CHAPTER TWO
CPK Key Management
The development of the Internet of things presents new requirements and new challenges to the public key system. The authentication of past mode of user to user in Internet has become to a new authentication mode of identify to identity in IoT. The main task is becoming to entity authentication in open public network from the data security of the past private network.
The birth of quantum computer also presents a new challenge to the traditional public key system. It is needed that the theory of computational complexity must be changed to the theory of linear complexity and a new technique adopted to deal with the quantum exhausting speed. It is not so difficult for mathematics to solve such problem, but it is not easy to construct an equation that is not exhaustive.
CPK is an identity-based public-key system to provide digital signature and key encryption function. We have solved the problem of identity authentication by digital signature technique and built a virtual network in the vast and complex network environment with I to I mode, providing provable connections.
The security requirements on the Internet of things are complicated, such as office requirements, payment requirements, and anti-counterfeiting requirements. If the office demand, payment demand, and communication demand are taken as a kind of requirement, then the anti-counterfeiting identification or software identification is another kind of requirement. The latter one does not require the use of the private key for most of users.
To meet various requirements, CPK public key can be implemented with chip and software. The key length can be selected from 112 to 256 bit. The signature length is the same as the key length added by 5 bytes verification code. If the key length is 192-bit, the signature length is 24+5=29 bytes.
Whether CPK-chip or CPK-soft, the key issue is system protection. From the point of view of system security, chip has the incomparable advantage over soft. First, it is impossible for dynamic tracking analysis. Second, some variables can be kept secret in a device, and third is to reduce system overhead by parallel computing. If the software can make the dynamic tracking meaningless, the variables that are read are meaningless, not afraid of being stolen and not being duplicated, then the software is also safe. In software implementation, the key management can be done easily on the Internet, not only provides a convenient for the dynamic management to improve the security operation of the system. Whatever it is of hardware or of software, it is impossible to prevent static analysis completely. Therefore, how to grasp this “degree” is an issue that needs to be discussed deeply. Some people have said, “the ideal cryptography fails to work well and the all of the cryptography in use have defects”. It is not that the more secure is the better, but the best is to meet the need.
CPK can be made into a hardware product or a software product, which can form a public network or a private network. The length of the key can be selected according to the requirement.
In public key system, the system is fixed. So the core of security in the ECC system relies on key management to protect system key and individual keys.
2.1 Master Keys
CPK master is protected by the password (pwd). Master key is a random number (R1) that is defined internally.
1. Password
The password (pwd) is defined by system when ex-factory, the user must update the password at he beginning. System provides protocol for the update.
The password can be a pass phrase, the length is unlimited. The pass phrase is Hashed to practical password pwd.
pwd=HashHkey (pass phrase)
2. Random key
The random master key R1 is defined randomly by the center. R1 is encrypted by pwd defined by center when ex-factory.
Epwd(R1)=X
R1 is used to check the legality of the password:
Dpwd(X)=R1
Epwd(R1)⊕R1=Z'
Compare Z' with the Z in the system. If correct, go to the next step.The password is inconsistent for 5 consecutive times, set the parameter Z to “0”.
3. Channel key
When the system is distributed, each system is randomly assigned a channel-no. Every channel-no has its own public key and public key to be used in online key distribution. The public key is denoted as CHANNEL-NO, and the private key is denoted as channel-no. The key is stored under R1:
ER1(channel-no)=y
2.2 Application for Key
The key management mechanism of CPK is set as follows(see Fig. 2.1):
Fig.2.1 The Structure of Key Management Center
The key management center is located on the cloud server and receives the private key application.
The generation of private keys is done on the Internet at the request of the private key. There are many types of identity keys, and the application conditions are different each others according to the type of identity. The materials required for the application will be submitted in a application form or online questioning. Includes:
The application format of private key for Real-name (including organization);
The application format of private key for User name;
The application format of private key for Tel-no;
The application format of private key for Account (account-no);
The application format of private key for Address (IP Address);
The application format of private key for Serial-no, and so on.
The key distribution on the Internet is through the channel key, which is a secret channel set for the key distribution.
In the process of key generation, the keys for the signature and encryption are not applicable to the annual key.
The applicant must show the authenticity of the channel number. The authenticity is the signature to time by the channel number:
SIGchannel-no (time)=(s1, c1)=sign1
Any identity can apply for a private key, where the phone number and email address can be directly proven the authenticity on the Internet, but the real name and account number cannot be directly proven the authenticity. For example, if Bob applies for a real-name private key, he needs to present a certificate of his/her phone number (phone no), ID number (ID no), etc.
SIGchannel-no (phone-no)=(s2, c2)=sign2
SIGchannel-no (ID-no)=(s3, c3)=sign3
SIGchannel-no (Bob)=(s4, c4)=sign4
The applicant define a random number RAN, and keep it.
The applicant make Data1 according to the application format:
Data1={sign1,sign2,sign3,sign4,RAN}
The applicant defines a key rG=key and sends it to the Center using the Center's anti-counterfeiting public key.
rG=key
Hash (Center)→i,j; ∑(Ri,j)→CENTER
ENCCENTER(key)=β
Where, SIG is the signature function, and CENTER is the public key.
The Center verifies the authenticity:
VERCHANNEL-NO(time, s1)=c'1
VERCHANNEL-NO(phone-no, s2)=c'2
VERCHANNEL-NO(ID-no, s3)=c'3
VERCHANNEL-NO(Bob, s4)=c'4
The Center decrypts the key:
DECcenter(β)=key
The Center generates the private key of Bob:
HashHkey1(Bob)→i,j; ∑(ri,j)→bob
Where DEC is function of asymmetric decryption, VER is a verification function, and CHANNEL-NO is the public key of channel number.
2.3 Key Protection
CPK key is composed of two layers: the key of first layer is matrix key that is computed through combining matrix; the key of second layer is annual key that is defined by administrator.
The system administrator defines D group and A group parameters as an example:
D group:D1, D2, …, D6
A group:A1, A2, …, A9
If the administrator selects the random number A1, and the private key matrix under A1 is become to ri,j*A1, and the disguised private key is:
bob*A1=∑(ri,j)*A1
The private key matrix does not exist in the form of the original code, and only the system administrator can restore the original code when invoked.
The administrator defines annual private key and computes Bob's private key:
bob2018=bob+year2018
B1=bob2018*A5*A6
B1=bob2018*A5*A6
The administrator computes the annual public key:
YEAR2018=G*year2018
B2=YEAR2018*A7*A8
The administrator packages the parameters into para
Para=(A4//A9)
The administrator encrypts data with the public key of server:
rG=key
Ekey(B1)=C1
Ekey(B2)=C2
Ekey(para)=C3
ENCSERVER(key)=β
where E is symmetric data encryption function, ENC is asymmetric key encryption function.
The CPK system security measures are only needed to encrypt the D group parameters with administrator's password:
Epwd(D group)=coded-para
2.4 Key Distribution
The encrypted key β under servers' key need to be changed to ɑ under the public key of channel-no.
DECsvc(β)=key
ENCCHANNEL-NO(key)=ɑ
The server sends C1, C2, C3 and ɑ to Bob. Bob may store them directly or re-encrypt them with his own master key, they will be decrypted only when invoked.
2.5 Digital Signature
Suppose Bob signs:
Bob select a random number k,
k*G=(x1,y1)
c=(x1+y1)2 mod 2m
Bob's annual private key is:
bob2018=B1*A4
The signature of Bob is:
s=k-1 (h*+ c*B1*A4) mod n
sign=(s,c)
Suppose Alice verifies:
Alice computes Bob's public key:
HashHkey(Bob)→i,j; ∑(Ri,j)→BOB
Bob's annual public key is:
BOB2018=BOB'+B2*A9
Alice verifies Bob's signature:
s-1 hG + s-1 *c*(BOB+B2*A9)=(x1', y1')
c'=(x1'+y1')2 mod 2m
2.6 Key Encryption
Suppose Alice sends an encrypted message to Bob:
Alice computes Bob's public key:
HashHkey(Bob)→i,j; ∑(Ri,j)→BOB
Bob's annual public key is:
BOB2018=BOB'+B2*A9
Alice select a random number r to compute key:
r*G=key
Alice encrypts key:
r*(BOB'+B2*A9)=β
Bob decrypts:
Bob's annual key is:
bob2018=B1*A4
Bob decrypts the key
β*(B1*A4)-1=rG=key
2.7 Key Update
Scheme updates are done by the administrators, nothing to do with users thus doesn't affect normal daily work and the signatures that was made before. The combination method of CPK scheme provides a availability for the updating. The administrator defines a random number n, selects one column of the combination matrix, uniformly adds n to every variable of the column, and in the same way selects another column, and uniformly reduces n from every variable of the column. Because the sum is not changed, it does not affect the private key and public key. The number may be different numbers, plus n1, minus n2, the differential may be compensated by the annual key. The update of the scheme can force the attacker to waste the earlier efforts of exhaustion, and make the attacking cycle always to be lagged behind the updating cycle.
The parameter update is synchronized with the annual key.
Center redefines annual private key B1:
B1=bob2018=matrix key bob'+para n1-para n2+ annual key year.
The center redefines the annual public key B2:
The public key of para: N1=n1*G; N2=n2*G;
B2=(YEAR // N1// N2)
2.8 Data Encryption
Data encryption is realized by traditional block cipher DES, AES with symmetric keys.
2.8.1 “One-to-One” Encryption
Alice: Choose a random number r, calculate: r (bG), sending to Bob,
Alice chose r and calculate: rG=key
Alice encrypts data: Ekey(data)=code
Alice encrypts key: ENCBOB(key)=β
Alice sends msg to Bob: msg={code,β}
Bob decrypts the key: DECbob(β)=key
Bob decrypts data: Dkey(dode)=data
2.8.2 “One-to-Many”Encryption
“One-to-Many” data encryption is implemented by “One-to-One” key delivery. Suppose Alice sends message m to Beta, Charlie, Delta, etc.
(1)Alice generates a random number r,calculate rG=key
(2)Encrypt data with the key: Ekey (data)=code;
(3)Encrypts the key with public keys:
Computes r*BETA=β, sends msg={code, β} to Beta;
Computes r*CHARLIE=γ,sends msg={code,γ} to Charlie;
Computes r*DELTA=δ, sends msg={code, δ} to Delta; and so on.
2.8.3 Role-key
Role keys are symmetric keys and divided into 5 levels. The role-key is commonly used in public network or private network.
The definition of role keys:
(1)Key variable for system administrator: role1-key;
(2)Key variable for senior employees: role2-key;
(3)Key variable for mid-level employees: role3-key;
(4)Key variable for general employees: role4-key;
(5)Key variable for customers: role5-key;
(6)Key variable for common use: rolen-key.
2.8.4 Key for Database
Every database has its database key. Keys for file database DB1 and key for relational database RDB1 is defined and distributed to the users by KMC.
Key variable for file database: DB1key
Key variable for relational database: RDB1key
Key variable for table:TABLEkey
Hash(RDB1key+tablename)=TABLEkey
Key variable for record: RECORDkey
Hash(RDB1key+recordname)=RECORDkey
Key variable for secment: SECMENTkey
Hash(RDB1key+secmentname)=SECMENTkey
Key variable for vector: VECTORkey
Hash(RDB1key+secmentname+recordname)=VECTORkey
Summary
“All secrets lie in the key”. Therefore, the confidentiality of the key is crucial. Hardware protection is just one more layer of flash protection than software protection. But at minus 180 degrees, flash can also be read. Fixedware can be simulated and ported, so neither hardware nor software can resist static analysis. In CPK key management, the static analysis only to be able to analyze his own private key, it does not make much sense. CPK adopts two layered keys, the private matrix key and annual key are integrated each other and protected each other. The private matrix is stored in deformation state, only the system administrator can restore the original code when invoking. The annual key and online management make the automatic key change possible.