1. Field of the Invention
The invention relates to security in a computer system, and more particularly to a secure method for creating, storing, and using encryption keys in a distributed computing environment.
2. Description of the Related Art
One known approach to computer security involves encryption or cryptography. Cryptography is typically used to protect both data and communications. Generally, an original message or data item is referred to as xe2x80x9cplain textxe2x80x9d, while xe2x80x9cencryptionxe2x80x9d denotes the process of disguising or altering a message in such a way that its substance is not readily discernable. An encrypted message is called xe2x80x9cciphertextxe2x80x9d. Ciphertext is returned to plain text by an inverse operation referred to as xe2x80x9cdecryptionxe2x80x9d. Encryption is typically accomplished through the use of a cryptographic algorithm, which is essentially a mathematical function. The most common cryptographic algorithms are key-based, where special knowledge of variable information called a xe2x80x9ckeyxe2x80x9d is required to decrypt ciphertext. There are many types of key-based cryptographic algorithms, providing varying levels of security.
The most common cryptographic algorithms are key-based, where special knowledge of variable information called a xe2x80x9ckeyxe2x80x9d is required to decrypt ciphertext. There are two prevalent types of key-based algorithms: xe2x80x9csymmetricxe2x80x9d (also called secret key or single key algorithms) and xe2x80x9cpublic keyxe2x80x9d (also called asymmetric algorithms). The security in these algorithms is centered around the keysxe2x80x94not the details of the algorithm itself. This makes it possible to publish the algorithm for public scrutiny and then mass produce it for incorporation into security products.
In most symmetric algorithms, the encryption key and the decryption key are the same. This single key encryption arrangement is not flaw-free. The sender and recipient of a message must somehow exchange information regarding the secret key. Each side must trust the other not to disclose the key. Further, the sender must generally communicate the key via another media (similar to a bank sending the personal identification number for an ATM card through the mail). This arrangement is not practical when, for example, the parties interact electronically for the first time over a network. The number of keys also increases rapidly as the number of users increases.
With public key algorithms, by comparison, the key used for encryption is different from the key used for decryption. It is generally very difficult to calculate the decryption key from an encryption key. In typical operation, the xe2x80x9cpublic keyxe2x80x9d used for encryption is made public via a readily accessible directory, while the corresponding xe2x80x9cprivate keyxe2x80x9d used for decryption is known only to the recipient of the ciphertext. In an exemplary public key transaction, a sender retrieves the recipient""s public key and uses it to encrypt the message prior to sending it. The recipient then decrypts the message with the corresponding private key. It is also possible to encrypt a message using a private key and decrypt it using a public key. This is sometimes used in digital signatures to authenticate the source of a message.
The number of cryptographic algorithms is constantly growing. The two most popular are DES (D)ata Encryption Standard) and RSA (named after its inventorsxe2x80x94Rivest, Shamir, and Adleman). DES is a symmetric algorithm with a fixed key length of 56 bits. RSA is a public key algorithm that can be used for both encryption and digital signatures. DSA (Digital Signature Algorithm) is another popular public key algorithm that is only used for digital signatures. With any of these algorithms, the relative difficulty of breaking an encrypted message by guessing a key with a brute force attack is proportional to the length of the key. For example, if the key is 40 bits long, the total number of possible keys (240) is about 110 billion. Given the computational power of modern computers, this value is often considered inadequate. By comparison, a key length of 56 bits provides 65,636 times as many possible values as the 40 bit key.
One problem with public key algorithms is speed. Public key algorithms are typically on the order of 1,000 times slower than symmetric algorithms. For this reason, secure communications are often implemented using a hybrid cryptosystem. In such a system, one party encrypts a random xe2x80x9csession keyxe2x80x9d with the other party""s public key. The receiving party recovers the session key by decrypting it with his/her private key. All further communications are encrypted using the same session key (which effectively is a secret key and can take the form of a user password) with a symmetric algorithm.
Session keys may be used for a number of limited purposes, including encryption and decryption, or for authorized access to specific machines at specified times. One scheme to handle such restrictions involves attaching a control vector (CV) to a session key. The CV delineates the permitted uses and restrictions of the session key. This CV is first hashed and exclusive or""ed (XORed) with a master key. The result is used as an encryption key to encrypt the session key. The resultant encrypted session key and the CV are then stored in accessible memory. The session key can be recovered by hashing the CV and XORing it with the master key. The result is then used to decrypt the encrypted session key.
One vulnerability this approach shares with most other data encryption processes lies in the fact that keys or passwords are communicated from secure memory to exposed memory. Further, repeated data packet encryption processes are also carried out in exposed memory. xe2x80x9cSniffingxe2x80x9d by surreptitious programs or viruses having the ability to monitor and intercept processes running in normal memory can severely undermine security measures. Intercepted passwords and keys could be saved or secretly transmitted to be used later for unauthorized purposes. This type of security breach is likely to become increasingly recurrent in the future and has not been adequately addressed by computer manufacturers.
A further problem arising from the use of cryptographic algorithms involves the destruction of cryptographic keys. The longer a key is used, the greater the chance that it will be compromised and the greater the resulting loss. Keys are therefore often used for short periods only before being destroyed. During use, however, keys are often copied and stored in multiple locations in computer memory. The problem is exacerbated by computers that perform their own memory management in which programs are swapped in and out of memory. As a result, it is often difficult to ensure that complete key erasure has taken place, particularly when the computer""s operating system controls the erasure process.
Briefly, a computer system according to the invention provides a secure environment for entering and storing information necessary to conduct encryption processes. Session keys, passwords, and encryption algorithms are maintained in a secure memory space such as System Management Mode (SMM) memory.
In one embodiment of the invention, user password or personal identification number (PIN) information is entered via a secure keyboard channel or during a secure mode of operation such as a protected power-up procedure. The information is maintained in a secure memory space that is not accessible during normal computer operation. In addition to the user password or PIN information, optional node identification information is stored in secure memory. The node identification information is appended to the user password or PIN information, and both are subsequently encrypted by an encryption algorithm and encryption keys that are also stored in secure memory. The node identification information allows a network server or other networked resource to identify the particular computer system with which it is communicating and grant access privileges accordingly. Following the encryption process, the encrypted password and node identification information is communicated directly from secure memory to network interface circuitry for communication over a network.
In another disclosed embodiment of the invention, data entered in a secure manner is utilized as an encryption key (or to generate an encryption key). In secure memory, the encryption key governs the encryption of packets of data prior to communicating the data over a computer network. The encryption key data entered by the user is securely stored for use in multiple encryption processes during a communication session, thereby alleviating the overhead of repeated key renegotiation that is typically required.
Further, by maintaining the passwords, encryption keys and algorithms in secure memory, the encryption process can be protected from exposure to malicious software programs or viruses written to circumvent security measures. In addition, an encryption key that is no longer needed can be safely destroyed in secure memory without the danger of unaccounted for copies of the key remaining in computer memory.