# Cloak and data.

CLOAK AND DATA

SENSITIVE COMPUTER DATA needs protection in transit just as it does in storage. Whether the data consists of corporate financial figures or signals between computerized alarm components, it risks interception when it travels between secured areas. How can security managers protect sensitive data in transit? The answer is encryption.

The Data Encryption Standard (DES) of the National Institute of Standards and Technology (formerly the National Bureau of Standards) allows for a standardized approach to the process of encryption. In the late 1970s, DES gained acceptance for use with nonclassified telecommunications data processing. DES defines a process that scrambles or mixes up a specified amount of data by using an electronic key. To unscramble it, a person must possess the same key used to scramble the data. The key is chosen to be sufficiently complicated to eliminate the probability of guessing the data by randomly selecting all possible keys.

The scrambling of data is usually referred to as encryption, and the descrambling of the data is known as decryption. The original version of data is called plaintext, and the encrypted data is called ciphertext. Ciphertext is used by the decryption process to produce the original plaintext.

DES basically makes two changes to the data it acts on: It permutes the data, and it shifts the data. Permutation is the scrambling or mixing of data. Shifting, on the other hand, preserves the data's order but moves its starting point. The concepts of permutation and shifting are illustrated in Exhibit 1 for 10 pieces of data in a hypothetical stream.

The electronic key is combined with the permuted and shifted data in a way that hides the original permutation and shifting process. Thus the data cannot be recovered without the key.

The following example illustrates the point. Suppose a person used a permutation and shifting process to create 10 pieces of data (data 1 to data 10). Each piece of data is then combined mathematically with a piece of the electronic key, producing a coded set of 10 pieces of data. This set of 10 pieces of data would be different for each possible 10-piece key used.

How does that process ensure that special or secure pieces of data have resulted from the original pieces of data? The answer depends on the fact that the number of combinations that can be created from permuted and shifted data with electronic key data pieces becomes very large as the size (that is, the number of pieces) of the key grows.

Specifically, for DES the key is defined for 56 pieces and the data to be encrypted is defined for 64 pieces. To put this in perspective, a computerized receiving and transmission module using DES to code and decode data at a rate of about three times per second, trying every combination of possible sets of 64 pieces of data per set, would take about 710 million years to try all combinations! Furthermore, this estimate assumes data does not change, which in fact it does, further complicating any random guessing scheme.

The original data is both permuted and shifted, not just combined with the key, because from that format no known mathematical process can produce the original plaintext without the electronic key. Furthermore, the process ensures that each piece of data or key depends on every other piece of data or key. Even if a person could determine some of the pieces of the key, he or she would not be able to decrypt the information since all the pieces of the key must be known. In other words, a one-piece error in a 56-piece key makes the other 55 pieces of the key virtually worthless.

IN IMPLEMENTING DES, one of the first steps is to create 16 subkeys from the original key via a permutation and shifting process. DES permutes and shifts the data and combines it with the key not once but 16 times. Each time through is a round, like a round in a boxing match. Each round uses the results of the previous round plus one of the 16 subkeys, with the first round using the result of an initial permutation and shifting performed on the original, unencoded data. The DES encryption process is illustrated in Exhibit 2.

DES is mathematically structured to work in reverse if the same electronic key is used for decoding as was used in encoding. The decryption process is shown in Exhibit 3.

To make sure the data being encrypted is not repeated, all data to be encrypted is combined with random, nonrepeating data from a data generator. Since all data pieces depend on all other data pieces at all times, if any part of the data stream is random and nonrepeating, then the entire data stream is nonrepeating. A lack of repetition makes decoding more difficult.

Computer systems that rely on DES to encode and decode data transferred from a protected area to another protected area via an unsecured route can achieve a level of security superior to that gained through the use of repeating pattern generators (typical encryption schemes not based on DES). Just as important as using DES, however, is the human factor--properly managing the electronic keys that make the system so secure. [Exhibit 1-3 Omitted]

Ronald J. Baum is president of SECUR-DATA Systems Inc. He is responsible for the design and development of the company's line of DES-based high security products.
COPYRIGHT 1989 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.

Title Annotation: Printer friendly Cite/link Email Feedback special section - Computer-Information Security: Getting the Protection You Need; Data Encryption Standard Baum, Ronald J. Security Management Mar 1, 1989 901 Members only. Who goes there? Computer crimes Data encryption