How does it work?

If a Enterprise KX like-system was implemented without computers

To introduce the Enterprise KX we can imagine a key exchange involving humans, random numbers written on paper, paper exchanged between users transported in brief cases, and trusted couriers who physically deliver the paper with numbers written on it. To keep the description simple and readily understandable we will provide a simplified illustration of the processing of random numbers.

So the Enterprise KX works along these lines:

• each user generates a very large random number (pick a number, any large number, at random)
• each user splits the large random number into 2 or more parts (123456 = 123 and 456)
• each user writes down each part of the number onto a separate piece of paper [123], [456]
• each user entrusts a different trusted courier to deliver one piece of paper [123] or [456] to the other user
• each user reassembles the other user's large random number from the parts to get (123456) and (7890123)
• the users now securely mix their large random number and the large random number of the other user together to derive a new large random number
  123456 +
  789012 =
  802468
• this new large random number (802468) becomes the large symmetric secret key negotiated between the two users

At the simplest level of explanation the system works as long as no one else can gain access to all the key parts exchanged between the users. If all the trusted couriers colluded and exposed the secrets they were entrusted to deliver the system would fail. This is described as a (n-1) threshold scheme. That is the system remains secure even if (n-1) out of the n trusted parties collude.

This type of system is described as an information theoretically secure system. At the simplest level of explanation, if the numbers are sufficiently large and chosen randomly (e.g., throwing dice, tossing coins, etc), the system remains secure against the largest computers as long as an attacker does not have sufficient information about the randomly chosen numbers used to construct the final session key. As soon as a party has all the key parts it becomes easy to reconstruct the message.

In practice, selecting the trusted parties is probably the most important aspect of the system.

One effective solution is to ensure that each party selects one trusted party to act on their behalf. In this way user A's trusted third party securely couriers one half of the messages between user A and B, and user B's trusted third party securely couriers the other half of the messages. Each party relies on their trusted party for the security of the key exchange. More importantly the parties do not have to trust the other party's courier. A third disinterested party can be used as an additional TTP to protect against internal security compromises.

The Enterprise KX system when implemented in smart cards

The Synaptic Enterprise Key Exchange (Enterprise KX) can be easily implemented using smart cards with well standards-based cryptographic primitives that are widely conjectured to be post quantum secure.

Let us consider an environment where two companies wish to enable secure communications between each of their employees and contractors. In this example each company manages their own hardware security module which acts as their respective "trusted third party".

The two companies wish to enrol 100 users in their system:

• Each company buys 50 smart cards and pools them together. 
  
• The first company takes the 100 smart cards and enrols them into the first TTP server. Each of the 100 smart cards now has a large symmetric secret with the first TTP.
• The 100 smart cards are then delivered to the second company.
• Each of the 100 smart cards is then enrolled into the second TTP server. Each of the 100 smart cards now has two large symmetric secrets. One with the first TTP and another secret with the second TTP.
• The smart cards are now distributed to the users within the two companies.
  

The enrolment process requires the enrolled devices are a type of hardware security module (HSM). HSM are able to store and accumulate cryptographic material even when under the physical control of another party for a limited period of time. Smart cards provide the ideal low-cost environment for loading and managing large symmetric keys provide by different parties. The recommended use of TEMPEST environments during enrolment of the smart cards ensures that the initialisation steps are post quantum secure.

A key exchange between any two users is performed as follows:

• the first user's smart card establishes a secure connection with the first TTP and the second TTP using the secrets previously negotiated between that smart card and each TTP
• the second user's smart card establishes secure connections with the first and second TTP
• their now exists two secure paths (User A TTP A User B) and (User A TTP B User B) between each smart card
• each user generates a 512-bit random number
• each user splits the 512-bit random number into two 256-bit parts
• each user securely sends each 256-bit part across a different path
• the users now use SHA-256 to mix their 256-bit random number and the 256-bit random number of the other user together to derive a new 256-bit number
  
• this new 256-bit random number becomes the large symmetric secret key negotiated between the two users
  

The above described system can be implemented using AES-256 to protect the privacy of the communications between the users and the TTP and SHA-256 for mixing the data. AES-256 in this type of application is widely conjectured to be 128-bit secure against quantum computers.

The production protocol is slightly more complex than the simplified one described above so as to offer improved security and functionality, but the underlying principles are the same. For example a system may involve x trusted third parties managed by x organisations and where a process of negotiation is used to establish which out of the x TTP the smart cards share a common trust relationship.

How well studied are the cryptographic techniques used in the system?

All the techniques in the system are well studied and familiar to most cryptographers.

As illustrated above the system can be build using globally accepted cryptographic primitives such as AES-256 and SHA-2.

Threshold secret schemes are mathematically very simple and are a mature area of research. For example split secret sharing schemes are used to manage today's mainstream public key certificate infrastructure. Many of the ad hoc mesh network protocols use multi-path key distribution techniques.

Faraday cages for protecting data centers are used by large organisations and governments around the world. The US and NATO TEMPEST standards for Faraday enclosures to protect against monitoring of compromising emanations can be found in the NATO TEMPEST SECAN Doctrine and Information Publication SDIP-27 and USA national security telecommunications and information systems security advisory memoranda (NSTISSAM) TEMPEST publications.

The strength of Synaptic Labs' architecture is in its simplicity of construction, its use of smart cards, and the way in which it manages the human trust relationships.

How fast is the key exchange?

Synaptic Labs' Enterprise Key Exchange has three stages (a) an enrolment stage between the smart cards and the trusted third party (TTP) servers (b) an initial key exchange between the two smart cards that have previously not met and (c) ongoing key exchanges between the two smart cards that have previously exchange key material.

The enrolment stage requires cryptographic operations that are a little slower than a RSA key exchange.

The initial key exchange between any two devices is predominantly influenced by the overhead of communication latencies.

Ongoing key exchanges between any two devices that have exchanged keys is faster (and computationally less expensive) than key exchanges based on the RSA algorithm.

How does Enterprise KX overcome the previous limitations of the competition?

A key factor in the Synaptic Enterprise Key Exchange is the extensive use of smart cards.

Smart cards are able to store long term secrets more securely than desktop environments. Smart cards are also able to provide a cost effective processing environment for manipulating those secrets in a secure way. Modern high-end smart cards provide adequate security against non-destructive attacks that may be attempted by a party who has access to the smart cards during the enrolment period. Traditional physical techniques such as trusted observers monitoring the enrolment operations can also be used to provide higher assurances that each party is behaving honestly.

The Synaptic Enterprise KX overcomes the security limitations of key exchanges based on asymmetric technologies by using symmetric cryptographic techniques that are widely conjectured to be secure against quantum computers. Symmetric techniques require less 'work' than asymmetric algorithms to reach a given security rating. This implies that it is possible to achieve higher security with symmetric techniques in the same time allocated to asymmetric techniques.

The Synaptic Enterprise KX overcomes the security limitations of other many-to-many symmetric key exchanges due to its unique architectural design and its careful use of smart cards. The ability to elect a trusted party to act on your behalf, and yet interact securely with a third party that you may not trust addresses many of the trust issues that have traditionally prevented scalability of symmetric key exchange techniques.

The Synaptic Enterprise KX overcomes the problems of key management between users when running Synaptic Labs' Identity Based Encryption services.

What is the minimum configuration?

The minimum configuration of the Synaptic Enterprise Key Exchange is two smart card clients, two relay servers implemented on two independently managed hardware security modules, SHA-256 and access to a small portable Faraday cage during smart card enrolment.

What additional features does it support?

The Synaptic Enterprise Key Exchange will be combined with the RSA public key algorithm (or an ECC algorithm) to satisfy existing standards and to provide a layered level of defense against adversaries that do not have access to code-breaking quantum computers.

The Synaptic Group Key Exchange can be used when enrolling a smart card into a high-assurance trusted third party server.

How many users does it support in one system?

The number of users within the system is technically unlimited.

A virtually unlimited number of end-to-end keys can be exchanged between smart cards if the smart cards employ the use of a remote online database where the content is entirely encrypted using a secret key generated by the smart card.

The Enterprise KX is envisaged for applications where users implicitly have a trust relationship with at least one of the parties with whom that they are communicating. For example, one of the TTP is provided by an employer and they are performing business activities over the Enterprise KX. However Enterprise KX is not considered suitable as a global key exchange architecture support communications between vastly different groups of people. For this application please see Synaptic Labs' Universal Key Exchange technology.

How can I integrate Enterprise KX with my existing system?

Synaptic is developing an application programming interface, a simple secure tunnel protocol and a graphical user application around the Enterprise KX. The application programming interface will allow the key exchange technology to be integrated into software applications in the normal way. The secure tunnel protocol will allow existing point-to-point network applications to simply change the network address of the destination to a local secure tunnel server which securely relays the material to the destination. The first generation of the graphical application will be a simple work-group collaboration instant messaging program.

Further Information

Additional information is available via the menu bar on the right of the screen under the Enterprise Key Exchange menu item.

The Enterprise Key Exchange was presented by Synaptic Labs at the IEEE Key Management Summit 2010.  The presentation titled: "Survey of symmetric key distribution techniques" can be watched as streaming video here.

The Enterprise Key Exchange has been described in a short 4 page peer reviewed technical abstract presented at the U.S. Oak Ridge National Laboratory - Cyber Security and Information Intelligence Research Workshop. A longer and more detailed version of that extract has been published on ePrint.

Synaptic Laboratories and the Gozo Business Chamber (EU) have co-founded the ICT Gozo Malta cluster of excellence. This cluster of excellence will work in close collaboration with key Government and private stakeholders and leading International companies to develop many of Synaptic Labs' innovative technologies. The Enterprise Key Exchange proposal will be implemented as part of the ICT Gozo Malta Global-scale Cyber Security project and Exoskeleton extensions. The relationships between projects is visually illustrated here.