification and message authentication processes at different institutions completely separate. This is accomplished through the combined use of user-remembered personal identification numbers (PINs), secret system keys, and intelligent secure (bank) cards on which are recorded secret personal cryptographic keys.

Required Cryptographic Authentication Criteria for Electronic Funds Transfer Systems

A set of required security criteria is developed which assures that the personal verification processes at different institutions in an interchange environment are isolated from one another. It is assumed that only information stored on the bank card and information remembered by a systerm user are employed for personal verification. Under that assumption, it is shown that only through the use of a secret quantity (a personal cryptographic key) stored on the bank card will the set of required criteria be satisfied. With a personal key, the same degree of isolation can be achieved for authentication of transaction request messages sent from the entry point to the issuer. However, authentication of transaction response messages sent from the issuer to the entry point requires a system key unknoun to the user.

Cryptography in data processing

Abstract Recent reports of breaches in computer system security have created a heightened concern and interest in the vulnerability of computer systems. Cryptography is one method of combatting one problem of security. The article describes the two types of algorithm involved in cryptographic techniques.