Most people may strive for moral and ethical righteousness. But it's still a scary world, especially when it comes to technology. Laptops and hard-disk drives with valuable and confidential commercial information seem to be stolen every day. Mainframes containing similarly sensitive data are routinely hacked. Certain semiconductor companies are overproducing chips to later sell on the black market. And it's only getting worse.
Viruses, financial fraud, computer theft, and network intrusion cost U.S. businesses $67 billion a year, according to a January 2006 report from the FBI. Likewise, a 2006 survey from the Ponemon Institute, Vontu Inc., and PGP Corp. says the average business loss from unauthorized data access grew 31% to $182 per compromised record. The total cost to each business ranges from less than $1 million to over $22 million, with an average of over $4 million.
Yet Gartner VP Avivah Litan says a company with 10,000 accounts can spend an up-front cost of $6 per account to encrypt its data and up to $16 per account for more sophisticated security.
Compared to Ponemon's $182 figure, recovering from data loss costs 11 to 30 times as much as prevention. So what does it take to make your next product more secure? Commodity IP may be a good place to start.
THE IP IS OUT THERE Plenty of algorithms are available in IP form for designers to use in their ASICs and FPGAs (see "Security IP Definitions"). But cryptography algorithms are a lot like sports records, only lasting a few years before they're broken. A few standards have achieved some longevity, though.
• Advanced Encryption Standard (AES): Based on the Rijndael (pronounced "Rhine Doll") algorithm, AES is the official U.S. federal government standard for information technology encryption as adopted by the Computer Security Resource Center (CSRC) of the National Institute of Standards and Technology (NIST). This symmetric key 128-block cipher and successor to the Data Encryption Standard (DES) also is used in the private sector worldwide.
Listed as Federal Information Processing Standard 197 (FIPS 197), AES was selected by the government because of its resistance to linear and differential cryptanalysis. Key sizes include 128, 192, and 256 bits. While 128-bit keys can be used for information classified by the government as "Secret," "Top Secret" classification requires 192- or 256-bit keys. To date, only side-channel attacks have been able to break AES.
• Data Encryption Standard: Adopted in the 1970s as a FIPS standard, DES is now considered too insecure for most applications, as its 56-bit key can be broken in less than 24 hours. Yet it's still used today, and Triple DES (known by several names and available in several varieties) was designed to overcome some of its flaws. While AES is supplanting its use, DES sees prolific use in e-commerce and smart cards.
• RSA: Named after inventors Rivest, Shamir, and Adleman, RSA is an asymmetric key-based algorithm suitable for both authentication and encryption. Its usage normally is governed by one of the Public Key Cryptographic Standards (PKCS), which are non-industry standards. Since the RSA algorithm depends on the product of two large prime numbers, it can be broken in less time than other algorithms using smaller key sizes. For example, when compared to AES using a key size of 256 bits, the RSA key size would need to be roughly 13,500 bits1.
• Secure Hash Algorithm (SHA): This standard is a collection of several algorithms that employ secure hashing. Five of these algorithms are FIPS-approved under publication 180. Hashing is the process of taking a string of arbitrary length and producing a fixed-length string as output. Designed to supercede the MD5 cipher due to its relative insecurity based on lack of collision resistance, hashing is suitable for authentication and message integrity.
The full version of SHA-1 can be compromised in 263 operations, as compared to SHA-1 brute force attacks that withstand on the order of 280 operations. At 1 million operations per second, 263 operations would take roughly 292,000 years to break. But experts fear a more sophisticated attack can be found based on the current one using a large network of computers. That's why NIST recommends using a SHA-2-based cipher.
• Elliptic Curve Cryptography (ECC): This asymmetric key cipher comprises algebraic constructs known as elliptic curves based on the equation y2 = x3 + ax + b or some similar variation. Bit for bit, ECC is considered both more efficient and secure than RSA.
ECC hasn't been vulnerable to sub-exponential attacks to date, so it's being adopted in both authentication-based (normally as ECDSA) and encryption-based algorithms. The Standards for Efficient Cryptography Group (SECG) is the governing body for some ECC-based algorithms.
Reprints
