IBM®
Skip to main content
    Country/region [select]      Terms of use
 
 
   
     Home      Products      Services & industry solutions      Support & downloads      My IBM     
   
Security Solutions
Services
Products
Evaluated products
Case studies
Self-assessment
News
Resource Center
Education
Research
Privacy
Events
Contacts

Related links
Safety & Security Solutions
Secure Servers & Storage
Software Security
Tivoli Security
Digital Media
Wireless
Research Security
Identrus

Security > Library

Security
  White paper
Secure key recovery

In this report, a two-phase cryptographic secure key recovery (SKR) system is presented. In the first phase, the sender establishes a secret value with the receiver. For each key recovery agent, the sender generates a key-generating value as a one-way function of the secret value and encrypts the key-generating value with a public key of the key recovery agent. In the second phase, performed per cryptographic session, the sender generates (for each key recovery agent) a key-encrypting key as a one-way function of the corresponding key-generating value and multiply encrypts the session key with that key-encrypting key. The encrypted key-generating values and the multiply encrypted session key are transmitted with the encrypted session. To recover the secret value, the encrypted key-generating values and public recovery information are presented to the key recovery agents, that decrypt the key-generating values, regenerate the key-encrypting keys, and provide the regenerated key-encrypting keys. The recovering party uses the key-encrypting keys to recover the session key. Because the key-generating values cannot be derived from the key-encrypting keys, they may be used over multiple cryptographic sessions.

Additionally, a parameter validation scheme based on the Diffie-Hellman key exchange is presented, which improves the verification of key recovery information. Each communicating party has its own Diffie-Hellman key pair, as does each recovery agent. The sender noninteractively generates a first shared Diffie-Hellman key pair comprising a first shared secret value, which is shared with the receiver but not with any recovery agent, and a corresponding public value. For each recovery agent, the sender then noninteractively generates an additional secret value, which is shared with the receiver and the recovery agent, from the first shared secret value and the public value of the recovery agent. The sender uses the additional shared secret value as a symmetric key to encrypt recovery information for each recovery agent, which is transmitted with the session data. Each recovery agent can decrypt its recovery information. The receiver can verify the correctness of the recovery information for each recovery agent by decrypting the information using the additional shared secret value for that recovery agent, without having to recreate the recovery information or perform computationally expensive public key operations. Use of Elliptic Curve techniques further improve performance by reducing the public-key key length that you need for a given level of security.

Read the paper in its entirety.View the PDF.


    About IBM      Privacy      Contact