Security - Telenor
Security - Telenor
Security - Telenor
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
these approaches can be used to design practical<br />
systems that provide provable security in a strong<br />
sense. Most algorithms are designed using a system-theoretic<br />
approach combining well-established<br />
principles with partial security proofs.<br />
All cryptographic algorithms can be attacked by<br />
a brute force attack on the key space. Assuming<br />
an enemy has knowledge of the algorithm involved,<br />
he can try to decrypt the ciphertext with<br />
all possible keys. Meaningful plaintext will appear<br />
when the proper key is found. If the length of the<br />
secret key is n bits, there are 2 n different keys to<br />
try. This means that the key length is a simple<br />
parameter used to indicate the strength provided<br />
by a cryptographic algorithm. However, it is<br />
important to recognise that a sufficient key<br />
length is a necessary but not a sufficient requirement<br />
for a strong algorithm. An algorithm could<br />
have a long key, but still be vulnerable to other<br />
attacks more efficient than exhaustive key<br />
search. A report from 1996 [9] gives guidelines<br />
for selection of key lengths as shown in Table 1.<br />
It is important to stress that this table is only relevant<br />
for symmetric algorithms. The situation<br />
for asymmetric ciphers is much more complex<br />
and adequate key lengths for such systems are<br />
completely different from those in Table 1. An<br />
excellent guide is [10].<br />
4 Encryption Policy<br />
The implementation of encryption solutions is<br />
not only a technical matter, but also sensitive<br />
political issues are involved. For a long time<br />
serious use of cryptography was restricted to<br />
diplomatic and military use and encryption technology<br />
was considered to be of strategic importance<br />
to national security. National and international<br />
regulations were developed to monitor the<br />
use and dissemination of the technology. Most<br />
countries still enforce some kind of export control,<br />
but the rules have gradually become more<br />
liberal.<br />
The introduction of confidentiality as a standard<br />
service in telecommunication systems will not<br />
only protect the involved link against fraud and<br />
malicious eavesdropping, but it will also prohibit<br />
police and security agencies involved in legal<br />
interception as part of their combat against terrorism<br />
and organised crime. In many countries<br />
such interception has been an important tool<br />
against serious criminal activity, but normally<br />
a special court order must be available before<br />
the interception can take place.<br />
In mobile systems like GSM and DECT, the<br />
radio link is considered to be an exposed and<br />
vulnerable channel and the standards specify<br />
encryption of this link. The solutions involved<br />
Telektronikk 3.2000<br />
Type of attacker Key length needed<br />
Pedestrian hacker 45-50<br />
Small business 55<br />
Corporate department 60<br />
Big company 70<br />
Intelligence agency 75<br />
have been a carefully chosen design balancing<br />
the specific threats involved and the need for<br />
general exportability. For such systems there are<br />
no export controls on the terminals, but a license<br />
is normally needed for network equipment.<br />
5 Open or Secret Algorithms<br />
As stated above, the strength of a cryptographic<br />
system should not rely on the secrecy of the<br />
system description. In order to provide optimal<br />
analysis and confidence in a cryptographic algorithm,<br />
it will be important to have public available<br />
specifications that have been studied by<br />
independent experts. By standing such public<br />
scrutiny over a long period of time, an algorithm<br />
can achieve the necessary trust and assurance.<br />
This is a strong argument in favour of open algorithms<br />
and it seems clear that this is the only<br />
model for wide acceptance of general-purpose<br />
cryptographic algorithms.<br />
Open algorithms may be subject to a variety of<br />
research analysis and many results are published<br />
as “breaks”, even if the announced attack cannot<br />
be conducted within the operational environment<br />
of the system. Normally any attack with complexity<br />
lower than exhaustive search is reported<br />
as “cracking the algorithm”, often resulting in<br />
much publicity and worried users. In many cases<br />
such results are mostly of academic interest and<br />
have minimal impact on the security of the<br />
actual system.<br />
However, in the same way as openness is no<br />
guarantee for strong algorithms, a secret algorithm<br />
does not implicitly mean that the algorithm<br />
is weak. Cryptographic algorithms used<br />
in military systems for protection of classified<br />
information are seldom or never revealed. These<br />
organisations have a strong internal competence<br />
in design and analysis of algorithms and do not<br />
have the same need for an open process. From<br />
history they know the difference between attacking<br />
a known versus an unknown crypto system.<br />
In order not to provide an enemy cryptanalyst<br />
with any advantage, they prefer the use of secret<br />
algorithms.<br />
Table 1 Guidelines for<br />
selection of key lengths<br />
15