Practical and Secure Recovery of Disk Encryption Key Using Smart Cards

Kazumasa OMOTE  Kazuhiko KATO  

Publication
IEICE TRANSACTIONS on Information and Systems   Vol.E93-D   No.5   pp.1080-1086
Publication Date: 2010/05/01
Online ISSN: 1745-1361
DOI: 10.1587/transinf.E93.D.1080
Print ISSN: 0916-8532
Type of Manuscript: Special Section PAPER (Special Section on Information and Communication System Security)
Category: 
Keyword: 
user authentication,  key recovery,  smart card,  

Full Text: PDF(434.6KB)>>
Buy this Article




Summary: 
In key-recovery methods using smart cards, a user can recover the disk encryption key in cooperation with the system administrator, even if the user has lost the smart card including the disk encryption key. However, the disk encryption key is known to the system administrator in advance in most key-recovery methods. Hence user's disk data may be read by the system administrator. Furthermore, if the disk encryption key is not known to the system administrator in advance, it is difficult to achieve a key authentication. In this paper, we propose a scheme which enables to recover the disk encryption key when the user's smart card is lost. In our scheme, the disk encryption key is not preserved anywhere and then the system administrator cannot know the key before key-recovery phase. Only someone who has a user's smart card and knows the user's password can decrypt that user's disk data. Furthermore, we measured the processing time required for user authentication in an experimental environment using a virtual machine monitor. As a result, we found that this processing time is short enough to be practical.