TryTRY
BuyBUY
  • newsletter
  • contact
  • corporate
  • careers
Utimaco
TRYour free HSM simulator
BUYget a quote
  • home
  • solutions
  • products
  • services
  • blog
  • downloads
  • partners
  • company

Utimaco Portal

Here you will find everything you need as a partner and customerLogin required

  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research

Home / Blogs / The Benefits of the Atalla Key Block

The Benefits of the Atalla Key Block

November 09, 2020

HSMs use key block structures as basic structures to achieve secure key management. This article introduces into the Atalla Key Block, explains its principle and details why protecting keys is so important.

The Backstory of Atalla Key Block

The Atalla Key Block is linked to the history of its inventor, Dr. Mohamed Atalla (1924-2009), an Egyptian-American inventor. Dr. Atalla is internationally known for inventing the MOSFET (metal-oxide-semiconductor field-effect transistor) in 1959. However, he also created the Atalla Corporation in 1973 to commercialize the “Atalla Box,” a Hardware Security Module and other devices to encrypt PIN and ATM messages. Dr. Atalla is often referred to as “the father of the PIN”  because of the pioneering work he performed regarding PIN authentication.

One of the main functions of the Atalla Box  is the use of key blocks. Key blocks are needed to securely interchange symmetric keys or PINs with other actors of the banking industry. This secure interchange is done with what is known as the Atalla Key Block format (AKB).

The Atalla Corporation was merged and acquired by several companies, including Micro Focus. Utimaco acquired Micro Focus in October 2018.

Principle of the AKB

In principle, HSMs use key block structures as basic structures to achieve secure key management. A key block (or key bundling) is a data structure used to store or exchange cryptographic keys within hostile environments.

As a minimal requirement:

  • Key blocks should be encrypted;
  • Hardware security modules should be able to determine the correct key usage via control information;
  • Tampering should be detected via a dedicated secure mechanism.

The Atalla Key Block was the first implementation of a secure key block that met these requirements.

An Atalla Key Block securing a key consists of three parts:

  • An 8-byte header containing the attributes of the key (header);
  • A 48-byte key field containing the Triple-DES cipher block chaining (CBC) mode ciphertext of the key (encrypted key field);
  • A 16-byte field containing the Triple-DES message authentication code (MAC) computed over the header and the encrypted key field.

Atalla Key Block was the origin of several standards. The Atalla key block format is; therefore, de facto integrated to the following standards:

  • ANSI X9.24 Part 1-2009 Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques;
  • ANSI X9.24 Part 2-2006 Retail Financial Services Symmetric Key Management Part 2: Using Asymmetric Techniques for Distribution of Symmetric Keys;
  • ANSI X9 TR-31, Interoperable Secure Key Exchange Key Block Specification.

To better understand what the Atalla Key Block is, and before detailing its principle in detail, we must first understand the problems it had to solve originally.

Why Protecting 3DES Keys (and Others) Matters

DES has been used for a long time as an encryption mechanism in the banking industry, especially in ATMs. The banking industry massively moved to 3DES when DES-breaking machines using key exhaustion attacks were successfully built. The first known DES-breaking machine was built in 1999 by the Electronic Frontier Foundation (Deep Crack). Later on, a second machine was built by the COPACABANA (Cost-Optimized Parallel Code Breaker) project.

3DES uses either 2 keys of 56-bit length or 3 keys of 56-bit length. The problem is that incorrectly stored and protected 3DES keys do not guarantee any better protection than using 56-bit DES keys.

Because of limitations, keys cannot always be stored in the memory of an HSM. But regardless of that, cryptographic keys must be protected throughout the cryptographic life of the data or process being protected. In the case of PIN protection in a consumer banking environment, the lifespan of the data or process may last for many years.

In addition, keys must be shared among HSMs at a host site and transmitted to other systems. This is the problem of secure key exchange – the transmission of cryptographic keys between disparate systems.

There are many scenarios in which attacks can be done against 3DES in the context of the banking industry. As per the ANSI X9.24 standards, 3DES key should be ciphered using 3DES encryption. Each of the 2 encryption keys K1 and K2 [1] of length 56 bits each should be ciphered by 3DES, which keys will be stored in a database.

Let us suppose that an attacker, which could be a disgruntled employee or a rogue contractor or vendor, wants to target the 3DES keys stored per the ANSI X9.24 standards.

The 3DES key is (K1, K2).

K1 is ciphered by 3DES with keys (C1, C2) and K2 is also ciphered by 3DE with keys (C3, C4).

We suppose that the attacker can have the security module ciphering a text T with the key C1 as a single-DES operation, resulting in a ciphered text T’.

That attacker can break the cipher T’ and uncover the key C1 using, for example, a COPACABANA machine, as previously described. That technique could be repeated with C2, C3, and C4 to uncover the 3DES key (K1, K2). This is not exactly unrealistic because, in the banking industry, many HSMs must maintain single DES operations for legacy reasons.

Because of the control information header and the overall MAC, an attacker could not use that technique against 3DES keys protected by an Atalla block format. And this is exactly why the Atalla block format was invented.

Detailing the Principle of the Atalla Key Block Format

Here we detail how the Atalla Key Block is being processed by a receiver to extract the key (or PIN) it protects.

Atalla Key Block

First, the AKB is checked for integrity by computing the MAC and comparing it to the presented MAC field. If the MACs are the same, the operation continues. The key is then decrypted using the Control Field Initialization Vector I.V) and a first variant of the master file key. Keys are then resolved and used following the data from the control field. The control field is an 8-byte header which details all the information about the key within the block.

Byte Description
0 Version number for the format
1 Key usage
2 Algorithm
3 Mode of use
4 Exportability
5 Padding flag
6 Special handling information
7 Other information

As you can see, a lot of information is presented in the header which makes AKB very flexible for different use cases.

The key usage can be one of the following options:

  • ATM Master Key
  • CVV
  • Data encryption
  • IV
  • Key encryption
  • MAC
  • Manufacturer defined
  • PIN encryption
  • Reference PIN Block
  • Signature
  • Token key
  • PIN Verification
  • Translation and conversion table
  • Communication Key
  • Derivation Key
  • Master Key
  • Diebold Number

The Key Block can handle the key for the following algorithms:

  • Manufacturer defined
  • SHA-1
  • RC2/MD2
  • IBM 3624
  • RC4/MD4
  • RC5/MD5
  • IBM4731
  • ANSI
  • Atalla
  • DES/3DES
  • EMV KEY DERIVATION
  • Diffie-Helmann
  • AES
  • SSL
  • RSA
  • DSA
  • VISA
  • ECC

While the most frequent use in banking is 3DES, AES or RSA can also be secured by the key block.

The “Mode of Use” flag is usually: Encrypt, Decrypt, Generate, Verify or no restriction at all.

Other useful information will be conveyed in the next bytes of the control field.

Conclusion

The Atalla Key Block is a very important format, and is at the root of all cryptographic block formats found within PCI and ANSI standards. It solves important issues regarding the security of keys when they are in transit within a potentially hostile environment.

Read more about the Utimaco Atalla AT1000 Hardware Security Module (HSM), a payments security module for protecting sensitive data and associated keys. Or access more articles on the Utimaco Atalla AT1000

New call-to-action

References and Further Reading

  • [1] 3DES is usually used with 2 different keys. Using 3DES with 3 different keys doesn’t bring more security than with 2 keys because it is vulnerable to a Meet-In-The-Middle attack.
Back to overview

Stay on top of our news
Don’t miss out on any Utimaco updates

Subscribe to Utimaco Newsletter

We will keep you posted with news from Utimaco and the industries we protect, as well as information on upcoming events and webinars.

Subscribe now

Partners

Skytech Computing Solutions Limited. - Utimaco Hardware Security Modules Partner Compumatica secure networks GmbH Microexpert Limited CREAplus Italia S.r.l IQuantics Corp PKI Solutions Inc. Macroseguridad Astel (UK) Ltd. - Utimaco Hardware Security Modules Partner Cryptomathic GmbH Baas Control s.r.o. intarsys AG Compumatica secure networks B.V. Utimaco HSM - QuintessenceLabs Cryptomathic Inc. Telegrupp AS E-Sign S.A. Perceptus-sp.-z-o.-o. Utimaco HSM - PTESA_profesionales en transacciones electronicas CewTec S.A. PETA (Thailand) Co., Ltd. Primekey Solutions AB Synergy Computers (Pvt.) Ltd. - Utimaco Hardware Security Modules Partner MALKOM D.Malińska i Wspólnicy s.j. Nexus - Utimaco Hardware Security Modules Partner Thomas-Krenn.AG Safesoft Kft. Altacom UAB Cryptomathic A/S Nexus Technology GmbH MTG - Utimaco Hardware Security Modules Partner Clearkey Consulting - Utimaco Hardware Security Modules Partner CREA plus d.o.o. Versasec MIcrosec Secure Source Distribution (M) Sdn Bhd - Utimaco Hardware Security Modules Partner JJNet International Co., Limited - Utimaco Hardware Security Modules Partner VAR Group SpA - Utimaco Hardware Security Modules Partner Softline Solutions GmbH Cogito Group Pty Ltd CertiSur S.A. Utimaco HSM - InfoGuard Swiss Cyber Security Envoy Data Corporation - Utimaco Hardware Security Modules Partner EUROPEAN DYNAMICS SA. cv cryptovision GmbH Fortiedge Pte Ltd. CEGA Security Real security d.o.o. Rohde & Schwarz Cybersecurity GmbH Komar Consulting Inc. - Utimaco Hardware Security Modules Partner AKEA S.A. - Utimaco Hardware Security Modules Partner SecureMetric Technology Sdn. Bhd. Throughwave (Thailand) Co.,Ltd - Utimaco Hardware Security Modules Partner ESYSCO Sp. z o.o. PrimeKey Labs GmbH Ascertia - Utimaco Hardware Security Modules Partner Fornetix - Utimaco Hardware Security Modules Partner Abrantix AG Cyber Armor Pte Ltd Nexus - Utimaco Hardware Security Modules Partner Encryption Consulting LLC
Find a partner

Share this page

EMEA

Utimaco IS GmbH
Germanusstraße 4
52080 Aachen
Germany
Phone: + 49 241 1696 200

Americas

Utimaco Inc.
900 E Hamilton Ave., Suite 400
Campbell, CA 95008
USA
Phone: +1 844 UTIMACO

APAC

Utimaco IS Pte Limited
80 Raffles Place,
#32-01, UOB Plaza
Singapore 048624
Phone: +65 6622 5347

Utimaco

  • support
  • corporate
  • careers
  • legal
  • terms & conditions
  • privacy
  • cookie-policy
© 2021
to top
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research