Encrypting Keys Securely

Christian Cachin; Jan Camenisch

doi:10.1109/MSP.2010.124

Security&Privacy
2010
Issue No. 4 - July/August
Abstract - Encrypting Keys Securely

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Christian Cachin Articles by Jan Camenisch

Encrypting Keys Securely

July/August 2010 (vol. 8 no. 4)

pp. 66-69

	ASCII Text	x
	Christian Cachin, Jan Camenisch, "Encrypting Keys Securely," IEEE Security & Privacy, vol. 8, no. 4, pp. 66-69, July/August, 2010.

	BibTex	x
	@article{ 10.1109/MSP.2010.124, author = {Christian Cachin and Jan Camenisch}, title = {Encrypting Keys Securely}, journal ={IEEE Security & Privacy}, volume = {8}, number = {4}, issn = {1540-7993}, year = {2010}, pages = {66-69}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2010.124}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - MGZN JO - IEEE Security & Privacy TI - Encrypting Keys Securely IS - 4 SN - 1540-7993 SP66 EP69 EPD - 66-69 A1 - Christian Cachin, A1 - Jan Camenisch, PY - 2010 KW - key encryption KW - cryptography KW - security and privacy KW - semantic security KW - CCA2 security KW - key management KW - access control VL - 8 JA - IEEE Security & Privacy ER -

Christian Cachin, IBM Research

Jan Camenisch, IBM Research

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2010.124

Encryption keys are sometimes encrypted themselves; doing that properly requires special care. Although it might look like an oversight at first, the broadly accepted formal security definitions for cryptosystems don't allow encryption of key-dependent messages. Furthermore, key-management systems frequently use key encryption or wrapping, which might create dependencies among keys that lead to problems with simple access-control checks. Security professionals should be aware of this risk and take appropriate measures. Novel cryptosystems offer protection for key-dependent messages and should be considered for practical use. Through enhanced access control in key-management systems, you can prevent security-interface attacks.

1. P1619.1 Standard for Authenticated Encryption with Length Expansion for Storage Devices, IEEE Security in Storage Working Group, 2009; https:/siswg.net.
2. M. Liskov, R.R. Rivest, and D. Wagner, "Tweakable Block Ciphers," Advances in Cryptology—Crypto 2002, LNCS 2442, Springer, 2002, pp. 31–46.
3. S. Goldwasser and S. Micali, "Probabilistic Encryption," J. Computer and System Sciences, vol. 28, no. 2, 1984, pp. 270–299.
4. D. Bleichenbacher, "Chosen-Ciphertext Attacks against Protocols Based on the RSA Encryption Standard PKCS #1," Advances in Cryptology—Crypto '98, LNCS 1462, Springer, 1998, pp. 1–12.
5. M. Naor and M. Yung, "Public-Key Cryptosystems Provably Secure against Chosen-Ciphertext Attacks," Proc. 22nd ACM Symp. Theory of Computing (STOC), ACM Press, 1990, pp. 427–437.
6. J. Black, P. Rogaway, and T. Shrimpton, "Encryption-Scheme Security in the Presence of Key-Dependent Messages," Selected Areas in Cryptography, LNCS 2595, Springer, 2002, pp. 62–75.
7. J. Camenisch and A. Lysyanskaya, "An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation," Advances in Cryptology—Eurocrypt 2001, LNCS 2045, Springer, 2001, pp. 93–118.
8. D. Boneh et al., "Circular-Secure Encryption from Decision Diffie-Hellman," Advances in Cryptology—Crypto 2008, LNCS 5157, Springer, 2008, pp. 108–125.
9. J. Camenisch, N. Chandran, and V. Shoup, "A Public Key Encryption Scheme Secure against Key Dependent Chosen Plaintext and Adaptive Chosen Ciphertext Attacks," Advances in Cryptology—Eurocrypt 2009, LNCS 5479, Springer, 2009, pp. 351–368.
10. BITS Security Working Group, "Enterprise Key Management," white paper, BITS Financial Services Roundtable, May 2008; www.bits.org/downloads/Publications%20Page BITSEnterpriseKeyManagementMay2008.pdf .
11. "Cryptographic Key Management," Cover Pages, Apr. 2009; http://xml.coverpages.orgkeyManagement.html .
12. Oasis Key Management Interoperability Protocol Technical Committee, "Key Management Interoperability Protocol Specification Version 1.0," Oasis, 2010; www.oasis-open.org/committeesdocuments.php?wg_abbrev=kmip .
13. R. Anderson et al., "Cryptographic Processors—A Survey," Proc. IEEE, Feb. 2006, pp. 357–369.
14. CCA Basic Services Reference and Guide for the IBM 4758 PCI and IBM 4764 PCI-X Cryptographic Coprocessors, 19th ed., IBM, Sept. 2008; www-03.ibm.com/security/cryptocards/pcicc library.shtml.
15. "PKCS #11 v2.20: Cryptographic Token Interface Standard," RSA Laboratories, 2004; www.rsa.com/rsalabsnode.asp?id=2133.
16. S. Delaune, S. Kremer, and G. Steel, "Formal Analysis of PKCS#11," Proc. 21st IEEE Computer Security Foundations Symposium (CSF), IEEE CS Press, 2008, pp. 331–344.
17. M. Björkqvist et al., "Design and Implementation of a Key-Lifecycle Management System," to be published in Proc. Financial Cryptography and Data Security (FC 10) (preprint available as IBM Research Report RZ 3739, IBM Research, 2009; www.zurich.ibm.com/~mvu/papersRZ3739.pdf ).
18. C. Cachin and N. Chandran, "A Secure Cryptographic Token Interface," Proc. Computer Security Foundations Symp. (CSF 22), IEEE Press, 2009, pp. 141–153.

Index Terms:

key encryption, cryptography, security and privacy, semantic security, CCA2 security, key management, access control

Citation:

Christian Cachin, Jan Camenisch, "Encrypting Keys Securely," IEEE Security & Privacy, vol. 8, no. 4, pp. 66-69, July-Aug. 2010, doi:10.1109/MSP.2010.124

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.