Cryptographic techniques are used in data networks to transmit data securely from one location in a network to another location in the network. Typically, a device connected to the network encrypts data using a cipher algorithm and an encryption key. The device sends the encrypted data over the network to another device that decrypts the data using the cipher algorithm and a decryption key.
It is essential in this scenario that the two devices have compatible cipher keys. That is, the decryption key can decrypt messages encrypted with the encryption key. In symmetric cryptographic systems identical cipher keys are used to encrypt and decrypt the data. In asymmetric cryptographic systems separate public and private cipher keys are used to encrypt and decrypt the data.
Several standards have been developed to secure data transmission over data networks. For example, the Internet Security Protocol (commonly referred to as “IPsec”) may be used to establish secure host-to-host pipes and virtual private networks over the Internet. To this end, IPsec defines a set of specifications for cryptographic encryption and authentication. IPsec supports several algorithms for key exchange, including an Internet Key Exchange (“IKE”) algorithm for establishing keys for data sessions between hosts.
The Secure Sockets Layer (“SSL”) protocol also was developed to provide secure Internet transmission. SSL defines encryption, server and client authentication and message authentication techniques. SSL also supports the RSA public key exchange, a well known public key encryption system.
In general, cipher algorithms are relatively complex and upon execution consume a significant amount of processing is power. To offload encryption/decryption processing from the host processor, dedicated hardware devices, commonly referred to as cryptographic accelerators, may be used to perform the cipher algorithms. In this case, the keys controlled by the host processor must be shared with the cryptographic accelerator when data is to be decrypted or encrypted.
The standards and algorithms set forth above require some form of key exchange. To ensure that the data cannot be decrypted by an unauthorized party, the keys must be protected so they are known only by trusted parties. Thus, it is imperative that the devices are configured so they can receive and store keys without the keys being compromised.
Conventionally, techniques for protecting keys involve, for example, applying tamper evident coatings such as epoxy to the devices and their associated data memories. However, such techniques present significant heat and manufacturing problems.
Moreover, some SSL applications involve the use of expensive security modules to provide data security in a network. The function of the security module is to do high-level management of system keys including, for example, key distribution, key generation and enforcing key policies. Significantly, the security module must protect keys not just on a session basis, but must protect private keys for large organizations. Hence, security modules are very secure devices (typically FIPS-140-2, certification level 2, 3 or 4) and are, as a result, relatively expensive.
Moreover, SSL typically is used in client-to-web page applications. Here, for every TCP connection between a client and the web page, a unique public/private key session is created. As a result, the security module may need to manage thousands of keys to support these connections.
To protect these private keys, most of the encryption and decryption operations are performed inside the security module. Given the size of the task at hand, this approach tends to be relatively expensive. Accordingly, a need exists for improved cryptographic techniques for data networks.