Data encryption essentials.
The use of masking leads to substitution. Often message is masked in such a way that the resulting message that goes out in an open communication channel, seems harmless and inconspicuous.
The use of veiling leads to transposition, as veiled messages are usually not masked at all, but simply combined within other items regularly in such a way that resulting message takes form of yet another message, called acrostics.
The oldest, simplest and the most primitive of all of the methods, the 'translation table', has been used long since, before the flrst computer was invented. Each 'chunk' of data (usually I byte) is used as an offset within a 'translation table', and the resulting 'translated' value from within the table is then written into the output stream. The encryption and decryption programs would each use a table that translates to and from the encrypted data.
While this method is very simple and fast, the down side is that once the translation table is known, the code is broken. Further, such a method is relatively straightforward for code breakers to decipher. Still, for general "unreadability" of encoded data, without adverse effects on performance, the 'translation table' method lends itself well.
Keys are the fundamental essential element in generating modern ciphertext. A string of bits used widely in cryptography, allowing people to encrypt and decrypt data; a key can be used to perform other mathematical operations as well. Given a cipher, a key determines the mapping of the plaintext to the ciphertext. The key to a particular cryptosystem is some value which, when applied to ciphertext, allows the encrypted message to be decrypted and when applied to plaintext encrypts it. It is important to note that in the study of cryptography one talks about the lengths of keys in terms of bits.
Messages, too, can be encrypted in 'n-bit blocks'. The longer a key is the more difficult it is to break the encrypted message.
The most common method of breaking ciphers is by a brute-force attack. This sort of attack involves running through possible combinations of keys and applying them to the cryptosystem until the message is decrypted. It is the same as trying to guess a PIN for someone's ATM card by going through all the possible combinations of numbers. It is said that any University computer science major would have enough computer power available to be able to break most 56-bit key cryptosystems in less than one week.
The following table, from B. Schneier. Applied Cryptography, 2e. John Wiley & Sons. 1996, is for symmetric key ciphers. It offers some guidelines on choosing appropriate key lengths.
Error in Encryption leads to Compromises
When a message-handling operator makes an error in encrypting data. Compromises may occur during requested re-transmission in these cases:
1. This message can be encrypted using a different key. In any case, it is possible for interceptors to compare the two ciphertext and work out the encryption.
2 Sometimes, two different messages encrypted with the same key may also be fatal.
3 When a request for re-transmission results in transmission of plaintext, instead of a repeat of the ciphertext.
The gravity of this blunder is apparent when one considers how anyone could intercept the plaintext message and compare this with the previously encrypted message, and therefore figure out the encryption method and possibly, selection of key.
When important messages are relayed, often unimaginative choice of words could give away the encryption, as specialists in the field of cryptography have amassed a set of most probable words as the nature of the message exhibits. For instance, in decoding love letters, frequency ordering looks for words such as 'love, heart, fire, miss, life, light' which are most frequently used. Hence it is important to rephrase messages before they are encrypted and transmitted.
The use of certain clear symbols (or even nulls) for spacing or punctuation has been proven disastrous for those who committed this sin. The double appearance of certain important words could also give away the encryption.
Nothing can emphasize the importance of encrypting a message well. The slightest carelessness may well reveal subsequent messages. However, not having code books does not mean a message should be transmitted as plaintext. On the other hand, encrypted messages containing obvious news, such as weather report on certain phenomenon that is most obvious to the enemy, could prove to be a fatal leak. Sometimes, the use of common phrase to describe a sudden, unforeseen event may give away the encryption. This is exploited by the British in the World War 11, when they deliberately sank a lighted buoy in order to trigger certain predicted sequence in German encrypted message, to assist decrypting.
Poor Choice of Passwords
The use of commonly used, easily memorable phrases as passwords is highly inadvisable, especially if these bear strong association with the encryptor.
Physical Copy of Crypt Documents
The presence of a physical copy of transmitted data must be destroyed at all cost, since the most obvious, frequently practised method of interception is by physically seizing the crypt documents,
Captured Cryptographic Device
In military operations, whenever a particular installation falls into the captivity of the enemy, the most important step to do would be to secure or destroy any device or code books that are used to encrypt message. Historically, failure to do this had brought about serious setbacks as enemies eavesdropped easily to subsequent communications. During WW II, in many instances, captured submarines or vessels left their encrypting devices intact, to the enemy's advantage.
Illusion of Security Using 'Complicated' Cryptosystem
Altering existing methods by introducing suitable superficial complications may well be a double-edged sword, as it lulls cryptographer into a false sense of security.
Human Operator Errors
Most of encryption method that has been broken, was solved as a result of a tiny error on the part of the cipher officer. As with Germany's ENIGMA encryption, Stuart Milner-Barry wrote that if not for human errors, "[it] was intrinsically a perfectly secure machine."
Nature of Data Lifetime Minimum [Symmetric] Key Length Tactical military minutes/hours 56-64 bits information Product announcements, days/weeks 64 bits mergers Long-term business plans years 64 bits Trade secrets decades 112 bits H-bomb secrets >40 years 128 bits Identities of spies >50 years 128 bits Personal affairs >50 years 128 bits Diplomatic >65 years at least 128 bits embarrassments U.S. Census data 100 years at least 128 bits
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||SOFTWARE SECURITY|
|Date:||Sep 1, 2005|
|Previous Article:||Help shape the Web on mobile devices 30 August 2005.|
|Next Article:||New FileMaker Pro 8.|