Encryption Strength Lies Beyond Key Length: A Suggestive Approach 

ABSTRACT

It is generally believed that strength of an encryption algorithm lies in the length of the key it uses and amount of confusion and diffusion it introduces in the cipher. An information system infrastructure that is used in any encryption system provide very vital ingredient to the strength of an encryption system too. A message needs to be secured as long as it is live.  The length of key and amount of confusion and diffusion required need to be in proportion of the life span of message. Every message is neither private nor it needs to be secured.

Analysis of security requirement must precede the decision about level of encryption. For secured transmission not only message but entire information system infrastructure should be established in such a way that there is no unknown holes in any of the layers. This includes every small to large hardware component starting from chips to every component of operating systems and software tools used in the systems besides the encryption method used in information exchange security.

1. INTRODUCTION

A message needs to be protected as long as it is live. A message is said to be live as long as it has not served its purpose. The life of a message varies from a few hours to sometime 100 of years. Privacy and security is required for those few messages which are not supposed to be known to third party as long as the message is live. We use cryptography as a tool to keep information confidential and to ensure its integrity and authenticity . All modern cryptographic systems are based on Kerckhoff's principle of having a publicly-known algorithm and a secret key. Many cryptographic algorithms use complex transformations involving substitutions and permutations to infuse confusion and diffusion into the cipher text while encrypting plaintext.

Symmetric key encryption mangles the bits in a series of rounds parameterized by the key to turn the plaintext into the cipher text. Triple DES and Rijndael (AES) [1] are the most popular symmetric-key algorithms at present. These algorithms work in different modes like Electronic Code Book (ECB), Cipher Block Chaining (CBC), Output Feed Back (OFB) and, Cipher Feed Back (CFB). Whereas asymmetric encryption algorithms too mingle the plain text to produce cipher, it is based on mathematics of discrete logarithm and inverse modulo. Two popular algorithm used today are RSA and Diffie Hellman. Ironically all these algorithms find their strength from

large size keys. Since every message needs no protection and all messages are not alive for the same time length, we must look beyond key size for securing message and strength of encryption. To provide a functional encryption mechanism to secure privacy and authenticity of information we may use either encryption or steganography or sometimes both. The purpose of the Steganography is to conceal the fact that some communication is taking place. This is achieved by hiding of secret message within another seemingly innocuous message, or carrier. Steganography , like cryptography, is a means of providing secrecy to the data under transmission. Yet steganography does so by hiding the very existence of the data, while cryptography does so by scrambling the data so that it cannot be understood by the third party. Before selecting any of them it is important to seek answer to the following three questions: Which message needs security?  W

hat is the life span of the message?  Which information infrastructure to use to encrypt the message? Security and risk classification can very well reveal and provide clue about the answer to the first question. An example may help in understanding the way to seek answer to the second question.  The secrecy of question papers for an examination needs to be maintained till the start of the examination of that paper. If it is to be transmitted electronically using public network to the venue of examination two days before its commencement, we do not need an encryption method and keys that secures message for 100 years or even six months! And even if we use an encryption method to secure the question papers for such long time and encrypt on a system that covertly transmits either the keys or information or both through holes at any of the layers, then all such encryption is of no use!  Today it is possible to design a system that is equipped with a mobile chip and an activated international number.

It may not be a surprise if the text of the paper, as it is being typed, is being transmitted from my laptop to some location not even known to my wild imagination! The reason could be presence of holes unknown to me but very well known to the spy that might be fitted while manufacturing the laptop or at the time of fabrication of any of its components. Imagine the card in the mobile handset is in fact planted somewhere on the motherboard with a SIM. A testing mechanism, suggested in section 3 of the paper, is required to ensure that there exist no such holes at hardware level. The old age paradigm of “having no physical connections to the computer network or the Internet is clearly the most secure option for any information system infrastructure” no longer holds today with the advent of

mobile communication technology and round the clock moving spy satellite over the head. Security holes in information system infrastructure are the vulnerabilities in computing hardware or software. It is important to close these holes prior to implementing any secure services on the system. Security holes indirectly, and sometimes directly, invite malicious hackers to work on and exploit data.

It is essential to test all components of the information system infrastructure both inclusively and exclusively before its commissioning. Therefore it is essential to know the factors that may cause the leakage of information weakening the entire encryption system. The paper is organized in five sections. The section next to introduction deals with the probable compromises that may weaken the encryption system in place. The possible solution to the problems is suggested in the section 3. Section 4 describes the way of implementation. The paper is concluded in section 4.

2. WEAKENING FACTORS However strong the encryption system we may apply, it is secure as long as the key used is secured for the duration exceeding life span of the information. It is important to be aware about the factors that may weaken an encryption system. The difference between 'nice to know' and 'need to know' must be strictly enforced and monitored. We should have access only to the information that we need in order to do our job (to prevent information leakage). We must be aware of IT security and employees concerned must be trained regularly. What is use of putting highly secured lock on the door and then letting the key pass in the hand of spoiler? Similar is the case with encryption key if it is transmitted covertly to the hacker.

A hacker then is not going to try brute force cycle to decrypt the message once in possession of the encrypted message. Thus to supplement any encryption mechanism it is important to provide suitable secure infrastructure for both encryption and decryption that must be free from all the security holes. Security holes at various levels are the weakening factors of any encryption system.

Regarding security holes at level of operating systems, network , application software, and web applications details are generally available and various testing mechanism are in place to validate the claim of the vendor and verify the suitability of the tools for the requirements in both inclusive and exclusive way. In this paper security holes only at the hardware level is highlighted.

Security hole in hardware Physical on-site security can be as easy as confining missioncritical computers to a locked room, and restricting access to only those who are authorized. This also holds for servers, which are computers that function as a central routing point for information to and from the networked computers and the Internet. Many personal computer users pay to have this service provided by an Internet service provider (ISP). However, having an out-side provider can generate security threats and can be disruptive if the ISP ceases operation. Nowadays, many corporations opt to establish an in-house ISP. In this way the security of the corporate server is under direct control. With the exploding popularity of the Internet, hardware security has been extended to these electronic realms.

Computers that are connected to the Internet either directly or via hidden mobile chip are vulnerable to remote access, sabotage, and eavesdropping unless security measures are in place to buffer the computer from the outside electronic world. At the core of a network is a device called hub. A hub exchanges information among connected computers. While a hub relays information indiscriminately from computer to computer, a device called switch is more selective. Information can be sent to one user computer but not to another. The use of a switch allows a network administrator to control the information flow to authorized viewers, which can be a security issue. Printers, routers, cell phones, Programmable Logic Controller (PLC), Distributed Control System (DCS), Remote Terminal Unit (RTU) or an Intelligent Electronic Device (IED), are vulnerable to either innocent mistakes or deliberate design of human beings. Further, a secret espionage route can very well be established by planting a sophisticated chip at the motherboard or in any of the supporting components that get into action once the computer system is switched on and before running BIOS. The chip can very well gather information at the time of first installation and can have capacity to upgrade any modification carried out at the hardware level up to say 5 to 10 times.

Any computer hardware systems hardly undergo upgradation for more than 5 to 10 times during its technological life span.  Most of us do not realize that vulnerabilities can be just as prevalent in computer hardware as in any software. Computers also have an internal form of a lock and key. A security password that is needed to gain access to all of a computer's functions can be stored on a chip known as the BIOS chip. Unfortunately, a dedicated thief can easily circumvent this hardware security feature, by removing the hard drive and putting it into another computer with a different BIOS chip. Most of these vulnerabilities are not well publicized, but in the course of consistent observation and research it is seen that many controllers from even major brands are flawed to the degree that they could easily be exploited by a hacker. For example, one PLC failed while being scanned with a standard security port scanning tool, indicating a serious Transport Control Protocol (TCP) implementation issue. On further investigation of this device it was observed that its behavior completely violated the TCP specifications.

So me times the vulnerabilities are so serious that they have serious impacts on production, even without any attempt by a hacker. Physically securing switches and wiring closets are another concern for computer security. Measures like enclosing devices in a lockable cabinet or closet where possible and limiting access to authorized persons, are simple methods to prevent tampering or accidental de-coupling of a device link. Physical access to a device may allow an unauthorized person to destroy or modify configurations or switches the device back to the factory defaults either by cycling power or by depressing certain switch buttons. Anyone who uses a computer is all too aware of the numerous security vulnerabilities occurring in different layers of computer systems, especially at the hardware level. Once it is known, a mechanism can always be found to fill the holes before commissioning it for use.

3. POSSIBLE WAYS TO FILL THE HOLES One of the first security problems found in applications or computer hardware comes from configuration mistakes. There are two types of mistakes: default configuration and wrong configuration. Before configuring any of the hardware components, a set of approved configuration parameters according to reqirements should be in place. The initial step should be to set parameters with approved value and disable all that are not required. Never leave any of the parameters to its default value. It is a trap door that may be used by those who designed the hardware components that you are using. Further while testing a hardware component the following steps should be followed:

Step 1 : Specify explicitly inclusive of all services expected from the computer hardware e.g. it is going to be used as desktop, as a server for LAN, whether it will be connected to network, it will work as offline and standalone server, it will communicate through mobile technology etc. What type of data will be kept on the system? Whether data needs to be secure from privacy and secrecy point of view? And any other relevant queries like this.

Step 2 :  Specify what all services are not to be performed by the computer in any circumstances. If the computer performs any of the tasks then it is not the additional add on but noncompliance of the components! Feature like presence of any chip that generates RF of the range used by the local mobile service provider.

Step 3 : Prepare test cases to test any systems proposed to be acquired for the presence of features in Step1 and absence of feature in step 2.

Step 4 : While upgrading any of the components of the system, such components must undergo the same test from step 1 to step 3.

In order to build more secure systems, one has to understand why the current system has failed. Analyzing systems and understanding how to break them gives you a lot of insight into how to build better systems. Let us consider a miniscule computer chip called RFIDs, short for "radio-frequency

A successful security mechanism is that which ensures security of the message all along its life span and a successful hacking is one that expose the message within its life span.” Today, information security mechanisms heavily rely on vendors claim rather than foolproof checking, testing and validation of hardware, operating systems and any utility tools that we use in our information system infrastructure.

identification”. It sends and receives information over short distances (generally 10 feet or less) via very low-power radio waves. In the early days, RFID readers were quite specialized, like an FM radio that could only listen to one station i.e. a particular frequency. Now with the sophistication in technology there are RFID readers that could "read" the information from any RFID. In view of this it is not wise to consider the RFID world separate from the world of computers anymore. Thus absence of RFID chip in any component has to be ascertained before using the computer for encrypting secured confidential message on the system.  Most of the security professionals espouse Kerckhoff’s Principle — first published by the Dutch cryptographer Auguste Kerckhoff in 1883 — the idea that the design of all security systems should be made fully public, with the security dependent only on a secret key.

Public review of security designs also tends to catch flaws during the design process, rather than after the flaws become inherent in an expensive system. The flaw may be an espionage design if it is not reported. Thus while procuring a system, one must insist for the design details of the systems as a whole and for every component that matters in particular.  Another myth is that a Public-key algorithm has the property that different keys are used for encryption and decryption and that the decryption key cannot be derived from the encryption key.

It is true as long as the key pair is generated on a secure system to ensure that private key is not passed to the hacker through holes. Thus even while using PKI, the key generation and its publication must be carried out on a secure system. The same caution needs to be taken while creating digest of a message for verification using either MD5 or SHA. If more and more users understand the fundamental flaw of "proprietary security algorithms" and other marketing jargon that touts what amounts to security by obscurity, then manufacturers may start opening up more of their security designs to the public scrutiny, which will ultimately result in better security in our digital age.

5. CONCLUSION “A successful security mechanism is that which ensures security of the message all along its life span and a successful hacking is one that expose the message within its life span.” Today, information security mechanisms heavily rely on vendors claim rather than foolproof checking, testing and validation of hardware, operating systems and any utility tools that we use in our information system infrastructure.  In order to achieve total privacy and security of static data through an encryption scheme, it is the information system infrastructure that needs to be protected physically besides the keys used in the encryption. While encrypting static data on a system, the system must be isolated from any types of communication networks. Emphasis must be on indigenously developed components that build up to the system. Any components procured through vendors must be put on through test to ensure that there exist no holes.

Further, the growing complexity of the web related applications, shorter deadlines set to developers and administrators leads to presence of holes in the applications. The deadlines for such software development must be set reasonable any patchwork or framework based must be discouraged because any holes/bugs in frame/patch can automatically sneak into the developed system. The essential requirement for security is the provision for customized environment. It needs investment. If billions of rupees can be spent on the security of some VIPs and VVIPs then the hitch in investing a few millions on indigenous development of information security mechanism is beyond comprehension. A change in mindset is needed to step ahead and take the initiative.