Preserve, Protect and Defend Your Data SM



 

About ADDS (Home)

Applications
& Software
Development

MSK Protocol

Why use MSK

MSK Simplified

Partners

Contact Us
What is the MSK Protocol? 
The MSK (Multiple Synchronized Keys) protocol is merely an abstract representation of a crypto-system that embodies an Automatic Synchronized KeyGenerator ™, a symmetric encryption algorithm and a communications application. In this protocol, the KeyGenerator  provides a continuous supply of changing keys for the encryption of any digital information. These keys are created on the fly as often as the communications application desires, yielding ciphertext with a large number of keys per transmission and a high Key Length to Plaintext Length ratio (see sidebar at the end of this page). 

Without being transmitted over the link or revealed in any other way, keys remain synchronized at both ends of a transmission. Since no keys need to be transmitted, it is not possible to extract them (or any information about them) from the data stream. 

Every encryption scheme, including Public–Private Key (PPK) and even one that uses the MSK protocol, requires initialization –– the initial authentication and sharing of a secret that starts off the process. PPK systems use a Certificate Authority (CA), a "trusted" third party, to make authentications and give out keys. 

Using the same key for many transmissions over a long period of time is not as secure as changing them regularly. If, using PPK, one wants to change keys to improve security, one needs to go through a CA. This poses a certain number of logistic, economic and security problems, as well as inconveniencing end users. With the MSK protocol, a communications application can "Initialize once and use forever." 

In the MSK protocol, the shared, once–only initialization secret is used and then thrown away.  The KeyGenerator produces encryption keys and stores the final set of keys at the end of each session. The state represented by these stored keys can be thought of as a non–algorithmic session authenticating key.  The multiple, synchronized encryption keys, which have no analog in PPK schemes, are used to encrypt or decrypt data and are then discarded. The stored keys, which may be stored in encrypted form, must be physically stolen from their storage place by a prospective intruder. 

Stolen keys do not help decrypt past messages. In the event that stored keys are stolen, deciphered and in the possession of an intruder, the users of this "link" are susceptible to either an active or passive assault on their data. An active assault involves the intruder posing as one of the legitimate communicators and sending or receiving data. The MSK protocol can sense such an intrusion and, ideally, log the date, time and description of the compromised data. In a passive assault, the intruder passively listens to the data stream and deciphers it. This can continue only if the intruder never misses a session (including the ones that occurred while he was attempting to decipher the stolen keys! ). A passive assault can not be used to send "misinformation" to legitimate communicators as it becomes an active assault once the Error Correction/Detection (ECD) system detects it. It is then possible for the MSK protocol to sense and report the intrusion attempt. 

So one can see that an MSK protocol application is inherently self-authenticating after initialization. The MSK protocol can also prove whether a recipient received a transmission intact. This is accomplished by performing a synchronization check at the end of any session that needs to be verified. The KeyGenerator ECD system protects recipients from "misinformation" attacks by analyzing synchronization information in the data stream that verifies the authenticity of the incoming data. 

The ECD system can detect problems that could cause desynchronization as well as attempts to break into the data stream. Should this happen, the ECD system will attempt to correct the problem. If it can't, it will force a resynchronization (which is not a re-initialization) of the process. The ECD system enables development of robust and reliable communications applications. 

The data encrypted by an MSK enabled application may be transmitted via the Internet, any other type of network, or any communications medium without the need for key distribution or key management infrastructure. 
 

Strengthening or Hardening Encryption 

The ratio of Key Length to Plaintext Length (KL/PL) for a given encryption algorithm is an indication of resistance to brute force attack. For example, the KL/PL ratio for DES is 56/64 = 0.875 for an 8 byte message. The ratio gets smaller for every 8 byte block that gets transmitted with the same key. The MSK protocol makes it possible (with an 8 byte block size) to maintain a KL/PL ratio of 0.875 throughout an entire session. The larger the KL/PL ratio, the harder it is to crack the ciphertext by brute force. That is why prominent encryption vendors use 2048 bit keys. Applications that use such long keys are slow and for long data streams the KL/PL ratio quickly becomes smaller anyway.
MSK protocol applications can maintain the maximum possible KL/PL ratio for a given encryption algorithm without a significant loss of speed. In fact, this value can actually be made much larger than one (1.000) by setting the plaintext block size smaller than the key length.  Such changes on the fly are accomplished with far greater speed and security because the MSK protocol does not have to re–authenticate or transmit key information.
 
© American Data Defense Systems, Inc.