Encryption keys

When it comes to the creation of cryptographic information security systems, key management is one of the most challenging tasks of the applied cryptography. According to our estimations, the vulnerabilities in some elements of the key management system (generation, storage, usage, distribution and protocol exchange protocols) are the principal causes of ISS compromise.

That is why the key management lifecycle is the subject of particular attention in Stealthphone and Stealthphone Tell systems – from key generation to key deletion or key change.

The most important key management issues are described below.

Key Quality Control

When keys are generated by software (Stealthphone Soft, Stealthphone Tell, Stealthphone Key) or hardware means (Stealthphone Hard, Stealthphone Key Hard) the key quality is constantly controlled to check their statistic parameters and detect the presence of patterns.

Hardware generators use random number generators based on physical processes. Their characteristics have been confirmed by special laboratory tests.

Software generators are designed according to the constant entropy accumulation principle – an actual random sequence – and its further use to generate encryption keys.Various events in a smartphone, a tablet or a PC may be the entropy source. Character input may be an example of the event when the text is entered. If the key generation system considers the volume of the initial entropy to be insufficient, a user may be advised to perform some manipulations with the device to complete it. The entropy accumulation procedures executed in software key generators have been thoroughly tested and confirmed their excellent characteristics. In all types of key generation the generated keys undergo various procedures to execute the dynamic control of their statistic characteristics.

Key storage

All keys (including those which are stored in Stealthphone Hard encryption device) are stored in the encrypted form or are not stored anywhere. They are generated “on the fly” from a password and some additional data.

The decryption of encrypted keys is performed only when they are used for encryption. They are in the decrypted form while the operation is in process. They may also be masked and securely stored in the device memory.

Key Classification

Though there are principle differences between the architecture of Stealthphone and Stealthphone Tell key systems, they are based on the common key classification principles, clearly governing key usage rules:

  • All keys are subdivided into two types – data encryption keys and key encryption keys. It means that each encryption key is used either to encrypt data (including voice) or exclusively to encrypt keys, in particular those, which are used to encrypt data and voice.                 
  • All keys are subdivided into long-term keys and one-time keys. Long-term keys are repeatedly used within a certain period of time; one-time keys are used only once to encrypt a data fragment or a voice fragment. Long-term keys include all key encryption keys, and also data encryption keys in a smartphone or a PC. Scheduled and unscheduled substitution procedures are set forth for long-term keys, in case they are lost or compromised.                 
  • All encryption keys may be arranged in an certain hierarchy: 
    • There is an authentication key at the very top of it. It is not stored anywhere and is generated as a result of the subscriber authentication by the device according to the password 
    • Next there is a master-key, encrypted with the help of the authentication key. The master-key is used to encrypt: 
      • all key encryption keys used to encrypt data
      • all data encryption keys stored in a Stealthphone Hard, a smartphone, a tablet or a PC.  
    • The next level includes key encryption keys, used to encrypt data. These keys are encrypted by the master key and are used to encrypt one-time data encryption keys and keys used to generate session keys for voice encryption.                     
    • The lower level is presented by the keys, used to encrypt data. Each data encryption key is encrypted
  • Only one-time session encryption keys are used to encrypt voice. They are deleted at the end of the conversation. The volume of voice data, encrypted with the help of a one-time session key, is limited 
  • Only one-time keys are used to encrypt transmitted data; the volume of data, encrypted with the help of a one-time key, is limited

Specific Features of Stealthphone Key System

The secure exchange of encrypted data in the Stealthphone system is possible only within one cryptographic network (Stealthphone network). The subscribers of the network can exchange the following four types of encrypted data:

  • Voice data (voice encryption) 
  • SMS messages 
  • E-mail messages 
  • Text messages and files (messenger)

A session key is used to encrypt voice. A session keys is generated by combination of the key, generated with the help of ECDH method, and a pairing connection secret key, used to encrypt voice and shared by two subscribers.

The other three types of data – SMS messages, E-mail messages and text messages - are encrypted by one-time keys, randomly and equiprobably generated at the transmitting side. In order for the receiving side to decrypt the data, the one-time key and the data are encrypted by Tiger asymmetric algorithm and sent together with the encrypted data. The one-time keys are encrypted with the secret pairwise key, belonging to both subscribers.

Therefore, each pair of subscribers within one crypto network share a set of four different pair communication keys, each set serving one type of data encryption.

A pairwise voice encryption key is utilized in the procedure to generate a session key to encrypt voice.

A pairwise SMS key is used to encrypt one-time keys, used to encrypt SMS messages.

Pairwise Email and messenger keys are used the same way as a one-time pair-wise SMS key to encrypt e-mails and files sent over the messenger.

The total number of pairwise keys for each subscriber, used to exchange encrypted information with the other network subscribers, is 4 × (N – 1), where N is a number of network subscribers.

Pairwise voice encryption keys of all Stealthphone network subscribers can be arranged in one N × N square table (matrix) according to the following rule:

  • Matrix diagonal is unfilled (contains zero elements) 
  • There is a secret pairwise key, used to encrypt voice data of subscribers A and B, at the intersection of line A and column B

The same approach can be used to create pairwise key matrices for the other types of data. All four matrices are symmetric about the diagonal.

If we combine four matrices we’ll get a full pairwise key matrix, symmetric about the diagonal, of the Stealthphone network. It will contain all the pairwise keys, which each pair of Stealthphone network subscribers will require to securely exchange all types of data. At the intersection of line A and column B there is a full set of 4 secret pairwise keys for the subscribers with cryptonumbers A and B.

Number A matrix line forms a set of all pairwise keys required for the exchange of encrypted data between the subscriber with cryptonumber A and the other network subscribers. The total number of keys in the line is equal to 4 × (N – 1).

The pairwise key matrix of the Stealthphone network and all the other subscribers’ keys are generated by the network administrator with the help of a StealthKey complex. StealthKey complex is used to download keys into subscribers’ devices at the administrator’s work station. A subscriber can also upload the keys himself, using a PC and the key set, prepared in advance by the administrator.

In order to maintain the maximum security level and to streamline the key management in the Stealthphone network, it provides the possibility of the initial one-time key uploading into subscribers’ devices. There is no need to reupload the keys, if the network structure changes (subscribers’ access rights are terminated/added/changed), or in case the keys of the other subscribers are compromised, or there’s a scheduled change of all keys of the network subscribers.

Thus the initial key uploading into subscribers’ devices may be enough for a few years and there will be no need to reload the keys.