Cryptographic security can degrade over time due to attackers using more powerful hardware or more sophisticated software. To maintain security, cryptographic machinery is replaced or strengthened as and when weaknesses are found. However, updating certain cryptographic components is infeasible or expensive, resulting in updates that either don’t occur or are delayed. This disclosure describes techniques to enhance cryptographic security by updating portions of a cryptographic system when updating cryptographic parameters is only partially possible. Authenticating data (auth-data) sent by the un-updateable component during normal operation is used to deliver new and upgraded security parameters to secure communication. Security degradation resulting from the inability to effect an end-to-end update is limited to the immediate vicinity of the un-updateable component. The described techniques can be used to improve security of Internet-of-Things (IoT) device communication.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Berkman, Omer and Yung, Marcel M. Moti, "Enhancing Cryptographic Security by Partial Key Management", Technical Disclosure Commons, (December 26, 2022)