- Title: A Class Of Weak Keys In The RC4 Stream Cipher
- Authors: Andrew Roos (andrewr@vironix.co.za)
- Abstract:
- This paper discusses a class of weak keys in RSA's RC4 stream cipher. It shows
that for at least 1 out of every 256 possible keys the initial byte of the
pseudo-random stream generated by RC4 is strongly correlated with only a few
bytes of the key, which effecitively reduces the work required to exhaustively
search RC4 key spaces.
- Title: Answers To Frequently Asked Questions About Today's Cryptography
- Authors:
- Abstract:
- Paul Fahn's FAQ answers some of the most frequently asked questions
about cryptography today, including questions abou authentication,
encryption, public-key cryptography, export restrictions, RSA, DES,
Key Management, Digital Time Stamping, PEM, and much more.
- Title: Augmented Encrypted Key Exchange
- Authors: Steven M. Bellovin and Michael Merrit
- Abstract:
- The encrypted key exchange (EKE) protocol is augmented so that hosts
do not store cleartext passwords. Consequently, adversaries who obtain
the one-way encrypted password file may (i) successfully mimic (spoof)
the host to the user, and (ii) mount dictionary attacks against the
encrypted passwords, but cannot mimic the user to the host. Moreover,
the im- portant security properties of EKE are preservedan active
network attacker obtains insufficient information to mount dictionary
attacks. Two ways to accomplish this are shown, one using digital
signatures and one that relies on a family of commutative one-way
functions.
- Title: Codes, Keys and Confilicts: Issues in U.S. Crypto Policy
- Authors: Susan Landau Stephen Kent Clint Brooks Scott Charney Dorothy Denning Whitfield Diffe Anthony Lauck Doug Miller Peter Neumann David Sobel
- Abstract:
- In this report, the author attempts to remove the rhetotic, lay bare the
facts, and frame the issues. It examine the issues of communication
security from a variety of viewponits: (I) explain the technical consideration
of communications security; (II) considers the dual-edged sword cryptography
presents to both law enforcment and national security; (III) presents the
history of wiretap law in the United States; (IV) puts the current policy
on crytopgraphy in the context of decisions over the last twenty
years.
- Title: Crime and Crypto on the Information Superhighway
- Authors: Dorothy E. Denning
- Abstract:
- Although the information superhighway offers many benefits to
individuals and to society, it also can be exploited to further crimes
such as theft and sabotage of data, embezzlement, fraud, child
pornography, and defamation. Thus, a challenge in designing and using
the information superhighway is to maximize its benefits while
minimizing the harm associated with criminal activity. Three types of
mechanisms that help meet this challenge are information security
tools, ethics, and laws. One information security tool that is particularly useful against crime
is encryption, the scrambling of data in such manner that it can be
unscrambled only with knowledge of a secret key. Encryption can
protect against espionage, sabotage, and fraud. But it is a dual edged
sword in that it also can enable criminal activity and interfere with
foreign intelligence operations. Thus, the role of encryption on the
information superhighway poses a major dilemma. This dilemma has been
the topic of considerable dialogue and debate ever since the Clinton
Administration announced the Clipper Chip, a special purpose encryption
chip designed to meet the needs of individuals and society both for
communications security and privacy protection and for law enforcement
and national security. The outcome of the debate is likely to have
considerable implications for criminal justice. In order to put the
debate in context, we will first describe some of the criminal
activities made possible by computer networks and how cryptography fits
into a range of information security tools. We will then review the
encryption dilemma and Clipper controversy.
- Title: Crypto Laq Survey
- Authores: Bert-Jaap Koops
- Abstract:
- This survey of cryptography laws is based on several reports and on
replies to a posting on Internet discussion lists. Only for France,
The Netherlands, and Russia have I consulted original texts of
relevant regulations; for the other countries, the reports listed
below served as the only source. These findings, therefore, do not
pretend to be exhaustive or fully reliable. I thank all who have
provided me with information for this survey. Please send comments,
corrections, updates, additional information, and questions to
E.J.Koops@kub.nl
- Title: A Cryptographic File System for Unix
- Authors: Matt Blaze
- Abstract:
- Although cryptographic techniques are playing an increasingly
important role in modern computing system security, user-level
tools for encrypting file data are cumbersome and suffer from a
number of inherent vulnerabilities. The Cryptographic File System
(CFS) pushes encryption services into the file system itself. CFS
supports secure storage at the system level through a standard Unix
file system interface to encrypted files. Users associate a
cryptographic key with the directories they wish to protect. Files
in these directories (as well as their pathname components) are
transparently encrypted and decrypted with the specified key without
further user intervention; cleartext is never stored on a disk or
sent to a remote file server. CFS can use any available file system
for its underlying storage without modification, including remote
file servers such as NFS. System management functions, such as file
backup, work in a normal manner and without knowledge of the key .
This paper describes the design and implementation of CFS under Unix.
Encryption techniques for file system-level encryption are described,
and general issues of cryptographic system interfaces to support
routine secure computing are discussed.
- Title: Efficient DES Key Search
- Authors: Michael J. Wiener
- Abstract:
- Despite recent improvements in analytic techniques for attacking the
Data Encryption Standard, exhaustive key search remains the most practical
and effcient attack. Key search is becoming alarmingly practical. We
show how to build an exhaustive DES key search machine for $1 million
that can f ind a key in 3.5 hours on average. The design for such a
machine is described in detail for the purpose of assessing the resistance
of DES to an exhaustive attack. This design is based on mature technology
to avoid making guesses about future capabilities. With this approach,
DES keys can be found one to two orders of magnitude faster than other
recently proposed designs. The basic machine design can be adapted to
attack the standard DES modes of operation for a small penalty in running
time. The issues of development cost and machine reliability are examined
as well. In light of this work, it would be prudent in many applications to
use DES in a triple-encryption mode.
- Title: Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks
- Authors: Steven M. Bellovin Michael Merritt
- Abstract:
- Classic cryptographic protocols based on user chosen keys allow an attacker
to mount password-guessing attacks. We introduce a novel combination of
asymmetric (public-key) and symmetric (secret-key) cryptography that
allow two parties sharing a common password to exchange confidential
and authenticated information over an insecure network. These
protocols are secure against active attacks, and have the property that the
password is protected against off-line "dictionary" attacks. There are
a number of other useful applications as well, including secure public
telephones.
- Title: Jey Escrowing Today
- Authores: Dorothy E. Denning
- Abstract:
- This paper describes the U.S. Government's Escrowed Encryption Standard
(EES) and associated Key Escrow System (KES) as of June 1994. The
objective of the EES/KES is to provide strong security for
communications while simultaneously allowing authorized government
access to particular communications for law enforcement and national
security purposes. To achieve these goals, the EES/KES is based on a
tamper-resistant hardware chip (the Clipper Chip), which implements a
strong encryption algorithm (SKIPJACK) and a method for creating a Law
Enforcement Access Field (LEAF). The LEAF allows communications
encrypted by the chip to be decrypted through a Device Unique Key that
is programmed onto the chip. Pursuant to lawful authorization, a
government agency can acquire this key by obtaining two Key Components,
each of which is held by a separate Escrow Agent. The components and
operation of the KES are described, with particular attention to the
safeguards designed to ensure that the risk of unauthorized access to
EES-encrypted communications is negligible. These safeguards are a
combination of procedural and technical controls.
- Title: Key Management in an Encrypting File System
- Authors: Matt Blaze
- Abstract:
- As distributed computing systems grow in size,
complexity and variety of application, the problem of protecting
sensitive data from unauthorized disclosure and tampering becomes
increasingly important. Cryptographic techniques can play an
important role in protecting communication links and file data, since
access to data can be limited to those who hold the proper key. In
the case of file data, however, the routine use of encryption
facilities often places the organizational requirements of
information security in opposition to those of information management.
Since strong encryption implies that only the holders of the
cryptographic key have access to the cleartext data, an organization
may be denied the use of its own critical business records if the key
used to encrypt these records becomes unavailable (e.g., through the
accidental death of the key holder). This paper describes a system,
based on cryptographic "smartcards," for the temporary "escrow" of
file encryption keys for critical files in a cryptographic file
system. Unlike conventional escrow schemes, this system is bilaterally
auditable, in that the holder of an escrowed key can verify that, in
fact, he or she holds the key to a particular directory and the owner
of the key can verify, when the escrow period is ended, that the
escrow agent has neither used the key nor can use it in the future. We
describe a new algorithm, based on the DES cipher, for the on-line
encryption of file data in a secure and efficient manner that is
suitable for use in a smartcard.
- Title: Painless Guide To CRC Error Detection Algorithms
- Authors: Ross N. Williams
- Abstract:
- This document explains CRCs (Cyclic Redundancy Codes) and their
table-driven implementations in full, precise detail. Much of the
literature on CRCs, and in particular on their table-driven
implementations, is a little obscure (or at least seems so to me).
This document is an attempt to provide a clear and simple no-nonsense
explanation of CRCs and to absolutely nail down every detail of the
operation of their high-speed implementations. In addition to this,
this document presents a parameterized model CRC algorithm called the
"Rocksoft Model CRC Algorithm". The model algorithm can be
parameterized to behave like most of the CRC implementations around,
and so acts as a good reference for describing particular algorithms.
A low-speed implementation of the model CRC algorithm is provided in
the C programming language. Lastly there is a section giving two forms
of high-speed table driven implementations, and providing a program
that generates CRC lookup tables.
- Title: SKIPJACK Review - Interim Report - The SKIPJACK Algorithm
- Authors: Ernest F. Brickell Dorothy E. Denning Stephen T. Kent David P. Maher Walter Tuchman
- Abstract:
- The objective of the SKIPJACK review was to provide a mechanism
whereby persons outside the government could evaluate the strength of
the classified encryption algorithm used in the escrowed encryption
devices and publicly report their findings. Because SKIPJACK is but
one component of a large, complex system, and because the security of
communications encrypted with SKIPJACK depends on the security of the
system as a whole, the review was extended to encompass other
components of the system. The purpose of this Interim Report is to
report on our evaluation of the SKIPJACK algorithm. A later Final
Report will address the broader system issues.
- Title: Towards a Secure -AV system for PKZIP -- A Proposed Public Key Scheme For .ZIP Protection
- Authors: Jeremy Buhler
- Abstract:
- -AV protection has been problematical for PKZIP ever since its
inception. With the advent of public key digital signatures, this problem
may at last be solved. Public key should provide excellent protection
against modification of part of the archive or random spoofing by average
attackers and very good protection against the same by determined attackers
with great resources (e.g., governments, large corporations, etc). While
protection against the worst case, whole-file spoofing with a stolen key, is
less effective, it does not demonstrate a loss of security versus previous
methods. The algorithm's lifetime may be arbitrarily prolonged by increasing
the key size, and the decompression check code may be written so as not to
penalize operation unduly. This protection could make PKZIP the archiver of
choice for the distributor worried about file tampering within
.ZIP's.
|