Why Migrating to Triple DES is Not Easy

More documents

Recommendations

Info

Why Migrating to Triple DES is Not Easy working key is a 3DES key, the key encryption key should be a 3DES key as well. SP4 It should not be possible to combine different key parts in order to trick a secure cryptographic processor into revealing information that can lead to breaking any cryptographic key secured by the processor. This is important to consider for example when deciding how keys protected outside a security processor should be stored. Of course, when analyzing the security of a system, the above security properties must be specified more formally, and others should be enumerated, but the above list is enough for us to be able to discuss about security problems related to migrating from DES to 3DES. 4 Migration issues It is not sufficient to simply replace single DES with 3DES, security wise and operationally wise. In what follows we discuss about several problems that might arise and issues that should be considered when attempting to migrate from single DES to 3DES. 4.1 DES is the weakest link A system is just as secure as its weakest link. In a system that is composed of PIN pads, ATMs, acquiring hosts, switches, alternate switches, processors, etc., if a single entity in the system still utilizes single DES there is a possibility that the security of the whole system might be compromised by an attack on single DES. As an extreme example, consider a secure cryptographic processor of an acquiring host that uses a 3DES master file key (MFK), but also uses a single DES key exchange key (KEK); the confidentiality of all keys that are sent to the processor can be compromised, even if the keys stored in the local database are protected by 3DES encryption, so the fact that the MFK key is 3DES does not provide much of a security advantage. Less obvious examples can also lead to extreme security breakage. Consider the attack against the IBM 4758 cryptoprocessors using the CCA software that was found enabling an individual with a certain permission to extract all DES and 3DES keys from the processors ([9]). The attack was made possible by a combination of things that existed because the processors had to c○Copyright Okiok Data 2002 4
Why Migrating to Triple DES is Not Easy continue to support single DES even though 3DES was used for protecting the keys. Due to the complexity of financial systems, it is not feasible to replace all keys with 3DES keys right away, systems will have to live in a heterogeneous state. It is important however to analyze each situation and to consider how the system satisfies the security properties wanted. Most certainly, until all keys are replaced with 3DES keys, the system will not achieve 2 112 security, but the system can be upgraded progressively so as to withstand more and more attacks. Security, as in this case, is often an incremental process. 4.2 The algorithm itself When using 3DES certain variants of modes of operations are available which are not for single DES. Some of these variants may seem attractive at first glance because of their performance gain properties, unfortunately they are not all secure. For example, for single DES, cipher-block chaining (CBC) is a good mode to use since it is provably secure [3]. However, there are different ways of implementing CBC mode for 3DES, one can use triple-outer-CBC mode (CBC mode applied directly to 3DES) or triple-inner-CBC mode (a variant, a multiple encryption mode of operation where the feedbacks are taken from the single DES operations of which 3DES is composed of). We do not describe these modes in further detail in this document (see [10] if interested), it suffices to know that they are two variants of CBC for 3DES. Although triple-inner-CBC mode can appear to be more appealing since it can be pipelined, thus allowing for more efficient implementations, triple-inner-CBC mode is significantly weaker than outer-inner-CBC mode under certain attack models and is not recommended ([4]). When migrating from single DES to 3DES and designing a new system or looking for existing solutions, it might also be fruitful to consider other encryption algorithms as well, such as the AES, which will become a U.S. government standard may 26th, 2002. If when migrating to 3DES you also make your system ready to accept other encryption algorithms or modes of operations, you will have an advantage and will save time and money in the long run. Flexibility is our friend here. c○Copyright Okiok Data 2002 5
Page 1 and 2: Why Migrating to Triple DES is Not
Page 3 and 4: 1 Introduction Why Migrating to Tri
Page 5: Why Migrating to Triple DES is Not
Page 13 and 14: References Why Migrating to Triple

Why Migrating to Triple DES is Not Easy

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?