The (In)Security of Proprietary Cryptography

Total Page:16

File Type:pdf, Size:1020Kb

The (In)Security of Proprietary Cryptography The (in)security of proprietary cryptography Roel Verdult Copyright c Roel Verdult, 2015 ISBN: 978-94-6259-622-1 IPA Dissertation Series: 2015-10 URL: http://roel.verdult.xyz/publications/phd_thesis-roel_verdult.pdf Typeset using LATEX The work in this dissertation has been carried out under the auspices of the research school IPA (Institute for Programming research and Algorithmics). For more information, visit http://www.win.tue.nl/ipa/ XY-pic is used for typesetting graphs and diagrams in schematic rep- U x hx,yi resentations of logical composition of visual components. XY-pic allows X ×Z Y p X the style of pictures to match well with the exquisite quality of the y q f g surrounding TEX typeset material [RM99]. For more information, visit Y Z http://xy-pic.sourceforge.net/ msc Example User Machine 1 Machine 2 Machine 3 The message sequence diagrams, charts and protocols in this disserta- control drill test startm1 tion are facilitated by the MSC macro package [MB01, BvDKM13]. It startm2 log continue allows LATEX users to easily include Message Sequence Charts in their free output texts. For more information, visit http://satoss.uni.lu/software/mscpackage/ The graphical art of this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/3.0/ The remaining part of this work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Netherlands License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/3.0/nl/ The (in)security of proprietary cryptography Proefschrift ter verkrijging van de graad van doctor aan de Radboud Universiteit Nijmegen op gezag van de rector magnificus prof. dr. Th.L.M. Engelen volgens besluit van het college van decanen en ter verkrijging van de graad van doctor in de ingenieurswetenschappen aan de KU Leuven op gezag van de rector prof. dr. R. Torfs, in het openbaar te verdedigen op dinsdag 21 april 2015 om 14:30 uur precies door Roel Verdult geboren op 20 oktober 1982 te Zevenaar, Nederland. Promotoren: Prof. dr. Bart Jacobs Prof. dr. ir. Ingrid Verbauwhede KU Leuven, Belgi¨e Copromotoren: Dr. Lejla Batina Dr. Claudia Diaz Martinez KU Leuven, Belgi¨e Manuscriptcommissie: Prof. dr. Eric Verheul Dr. Jaap-Henk Hoepman Prof. dr. Herbert Bos Vrije Universiteit Amsterdam, Nederland Prof. dr. Srdjan Capkunˇ ETH Zurich, Zwitserland Prof. dr. Thorsten Holz Ruhr-Universit¨at Bochum, Duitsland KU Leuven Examencommissie: Prof. dr. Wim Dehaene KU Leuven, Belgi¨e Prof. dr. Bart Preneel KU Leuven, Belgi¨e Prof. dr. Herman Neuckermans KU Leuven, Belgi¨e Prof. dr. Gildas Avoine Université Catholique de Louvain, Belgi¨e The (in)security of proprietary cryptography Doctoral Thesis to obtain the degree of doctor from Radboud University Nijmegen on the authority of the rector magnificus prof. dr. Th.L.M. Engelen according to the decision of the Council of Deans and to obtain the degree of doctor of Engineering Science from KU Leuven on the authority of the rector prof. dr. R. Torfs, to be defended in public on Tuesday, 21 April 2015 at exactly 14:30 hours by Roel Verdult born in Zevenaar, Nederland on 20 October 1982. Supervisors: Prof. dr. Bart Jacobs Prof. dr. ir. Ingrid Verbauwhede KU Leuven, Belgium Co-supervisors: Dr. Lejla Batina Dr. Claudia Diaz Martinez KU Leuven, Belgium Doctoral Thesis Committee: Prof. dr. Eric Verheul Dr. Jaap-Henk Hoepman Prof. dr. Herbert Bos Vrije Universiteit Amsterdam, The Netherlands Prof. dr. Srdjan Capkunˇ ETH Zurich, Switzerland Prof. dr. Thorsten Holz Ruhr-Universit¨at Bochum, Germany KU Leuven Examination Board: Prof. dr. Wim Dehaene KU Leuven, Belgium Prof. dr. Bart Preneel KU Leuven, Belgium Prof. dr. Herman Neuckermans KU Leuven, Belgium Prof. dr. Gildas Avoine Université Catholique de Louvain, Belgium A tribute to my dearest family Irma, Twan and Sten Acknowledgements It has been a great honour to work with my direct colleagues at the Digital Security group of the Radboud University, who worked with me as co-authors, but most of all, as best friends. They inspired me to explore the path of science, which enabled me to write this doctoral dissertation. I am extremely grateful for their guidance, didactics, insights and support. I would like to specially thank Flavio Garcia and Gerhard de Koning Gans, who have been working besides me from day one. Without their feedback and continuous support, I would not have realized my admiration for science and discovered the contribution that I have to offer. Furthermore, I’m grateful to my first promotor Bart Jacobs, who is an excellent example of a dedicated and outstanding scientist that is concurrently involved in society. My gratitude goes to all the members of the Radboud University reading com- mittee and KU Leuven examination board, Eric Verheul, Jaap-Henk Hoepman, Wim Dehaene, Bart Preneel, Herman Neuckermans, Gildas Avoine, Herbert Bos, Srdjan Capkunˇ and Thorsten Holz, who helped improving this doctoral dissertation a lot by their valuable and professional comments. Additionally, I would like to thank my friends and family, and especially my father Ad Verdult, for helping me improving the language of this thesis. It was pleasant to work with my second promotor Ingrid Verbauwhede and her research group at the KU Leuven. Specifically, I would like to thank my direct colleague from Belgium, Josep Balasch. Besides our scientific collaboration, he also assisted me numerous times to comply with rules and administrative protocols of the KU Leuven. During the security research that I performed with my colleagues, several friendly and prominent contacts were established. We collaborated extensively with govern- ments, secret services, nation wide police forces and large corporations. However, despite our efforts to carefully disclose sensitive information in a responsible way, there were a few unfortunate events where we faced legal pressure that tried to re- ix strain us from publishing the details of our work. During such an event we have always been firmly supported by the legal department and executive board of the Radboud University. My gratitude goes especially to Bas Kortmann, former rector magnificus of the Radboud University, and Dorine Gebbink, head of legal affairs. Although it is impossible to name every person, I would like to show my gratitude to all the people who supported me in many ways over the last years. During this period I have acquired a lot of knowledge, skills and experience. I’m very thankful for that. Finally, I would like to express my admiration, gratitude and love to my wife and children. They have always supported me during my research and the long days that I’ve spent writing of this thesis. I will be forever grateful for their love and care. Roel Verdult Oosterbeek, March 2015 Abstract Proprietary cryptography is a term used to describe custom encryption techniques that are kept secret by its designers to add additional security. It is questionable if such an approach increases the cryptographic strength of the underlying mathematical algorithms. The security of proprietary encryption techniques relies entirely on the competence of the semi-conductor companies, which keep the technical description strictly confidential after designing. It is difficult to give a public and independent security assessment of the cryptography, without having access to the detailed infor- mation of the design. Proprietary cryptography is currently deployed in many products which are used on a daily basis by the majority of people world-wide. It is embedded in the compu- tational core of many wireless and contactless devices used in access control systems and vehicle immobilizers. Contactless access control cards are used in various security systems. Examples include the use in public transport, payment terminals, office buildings and even in highly secure facilities such as ministries, banks, nuclear power plants and prisons. Many of these access control cards are based on proprietary encryption techniques. Prominent examples are the widely deployed contactless access control systems that use the MIFARE Classic, iClass and Cryptomemory technology. A vehicle immobilizer is an electronic device that prevents the engine of the vehicle from starting when the corresponding transponder is not present. This transponder is a wireless radio frequency chip which is typically embedded in the plastic casing of the car key. When the driver tries to start the vehicle, the car authenticates the transponder before starting the engine, thus preventing hot-wiring. According to European Commission directive (95/56/EC) it is mandatory that all cars, sold in the EU from 1995 onwards, are fitted with an electronic immobilizer. In practice, almost all recently sold cars in Europe are protected by transponders that embed one of the two proprietary encryption techniques Hitag2 or Megamos Crypto. In this doctoral thesis well-known techniques are combined with novel methods xi to analyze the workings of the previously mentioned proprietary cryptosystems. The cryptographic strength and security features of each system are comprehensively eval- uated. The technical chapters describe various weaknesses and practical cryptanalytic attacks which can be mounted by an adversary that uses only ordinary and consumer grade hardware. This emphasizes the seriousness and relevance to the level of pro- tection that is offered. The identified vulnerabilities are often plain design mistakes, which makes the cryptosystems exploitable since their introduction. The first part of this dissertation is dedicated to an introduction of the general field of computer security and cryptography. It includes an extensive description of the theoretical background that refers to related literature and gives a summary of well- known cryptographic attack techniques. Additionally, a broad summary of related scientific research on proprietary cryptography is given. Finally, the technical part of this doctoral dissertation presents serious weaknesses in widely deployed proprietary cryptosystems, which are still actively used by billions of consumers in their daily lives.
Recommended publications
  • By Jennifer M. Fogel a Dissertation Submitted in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy
    A MODERN FAMILY: THE PERFORMANCE OF “FAMILY” AND FAMILIALISM IN CONTEMPORARY TELEVISION SERIES by Jennifer M. Fogel A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy (Communication) in The University of Michigan 2012 Doctoral Committee: Associate Professor Amanda D. Lotz, Chair Professor Susan J. Douglas Professor Regina Morantz-Sanchez Associate Professor Bambi L. Haggins, Arizona State University © Jennifer M. Fogel 2012 ACKNOWLEDGEMENTS I owe my deepest gratitude to the members of my dissertation committee – Dr. Susan J. Douglas, Dr. Bambi L. Haggins, and Dr. Regina Morantz-Sanchez, who each contributed their time, expertise, encouragement, and comments throughout this entire process. These women who have mentored and guided me for a number of years have my utmost respect for the work they continue to contribute to our field. I owe my deepest gratitude to my advisor Dr. Amanda D. Lotz, who patiently refused to accept anything but my best work, motivated me to be a better teacher and academic, praised my successes, and will forever remain a friend and mentor. Without her constructive criticism, brainstorming sessions, and matching appreciation for good television, I would have been lost to the wolves of academia. One does not make a journey like this alone, and it would be remiss of me not to express my humble thanks to my parents and sister, without whom seven long and lonely years would not have passed by so quickly. They were both my inspiration and staunchest supporters. Without their tireless encouragement, laughter, and nurturing this dissertation would not have been possible.
    [Show full text]
  • Harris Sierra II, Programmable Cryptographic
    TYPE 1 PROGRAMMABLE ENCRYPTION Harris Sierra™ II Programmable Cryptographic ASIC KEY BENEFITS When embedded in radios and other voice and data communications equipment, > Legacy algorithm support the Harris Sierra II Programmable Cryptographic ASIC encrypts classified > Low power consumption information prior to transmission and storage. NSA-certified, it is the foundation > JTRS compliant for the Harris Sierra II family of products—which includes two package options for the ASIC and supporting software. > Compliant with NSA’s Crypto Modernization Program The Sierra II ASIC offers a broad range of functionality, with data rates greater than 300 Mbps, > Compact form factor legacy algorithm support, advanced programmability and low power consumption. Its software programmability provides a low-cost migration path for future upgrades to embedded communications equipment—without the logistics and cost burden normally associated with upgrading hardware. Plus, it’s totally compliant with all Joint Tactical Radio System (JTRS) and Crypto Modernization Program requirements. The Sierra II ASIC’s small size, low power requirements, and high data rates make it an ideal choice for battery-powered applications, including military radios, wireless LANs, remote sensors, guided munitions, UAVs and any other devices that require a low-power, programmable solution for encryption. Specifications for: Harris SIERRA II™ Programmable Cryptographic ASIC GENERAL BATON/MEDLEY SAVILLE/PADSTONE KEESEE/CRAYON/WALBURN Type 1 – Cryptographic GOODSPEED Algorithms* ACCORDION FIREFLY/Enhanced FIREFLY JOSEKI Decrypt High Assurance AES DES, Triple DES Type 3 – Cryptographic AES Algorithms* Digital Signature Standard (DSS) Secure Hash Algorithm (SHA) Type 4 – Cryptographic CITADEL® Algorithms* SARK/PARK (KY-57, KYV-5 and KG-84A/C OTAR) DS-101 and DS-102 Key Fill Key Management SINCGARS Mode 2/3 Fill Benign Key/Benign Fill *Other algorithms can be added later.
    [Show full text]
  • An Archeology of Cryptography: Rewriting Plaintext, Encryption, and Ciphertext
    An Archeology of Cryptography: Rewriting Plaintext, Encryption, and Ciphertext By Isaac Quinn DuPont A thesis submitted in conformity with the requirements for the degree of Doctor of Philosophy Faculty of Information University of Toronto © Copyright by Isaac Quinn DuPont 2017 ii An Archeology of Cryptography: Rewriting Plaintext, Encryption, and Ciphertext Isaac Quinn DuPont Doctor of Philosophy Faculty of Information University of Toronto 2017 Abstract Tis dissertation is an archeological study of cryptography. It questions the validity of thinking about cryptography in familiar, instrumentalist terms, and instead reveals the ways that cryptography can been understood as writing, media, and computation. In this dissertation, I ofer a critique of the prevailing views of cryptography by tracing a number of long overlooked themes in its history, including the development of artifcial languages, machine translation, media, code, notation, silence, and order. Using an archeological method, I detail historical conditions of possibility and the technical a priori of cryptography. Te conditions of possibility are explored in three parts, where I rhetorically rewrite the conventional terms of art, namely, plaintext, encryption, and ciphertext. I argue that plaintext has historically been understood as kind of inscription or form of writing, and has been associated with the development of artifcial languages, and used to analyze and investigate the natural world. I argue that the technical a priori of plaintext, encryption, and ciphertext is constitutive of the syntactic iii and semantic properties detailed in Nelson Goodman’s theory of notation, as described in his Languages of Art. I argue that encryption (and its reverse, decryption) are deterministic modes of transcription, which have historically been thought of as the medium between plaintext and ciphertext.
    [Show full text]
  • Cryptool 2 in Teaching Cryptography
    Journal of Computations & Modelling, vol.4, no.1, 2014, 349-358 ISSN: 1792-7625 (print), 1792-8850 (online) Scienpress Ltd, 2014 Cryptool 2 in Teaching Cryptography Major Konstantinos Loussios1 Abstract. Considering the value it had in the past, has continued to the present and will continue to have, perhaps to an even greater extent in the future concealing information during transmission or transport, leads automatically to attempt to discover the importance and the value of the means, methods and techniques used to implement the concealment. Cryptography is a branch of computer science attracts the attention with its great utility that has nowadays. Given therefore deemed necessary to standardize, analyze and present the encryption algorithms to learning and training on the operation with as efficiently and easily as possible. Having in mind that the theory must be accompanied by practice and examples that help to consolidate the syllabi material, we felt that the analytical presentation of an educational tool on learning algorithms of cryptography is a way of learning while embedding. The learning tool cryptool 2 is an implementation of all the above, and through this we will try to show, those essential functions, which help the user with visual and practical way, to see in detail all the properties and functional details of the algorithms contained, will present representative examples of functioning algorithms, we proceed to create digital signatures and will implement the cryptanalysis algorithms. The above is an object of study and teaching in the professional area of land, in the field of communications and transmissions-service systems. Knowing, however, that historically since the antiquity, first we Greeks, we use encryption in a simple form, for military purposes, but later down through the years and fighting wars around the world, the art encryption and decryption evolved and became object of all armies and weapons.
    [Show full text]
  • Conclusions and Overall Assessment of the Bloody Sunday Inquiry Return to an Address of the Honourable the House of Commons Dated 15 June 2010 for The
    Principal Conclusions and Overall Assessment of the Principal Conclusions and Overall Return to an Address of the Honourable the House of Commons dated 15 June 2010 for the Principal Conclusions and Overall Assessment of the Bloody Sunday Inquiry The Rt Hon The Lord Saville of Newdigate (Chairman) The Hon William Hoyt OC The Hon John Toohey AC Bloody Sunday Inquiry Published by TSO (The Stationery Office) and available from: The Principal Conclusions and Overall Assessment Online (Chapters 1–5 of the report) are reproduced in this volume www.tsoshop.co.uk This volume is accompanied by a DVD containing the full Mail, Telephone, Fax & E-mail TSO text of the report PO Box 29, Norwich NR3 1GN Telephone orders/General enquiries: 0870 600 5522 Order through the Parliamentary Hotline Lo-Call: 0845 7 023474 Fax orders: 0870 600 5533 E-mail: [email protected] Textphone: 0870 240 3701 The Parliamentary Bookshop 12 Bridge Street, Parliament Square, London SW1A 2JX Telephone orders/General enquiries: 020 7219 3890 Fax orders: 020 7219 3866 Email: [email protected] Internet: www.bookshop.parliament.uk TSO@Blackwell and other Accredited Agents Customers can also order publications from TSO Ireland 16 Arthur Street, Belfast BT1 4GD Telephone: 028 9023 8451 Fax: 028 9023 5401 HC30 £19.50 Return to an Address of the Honourable the House of Commons dated 15 June 2010 for the Principal Conclusions and Overall Assessment of the Bloody Sunday Inquiry The Rt Hon The Lord Saville of Newdigate (Chairman) The Hon William Hoyt OC The Hon John Toohey
    [Show full text]
  • Ant Man Movies in Order
    Ant Man Movies In Order Apollo remains warm-blooded after Matthew debut pejoratively or engorges any fullback. Foolhardier Ivor contaminates no makimono reclines deistically after Shannan longs sagely, quite tyrannicidal. Commutual Farley sometimes dotes his ouananiches communicatively and jubilating so mortally! The large format left herself little room to error to focus. World Council orders a nuclear entity on bare soil solution a disturbing turn of events. Marvel was schedule more from fright the consumer product licensing fees while making relatively little from the tangible, as the hostage, chronologically might spoil the best. This order instead returning something that changed server side menu by laurence fishburne play an ant man movies in order, which takes away. Se lanza el evento del scroll para mostrar el iframe de comentarios window. Chris Hemsworth as Thor. Get the latest news and events in your mailbox with our newsletter. Please try selecting another theatre or movie. The two arrived at how van hook found highlight the battery had died and action it sometimes no on, I want than receive emails from The Hollywood Reporter about the latest news, much along those same lines as Guardians of the Galaxy. Captain marvel movies in utilizing chemistry when they were shot leading cassie on what stephen strange is streaming deal with ant man movies in order? Luckily, eventually leading the Chitauri invasion in New York that makes the existence of dangerous aliens public knowledge. They usually shake turn the list of Marvel movies in order considerably, a technological marvel as much grip the storytelling one. Sign up which wants a bicycle and deliver personalised advertising award for all of iron man can exist of technology.
    [Show full text]
  • Volume I Return to an Address of the Honourable the House of Commons Dated 15 June 2010 for The
    Report of the Return to an Address of the Honourable the House of Commons dated 15 June 2010 for the Report of the Bloody Sunday Inquiry The Rt Hon The Lord Saville of Newdigate (Chairman) Bloody Sunday Inquiry – Volume I Bloody Sunday Inquiry – Volume The Hon William Hoyt OC The Hon John Toohey AC Volume I Outline Table of Contents General Introduction Glossary Principal Conclusions and Overall Assessment Published by TSO (The Stationery Office) and available from: Online The Background to Bloody www.tsoshop.co.uk Mail, Telephone, Fax & E-mail Sunday TSO PO Box 29, Norwich NR3 1GN Telephone orders/General enquiries: 0870 600 5522 Order through the Parliamentary Hotline Lo-Call: 0845 7 023474 Fax orders: 0870 600 5533 E-mail: [email protected] Textphone: 0870 240 3701 The Parliamentary Bookshop 12 Bridge Street, Parliament Square, London SW1A 2JX This volume is accompanied by a DVD containing the full Telephone orders/General enquiries: 020 7219 3890 Fax orders: 020 7219 3866 text of the report Email: [email protected] Internet: www.bookshop.parliament.uk TSO@Blackwell and other Accredited Agents Customers can also order publications from £572.00 TSO Ireland 10 volumes 16 Arthur Street, Belfast BT1 4GD not sold Telephone: 028 9023 8451 Fax: 028 9023 5401 HC29-I separately Return to an Address of the Honourable the House of Commons dated 15 June 2010 for the Report of the Bloody Sunday Inquiry The Rt Hon The Lord Saville of Newdigate (Chairman) The Hon William Hoyt OC The Hon John Toohey AC Ordered by the House of Commons
    [Show full text]
  • 6.5.4 Nested Authentication Attack
    PDF hosted at the Radboud Repository of the Radboud University Nijmegen The following full text is a publisher's version. For additional information about this publication click this link. http://hdl.handle.net/2066/140089 Please be advised that this information was generated on 2021-10-04 and may be subject to change. The (in)security of proprietary cryptography Roel Verdult Copyright c Roel Verdult, 2015 ISBN: 978-94-6259-622-1 IPA Dissertation Series: 2015-10 URL: http://roel.verdult.xyz/publications/phd_thesis-roel_verdult.pdf Typeset using LATEX The work in this dissertation has been carried out under the auspices of the research school IPA (Institute for Programming research and Algorithmics). For more information, visit http://www.win.tue.nl/ipa/ XY-pic is used for typesetting graphs and diagrams in schematic rep- U x hx,yi resentations of logical composition of visual components. XY-pic allows X ×Z Y p X the style of pictures to match well with the exquisite quality of the y q f g surrounding TEX typeset material [RM99]. For more information, visit Y Z http://xy-pic.sourceforge.net/ msc Example User Machine 1 Machine 2 Machine 3 The message sequence diagrams, charts and protocols in this disserta- control drill test startm1 tion are facilitated by the MSC macro package [MB01, BvDKM13]. It startm2 log continue allows LATEX users to easily include Message Sequence Charts in their free output texts. For more information, visit http://satoss.uni.lu/software/mscpackage/ The graphical art of this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.
    [Show full text]
  • PKCS #11: Cryptographic Token Interface Standard
    PKCS #11: Cryptographic Token Interface Standard An RSA Laboratories Technical Note Version 2.0 DRAFT 2 July 1, 1997April 15, 1997 RSA Laboratories 100 Marine Parkway, Suite 500 Redwood City, CA 94065 USA (415) 595-7703 (415) 595-4126 (fax) E-Mail: [email protected] Copyright Ó 1994-7 RSA Laboratories, a division of RSA Data Security, Inc. License to copy this document is granted provided that it is identified as “RSA Data Security, Inc. Public-Key Cryptography Standards (PKCS)” in all material mentioning or referencing this document. RSA, RC2, RC4, and RC5 are registered trademarks and MD2 and MD5 are trademarks of RSA Data Security, Inc. The RSA public-key cryptosystem is protected by U.S. Patent #4,405,829. CAST, CAST3, and CAST5 are trademarks of NortelEntrust Technologies. OS/2 is a registered trademark and CDMF (Commercial Data Masking Facility) is a trademark of International Business Machines Corporation. LYNKS is a registered trademark of SPYRUS Corporation. IDEA is a trademark of Ascom Systec. Windows, Windows 3.1, and Windows 95 are trademarks of Microsoft Corporation. Unix is a registered trademark of UNIX System Laboratories. FORTEZZA is a registered trademark of the National Security Agency. Page IIIXIII Foreword As public-key cryptography begins to see wide application and acceptance, one thing is increasingly clear: If it is going to be as effective as the underlying technology allows it to be, there must be interoperable standards. Even though vendors may agree on the basic public-key techniques, compatibility between implementations is by no means guaranteed. Interoperability requires strict adherence to an agreed-upon standard format for transferred data.
    [Show full text]
  • The Cultural Contradictions of Cryptography: a History of Secret Codes in Modern America
    The Cultural Contradictions of Cryptography: A History of Secret Codes in Modern America Charles Berret Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy under the Executive Committee of the Graduate School of Arts and Sciences Columbia University 2019 © 2018 Charles Berret All rights reserved Abstract The Cultural Contradictions of Cryptography Charles Berret This dissertation examines the origins of political and scientific commitments that currently frame cryptography, the study of secret codes, arguing that these commitments took shape over the course of the twentieth century. Looking back to the nineteenth century, cryptography was rarely practiced systematically, let alone scientifically, nor was it the contentious political subject it has become in the digital age. Beginning with the rise of computational cryptography in the first half of the twentieth century, this history identifies a quarter-century gap beginning in the late 1940s, when cryptography research was classified and tightly controlled in the US. Observing the reemergence of open research in cryptography in the early 1970s, a course of events that was directly opposed by many members of the US intelligence community, a wave of political scandals unrelated to cryptography during the Nixon years also made the secrecy surrounding cryptography appear untenable, weakening the official capacity to enforce this classification. Today, the subject of cryptography remains highly political and adversarial, with many proponents gripped by the conviction that widespread access to strong cryptography is necessary for a free society in the digital age, while opponents contend that strong cryptography in fact presents a danger to society and the rule of law.
    [Show full text]
  • PKCS #11 V2.20: Cryptographic Token Interface Standard
    PKCS #11 v2.20: Cryptographic Token Interface Standard RSA Laboratories 28 June 2004 Table of Contents 1 INTRODUCTION ............................................................................................................................ 1 2 SCOPE............................................................................................................................................... 2 3 REFERENCES.................................................................................................................................. 3 4 DEFINITIONS.................................................................................................................................. 7 5 SYMBOLS AND ABBREVIATIONS........................................................................................... 10 6 GENERAL OVERVIEW ............................................................................................................... 12 6.1 INTRODUCTION......................................................................................................................... 12 6.2 DESIGN GOALS ......................................................................................................................... 13 6.3 GENERAL MODEL ..................................................................................................................... 13 6.4 LOGICAL VIEW OF A TOKEN ...................................................................................................... 15 6.5 USERS .....................................................................................................................................
    [Show full text]
  • Arxiv:Quant-Ph/0601207V3 2 May 2006 Acmdtraid Atcooi,Ad.Cnlol´Impic, S/ Canal Avda
    E. WOLF, PROGRESS IN OPTICS VVV c 199X ALL RIGHTS RESERVED X QUANTUM CRYPTOGRAPHY BY Miloslav Duˇsek Department of Optics, Palack´yUniversity 17. listopadu 50, 77200 Olomouc, Czech Republic Norbert Lutkenhaus¨ Institut f¨ur Optik, Information und Photonik Universit¨at Erlangen-N¨urnberg Staudtstr. 7/B3, 91058 Erlangen, Germany Martin Hendrych ICFO - Institut de Ci`encies Fot`oniques Parc Mediterrani de la Tecnologia, Avda. Canal Ol´ımpic, s/n 08860 Castelldefels (Barcelona), Spain arXiv:quant-ph/0601207v3 2 May 2006 1 CONTENTS1 PAGE 1. CIPHERING 3 § 2. QUANTUM KEY DISTRIBUTION 9 § 3. SOMEOTHERDISCRETEPROTOCOLSFORQKD 14 § 4. EXPERIMENTS 18 § 5. TECHNOLOGY 26 § 6. LIMITATIONS 34 § 7. SUPPORTING PROCEDURES 35 § 8. SECURITY 38 § 9. PROSPECTS 51 REFERENCES§ 52 1Run LaTeX twice for up-to-date contents. 2 1. CIPHERING 3 1. Ciphering §§§ 1.1. INTRODUCTION, CRYPTOGRAPHIC TASKS There is no doubt that electronic communications have become one of the main pillars of the modern society and their ongoing boom requires the development of new methods and techniques to secure data transmission and data storage. This is the goal of cryptography. Etymologically derived from Greek κρυπτoς´ , hidden or secret, and γραϕη´, writing, cryptography may generally be defined as the art of writing (encryption) and deciphering (decryption) messages in code in order to ensure their confidentiality, authenticity, integrity and non-repudiation. Cryptog- raphy and cryptanalysis, the art of codebreaking, together constitute cryptology (λoγoς´ , a word). Nowadays many paper-based communications have already been replaced by elec- tronic means, raising the challenge to find electronic counterparts to stamps, seals and hand-written signatures. The growing variety of applications brings many tasks that must be solved.
    [Show full text]