Code breaking new ground
Encryption has a key role in everything from national security to voting to health care
- By Doug Beizer
- Jun 09, 2006
Tens of thousands of Nazi tactical messages were encrypted during World War II using the Enigma machine. It came to light years later that most of those messages were read by the allied forces after cryptologists 'broke' the cipher machine.
Today, the need to protect data'and the existence of forces trying to steal it'is perhaps greater than ever before.
To keep pace with those who would try and break modern codes, the Defense Department and the National Security Agency's Information Assurance Directorate have an ongoing effort called the Cryptographic Modernization Initiative. The initiative's goal is to transform and modernize information assurance capabilities for the 21st century.
'In the encryption world'probably on a time frame of every seven to 10 years'there's a need for new encryption algorithms,' Anthony Caputo, chairman and CEO of SafeNet Inc. of Belcamp, Md. 'Because every year the enemy or hackers' tools are getting better, so periodically you have to increase the strength of the encryption algorithms. That's what the Cryptographic Modernization does.'
Encryption focuses on three areas: Keeping data confidential, authenticating who sends data and ensuring data hasn't been tampered with, said Dr. Alan Sherman, associate professor of computer science at the University of Maryland, Baltimore County.
'For encryption, one of the major changes was the adoption of the advanced encryption standard [in 2001] by the National Institute of Standards and Technology,' Sherman said. 'The old system [the Dataq Encryption Standard] was based on 56-bit technology, which had become insecure. I think improving encryption is a continuing process.'
The Advanced Encryption Standard has a fixed block size of 128 bits and a key size of 128, 192 or 256 bits.
In DOD and intelligence agencies' world, encryption often is focused on standalone hardware units that encrypt data from a sender, and translates data for the recipient.
SafeNet, for example, has the SafeEnterprise Synchronous Optical Networking Type 1 Encryptor, an encryption appliance designed to secure Synchronous Optical Networking, and Synchronous Digital Hierarchy networks at speeds up to 10 Gbps. Speed is important because stronger encryption requires a computer to make more computations.
The National Security Agency gave approval for SafeNet's development of the classified version of the 10-Gigabit SafeEnterprise Sonet Encryptor. Under NSA's Commercial COMSEC Evaluation Program, SafeNet has been approved to develop the encryptor for deployment within the federal intelligence communities, DOD and civilian agencies.
The special-purpose computers sit at the end points of a communications link. The primary difference is the new devices have stronger encryption algorithms than the devices in the field now.
While software-based encryption is common in the IP world, it's an accepted fact in the crypto community that hardware encryption is much stronger. With hardware, you can protect both the algorithm and the encryption key. It's much more difficult to do that in software.
Besides top-secret data, other areas in government require encryption, such as health information and tax records.
An emerging area is encryption used in electronic voting, UMBC's Sherman said.Get out the vote
'Electronic voting systems are a very interesting application of cryptology, one that affects the critical national infrastructure of voting,' he said. 'There are emerging technologies called cryptographic receipt-based voting systems that offer tremendous potential for significantly enhanced security over other systems that are in use today.'
Part of the NSA's modernization initiative was to encourage companies to offer commercial software that incorporates a form of cryptography called elliptical curve, based on the algebra structure of elliptic curves, said Kathy Kriese, senior product manager for RSA Security.
The company's BSAFE Encryption, Signature and Privacy solutions incorporates the specifications put forth by NSA.
'We don't develop hardware; we are strictly focused on software,' Kriese said. 'So our software can be used by a developer as the software incorporated in special-purpose hardware device.'
RSA has a product, for example, that provides digital certificate information. A government agency is using it as part of a solution to show what type of roles and responsibilities various employees have to determine what type of access they should have to certain data.
The tool is used to determine what satellite photos certain employees can see, or the level of detail they can see in those photos.
'So people with the right combination of their security clearance, and other information on their digital certificate, would see different types of information when looking up the same satellite image,' Kriese said.
Doug Beizer is a staff writer for Federal Computer Week.