Most people may strive for moral and
ethical righteousness. But it's still a
scary world, especially when it comes
to technology. Laptops and hard-disk
drives with valuable and confidential
commercial information seem to be
stolen every day. Mainframes containing similarly sensitive data are
routinely hacked. Certain semiconductor companies are
overproducing chips to later sell on the black market. And
it's only getting worse.
Viruses, financial fraud, computer theft, and network intrusion cost U.S. businesses $67 billion a year, according to a
January 2006 report from the
FBI. Likewise, a 2006 survey
from the Ponemon Institute,
Vontu Inc., and PGP Corp. says
the average business loss from
unauthorized data access grew
31% to $182 per compromised
record. The total cost to each
business ranges from less than $1
million to over $22 million, with
an average of over $4 million.
Yet Gartner VP Avivah Litan
says a company with 10,000
accounts can spend an up-front
cost of $6 per account to encrypt
its data and up to $16 per account
for more sophisticated security.
Compared to Ponemon's $182 figure, recovering from data
loss costs 11 to 30 times as much as prevention. So what does
it take to make your next product more secure? Commodity IP
may be a good place to start.
THE IP IS OUT THERE
Plenty of algorithms are available
in IP form for designers to use in their ASICs and FPGAs (see
"Security IP Definitions"). But cryptography algorithms are a lot
like sports records, only lasting a few years before they're broken. A few standards have achieved
some longevity, though.
• Advanced Encryption Standard (AES):
Based on the Rijndael (pronounced
"Rhine Doll") algorithm, AES is the
official U.S. federal government standard for information technology encryption as adopted by the Computer Security Resource Center (CSRC) of the
National Institute of Standards and
Technology (NIST). This symmetric key
128-block cipher and successor to the
Data Encryption Standard (DES) also is
used in the private sector worldwide.
Listed as Federal Information Processing Standard 197 (FIPS 197), AES
was selected by the government
because of its resistance to linear and
differential cryptanalysis. Key sizes
include 128, 192, and 256 bits. While
128-bit keys can be used for information classified by the government as
"Secret," "Top Secret" classification
requires 192- or 256-bit keys. To date,
only side-channel attacks have been
able to break AES.
• Data Encryption Standard: Adopted in
the 1970s as a FIPS standard, DES is
now considered too insecure for most
applications, as its 56-bit key can be
broken in less than 24 hours. Yet it's
still used today, and Triple DES
(known by several names and available in several varieties) was designed to overcome some of its flaws. While AES is
supplanting its use, DES sees prolific use in e-commerce and smart cards.
• RSA: Named after inventors Rivest, Shamir, and Adleman, RSA is an asymmetric key-based algorithm suitable for both authentication and encryption. Its usage normally is governed by one of the Public Key Cryptographic Standards (PKCS), which are
non-industry standards. Since the RSA algorithm depends
on the product of two large prime numbers, it can be broken in less time than other algorithms using smaller key
sizes. For example, when compared to AES using a key size
of 256 bits, the RSA key size would need to be roughly 13,500 bits1.
• Secure Hash Algorithm (SHA): This standard is a collection
of several algorithms that employ secure hashing. Five of
these algorithms are FIPS-approved under publication 180.
Hashing is the process of taking a string of arbitrary length
and producing a fixed-length string as output. Designed to supercede the MD5 cipher due to its relative insecurity based on lack of collision resistance, hashing is
suitable for authentication and message integrity.
The full version of SHA-1 can be compromised
in 263 operations, as compared to SHA-1 brute
force attacks that withstand on the order of 280 operations. At 1 million operations per second, 263 operations would take roughly 292,000 years to break. But
experts fear a more sophisticated attack can be found based
on the current one using a large
network of computers. That's
why NIST recommends using a
SHA-2-based cipher.
• Elliptic Curve Cryptography
(ECC): This asymmetric key
cipher comprises algebraic
constructs known as elliptic
curves based on the equation
y2 = x3 + ax + b or some similar variation. Bit for bit, ECC
is considered both more efficient and secure than RSA.
ECC hasn't been vulnerable to sub-exponential
attacks to date, so it's being
adopted in both authentication-based (normally as
ECDSA) and encryption-based algorithms. The Standards for Efficient Cryptography Group (SECG) is the
governing body for some
ECC-based algorithms.