Advertisement

High-bandwidth encryption with low-bandwidth smartcards

  • Matt Blaze
Applications
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1039)

Abstract

This paper describes a simple protocol, the Remotely Keyed Encryption Protocol (RKEP), that enables a secure, but bandwidthlimited, cryptographic smartcard to function as a high-bandwidth secretkey encryption and decryption engine for an insecure, but fast, host processor. The host processor assumes most of the computational and bandwidth burden of each cryptographic operation without ever learning the secret key stored on the card. By varying the parameters of the protocol, arbitrary size blocks can be processed by the host with only a single small message exchange with the card and minimal card computation. RKEP works with any conventional block cipher and requires only standard ECB mode block cipher operations on the smartcard, permitting its implementation with off-the-shelf components. There is no storage overhead. Computational overhead is minimal, and includes the calculation of a cryptographic hash function as well as a conventional cipher function on the host processor.

References

  1. [BFKR90]
    D. Beaver, J. Feigenbaum, J. Kilian, and P. Rogaway. Security with Low Communication Overhead. Advances in Cryptology — Crypto '90, Lecture Notes in Computer Science, volume 537, Springer, Berlin, 1991, pp. 62–76.Google Scholar
  2. [BFS90]
    D. Beaver, J. Feigenbaum, and V. Shoup. Hiding Instances in Zero-Knowledge Proof Systems. Advances in Cryptology — Crypto '90, Lecture Notes in Computer Science, volume 537, Springer, Berlin, 1991, pp. 326–338.Google Scholar
  3. [BCY93]
    M. J. Beller, L. Chang and Y. Yacobi. Privacy and Authentication in a Portable Communications System. IEEE Journal on Selected Areas in Communications, August, 1993.Google Scholar
  4. [Bla93]
    M. Blaze. A Cryptographic File System for Unix. Proc. 1st ACM Conference on Computer and Communications Security, Fairfax, VA., November 1993Google Scholar
  5. [NBS77]
    Data Encryption Standard. National Bureau of Standards, Federal Information Processing Standards Publication 46, Government Printing Office, Washington, D. C., 1977.Google Scholar
  6. [NBS80]
    Data Encryption Standard. National Bureau of Standards, Federal Information Processing Standards Publication 81, Government Printing Office, Washington, D. C., 1980.Google Scholar
  7. [NIST94]
    National Institute for Standards and Technology. Escrowed Encryption Standard, Federal Information Processing Standards Publication 185, U.S. Dept. of Commerce, 1994.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1996

Authors and Affiliations

  • Matt Blaze
    • 1
  1. 1.AT&T Bell LaboratoriesMurray Hill

Personalised recommendations