Encryption Key Wrapping
In this video, Professor Bill Buchanan OBE, Blockpass ID Lab talks about the concept of Encryption Key Wrapping.
Key wrapping involves having a secret and using another key called the Key Exchange Key (KEK) in order to protect the key.
At 0:24 Bill begins by stating the reasons why we need encryption key wrapping. In symmetric encryption, we have the same key to encrypt as we do to decrypt. Here, the encryption key will be stored somewhere, maybe a file. The encryption key needs to be protected from being discovered by attackers.
He recommends that all encryption keys need to be encrypted, adding that the RFC 5649 method is an advancement from RFC that defined the AES key encryption.
At 4:41 Bill explains the Feistel cipher. This cipher is the one that applies a symmetric key infrastructure. This cipher was named after Mr.Horst Feistel. Here, the same encryption and decryption process is used. However, the key application is just reversed. He adds that the encryption process uses the Feistel cipher having multiple rounds of processing the text. Remember that each round having a ‘substitution step’ should be followed by a permutation step.
The input block is split into 2 halves, left (L) and right(R). In each of the rounds, the right portion of the block never gets changed. But the left portion undergoes an operation that will depend on the right section as well as the encryption key.
An encrypting function (f) is then applied. This function takes in 2 inputs, one if the key K and the other is the right section(R). The XOR operation is then applied to the output obtained from the function with the left section(L).
Each round will be using a unique key. However, all the subkeys are related to the actual key. The permutation step applied at the end of every round will swap the modified L and also the unchanged R.
In the next round, R will be the output L of the current round. The substitution process and permutation step together make around. When the last round is finished, both L and R sub-blocks are joined to form the actual ciphertext block.
The above encryption steps are then followed by a decryption process. The decryption process is very much similar to the encryption process. The only difference here is instead of starting with the plaintext block, we will start by feeding the ciphertext block to the beginning section of the Feistel structure. Another difference is that the subkeys used in the encryption process are in reverse order.
Process of wrapping the encrypted key
The number of rounds to be used in a Feistel Cipher totally depends on the level of security you expect from the system. The speaker mentions that the number of rounds will assure a high level of security. However, more rounds mean slow encryption as well as the decryption process.
Thereby the number of rounds must be decided based on the performance-security tradeoff. In the unwrapping process, we will check the integrity of the key. One way will be to use a production environment where the keys are stored as well as wrapped in a cloud-based environment. The KEK will become protected from access. A master key can be generated from the password and the master key can then be used to protect and safeguard an existing encryption key.
This method is widely used by encryption tools. At 11:21, the speaker summarizes the key takeaways from Feistel Cipher. He mentions that the key involved in the encryption and decryption process in this cipher is the same. The only difference would be in the sequence of applying the subkey. It would be reversed in decryption. In general, 16 rounds are done.
He also reiterates that during the encryption process, the plain block undergoes several rounds. However, the function performed in each round is exactly the same
At 13:39 Bill explainsthat the amount of extra security provided by the encryption key wrapping totally depends on the wrapping that is used. Key wrapping is definitely more than encrypting a key with just another key. AES keys encrypted using AES-CBC will be totally fine for AES-128 as well as AES0256 keys. On the contrary, wrapping an AES-192 key would make it weak to oracle attacks.
In this video Bill talks about the need to perform encrypted key wrapping, the encryption and decryption process involved with the Feistel cipher. In addition he also provides information on how the number of rounds in the encryption process must be decided.