Why Migrating to Triple DES is Not Easy

More documents

Recommendations

Info

Why Migrating to Triple DES is Not Easy single DES. For example, split knowledge schemes for 3DES are different than those for single DES and it is important to make sure that the new schemes that will be used continue to satisfy the security requirements. When one splits a 3DES key between two individuals, a typical scheme will produce four parts, K1L and K2L, which when XORed together forms KL (the first part of the 3DES key) as well as K1R and K2R which when XORed together forms KR (the other part of the 3DES key). Now, the scheme is secure if the first person is in custody of K1L and K1R, and the second person is in custody of K2L and K2R. This way, neither individual has any information what so ever about the 3DES key. However, if the first individual is in custody of K1L and K2L, and the second of K1R and K2R, each individual learns information about the key (notably, one whole part of the key by XORing both of the individual’s parts together). If one of the individuals can have access to the encryption of a message under the key in question (most processors will have a command that will allow them to do so), they simply need to do the equivalent of a brute force attack on a single DES key to compute the whole 3DES key. Thus, there is not 2 112 security. Key generation is another important part of key management. It is important to securely generate random 3DES keys, poor randomness if often a weak point in a cryptosystem, (see [6] for a motivational example.) For example, one should not generate a 3DES key by first generating a single DES key, defining it to be KL, and then using a known variant in order to generate KR from KL. Both part of the 3DES key should be generated independently and uniformly at random. 4.8 Old vulnerabilities Most systems have vulnerabilities, see for example [1]. Some security vulnerabilities are known and they are considered acceptable in certain contexts. It all depends on the outcome of a risk analysis, which is a very important step to take when migrating a system. It is important to fully study the risks that might arise and determine the best way to manage them, to accomplish this one needs to know the security properties that must be achieved and the security state of the system and evaluate the risks. Risk analysis should be done at every phase of the migration plan. When migrating to 3DES, with the goal of achieving 2 112 security, it is also important to reconsider old vulnerabilities. It might have been acceptable for a system to be vulnerable to a 2 56 brute force attack at the time of deployment and accreditation, but it is probably no longer acceptable. When you modify a system that has old vulnerabilities you also risk the danger of creating new ones, c○Copyright Okiok Data 2002 8
Why Migrating to Triple DES is Not Easy sometimes even worst ones. One should take time to analyze the problem, review the security properties that the system is to respect and make sure that the updated system does not introduce any new security loopholes. It is important to try to solve old security problems and avoid new vulnerabilities. 5 Easing the migration In this section we give a list of checkpoints useful for easing a migration from single DES to 3DES. This is not intended to be an exhaustive list but simply a bases for reflection on planning the migration. The items are not presented in any particular order. 1. Make sure that implementations of DES can be configured to use 3DES. As mentioned in section 4.4, just because an implementation states that it is 3DES compatible does not necessarily mean that it will work with ease. Before planning a migration to 3DES, make sure that the system is capable of using 3DES. Systems already deployed may require re-certificaton/reaccreditation. 2. Validate that the system satisfies the new algorithm’s memory requirements. Double length 3DES keys are twice as long, and new block formats for encrypting 3DES keys might have some extra overhead. One should verify that databases, processors, etc., can handle this increase in data size. 3. 3DES keys should not be protected using single DES keys. It is important to verify that DES does not become the weakest link in any segment of the system. 4. Planning ahead. One should plan the hardware and software updates, so that everything is coordinated as necessary. Procedures need to be reviewed and most probably updated. 5. If both single DES and 3DES are to be supported, it might be useful to split the system into two parts, one that securely uses 3DES and no single DES encryption and the other that continues to use single DES. For example, instead of having two cryptoprocessors configured to both use single DES and 3DES, have one cryptoprocessor simply use single DES and the other strictly use 3DES. This may require modifications to the transaction dispatcher in order for it to act differently depending on the end point. This enables at least part of the system to attain 3DES security, instead of having c○Copyright Okiok Data 2002 9
Page 1 and 2: Why Migrating to Triple DES is Not
Page 3 and 4: 1 Introduction Why Migrating to Tri
Page 9: Why Migrating to Triple DES is Not
Page 13 and 14: References Why Migrating to Triple

Why Migrating to Triple DES is Not Easy

Create successful ePaper yourself

Delete template?

Save as template?