Information Assurance e-Library

Cryptography:

General Links

Cryptorights Foundation - 'Security For Human Rights and Human Rights for Cryptographers'.
Weaknesses in the Key Scheduling Algorithm of RC4Federal Information Processing Standards publication 186 detailing the algorithm for The Digital Signature Standard(DSS)NIST- information about NIST's new selection for the AES(Advanced Encryption Standard) including algorithm specifications, reference code, test values, and intelluctual property statements.
Cryptography ResearchCryptography A-ZCryptography References
Cryptograohy FAQRSA Security - Cryptography FAQsApplied cryptography Online Book
Cryptography news and policyCryptography archiveCryptography softwares
US Policies on CryptographyCRYPTOGRAPHY AND LIBERTYCryptography articles
cryptography book 'Why Cryptography Is Harder Than It Looks'Attacks on cipheringJava cryptography Extension
Netsurfer Focus on CryptographyCryptography OverviewCryptography and Encryption
Cryptologic History and the National Security Agency - One of the tasks of the NSA's Cryptological History Program is to document the role of cryptology in American history. This page contains links to several of the publications and operational documents about significant cryptological events and activities throughout the NSA's history.Cryptography resourcesCryptography and Information Security
Message Transmission Security (or 'Cryptography in Plain Text')CRYPTO-CONFUSION (Mutual Non-Comprehension Threatens Exploitation of the GII)NIST modes of operation
Chaffing and WinnowingNew light shed on unbreakable encryptionEncryption Resource Page
Snake Oil Warning Signs: Encryption Software to Avoid; Interhack.Net, the research site of Interhack (2003) - This page is a FAQ-style compilation of the habits of "Snake Oil Vendors", the sellers of overrated or useless cryptography packages. Rather than labeling a specific package or algorithm as "Good" or "Bad", the focus is on discussing the sales pitches and claims used to make "Bad" software look "Good". SSH: Documentation - This is a general links page for SSH. This includes an introduction to SSH as well as a link to the SSH RFC. This is focused mainly on UNIX.Effort to crack Xbox code abandoned - The article discusses a scheme to crack the code used to authenticate official games for the Xbox games console and states that the scheme was abandoned for "legal concerns".
Cryptology - An Overview - by Costas Christoyannis (1998); This site provides and overview of crytography including an introduction, various techniques such as public key,cryptography, block ciphers,stream ciphers,hash functions and other techniques. It also includes a description of common encryption algorithms. These pages are based on various documents, papers and books designed to help the Internet Community understand cryptography.Using Matrices for Cryptography - by Douglas Jones; Discussion and step-by-step examples of using matrics for polyalphabetic cipher encryption and decryption. Mathematical approach that touches on using probability and Measure of Roughness in conjunction with matrices.International Association for Cryptologic Research - The IACR is a non-profit scientific organization dedicated to further research in cryptography and related fields. The site contains numerous articles, job listings, and very detailed list of events including the three major conferences IACR sponsors each year: Asiacrypt, Eurocrypt, and Crypto.
Encryption and Security-related Resources - This site provides a number of security and encryption related links covering topics such as software, security agencies and organizations, people, books and publications, and security laws. The site also includes links to a number of mirror sites.Can 1024-bit Keys be Cracked? All in Good Time - By Jeff Forristal April 12, 2002; This article discusses using specialized hardware to factor encryption keys using large prime numbers. The author states that to protect sensitive data longer, a stronger encryption key must be used.
New encryption laws for e-mail unlikely - Carrie Kirby; Interesting article that discusses the proposal to regulate email encryption by putting all keys in a database that could be accessed by officials if needed (key escrow).RSA Laboratories' Frequently Asked Questions About Today's Cryptography - An easy to read FAQ site for RSA laboratories that gives an overview of cryptology.Why Are One-Time Pads Perfectly Secure? - Article that attempts to prove that one-time pads can be “perfectly secure.”
Crypto-Gram - a free monthly e-mail newsletter - A monthly newsletter is posted on computer security and cryptography. Articles are very interesting.Timeline of Cryptology - Great website for those interested in the history of cryptology. Gives a nice cryptology timeline.Why Cryptography Is Harder Than It Looks - by Bruce Schneier; An article that focuses on the importance of cryptology and the realization that implementation is just as important as the algorithms themselves.
Algorithm Alphabet Soup - Rick Smith; This article includes discussion on the two categories of secret-key ciphers: stream and block. Stream ciphers encrypt data one bit at a time, whereas block ciphers encrypt data one fixed-size block at a time. Next, the three things that make a cipher strong; the infrastructure it runs in, key size, and algorithm quality; are discussed. And finally, the two major types of public-key ciphers, Diffie-Hellman and RSA are explained; January 2003RSA Public Key Cryptography - This security page at Georgia Tech is devoted to RSA public key cryptography. Examples of RSA messages, digital signatures, and key generation can be found here. Also listed is information on PGP, a software package that encrypts e-mail using public-key cryptography, SSH, and SSL. Cryptography - This information packed page is devoted to cryptography. Links to cryptography web sites, FAQs, references, books, and publications are listed.
Cryptography and Encryption - by Neil F. Johnson; This site provides links to several sites related to the topics of cryptography and encryption. The topics include: general information about cryptograpy, PGP, audio and phone security, file and disk encryption, and an assortment of other cryptography links and information.Terror groups hide behind Web encryption - by Jack Kelley (2001); An interesting article by USA Today that talks about methods terrorist groups are using to hide behind Web encrytion. The thought is that hidden in the X-rated pictures on several pornographic Web sites and the posted comments on sports chat rooms may lie the encrypted blueprints of the next terrorist attack against the United States or its allies. A good example of how encryption can be used as a tool in the growth of cyberterrorism.Security of the WEP algorithm - This is some information about the analysis of the Wired Equivalent Privacy (WEP) algorithm, which is part of the 802.11 standard.
Cryptographic Algorithms - This page describes various block ciphers, stream ciphers and hash algorithms.Crypto users aren't paranoidMatthew S. Hamrick (2003); Article discusses uses of encryption and response to theory that only people with something to hide use encryption.Data encryption promises SAN security - By Alan Radding, JANUARY 27, 2003; Companies are now looking into storing data in an encrypted format instead of sitting openly on the disk drive to provide protection in the event of security breaches.
W3C signs off on approach to secure XML documents - By Brian Fonseca, InfoWorld, DECEMBER 11, 2002; the World Wide Web Consortium offered its recommendation and approval on XML encryptionU. of Colorado at Boulder Adopts Encrypting Links for E-Mail Software - VINCENT KIERNAN (2003); The University of Colorado at Boulder changed its e-mail systems to require encrypted communications for transmitting messages between campus e-mail servers and client softwareCryptography FAQ - The information located on this URL gives a list of frequently asked questions about cryptography.
Learning About Cryptography - by Terry Ritter (2002); This is a good introduction to cryptography. It gives the fundamental idea of cryptography, and some examples to follow. It also lists what cryptography can and can't do.Crash Course in Cryptography - Peter Persits (1999); This article gives a crash course in cryptography. The author of this article is the founder and president of Pertis Software.The Art Of Secret Writing: Cryptography - This article gives us an introduction to the secret writing of cryptography and steganography. It tells how cryptography works, and recommends books to enhance your knowledge of cryptography.
Guide to the Secure Configuration and Administration of Microsoft. SQL Server. 2000 - Sheila Christman and James Hayes, Maj USAF (2003); I found this pdf very interesting in light of the recent SQL attack. The document is dated January 28, 2003, version 1.4. Do you wonder what version 1.3 was?Cryptography Overview - A nice tutorial on what cryptography is from the National Institute of Standards and Technology. Data Encryption Techniques - A neat site on how to encrypt your data. They show several methods to do so.
Differential Power Analysis - A white paper on to better design a cryptosystem taking into consideration limitations of computer systems.Cryptography FAQ (01/10: Overview) - A nice link to the most frequently asked questions about cryptography. I just posted part 1, but you can link from there to parts 2 - 10.Record-Breaking DES Key Search Completed - An article about the DES Key search machine built by Cryptography Research, Advanced Wireless Technologies, and EFF. The article details how the machine works to find keys with very little knowledge about the plain text. Click on the view photos link too to see the machine, pretty amazing!
PC army tackles Xbox security code - David Becker (2003); This is an article about a group of people trying to hack the encyption key of the XBOX. They are using distributed computing techniques in order to accomplish the task. The article also states that there is monetary rewards for this crack. CRYPTO AG - RUGGEDIZED INFORMATION SECURITY SYSTEMS - This is information about a Swiss company Crypto AG and their encyption devices used by the army. The page includes a link to the company's website which includes more information about IT security.2.1 - A Short History of Cryptography - 1995 Fred Cohen; This is a history of cryptography from about 2000 BC until just after the second world war. It also explains different methods of encryption used throughout history.
The Enigma Machine - Russell Schwager; This is a site that has a java applet thata simulates the enigma machine. It also has follow-on articles on how the engina machine worked and its history.COMMERCIAL ENCRYPTION EXPORT CONTROLS - Export controls on commercial encryption products are administered by the Bureau of Industry and Security (BIS) in the U.S. Department of Commerce. This page links to the regulations as well as step-by-step instructions and guidance to help exporters when applying for a review request for License Exception ENC, an export license, or submitting a notification for NLR(No License Required) and other related information.AES homepage - National Institute of Standards and Technology(NIST) which is a federal technology agency announced the approval of the Federal Information Processing Standard (FIPS) for the Advanced Encryption Standard, FIPS-197. NIST specified Rijndael as a FIPS-approved symmetric encryption algorithm that may be used by U.S. Government organizations (and others) to protect sensitive information. Links to the FPS-197 standard and other information regarding AES are provided here.
Security Testing - This site is a great resource providing many links related to cryptographic standards, applications and testing. The computer resource center works on developing cryptographic methods for protecting the integrity,confidentiality, and authenticity of information resources. Additional focus is on working with government and industry to establish more secure systems and networks by developing, managing and promoting security assessment tools, techniques, services, and supporting programs for testing, evaluation and validation.Quantum Cryptography Tutorial - This website deals with quantum cryptography. According to the author, "The most straightforward application of quantum cryptography is in distribution of secret keys." In essence, the keys are kept secret by the laws of physics rather than by mathematics. The website is very informative, and offers a unique perspective on ways in which to distribute and manage keys.Factoring Numbers II. The Elliptic Curve Method - This website gives a nice introduction to the theory of elliptic curves and how they are used in cryptography. The website was easy to read and understand, and offered enough mathematics to explain the principles behind how the algorithm works.
General information on Encryption - This website is very succinct and offers nice explains of symmetric algorithms, asymmetric algorithms, hash functions, and key management. The site provides nice background, definitions, and pros and cons. In addition, there are links to such interesting topics as a history of public key technology. Summary: This site provides links to several topics in computer security. There are three different categories Encryption and Politics (additional links: Clipper Chip and Wassenaar Arrangements), Algorithms (DES and Triple DES, etc.), and General Information ( additional links What is Encryption? The history of Encryption, Code Breaking, etc.). This site Quantum Cryptography Finally Commercialized talks excitingly about the first commercial use of quantum cryptography technology. Ease droppers or other transmission failure are detected and the data stream will be changed, and the intrusion detected which supposedly makes it unbreakable."Deciphering Encryption," - Author Dan Froomklin, WasingtonPost.com Staff and Amy Branson, LEGI-SLATE News Service, Date: May 8, 1998; Summary: This is a very interesting article. It discusses the debate several years ago of the ability to maintain a certain level of Security on Computer Systems and the distributing of an encryption software that is so powerful it is unbreakable by law-enforcement officials. The concerns of the government officials, privacy advocates and US Software makers to were all valid. The Government wants to be able to protect against international threats and build cases against criminals while privacy advocates and U.S. Software Makers want to be able to compete internationally and protect the privacy of consumers.
"The Clipper Chip" - Author: CPSR, Date: August 199.5; Summary: The article gives some information on the Clipper Chip developed by the NSA intended to protect private communication, permitting government officials and law enforcement the right to obtain private keys, if needed for criminal prosecutions. Currently, the Clipper Chip is not mandatory but voluntary."One Cryptosystems Untrustworthiness" - Author: Pavel V. Semajanov, Information Security Center, St. Petersburg Technical University, Date: 1996. Summary: I decided to include this article in my summary because I used it as a reference in my discussion questions. The author does a good job of explaining why some cryptosystems are untrustworthy. The reasons are the impossibility of strong cryptalgorithms use. He gives several reasons 1) Low rate of strong cryptalgorithms 2) Export Restrictions 3) Own Cryptalgorithms usage. Second, Cryptalgorithms implementation errors, which includes software implementation errors, insufficient protection against malicious software and lack of weak testing. Thirdly, Cryptalgorithms wrong application which includes short key, repeated usage of cipher key stream. Finally, there are the Human Factors."It is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics," - Authur: Bruce Schneier
Weak Arguments Against Strong Encryption by Deborah Pierce; Summary: Encryption is the math and technology that allows a message to be scrambled to make it unreadable except by the intended recipient. The debate over whether to allow strong encryption has again taken center stage following the WTC tragedy. Throughout the 1990s law enforcement, the White House, businesses and civil liberties groups debated the pros and cons of unbreakable encryption. The article discusses the advantages and disadvantages of encryption and states that encryption can be abused but the benefits far outweigh the risks and that key escrow is not the answer due to its disadvantages.Can You Keep A Secret? by John J. Fried; March 5, 1998; Summary: The article discusses the debate over encryption. More recently, some members of Congress and the FBI have begun to worry that without domestic fetters on strong encryption, home-grown criminals, too, will have free rein on the Internet so and would like to regulate the export of strong, hard-to-break encryption programs. However, legislators and law enforcement agencies, most notably the Federal Bureau of Investigation, are clashing with cyberlibertarians and powerful commercial interests over efforts to extend controls on so-called strong encryption to domestic uses.How Encryption and Digital Signatures Work - 1999 Bionic Buffalo Corporation. All rights reserved. Tatanka and TOAD January 2001; I really like this site, here is a basic introduction to encryption and digital signatures. It explains how they work and gives some examples of how they are used. It covers symmetric and asymmetric, compares some algorithms, and give considerations for selections. There is even a little math thrown in for good measure, in the explanation of how the algorithms work.
National Institute of Standards and Technology (NIST) - Sept 03; This link is to a WEB SITE and not any particular article. This site is ran by the National Institute of Standards and Technology (NIST), There is more than enough information located at this site, in the form of policies, Standards, white papers and detailed descriptions within a multitude of links, to answer any possible question regarding the implementation of an encrypting standard.Basic Cryptography, Part 7. One-Time Pads - By Susanna Harding; This article discusses one-time pads. It begins by explaining what a one time pad is, it discusses its history, it's weaknesses and how one-time pads can be used for security.'Unhackable' data will go far - By Andrew Woolls-King; This article discusses quantum cryptography and its recent developments. The article states that quantum encoded data has been transmitted at distances further than 100 km. The barrier that was preventing this development was the need to reduce noise picked up by the receiving detector. Toshiba developed an ultra low noise detector and takes advantage of new semiconductor technology to combat this problem. The article states that "Current encryption approaches rely on algorithm that, no matter how complex, could eventually be cracked. With quantum cryptography security instead becomes an impenetrable and intrinsic part of the data itself."
Cryptography For the Masses by Gary Anthes; May 27, 2002; This article discusses how cryptography is seen as being too complicated and so sometimes it is not used. It says that by integrating encryption into computing devices and software that security will be increased. It states that new standards are being developed that will be good enough to maintain security for about 10 years because computers will not be able to have enough power to crack these standards for 10-15 yearsCryptography and Information Security Group Research Project: A Simple Distributed Security Infrastructure (SDSI)Cryptography and Security - This page contains pointers to other web pages dealing with cryptography and security

Tools and Code

HB9CUF - Windows 32-bit encrypt/decrypt program - CryptoUP and FindSR are available here, free for non-commercial use. CryptoUp encodes or decodes files in several different modes; FindSR analyzes encoded data.Javascript (and Perl) DES Implementation - This is an implementation of DES (Data Encryption Standard) available in source code format for JavaScript and Perl. It supports Electronic Codebook (ECB), Cipher Block Chaining (CBC), and Triple DES. A separate page linked from here gives step-by-step details of the implementation.PKWare adds RSA crypto across Zip; By ComputerWire, Posted: 27/01/2003; PKWare is adding RSA crypto for its PKZip product which is availabel for Windows, Unix, OS/400 and MVS. Users will be able to send compressed, encrypted files to recipients who can use their PKI certificates to decrypt, or non PKI-users will decrypt using a sepatately delivered password. The added compression should reduces the size of most encrypted zip files depending on the file type.
DES code cracked in record time - By Jason Meserve, Network World, 01/20/99;A quick expansion on the cracking of DES. As described in the text book. This article gives more details on exactly how the encryption was broken and speculates on the future of the breaking contest. New threat forces cryptography rethink - By Iain Thomson Paris, France [10-10-2002]; “Hackers start using 'side-channel' attacks”, This article goes along with the textbook as it talks about how hackers don’t always use brute force to attack encryption, but look at other facets, Here in particular, they mention how intruders can monitor the power consumption of a computer as it processes a single calculation, and use that information to help break the encryption.RSA cryptography FAQ - Here is a large resource for cryptography. It is laid out similar to an online textbook. It has many articles on many aspects of encryption. I choose to use the link to the top level, instead of any single article.
Encryption Legislation - this website “center for democracy and technology”, has many links to U.S. policy on exportation of encryption technology and takes on an activist flavor to pass along the information. But does give “plaintext” explanations of what the U.S. laws say about encryption exportation.RSA Comes Out With Cable-Centric Cryptology Solution - By Jim Wagner, August 8, 2001; The article is about RSA Security's security software package for cable modem makers. The security software named BSAFE broadband cryptographic software, designed for DOCSIS 1.1 (Data Over Cable Service Interface Specifications), allows modem and software manufacturers embed public key infrastructure (PKI) and encryption algorithms that meet standards for authentication and confidentiality. The software is the latest in an emerging crop of security measures for the broadband modem industry which is an industry considered by many a relatively easy mark for malicious hackers, or crackers.You'd Have to Break the Laws of Physics to Break This Code - The article states that scientists are a step closer to creating secret codes that are absolutely unbreakable which advances hopes for protecting sensitive data from any kind of computer attack. Three independent research groups are simultaneously reporting, in the American Physical Society's peer-reviewed journal Physical Review Letters (tentatively scheduled for publication in May), the first demonstrations of sending encrypted messages using "quantum entanglement." Quantum cryptography using entangled pairs of photons allows easier detection if a photon is "stolen" and the entanglement process generates an inherently random code while allowing the use of brighter pulses. The net result could eventually be a higher transmission rate, over longer distances, with greater security.
The Code Book - The article is a review of a book named "The Code Book" by Simon Singh. According to the article, Simon Singh has written an excellent and insightful book about cryptography that is one part thriller and two parts adventure. The article states that the book is richly illustrated and shows how important historic events from ancient times to modern times have relied on normal people to break the most difficult codes. The article mentions that the author of the book has offered $10,000 reward to the first person who breaks the deemed impossible ten coded messages in the book.Cryptology and the Law - The article is intended to explore the conflict of interests between the U.S. government and the private sector, particularly the legal implications involved. The primary topics discussed in the article include: U.S. regulation of encryption technology exportation, cases challenging encryption exportation regulations, and solutions for the future. The article provides links to many of the objects that it discusses which includes three lawsuits: Bernstein v U.S. Department of Justice, Junger v Daley, and Karn v U.S. Department of State.PKWare Adds Encryption to Compression Software - JAIKUMAR VIJAYAN (2003); PKWare Inc. discusses what they are doing to make it safer for users of its PKZip data compression technology to send and receive files over the Internet by adding new encryption capabilities to the software.
Cryptography and Liberty 1999 - An International Survey of Encryption Policy - This website provides an INTERNATIONAL SURVEY OF ENCRYPTION POLICY performed in 1998 (link to 1999) by the Global Internet Liberty Campaign. "This survey was undertaken by the Electronic Privacy Information Center (EPIC), on behalf of GILC, to provide a comprehensive review of the cryptography policies of virtually every national and territorial jurisdiction in the world."Cryptography Research, Inc. - This is a very informative website. You can find articles, papers and current research projects involving cryptography and data security.How electronic encryption works and how it will change your business - by by Jim Heath of Viacorp, 2002. This is a long but interesting article. It was originally written in 1997 but is being updated as technology changes. The article discusses the importance of cryptography in business (email vs. faxes). It later goes on to describe how electronic encryption works focusing on (DES and IDEA).
The polymorphic cipher PMC Author: C. B. Roellgen 20.04.2002; This is an article on the Polymorphic ciphers, which according to the author is one of the strongest, if not THE strongest ciphers availabe today. The idea behind the Polymorphic cipher is that the data and algorithm are undefined from the beginning (using machine code) supposedly making the cipher unbreakable.SERPENT A Candidate Block Cipher for the Advanced Encryption Standard - Serpent was a finalist for the Advanced Encryption Standard, finishing in second place behind Rijndael. According to the author, Serpent is more secure but slower than Rijndael because Serpent has more rounds and should have a service life of a century or more. The site also has links for various implementations in different languages(c,assembler,Python, etc.).THE ORIGINS OF THE ENIGMA/ULTRA OPERATION - This is an interesting article, especially for those of you who are WWII historians, about breaking the German machine ciphers. Work began as early as 1928 in Poland without much success until four years later when university math graduates were recruited and received some training in code breaking. The author also takes time in the article to point out how the British have always tried to take credit for breaking enigma.
A Brief History of Cryptography - compiled by Shireen Hebert; Cryptography is the science of encrypting and decrypting information. This article tells us the history of cryptography and how far cryptography dates back.

Public Key Encryption

'Understanding PKI';By Carlisle Adams and Steve Lloyd - JANUARY 16, 2003PKCS - Public Key Cryptography StandardsPublic Key Cryptography - by Anita Karve; 04/01/97; The author begins by describing secret key cryptosystems, which uses a single key for encryption and decryption. She then moves on to public key cryptosysetms, which uses a pair of keys that are complementary and mathematically related. With the public key system, information encrypted with a particular public key can only be decrypted with the corresponding private key.
Study: Encryption keys not safe on servers by Douglas F. Gray, IDG News Service\London Bureau January 07, 2000; This article discusses how secure encryption keys are vs how secure they were thought to be. It had been thought that searching for a private key on a Web server would be extremely difficult because keys can occupy a few hundred bytes of space on a server that could contain tens of gigabytes of information. nCipher has discovered that finding the keys is much easier than had been thought. Since most encryption schemes are based on complicated mathematical properties, they can be easily identified by searching for those properties, according to the NCipher. This site links to NCipher's white paper describing methods by which an attack can be completed and measures that can be taken to guard against attacks.Ten Risks of PKI: What You're not Being Told about Public Key - Extremely interesting and well-written article titled, "Ten Risks of PKI: What You're not Being Told about Public Key Infrastructure." The article presents many great points regarding public key encryption and asks many questions that help frame the article in its proper light. I found the questions just as helpful as their answers.Descriptions of Key Escrow Systems by Dorothy E. Denning; Version of February 26, 1997; This website lists and explains over thirty different of Key Escrow systems. This is a great resource, and has links back to a larger article titled, "A Taxonomy of Key Escrow Encryption Systems." The list explains each system, list pros and cons for many systems, as well as provides additional resources for each system.
What is key management? - This is a very well designed site. It not only answers the question in the title of this article but it also has a lot of other interesting articles that are easy to find and read. It definitely answers a lot of questions about Cryptography and how it is used for real solutions in the real world.Public Key Cryptography - This site defines the public key and contrasts it with Symmetric-key types. It also has a description of the algorithms used in constructing these keys.Welcome to crypto.com, Matt Blaze's cryptography resource on the Web - This site has a list of recent and not so recent research papers on the subject of Cryptography and key management. Some of the papers discuss the vulnerability of these security systems also. One of the most interesting thing about this site is that it has papers that compare literal lock and key on a door technology with the cryptography key technology and striking similarities are drawn.
Web services Useful but dangerous? - This site Web services Useful but dangerous? Discusses how most businesses are unifying access to all of their applications through XML and while this does make business faster and more comprehensive throughout the company the problem of keeping things secure becomes more and more difficult. The article then discusses the role that cryptography and key management plays in helping to make the web a more secure place.Key Management Systems - This link focuses on the public key and the private key. The article breaks down the encryption process in three steps: 1) a means of changing information in to code (the algorithm) 2) a secret starting point for the algorithm (the key) 3) a system to control the key (key management) The article goes in to further details on the functions of the private key and public key.U.S. Uses Key Escrow To Steal Secrets by Madeleine Acey; May 20, 1999; Summary: European plans for controlling encryption software are nothing to do with law enforcement and everything to do with U.S. industrial espionage, according to a report released by the European Parliament on Friday. The working document for the Scientific and Technological Options Assessment panel said the United States has tried to persuade European Union countries to adopt its key escrow or key recovery policies -- allowing backdoor access to encryption programs -- saying this was necessary to read messages exchanged by criminals. But the report details how the UKUSA alliance -- made up of the United Kingdom, United States, Canada, Australia, and New Zealand -- has used its secret Echelon global spying network to intercept confidential company communications and give them to favored competitors.
Fears rekindle key escrow debate by Brian Fonseca; October 19, 2001; Summary: As concern grows over the vulnerability of government and industry organizations, a controversial battle is being drummed up on Capitol Hill that could grant government control over encrypted messages. Key escrow, a system whereby digital keys are generated and copies are acknowledged with a third party that keeps them in escrow until recovered, is being bandied about in light of the Sept. 11 bombings. The attackers are suspected of having used encryption methods during preparations. Senator Judd Gregg (R-N.H.) is pushing legislation that would give law enforcement entities a "master key," granting full backdoor access to all encryption products made in the United States.Strategies for Ensuring Data Accessibility When Cryptographic Keys Are Lost by Arne Grimstrup; Summary: Cryptosystems are used to limit access to those who know the decryption keys. A problem arises when the cryptographic key is forgotten. The data is then unavailable for anyone's use and there are substantial consequences to the company from the loss of data including financial losses. In the article, Grimstrup explores the possible solutions to this problem. The author states that there are three main strategies for preventing the loss of information due to forgotten encryption keys. They are user keys, key escrow, and threshold schemes802.1X Offers Authentication and Key Management By Jim Geier; may 02; A great little tutorial on how key management works with 802.X. they use a great analogy to walk you through the process of authentication.
FIPS 171U.S. DEPARTMENT OF COMMERCE, Barbara Hackman Franklin, Secretary; NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY; John W. Lyons, Director; This is the FIPS 171 document. This document outlines in specific detail the requirements for key management in the federal government. There are specific instructions on how to generate, transfer, name, and destroy keys.Effective Key Management - Securing the Keys to the Enterprise - A good, short article on key management. It is not a technical article, it covers the concepts and ideas of what key management is and what are some of the more important considerations of key management, such as life cycle and distribution.An Overview/ Public-Key Encryption And Digital Signatures - Author Bruce Schneier; This site talks about the Advantages and Disadvantages of Public-Key Cryptography Compared with Secret-Key Cryptography. It also talks about Digital Signatures.- Summary: This article gives some history on the concept of public-key cryptography. Martan Hillman and Whitfield Diffie introduced the original concept of cryptography in 1976. The concept was developed to help solve the key management problem, which was the difficulty of keeping a secret key secret. The author states several advantages and disadvantages of public-key cryptography compared to secret-key cryptography. One advantage being the public key will provide a method for digital signatures. One of the disadvantages will be the speed.
Key Management FAQ - This site answers frequently asked questions regarding cryptography. What is key management is the first question that is addressed on this site. There are general questions regarding keys and the site also addresses public key infrastructures in detail.Key Management in Cryptography - This is a nice power point presentation that discusses what key management encompasses. The presentation also covers why key management is important, key management techniques and the key management life cycle.JSP 602 Instruction: Cryptography and Key Management v1.0 - This site offers a really good definition of cryptography and key management. It also offers reasons why to use it and how to it.
"Cryptography and Key Management" - This is a power point written by Daniel and Julie J. and C.H. Ryan. This power point describes is titled "Cryptography and Key Management". In this power point they describe the basics from what cryptography is how it is used and gives examples of cryptography. This is an excellent site.An Introduction to Using Keys in Cryptography - This site is an excellent site. The site deals primarily deals with cryptography, however, it talks about the keys and how they are used, and the length of the keys. Authored by Di Management Services in Sydney AustraliaModule 5 - Technology - This is a good site that talks about cryptography and key management. This site could be better, however, it is ok for what it is worth.

PGP

Welcome to the MIT Distribution Center for PGP (Pretty Good Privacy)Using PGP/PEM encryptionHow PGP works - taken from chapter 1 of the document Introduction to Cryptography in the PGP 6.5.1 documentation
A Tutorial for Beginners to PGPPGP ATTACKS - The article discusses PGP which is the most widely used hybrid cryptosystem around today and answers some questions about the security of PGP. According to the article, there have been rumors regarding the security of PGP or lack there of. The article breaks PGP down into its four component pieces, formulates methods of attack for each aspect, provides in depth analyzation of the mathematics behind PGP as well as various formulas, code, and the various methods that can be used to decrypt an encoded message.Practical Attacks on PGP - by Joel McNamara (1997), The paper describes several attacks that can compromise PGP security in the Windows Environment such as Operating System Attacks, Network Attacks, and Electronic Attacks. I found this paper interesting because some of the attacks described in 1997 are attacks that we are facing in 2003.

Tutorials

Public-key Cryptography - PowerPoint PresentationCryptography and Public Policy - PowerPoint PresentationWhat is a Digital Signature? - An introduction to Digital Signatures, by David Youd

Assignments

Laboratory Exercises on Encryption (uses spreadsheets)Lab 2: RSA Encryption (programming)monalphabetic encryption algorithm (programming)
File Encryption and Recovery AssignmentEnigma Encryption simulation (programming)Programming Assignment 3 (Assembly Language)
Lab 10: JavaScript Strings & EncryptionFile Encryption / Authentication Utility (programming assignment)ENCRYPTION Lab Notes
Lab 7: They're Out to Get You (Java)


Back to Information Assurance e-Library Index   Back to Information Assurance e-Library Index


Click here to return to Wayne's World's homepage: return to Wayne's World


written by Wayne Summers summers_wayne@ColumbusState.edu