Timothy
Parker Consulting Incorporated
|
|
|
|
Encryption schemes Last column we got started on the subject of encryption. This time we move on a little to look at the different encryption schemes and algorithms that are in use. This all leads in later columns to a look at implementations you can provide for your customers. However, you have to understand the underlying concepts first. So here goes. The most basic form of encryption is called symmetric private key. This is much like the decoder rings that were popular years ago. With a simple symmetric key, each letter is replaced by some other letter. For example, all "a"s are replaced by "x"s while "b"s are replaced by "d". The simplest form of a symmetric key simply chooses a new starting point for the alphabet and moves along in order (a become d, b becomes e, c becomes f, and so on). More flexible symmetric keys randomize the substitution, and sometimes a password is used to figure out how the scrambling is achieved. Symmetric keys are easy to develop and fast to work. Unfortunately simple symmetric keys are the easiest to break. The reason is simple: given a reasonable amount of text you can figure out from letter frequency which letter mappings are used. The letter e is the most common in the language; if the scrambled text has mostly x’s, you can assume x and e are mapped together. Get a few of these mappings and other mappings start to become clear by looking at word fragments, much like a crossword puzzle. The same key is used for both encryption and decryption. To make symmetric keys more secure, more ways of scrambling the choice of each substitution have been developed. IBM developed the Data Encryption Standard (DES) in 1976 for the US government. It is a 56-bit algorithm that uses a 64-bit key. The same key is used to encrypt and decrypt messages. DES is not a symmetric private key in that the substitution or mapping of letters changes with each letter. In theory, breaking DES has always been possible. There are 72 quadrillion possible combinations that need to be tested, but a group did rise to the challenge (and won $10,000 US for their efforts) and proved that DES is not totally secure. More information about the DES challenge is available from http://www.frii.com/~rcv/deschall.htm. Triple DES encryption is a modification of the basic algorithm that uses more bits, effectively making it mush more difficult to break. To date, there are no reported solutions for Triple DES, although it is rumored that the US National Security Agency can decipher Triple DES encoded messaged given enough PCU time. The International Data Encryption Algorithm (IDEA) is probably the most secure algorithm in use today. Developed at the Swiss Federal Institute of Technology, IDEA uses a 64 bit block in a 128 bit key with a feedback operation to strengthen the algorithm. An enhanced version of IDEA called Triple IDEA is now available. The full IDEA algorithm takes a while to work, so several simplified versions have been developed. One popular system is Tiny IDEA. For more information about Tiny IDEA and to download a free copy, go to http://www.dcs.rhbnc.ac.uk/~fauzan/tinyidea.html. CAST (named after the developers Carlisle Adams and Stafford Tavares) uses a 64-bit key and 64-bit block for encryption. There’s a lot of stuff going on in the background with CAST, called S-boxes, which use 8 and 32 bit inputs. The details are not important (especially since they take a whole book to explain). CAST has not been deciphered to date, but like IDEA can be slower to encrypt and decrypt. For more details on CAST go to http://www.cs.wm.edu/~hallyn/des/sbox.html. An encryption system called Skipjack was developed by the National Security Agency
specifically for the Clipper chip, which the US wanted to have included in all on-line
devices (hence allowing monitoring). The Clipper chip was never implemented, but Skipjack
systems are available. The details of Skipjack are classified but it is known to be an
80-bit key with 32 rounds of processing. Two keys (one private, one master held by the
government) are used by Skipjack. In theory, it would take 400 billion years to break
Skipjack using the best available hardware today. AT&T provides the Clipper chip (and
hence Skipjack) to several manufacturers, including themselves. RC2 and RC4 were secret algorithms developed by RSA Data Security. Unfortunately for them, the source code was posted on the Internet, making the secret not very well kept! RC4 was considered quite secure and was used by Netscape for their exported versions of Navigator. The encryption was broken by two different groups at about the same time, taking about 8 days to accomplish the task. Which is the fastest and most secure of the encryption algorithms mentioned? The most secure is a toss-up, with Triple DES, IDEA, Triple IDEA, and Skipjack are all secure enough to make unauthorized decryption almost impossible. However, the overhead required to encrypt and decrypt is noticeable. If we consider DES to take one second to encrypt or decrypt a document, Triple DES requires 3 seconds, IDA 2.5 seconds, and Triple IDEA 4 seconds. This may seem short, but with large documents and many files, the delays the more secure algorithms impose become noticeable. In theory Skipjack is as fast as DES but who wants to trust the government with the keys? In the last column we discussed public and private keys, which are the alternative to these symmetric key systems. We’ll discuss these systems in the next column, and then move into certificate systems. More information about cryptography in general is available from http://www.rsa.com/rsalabs/newfaq/secprserv.htm. |
|
Send mail to
tparker@tpci.com with
questions or comments about this web site.
|