a. Field of Invention
This invention pertains to a method of monitoring the status of several remote data transmission equipment locations from a master location using the Data Encryption Standard (DES).
b. Description of the Prior Art
Encryption devices are frequently located within some physically secure enclosure such as a branch bank or an automatic teller machine. Physical security is also necessary merely to restrict access to the plain text data output from the encryption device. If this location is unattended, then it is likely that an alarm system is installed, and the status of the alarms is sent to a central monitoring facility over some exposed transmission medium such as common telephone lines. The lines used for this are generally separate from the lines used for normal data communications. A person wishing to gain unauthorized and undetected access must first defeat the remote alarm reporting system before breaking in. In an unprotected alarm reporting system this may be done simply by intercepting the alarm messages and, if necessary, replacing them with "all is well" messages. Encryption of the status messages in a secret key makes it impossible to use this approach.
The data encryption standard (DES) of the U.S. National Bureau of Standards has been widely adopted for encryption of sensitive data sent over common carrier channels. The standard modes of operation of this encryption algorithm which are suitable for encryption of a serial data stream require transmission of an initialization vector with each frame of data. In a multipoint link, each remote data transmission equipment must precede the transmission of its (encrypted) response to a poll with this initialization vector (IV). The encryption algorithms will work with IV lengths from 0 bits (implicit IV) to 64 bits. Longer IV's give greater protection against certain cryptographic attacks but also increase the overhead imposed on the link by encryption. Federal Telecommunications Standard 1026 specifies the IV length to be 48 bits or greater.
Federal Telecommunications Standard 1026 and the ANSI link encryption standard have established the "handshake" protocol between the DTE, encryptor (DEE), and the DCE when using the cipher feedback mode of the DES. The protocol provides for transmission of the IV so that there is no interference with the link data and so that special programming of the DTE and DCE is not required. Basically this is done by having the DEE hold its CTS (clear to send) signal to the DTE inactive while it is transmitting the IV. At the other end of he link, the receiving DEE removes the IV before turning LSD on and sending the decrypted poll response to the DTE.