Security - Telenor

More documents

Recommendations

Info

Table 1 Timetable for AES Table 2 The 15 AES candidates. The underlined algorithms are the final five candidates 12 01/97 Announcement of AES 04/97 First workshop in Washington, USA 06/98 Deadline for submission of candidates 08/98 First AES conference in Ventura, USA, with presentation of candidates 03/99 Second AES conference in Rome, Italy 08/99 NIST announces the five candidates for the final 04/00 Third and last AES conference in New York, USA ??/00 Announcement of the AES winner(s) On the Need of Encryption In a modern society when we send a (conventional) letter, we expect that only the intended recipient can open the letter and read it. Likewise, we probably expect that documents on our desk are inaccessible to the public. It ought to be exactly the same for electronic information, no matter if it is sent over a public channel or if it is stored on a hard disk. I say “ought to”, because I do not think that this is the case today, unfortunately. By far the most electronic mail (e-mail) is sent in clear text today, which at least in principle makes it accessible to everyone. And how many people encrypt the data on their hard disk? Encryption does not require a change in attitude, I think, since I believe everyone would use it for both the above purposes, if all it took was to press a button on a screen. I am perfectly aware that the existence of a good encryption system is not sufficient to enable secure e-mail communication. One needs to solve the problem of how do the sender and receiver share a secret key between them such that no one else knows it? This is not a trivial problem, but there are known solutions. And the Winner is ... Who knows? NIST will decide sometime this year (2000). There are rumours that NIST is Name Country Cast256 (Canada) Crypton (Korea) Deal (Canada) DFC (France) E2 (Japan) Frog (Costa Rica) HPC (USA) Loki97 (Australia) Magenta (Germany) Mars (USA) RC6 (USA) Rijndael (Belgium) Safer+ (USA) Serpent (Denmark/England/Israel) Twofish (USA) going to choose several candidates for the standard. The advantage of this is that the users get more flexibility, since one scheme could be better suited for a certain platform or application and another scheme for some other platform or application. Furthermore, with several algorithms, one would be able to switch from one algorithm to another in case the first one should become vulnerable to some cryptanalytic attack. This would save us having to go through a long tedious process like the one for the AES will be. The disadvantage of having more than one algorithm is that not everyone would use the same and that the AES therefore should not become as popular as the DES. There are applications, e.g. smart cards, where it is not feasible to implement more than one encryption system. NIST claims that they will consider all submitted attacks and comments, and that the whole process will be open to the public. This is probably true but with one small modification. I think it is very likely that NIST will receive input from the NSA (the National <strong>Security</strong> Agency). This input will probably not be accessible to the public. There is of course also politics involved in the AES. Is it likely that NIST will choose a non-American algorithm for a federal American standard? I do not know, but I think that if NIST chooses more than one algorithm, a non-American algorithm will be one of them. NIST does not have the means to pay money to any of the designers and analysts. Also, the winner(s) will not receive any direct monetary benefit from NIST. All the work of the submitters and people who have spent hours analysing the candidates is unpaid and voluntary. Why do we do it then? I guess we do it for the fame and recognition one would get in case one’s algorithm is selected or even being among the final five. Also, the AES is a chance to give a good encryption algorithm royalty-free to people from all over the world, and to our children and grandchildren. More Information More information can be found at the official AES-site http://www.nist.gov/aes; or my site http://www.ii.uib.no/~larsr/aes.html, or my Serpent-page http://www.ii.uib.no/~larsr/serpent. Feature Editor’s Note: On October 2, 2000, NIST announced that the Belgian algorithm Rijndael is the winner of the AES contest. NIST said that Rijndael was chosen because of its combination of security, performance, efficiency, ease of implementation and flexibility. NIST tentatively expects the AES standard to become official in April – June 2001. Telektronikk 3.2000
Leif Nilsen (48) is Senior Cryptologist with Thomson-CSF Norcom AS and Associate Professor at the University of Oslo Graduate Studies at Kjeller (UNIK). He is working with information security, cryptographic algorithms and key management systems. He is Norwegian expert to ISO/IEC JTC1/ SC27 and member of ETSI/SAGE. leif.nilsen@norcom-csf.no Telektronikk 3.2000 Development of Cryptographic Standards for Telecommunications LEIF NILSEN The development of secure information systems encompasses the use of system technical security solutions based on cryptographic techniques. The article provides a basic tutorial on cryptographic algorithms and describes the development of cryptographic standards for use in telecommunications. We review the set of algorithms that has been developed for dedicated use within ETSI standards. This development has been targeted to balance divergent technical and political requirements and has produced a variety of system specific solutions. The article also includes a survey of the most influent standardisation initiatives for generalpurpose cryptographic algorithms. 1 Introduction Moving towards an information society where we see a rapid integration of information systems and communication systems, more and more of public, industrial and private business take place in an open, distributed and digital marketplace. This trend implies an increasing need for security services for protection of both user data and network management data. The ISO <strong>Security</strong> Architecture [1] defines the following set of security services and also specifies at which layer of the communication protocol the service should or could be implemented: • Peer Entity Authentication • Access Control • Connectionless Confidentiality • Connection Integrity with Recovery • Non-Repudiation • Data Origin Authentication • Connection Confidentiality • Traffic Flow Confidentiality • Connectionless Integrity. The use of encryption algorithms is a basic technique for the implementation of several of the services mentioned above, even if the traditional use of cryptography has been to provide information confidentiality. For an excellent historical overview of the use and importance of crypto A K E Key channel systems, see D. Kahn [2]. In this paper we will discuss several issues related to the development and use of cryptographic standards with emphasis on their use in telecommunication systems. 2 Basic Model of a Cryptographic System In order to give some tutorial background to how cryptography is used in a communication system, we will briefly discuss the basic model of a cryptographic system as shown in Figure 1. The sender A wants to send the message M to the receiver B. The communication will take place over an insecure channel, where an eavesdropper Z may listen and get unauthorised access to the information passing over the channel. By applying the encryption device Enc, the entity A transforms the message M, often called the plaintext, into an unintelligible message C, called ciphertext, under the control of the encryption key K E . The receiver B has the corresponding decryption key K D and is able to recover the plaintext M from the ciphertext C using the decryption device Dec. In a symmetric cryptosystem K E = K D and the exchange of keys has to take place over a confidential key channel. In an asymmetric crypto M C M Enc Dec B Z K D Figure 1 Basic model of a cryptographic system 13
Page 2 and 3: Telektronikk Volume 96 No. 3 - 2000
Page 4 and 5: Øyvind Eilertsen (34) is Research
Page 6 and 7: 4 E(P) = a ⋅ P + b (mod 26) D(C)
Page 8 and 9: 6 In 1997, NIST initiated the proce
Page 10 and 11: 8 decrypt the signed hash value, re
Page 12 and 13: Lars R. Knudsen (38) is Professor a
Page 16 and 17: 14 K m i Stream cipher algorithm Fi
Page 18 and 19: 16 6 Use of Encryption in Telecommu
Page 20 and 21: 18 mode, integrity mode, key divers
Page 22 and 23: 20 7 Beaver, D. Computing with DNA.
Page 24 and 25: 22 In both cases, my trust depends
Page 26 and 27: 24 A number of standard PC applicat
Page 28 and 29: Henning Wright Hansen (28) is Resea
Page 30 and 31: 28 Securing Locally Stored Informat
Page 32 and 33: Figure 3 A simple Public Key Infras
Page 34 and 35: 32 The Policy Control Center An imp
Page 36 and 37: Tønnes Brekne (31) is on leave fro
Page 38 and 39: 36 Sets definable by such predicate
Page 40 and 41: 38 A failure is caused by some type
Page 42 and 43: Figure 1 This figure illustrates th
Page 44 and 45: 42 ating system(s) and/or platform
Page 46 and 47: Message Sender Recipient Message pa
Page 48 and 49: 46 Assume some agent a carries with
Page 50 and 51: 48 gateway from attack, while the i
Page 52 and 53: 50 transfer at the expense of secur
Page 54 and 55: 52 7 FORE Systems. Firewall Switchi
Page 56 and 57: Figure 2-1 Object invocations throu
Page 58 and 59: Figure 4-1 3 Levels of different fi
Page 60 and 61: 58 phase two, in which the client r
Page 62 and 63: 60 5 CORBA Firewall Traversal 5.1 F
Page 64 and 65:
62 7.2 Visibroker Gatekeeper of Inp
Page 66 and 67:
64 References 1 Abie, H. An Overvie
Page 68 and 69:
Cost Figure 1 Minimising total cost
Page 70 and 71:
68 In the coming years it is likely
Page 72 and 73:
70 financial, social, environmental
Page 74 and 75:
Consequence 72 Insignificant Substa
Page 76 and 77:
74 in a one week time-frame, using
show all

Security - Telenor

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?