When it comes to the creation of cryptographic information security systems, key management is one of the most challenging tasks of the applied cryptography. According to our estimations, the vulnerabilities in some elements of the key management system (generation, storage, usage, distribution and protocol exchange protocols) are the principal causes of ISS compromise.
That is why the key management lifecycle is the subject of particular attention in Stealthphone and Stealthphone Tell systems – from key generation to key deletion or key change.
The most important key management issues are described below.
Key Quality Control
When keys are generated by software (Stealthphone Soft, Stealthphone Tell, Stealthphone Key) or hardware means (Stealthphone Hard, Stealthphone Key Hard) the key quality is constantly controlled to check their statistic parameters and detect the presence of patterns.
Hardware generators use random number generators based on physical processes. Their characteristics have been confirmed by special laboratory tests.
Software generators are designed according to the constant entropy accumulation principle – an actual random sequence – and its further use to generate encryption keys.Various events in a smartphone, a tablet or a PC may be the entropy source. Character input may be an example of the event when the text is entered. If the key generation system considers the volume of the initial entropy to be insufficient, a user may be advised to perform some manipulations with the device to complete it. The entropy accumulation procedures executed in software key generators have been thoroughly tested and confirmed their excellent characteristics. In all types of key generation the generated keys undergo various procedures to execute the dynamic control of their statistic characteristics.
All keys (including those which are stored in Stealthphone Hard encryption device) are stored in the encrypted form or are not stored anywhere. They are generated “on the fly” from a password and some additional data.
The decryption of encrypted keys is performed only when they are used for encryption. They are in the decrypted form while the operation is in process. They may also be masked and securely stored in the device memory.
Though there are principle differences between the architecture of Stealthphone and Stealthphone Tell key systems, they are based on the common key classification principles, clearly governing key usage rules:
Specific Features of Stealthphone Key System
The secure exchange of encrypted data in the Stealthphone system is possible only within one cryptographic network (Stealthphone network). The subscribers of the network can exchange the following four types of encrypted data:
A session key is used to encrypt voice. A session keys is generated by combination of the key, generated with the help of ECDH method, and a pairing connection secret key, used to encrypt voice and shared by two subscribers.
The other three types of data – SMS messages, E-mail messages and text messages - are encrypted by one-time keys, randomly and equiprobably generated at the transmitting side. In order for the receiving side to decrypt the data, the one-time key and the data are encrypted by Tiger asymmetric algorithm and sent together with the encrypted data. The one-time keys are encrypted with the secret pairwise key, belonging to both subscribers.
Therefore, each pair of subscribers within one crypto network share a set of four different pair communication keys, each set serving one type of data encryption.
A pairwise voice encryption key is utilized in the procedure to generate a session key to encrypt voice.
A pairwise SMS key is used to encrypt one-time keys, used to encrypt SMS messages.
Pairwise Email and messenger keys are used the same way as a one-time pair-wise SMS key to encrypt e-mails and files sent over the messenger.
The total number of pairwise keys for each subscriber, used to exchange encrypted information with the other network subscribers, is 4 × (N – 1), where N is a number of network subscribers.
Pairwise voice encryption keys of all Stealthphone network subscribers can be arranged in one N × N square table (matrix) according to the following rule:
The same approach can be used to create pairwise key matrices for the other types of data. All four matrices are symmetric about the diagonal.
If we combine four matrices we’ll get a full pairwise key matrix, symmetric about the diagonal, of the Stealthphone network. It will contain all the pairwise keys, which each pair of Stealthphone network subscribers will require to securely exchange all types of data. At the intersection of line A and column B there is a full set of 4 secret pairwise keys for the subscribers with cryptonumbers A and B.
Number A matrix line forms a set of all pairwise keys required for the exchange of encrypted data between the subscriber with cryptonumber A and the other network subscribers. The total number of keys in the line is equal to 4 × (N – 1).
The pairwise key matrix of the Stealthphone network and all the other subscribers’ keys are generated by the network administrator with the help of a StealthKey complex. StealthKey complex is used to download keys into subscribers’ devices at the administrator’s work station. A subscriber can also upload the keys himself, using a PC and the key set, prepared in advance by the administrator.
In order to maintain the maximum security level and to streamline the key management in the Stealthphone network, it provides the possibility of the initial one-time key uploading into subscribers’ devices. There is no need to reupload the keys, if the network structure changes (subscribers’ access rights are terminated/added/changed), or in case the keys of the other subscribers are compromised, or there’s a scheduled change of all keys of the network subscribers.
Thus the initial key uploading into subscribers’ devices may be enough for a few years and there will be no need to reload the keys.