Zero-Message Master-Key Update
The preceding section describes how the nodes can compute one long-term key, Kij or Kijn. Changing this key requires issuing a new certificate to one or the other principal.
There are two desirable reasons for updating the master key. The first is that it minimizes the exposure of any given key-encrypting key, making cryptanalysis more difficult. Second, updating the master key prevents reusing compromised traffic keys (Kp). Should a traffic key used for packet authentication ever be compromised (for whatever reason), then it cannot be used to send forged traffic since the encryption of Kp under the current Kij or Kijn is not known.
The master key is updated by sending a counter (say n) in the packet that only increments and is never decremented. The key Kij becomes a function of this counter n, as follows:
Kijn = h(Kij, n)
where h is a pseudo-random function such as MD5.
A second feature of the incrementing counter is that it prevents coarse-grained playback of traffic. Once the master keys are updated, traffic that has been encrypted or authenticated with the help of earlier master keys cannot be played back.
In SKIP, the n-counter increments once an hour. It began at zero on January 1, 1995, 00:00:00 GMT.
- © 2010, Oracle Corporation and/or its affiliates