- Shopping Bag ( 0 items )
The field of cryptography has experienced an unprecedented development in the past decade and the contributors to this book have been in the forefront of these developments. In an information-intensive society, it is essential to devise means to accomplish, with information alone, every function that it has been possible to achieve in the past with documents, personal control, and legal protocols (secrecy, signatures, witnessing, dating, certification of receipt and/or origination). This volume focuses on all ...
Ships from: Valley Cottage, NY
Usually ships in 1-2 business days
Ships from: Long Island City, NY
Usually ships in 1-2 business days
Ships from: Long Island City, NY
Usually ships in 1-2 business days
The field of cryptography has experienced an unprecedented development in the past decade and the contributors to this book have been in the forefront of these developments. In an information-intensive society, it is essential to devise means to accomplish, with information alone, every function that it has been possible to achieve in the past with documents, personal control, and legal protocols (secrecy, signatures, witnessing, dating, certification of receipt and/or origination). This volume focuses on all these needs, covering all aspects of the science of information integrity, with an emphasis on the cryptographic elements of the subject.
In addition to being an introductory guide and survey of all the latest developments, this book provides the engineer and scientist with algorithms, protocols, and applications. Of interest to computer scientists, communications engineers, data management specialists, cryptographers, mathematicians, security specialists, network engineers.
1. The Birth of the DES
2. The DES Controversy
3. Acceptance by Government and Commercial Sectors
5. New Algorithms
6. DES: The Next Decade
The Data Encryption Standard (DES) is the first, and to the present date, only, publicly available cryptographic algorithm that has been endorsed by the U.S. government. This chapter deals with the past and future of the DES. It discusses the forces leading to the development of the standard during the early 1970s, the controversy regarding the proposed standard during the mid-1970s, the growing acceptance and use of the standard in the 1980s, and some recent developments that could affect the future of the standard.
1 THE BIRTH OF THE DES
1.1 The Development of Security Standards
In 1972, the National Bureau of Standards (NBS), a part of the U.S. Department of Commerce, initiated a program to develop standards for the protection of computer data. The Institute for Computer Sciences and Technology (ICST), one of the major operating units of the National Bureau of Standards, had been recently established in response to a 1965 federal law known as the Brooks Act (PL89-306) that required new standards for improving utilization of computers by the federal government. Computer security had been identified by an ICST study as one of the high-priority areas requiring standards if computers were to be effectively used. A set of guidelines and standards were defined by the ICST that were to be developed as resources became available in computer security. The guidelines were to include areas such as physical security, risk management, contingency planning, and security auditing. Guidelines were adequate in areas not requiring interoperability among various computers. Standards were required in areas such as encryption, personal authentication, access control, secure data storage, and transmission because they could affect interoperability.
Standards come in different "flavors": basic, interoperability, interface, and implementation.
1. Basic standards (also called "standards of good practice") are used to specify generic functions (services, methods, results) required to achieve a certain set of common goals. Examples include standards for purity of chemicals, contents of food products, and in the computer field, structured programming practices.
2. Interoperability standards specify functions and formats so that data transmitted from one computer can be properly acted on when received by another computer. The implementation (hardware, firmware, software) or structure (integrated, isolated, interfaced layers) need not be specified in interoperability standards, since there is no intent of replacing one implementation or structure within a system with another.
3. Interface standards specify not only the function and format of data crossing the interface, but also include physical, electrical, and logical specifications sufficient to replace one implementation (device, program, component) on either side of the interface with another.
4. Implementation standards not only specify the interfaces, functions, and formats, but also the structure and the method of implementation. These may be necessary to assure that secondary characteristics such as speed, reliability, physical security, etc. also meet certain needs. Such standards are often used to permit component replacement in an overall system.
Each of the above types of standards was considered for the specification of the DES. A basic standard did not achieve telecommunications interoperability if different algorithms were selected by the communicating parties. Although an interface standard was desirable in some applications (e.g., data encryption on a RS-232C interface device) it would not be applicable in other applications (e.g., secure mail systems). An implementation standard was rejected because it would restrict vendors from using new technologies. Therefore, the DES was developed as an interoperability standard, requiring complete specification of basic function and format yet remaining independent of physical implementation.
1.2 Public Perception of Cryptography
Cryptography is a word that has been derived from the Greek words for "secret writing." It generally implies that information that is secret or sensitive may be converted from an intelligible form to an unintelligible form. The intelligible form of information or data is called plaintext and the unintelligible form is called ciphertext. The process of converting from plaintext to ciphertext is called encryption and the reverse process is called decryption. Most cryptographic algorithms make use of a secret value called the key. Encryption and decryption are easy when the key is known, but decryption should be virtually impossible without the use of the correct key. The process of attempting to find a shortcut method, not envisioned by the designer, for decrypting the ciphertext when the key is unknown is called cryptanalysis.
In the early 1970s, there was little public understanding of cryptography. Most people knew that the military and intelligence organizations used special codes or code equipment to communicate, but few understood the science of cryptography. The International Business Machines Corp. (IBM) initiated a research program in cryptography because of the perceived need to protect electronic information during transmission between terminals and computers and between computers (especially where the transmissions were to authorize the transfer or dispensing of money). Several small companies in the United States made cryptographic equipment for sale, much of it overseas. Several major companies made cryptographic equipment under contract to the U.S. government, but most such equipment was itself classified.
There was an interest in the mathematics of cryptography at several universities, including Stanford and MIT. Cryptographic algorithms were frequently based on mathematics or statistics and hence were often of interest to mathematicians. Making and breaking cryptographic algorithms was considered an intellectual challenge. However, there was only a limited market for expertise in cryptography outside the military and intelligence circles.
The NBS project in computer security identified a number of areas requiring research and the development of standards. A cryptographic algorithm that could be used in a broad spectrum of applications by many different users to protect computer data during transmission and storage was identified as a needed standard. A standard cryptographic algorithm was considered necessary so that only one algorithm needed to be implemented and maintained, and so that interoperability could be easily achieved. This led to the initiation of the NBS project in data encryption and the first solicitation for candidate algorithms.
1.3 The NBS-NSA-IBM Roles
The National Bureau of Standards initiated development of the DES when it published in the Federal Register of May 15, 1973, a solicitation for encryption algorithms for computer data protection. Responses to this solicitation demonstrated that there was an interest in developing such a standard, but that little technology in encryption was publicly available. NBS requested assistance from the National Security Agency (NSA) in evaluating encryption algorithms if any were received or in providing an encryption algorithm if none were received.
IBM had initiated a research project in the late 1960s in computer cryptography. The research activity, led by Dr. Horst Feistel, resulted in a system called LUCIFER. In the early 1970s, Dr. W. Tuchman became leader of a development team in cryptographic systems at IBM. This development activity resulted in several publications, patents, cryptographic algorithms, and products. One of the algorithms was to become the Data Encryption Standard.
IBM submitted its cryptographic algorithm to NBS in response to a second solicitation in the Federal Register of August 27, 1974. NBS requested that the NSA evaluate the algorithm against an informal set of requirements and simultaneously requested that IBM consider granting nonexclusive, royalty-free licenses to make, use, and sell apparatus that implemented the algorithm. A great deal of discussion was conducted by NBS with both organizations in response to these requests.
On March 17, 1975, nearly 2 years following the first solicitation, NBS published two notices in the Federal Register. First, the proposed "Encryption Algorithm for Computer Data Protection" was published in its entirety. NBS stated that it satisfied the primary technical requirements for the algorithm of a DES. It also notified readers to be aware that certain U.S. and foreign patents contain claims that may cover implementation and use of this algorithm and that cryptographic devices and technical data relating to them may come under the export control. The second notice contained a statement by IBM that it would grant the requested nonexclusive, royalty-free licenses provided that the Department of Commerce established the DES by September 1, 1976.
On August 1, 1975, NBS published in the Federal Register the fourth notice of a proposed Federal Information Processing Data Encryption Standard. Comments were requested from federal agencies and the public regarding the proposed standard. On October 22, 1975, Dr. M. Hellman sent his criticism of the proposed standard. His letter began, "Whit Diffie and I have become concerned that the proposed data encryption standard, while probably secure against commercial assault, may be extremely vulnerable to attack by an intelligence organization." He then outlined a "brute force" attack on the proposed algorithm, using a special-purpose "parallel computer using one million chips to try one million keys each" per second. He estimated the financial requirements to build such a machine to be twenty million dollars.
Because of the concern for adequate protection to be provided by the DES, NBS continued to evaluate the algorithm, the requirements for security in the private and public sectors, and the alternatives to issuing the standard. Finally, NBS recommended that the standard be issued and it was published on January 15, 1977. The standard included provisions for a review by NBS every 5 years.
2 THE DES CONTROVERSY
2.1 How Long Is Long Enough?
The DES security controversy forced consideration of basic security questions about how good is good enough and how long is long enough. Every practical security system must be evaluated with respect to security, costs (initial, operational, maintenance), and user "friendliness." These factors were studied in great depth during the evaluation of the proposed standard.
The effective key length of the DES is 56 binary digits (bits) and the straightforward "work factor" of the algorithm is [2.sup.56] (i.e., the number of keys that would have to be tried is [2.sup.56] or approximately 7.6 × [10.sup.16]). Hellman and Diffie argued that, in certain situations, a symmetric characteristic of the algorithm would cut this number in half and that on the average, only half of these would have to be tried to find the correct key. They also noted that increasing the key length by 8 bits would "appear to outstrip even the intelligence agencies' budgets" but that "decreasing the key size by 8 bits would decrease the cost, ... making the system vulnerable to attack by almost any reasonable sized organization." It was thus argued that the length of the key was critical to the maximum security provided by the proposed standard.
2.2 S-Boxes and Trapdoors
The second criticism of the proposed standard was that of the fundamental design of the algorithm which is based on a set of eight fixed substitution tables, or S-boxes, that are used in the encryption and decryption processes. It was argued that, since the design criteria of the tables were not publicly available, the entries could have been selected in such a manner as to hide a "trapdoor." The argument was that the people or organizations who selected the tables might be able to cryptanalyze the algorithm while everyone else could not.
NBS, NSA, and IBM were the principals in the development of the Data Encryption Standard as noted above. Since NBS had initiated the development of the DES, NBS was responsible for assuring that the proposed standard met all of the requirements, and that it was acceptable to many potential users with a large number of applications. NBS continued to assess the requirements for the standard, analyze the security concerns regarding the proposed standard, and evaluate the costs and benefits of modifying or replacing the proposed standard. The principals involved in developing the proposed standard decided, after 2 years of evaluation, to rely on a public peer review process in order to make a final decision. Two workshops were organized by NBS; one on the mathematics of the algorithm to analyze the "trapdoor" concern, and one on the economic trade-offs of modifying the algorithm to increase its key length. The designers, evaluators, implementors, vendors, and potential users of the algorithm, along with the vocal critics of the proposed standard, were invited to both workshops. A number of mathematicians were also invited to the mathematics workshop.
The workshops were extremely lively. The critics were given an opportunity to state their concerns to the audience. The designers stated that some of the design criteria were classified, but outlined many of the criteria used in the design. The evaluators stated the results of their evaluations. The implementors stated they needed a standard in order to justify implementation costs, and the users stated they wanted a resolution of the issue so that they could obtain effective cryptographic protection of their data.
The decision to publish the proposed standard without modification was made immediately following the workshop. There were no "trapdoors" identified in the algorithm. The potential users and vendors of the algorithm agreed that while the key could have been longer at little additional cost, it was considered adequate for their needs for 10-15 years. There was also concern that any change in the key length would make implementations of the algorithm unexportable to all potential markets. It was therefore recommended that the standard be reviewed every few years to evaluate its continued adequacy for meeting all of its intended applications and meeting all of its requirements. This recommendation has been fulfilled by NBS in 1983 and again in 1988.
3 ACCEPTANCE BY GOVERNMENT AND COMMERCIAL SECTORS
3.1 No Attack Demonstrated
Despite the controversy over the security of the Data Encryption Standard, it is the most widely accepted, publicly available, cryptoalgorithm today. And with the exception of the Rivest-Shamir-Adleman (RSA) public key algorithm, no other algorithm is even a significant contender. The DES has been accepted for two main reasons.
First, despite all the claims of discovered or imagined flaws, no one has demonstrated a fundamental weakness of the DES algorithm. In fact, the only seriously proposed attacks involve exhaustively testing keys until the correct key is found. This method is precisely what designers of cryptoalgorithms hope their adversaries will be forced to attempt. If the number of possible keys is sufficiently large to dissuade the attacker from attempting exhaustively testing keys, and no easier attack on the algorithm can be found, then the designer of the algorithm has succeeded in providing adequate security. Today, most security applications can be subverted for much less than the tens of millions of dollars required to break the DES.
Second, the DES has been accepted because of its endorsement by the federal government. No other publicly available algorithm has ever been endorsed by the U.S. government. Federal agencies are required to use DES for the protection of unclassified data, but the private sector has adopted DES as well because government endorsement implies an approved degree of security. Thus, the DES has become the most widely accepted mechanism for the cryptographic protection of unclassified data.
Excerpted from Contemporary Cryptology Excerpted by permission.
All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.
Contemporary Cryptology: A Foreword (G. Simmons).
Contemporary Cryptology: An Introduction (J. Massey).
The Data Encryption Standard: Past and Future (M. Smid & D. Branstad).
Stream Ciphers (R. Rueppel).
The First Ten Years of Public Key Cryptology (W. Diffie).
Public Key Cryptography (J. Nechvatal).
A Comparison of Practical Public Key Cryptosystems Based on Integer Factorization and Discrete Logarithms (P. van Oorschot).
Digital Signatures (C. Mitchell, et al.).
A Survey of Information Authentication (G. Simmons).
Overview of Interactive Proof Systems and Zero-Knowledge (J. Feigenbaum).
An Introduction to Shared Secret and/or Shared Control Schemes and Their Applications (G. Simmons)
Cryptanalysis: A Survey of Recent Results (E. Brickell & A. Odlyzko).
Protocol Failures in Cryptosystems (J. Moore).
The Smart Card: A Standardized Security Device Dedicated to Public Cryptology (L. Guillou, et al.)
How to Insure That Data Acquired to Verify Treaty Compliance are Trustworthy (G. Simmons).