ADSM-L

Reply to Encryption

1994-11-11 10:10:00
Subject: Reply to Encryption
From: Mike Stewart <STEWAJM AT AUDUCADM.DUC.AUBURN DOT EDU>
Date: Fri, 11 Nov 1994 09:10:00 -06
After discussions here, we came up with the following
suggestions.  The major points are:

1. It should be as transparent as possible for the users.
2. The server/admin should not have access to the keys or data.

>1.  Should ADSM allow for keys to be changed on a time basis?

ADSM should allow a user to change his key, but should not
require the key to be changed on a regular basis except under
installation control.  (Basically, provide the same as options for
key changes as for password changes.)

>2.  Should ADSM administrators set the keys and provide to end users, end
>    users only set the keys, a combination of above under admin control, etc?

The administrator/server should NOT have access to the keys.

Users should be able to specify and change pass phrases
which the client can use to generate keys.  Users would
be able to associate a token with the pass phrase.  The token
and the associated key could be saved on the client.  The
token would be stored on the server along with the encrypted
file.  When the file is restored, the client would have
the tokens and keys stored, and would be able to select
the appropriate key to decrypt the data.

If restoring to another machine (or if the client machine's
token/key list is lost), the client can prompt the user with
the token, to which the user responds with the pass phrase.

>3.  If keys are allowed to be changed, then is the user/site willing to
>    sign up for prompting the end user to enter key-1, key-2, ... key-n
>    for all files to be restored?

No, prompting is not acceptable for most of our users.
See the previous suggestion for saving the keys on the client
to prevent prompting under normal circumstances.

>4.  Is encryption just needed for transmission and not storage?  ie:
>    encrypt the data over the wire with the session key, but decrypt it before
>    it is stored since the physical media is protected?  Are sites willing
>    to take the performance penalty for the dual encryption?
>

Storing data in encrypted form is a requirement.  Our users want to    l media
protect their data against unauthorized access, and that includes      t an
access by those at the computer center.  For example, our instructors  erable.
maintain personal records about students on their machines, and
want to ensure the "administration" (which the computer center is
viewed a part of) can't access the data stored on their machine.

At the moment, they are instructed to exclude directories.
Allowing directories to be encrypted would be better.

Additional points:

User supplied encryption techniques should be supported.

Type of Business:  University

Mike Stewart, Manager, Sys. Programming
Auburn University
Division of University Computing  Voice: (205) 844-4512
Room 144 Parker Hall
Auburn University, Al 36849
<Prev in Thread] Current Thread [Next in Thread>
  • Reply to Encryption, Mike Stewart <=