Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
March, 2007<br />
configuration of required key pairs that may be used, depending on the requirements of a<br />
communication situation.<br />
4.2.5.2 Discrete Log Key Agreement Schemes Using Elliptic Curve Arithmetic<br />
Key agreement schemes based on the intractability of the discrete logarithm problem and using<br />
elliptic curve arithmetic have been adopted in [SP800-56] from [ANSX9.63]. Seven of the<br />
eleven key agreement schemes have been adopted. Each scheme provides a different<br />
configuration of required key pairs that may be used, depending on the requirements of a<br />
communication situation.<br />
4.2.5.3 RSA Key Transport<br />
RSA key agreement and key transport schemes will be adopted from [ANS X9.44] 8 .<br />
4.2.5.4 Key Wrapping<br />
Key wrapping is the encryption of a key by a key encrypting key using a symmetric algorithm<br />
(e.g., an AES key is encrypted by an AES key encrypting key) 9 . Key wrapping provides both<br />
confidentiality and integrity to the wrapped material.<br />
4.2.5.5 Key Confirmation<br />
Key confirmation is used by two parties in a key establishment process to provide assurance that<br />
common keying material and/or shared secret has been established. The assurance may be<br />
provided to only one party (unilateral) or it may be provided to both parties (bilateral). The<br />
assurance may be provided as part of the key establishment scheme or it may be provided by<br />
some action that takes place outside of the scheme. For example, after a key is established, two<br />
parties may confirm to one another that they possess the same secret by demonstrating their<br />
capability to encrypt and decrypt data intended for each other. [SP800-56] provides for unilateral<br />
key confirmation for schemes where one party has a static key establishment key, and bilateral<br />
key confirmation for schemes where both parties have static key establishment keys.<br />
4.2.6 Key Establishment Protocols<br />
Key establishment protocols use key establishment schemes in order to specify the processing<br />
necessary to establish a key. However, key establishment protocols also specify message flow<br />
and format. Key establishment protocols must be carefully designed to not give secret<br />
information to a potential attacker. For example, a protocol that indicates abnormal conditions,<br />
such as a data integrity error, may permit an attacker to confirm or reject an assumption<br />
regarding secret data. Alternatively, if the time or power required to perform certain<br />
computations are based upon the value of the secret or private key in use, then an attacker may<br />
be able to deduce the key from observed fluctuations.<br />
Therefore, it is best to design key establishment protocols so that:<br />
1. The protocols do not provide for an early exit from the protocol upon detection of a<br />
single error<br />
8 Further text will be developed after X9.44 is completed.<br />
9 Additional text will be added after key wrapping standards are completed.<br />
39