Showing papers on "Encryption published in 1989"
PARC1
TL;DR: A practical digital signature system based on a conventionalryption function which is as secure as the conventional encryption function is described, without the several years delay required for certification of an untested system.
Abstract: A practical digital signature system based on a conventional encryption function which is as secure as the conventional encryption function is described. Since certified conventional systems are available it can be implemented quickly, without the several years delay required for certification of an untested system.
1,746 citations
Patent•
14 Aug 1989
TL;DR: In this paper, an information distribution system provides information to a user, when the information corresponds to criteria individually selected by the user, and then charges the user only for the selected information thus provided.
Abstract: An information distribution system provides information to a user, when the information corresponds to criteria individually selected by the user, and then charges the user only for the selected information thus provided. Encrypted information packages (IP's) are provided at the user site, via high and/or low density storage media and/or by broadcast transmission. The IP's selected by the user are decrypted and then printed or displayed for viewing by the user. The charges for the IP's thus displayed are accumulated within the user apparatus and periodically reported by telephone to the system's central accounting facility which issues encryption keys. The encryption keys, used to decrypt the IP's, are changed periodically. If the central accounting facility has not issued a new encryption key for a particular user station, the station is unable to retrieve information from the system when the key is changed.
659 citations
AT&T1
TL;DR: A variety of attacks based on a number of serious security flaws inherent in the TCP/IP protocols are described, including sequence number spoofed, routing attacks, source address spoofing, and authentication attacks.
Abstract: The TCP/IP protocol suite, which is very widely used today, was developed under the sponsorship of the Department of Defense. Despite that, there are a number of serious security flaws inherent in the protocols, regardless of the correctness of any implementations. We describe a variety of attacks based on these flaws, including sequence number spoofing, routing attacks, source address spoofing, and authentication attacks. We also present defenses against these attacks, and conclude with a discussion of broad-spectrum defenses such as encryption.
647 citations
TL;DR: Usage experience reveals that resource control, particularly of workstation CPU cycles, is more important than originally anticipated and that the mechanisms available to address this issue are rudimentary.
Abstract: Andrew is a distributed computing environment that is a synthesis of the personal computing and timesharing paradigms. When mature, it is expected to encompass over 5,000 workstations spanning the Carnegie Mellon University campus. This paper examines the security issues that arise in such an environment and describes the mechanisms that have been developed to address them. These mechanisms include the logical and physical separation of servers and clients, support for secure communication at the remote procedure call level, a distributed authentication service, a file-protection scheme that combines access lists with UNIX mode bits, and the use of encryption as a basic building block. The paper also discusses the assumptions underlying security in Andrew and analyzes the vulnerability of the system. Usage experience reveals that resource control, particularly of workstation CPU cycles, is more important than originally anticipated and that the mechanisms available to address this issue are rudimentary.
276 citations
01 Aug 1989
TL;DR: This document defines message encryption and authentication procedures, in order to provide privacy-enhanced mail (PEM) services for electronic mail transfer in the Internet.
Abstract: This RFC specifies features for private electronic mail based on
encryption technology. [STANDARDS-TRACK]
248 citations
TL;DR: The framework defined in this paper enables us to prove precise statements about what an encrypted instance hides and what it leaks, in an informationtheoretic sense, as well as describe encryption schemes for some well-known functions.
212 citations
Patent•
14 Apr 1989
TL;DR: In this article, the authors present an approach for secure transmission of data over the network channel in a manner which is essentially transparent to the standard network devices and users. But the encryption keys are made known only to those network devices which are permitted to handle information encrypted with the encryption key.
Abstract: Apparatus and methods, readily adapted to interface with a standard data transmission network having an unsecure transmission channel, eg, "Ethernet," for the provision of secure transmission of data over the network channel in a manner which is essentially transparent to the standard network devices and users, thereof, are provided Various encryption keys are generated and utilized within the system to disguise or encrypt information transferrred between network nodes The encryption keys are made known only to those network devices which are permitted to handle information encrypted with the encryption keys
202 citations
Proceedings Article•
[...]
01 Jul 1989
TL;DR: A variant of the RSA algorithm called Batch RSA with two important properties: the cost per private operation is exponentially smaller than other number-theoretic schemes and the possibility of using a distributed BATCH RSA process that isolates the private key from the system, irrespective of the size of the System, the number of sites, or thenumber of private operations that need to be performed.
Abstract: Number theoretic cryptographic algorithms are all based upon modular multiplication modulo some composite or prime. Some security parameter n is set (the length of the composite or prime). Cryptographic functions such as digital signature or key exchange require O(n) or O(?n) modular multiplications ([DH, RSA, R, E, GMR, FS], etc.).This paper proposes a variant of the RSA scheme which requires only polylog(n) (O(log2 n)) modular multiplications per RSA operation. Inherent to the scheme is the idea of batching, i.e., performing several encryption or signature operations simultaneously. In practice, the new variant effectively performs several modular exponentiations at the cost of a single modular exponentiation. This leads to a very fast RSA-like scheme whenever RSA is to be performed at some central site or when pure-RSA encryption (vs. hybrid encryption) is to be performed.An important feature of the new scheme is a practical scheme that isolates the private key from the system, irrespective of the size of the system, the number of sites, or the number of private operations that need be performed.
198 citations
Patent•
21 Dec 1989TL;DR: In this paper, a method and apparatus for encrypting and decrypting data which operates efficiently on computers of differing architectures is disclosed, which uses part of the data input to access a table of pseudo-random numbers.
Abstract: A method and apparatus for encrypting and decrypting data which operates efficiently on computers of differing architectures is disclosed. Unlike previous encryption/decryption method and apparatus, the present invention executes efficiently in the computer's software. The method uses part of the data input to access a table of pseudo-random numbers. The pseudo-random numbers are exclusively ORed (XORed) with the remaining part of the data input. The output from the XOR operation is then used to access the table where the other portion of the data is in turn XORed with the pseudo random numbers. This iterative process continues until the data is fully randomized. Several variations of this method are presented.
160 citations
20 Aug 1989
TL;DR: The purpose of this paper is to briefly describe some of the different compu- tational algorithms that have been used in the chip designs and to provide a list of all of the currently available chips.
Abstract: Today, a dozen years after the discovery of the RSA encryption algorithm [12], there are many chips available for performing RSA encryption [1] [3] [4] [5] [8] [9] [13] [15]. The purpose of this paper is to briefly describe some of the different compu- tational algorithms that have been used in the chip designs and to provide a list of all of the currently available chips. In this abstract, we will simply mention some of these computational algorithms and give references. The full paper will contain more details of these algorithms and will appear in a book on survey articles in Cryptology which is being edited by Gus Simmons and will be published by IEEE in 1990.
103 citations
03 Apr 1989
TL;DR: There is a potential of unused bandwidth in commonly used LAN protocols, which might be exploitable as covert channel and the key point is, that exploitation of this potential is not a question of a LAN's architecture, but is strongly dependent on the design of its internal interfaces and on its implementations.
Abstract: Encryption is generally understood as being the basic mechanisms for LAN security. However, usage of encryption finds its limitations in case of an unauthorized information flow via covert channels. Some covert storage and timing channels inherent in a LAN's architecture are already described in the literature. This paper takes a more general approach. It shows, that there is a potential of unused bandwidth in commonly used LAN protocols (IEEE 802.2, 802.3, 802.4, 802.5), which might be exploitable as covert channel. The key point is, that exploitation of this potential of unused bandwidth is not a question of a LAN's architecture, but is strongly dependent on the design of its internal interfaces and on its implementations.
01 Oct 1989
TL;DR: Techniques are suggested to construct authentication protocols on a basis of one-way functions rather than encryption algorithms, and it appears that this approach could achieve equally simple and capable protocols.
Abstract: Techniques are suggested to construct authentication protocols on a basis of one-way functions rather than encryption algorithms. This approach is thought of interest for several reasons. It appears that this approach could achieve, at least, equally simple and capable protocols.
Patent•
IBM1
TL;DR: In this paper, the authors propose a control vector which provides the authorization for the uses of the data cryptography key intended by the originator of the key, among the uses specified by the control vector are limitations on encryption, decryption, authentication code generation and verification, translation of the user's data.
Abstract: Data cryptography is achieved in an improved manner by associating with the data cryptography key, a control vector which provides the authorization for the uses of the key intended by the originator of the key. Among the uses specified by the control vector are limitations on encryption, decryption, authentication code generation and verification, translation of the user's data. Complex combinations of data manipulation functions are possible using the control vectors, in accordance with the invention. The system administrator can exercise flexibility in changing the implementation of his security policy by selecting appropriate control vectors in accordance with the invention. Complex scenarios such as encrypted mail box, session protection, file protection, ciphertext translation center, peer-to-peer ciphertext translation, message authentication, message authentication with non-repudiation and many others can be easily implemented by a system designer using the control vectors, in accordance with the invention.
01 Sep 1989
TL;DR: The possibility of integrating human visual intelligence into the process of encrypting sensitive information by presenting certain visual information to the recipient's eye is discussed, which adds a new dimension to the cryptocomplexity of such a process.
Abstract: The possibility of integrating human visual intelligence into the process of encrypting sensitive information by presenting certain visual information to the recipient's eye is discussed. This adds a new dimension to the cryptocomplexity of such a process. Two implementations are based on this principle are described. The first shows how keys used for encryption can be randomly generated by the transmitter, without the necessity of exchanging them with the legitimate recipient. The keys are 'embedded' in a master key and are recovered from it by the intelligence of the legitimate recipient after he or she uses the master key. No human intelligence can be helpful to a user who does not possess the master key. The second implementation concerns the possibility of creating a secret connection between a numerical key and a specific image (e.g. a face). Such a scheme can be used, for example, in validating the identity of the users of credit cards. >
Patent•
03 Feb 1989
TL;DR: In this paper, a key management center 20 is used to distribute cryptographic keys for either a switched virtual circuit or a permanent virtual circuit, and the MAC of the last packet transmitted under the cold cryptographic key is exchanged to synchronize the key change.
Abstract: In a packet based communication network 10, a key management center 20 is used to distribute cryptographic keys for either a switched virtual circuit or a permanent virtual circuit. The disclosed methods allow the key management center 20 to communicate directly with the data encryption/decryption devices (DE's) 14 even though they operate in a transparent mode (rather than a store and forward mode). This is accomplished by balancing link counters with calls to fictitious addresses and/or use of interrupt packets transferred between the DTE 12 and the DE 14. In permanent virtual circuits, the MAC of the last packet transmitted under the cold cryptographic key is exchanged to synchronize the key change.
Patent•
IBM1
TL;DR: A tamper resistant method for controlling the number of users given authorized access to licensed software in a host-based, multiple terminal system by use of an encrypted authorization list depth parameter is presented in this paper.
Abstract: A tamper-resistant method is disclosed for controlling the number of users given authorized access to licensed software in a host-based, multiple terminal system by use of an encrypted authorization list depth parameter. The method embedded in the host-licensed software can decrypt the depth parameter only using a key derived from its own CPU ID and an offset.
TL;DR: Pertinent approaches to compression of the various files are reviewed, and it is shown that, under simple models of text generation, Huffman encoding produces a bit-string indistinguishable from a representation of coin flips.
Abstract: The emergence of the CD-ROM as a storage medium for full-text databases raises the question of the maximum size database that can be contained by this medium. As an example, the problem of storing the Tresor de la Langue Francaise on a CD-ROM is examined in this paper. The text alone of this database is 700 megabytes long, more than a CD-ROM can hold. In addition, the dictionary and concordance needed to access these data must be stored. A further constraint is that some of the material is copyrighted, and it is desirable that such material be difficult to decode except through software provided by the system. Pertinent approaches to compression of the various files are reviewed, and the compression of the text is related to the problem of data encryption: Specifically, it is shown that, under simple models of text generation, Huffman encoding produces a bit-string indistinguishable from a representation of coin flips.
Patent•
IBM1
TL;DR: In this article, a method and apparatus for use in a data processing system which executes a program which outputs cryptographic service requests for operations with cryptographic keys which are associated with control vectors defining the functions which each key is allowed by its originator.
Abstract: A method and apparatus are disclosed for use in a data processing system which executes a program which outputs cryptographic service requests for operations with cryptographic keys which are associated with control vectors defining the functions which each key is allowed by its originator to perform. The improved method and apparatus enable the use of control vectors having an arbitrary length. It includes a control vector register having an arbitrary length, for storing a control vector of arbitrary length associated with an N-bit cryptographic key. It further includes a control vector checking means having an input coupled to the control vector register, for checking that the control vector authorizes the cryptographic function which is requested by the cryptographic service request. It further includes a hash function generator having an input coupled to the control vector register and an N-bit output, for mapping the control vector output from the control vector register, into an N-bit hash value. A key register is included for storing the N-bit cryptographic key. It further includes a logic block having a first input coupled to the N-bit output of the hash function generator, and a second input connected to the key register, for forming at the output thereof a product of the N-bit key and the N-bit hash value. Finally, an encryption device is included having a first input for receiving a cleartext data stream and a key input coupled to the output of the logic block, for forming a ciphertext data stream at the output thereof from the cleartext data stream and the product. A decryption device can be substituted for the encryption device to perform decryption operations in a similar manner.
Patent•
IBM1
TL;DR: In this paper, data cryptography is achieved in an improved manner by associating with the data cryptography key, a control vector which provides the authorisation for the uses of the key intended by the originator.
Abstract: Data cryptography is achieved in an improved manner by associating with the
data cryptography key, a control vector which provides the authorisation for
the uses of the key intended by the originator of the key. Among the uses
specified by the control vector are limitations on encryption, decryption,
authentication code generation and verification, translation of the user's
data. Complex combinations of data manipulation functions are possible
using the control vectors, in accordance with the invention. The system
administrator can exercise flexibility in changing the implementation of his
security policy by selecting appropriate control vectors in accordance with
the invention. Complex scenarios such as encrypted mail box, session
protection, file protection, ciphertext translation centre, peer-to-peer
ciphertext translation, message authentication, message authentication with
non-repudiation and many others can be easily implemented by a system
designer using the control vectors, in accordance with the invention.
20 Aug 1989
TL;DR: The Kerberos authentication service as discussed by the authors is an authentication service for workstation operating systems, which is based on the authentication service provided by Microsoft's Windows 8.1 operating system.
Abstract: In a workstation environment, the user often has complete control over the worksta- tion. Workstation operating systems therefore cannot be trusted to accurately identify their users. Some other method of authentication is needed, and this motivated the design and implementation of the Kerberos authentication service.
11 Jun 1989
TL;DR: A nonmonotonic Logic of belief based on a combined monotonic logic of knowledge and belief that contains an 'unless' operator by means of which preference for beliefs and refutation of those beliefs can be expressed is described.
Abstract: A nonmonotonic logic of belief based on a combined monotonic logic of knowledge and belief is described. Unlike previous nonmonotonic logics of belief, this logic contains an 'unless' operator by means of which preference for beliefs and refutation of those beliefs can be expressed. An application of the logic to an encryption-based key distribution protocol is given. Existing formal analyses assume the security of encrypted messages and do not deal with the effects of compromise of that security. This logic is well suited for reasoning about the consequences of refutation of the presumption that encrypted messages are secure. >
Patent•
30 Jun 1989TL;DR: In this article, the plain text data is divided into buffers and the buffers are divided into blocks, and individual bytes of the encrypted blocks of a buffer are then permuted under the control of a second key to form an encrypted buffer.
Abstract: This invention relates to an arrangement for encrypting data for storage in a computer and/or for transmission to another data processing system. The plain text data is divided into buffers and the buffers are divided into blocks. The blocks are encrypted under the control of a first key using any block encryption method such as the Data Encryption Standard (DES). Individual bytes of the encrypted blocks of a buffer are then permuted under the control of a second key to form an encrypted buffer. Advantageously, the number of permutations for even a modest size buffer, say 256 bytes, is enormous, making unauthorized decryption using key searching methods computationally infeasible.
01 May 1989
TL;DR: Until a few years ago, large full-text information retrieval systems could only be operated on powerful mainframes, but recently, the CD-ROM (compact disc read only memory) optical disc medium has become widespread, permitting access by a PC to very large amounts of storage at very low cost.
Abstract: The emergence of the CD-ROM as a storage medium for full-text databases raises the question of the maximum size database that can be contained by this medium. As an example, the problem of storing the Tresor de la Langue Francaise on a CD-ROM is examined in this paper. The text alone of this database is 700 megabytes long, more than a CD-ROM can hold. In addition, the dictionary and concordance needed to access these data must be stored. A further constraint is that some of the material is copyrighted, and it is desirable that such material be difficult to decode except through software provided by the system. Pertinent approaches to compression of the various files are reviewed, and the compression of the text is related to the problem of data encryption: Specifically, it is shown that, under simple models of text generation, Huffman encoding produces a bit-string indistinguishable from a representation of coin flips.
15 May 1989
TL;DR: A cost-effective public key cryptographic architecture and its implementation in 2-μm double-level-metal CMOS are presented.
Abstract: A cost-effective public key cryptographic architecture and its implementation in 2-mm double-level-metal CMOS are presented. The latter consists of a 593-bit arithmetic processing element, an 8-bit microcontroller, and an intelligent bus interface unit. The device uses 95000 transistors, has an area of 115000 mil2 assembled in a 40-pin package, and is capable of an average throughput of 500 kb/s
TL;DR: A secure voice transmission system is disclosed in which enemy interception problems are overcome by analyzing the speech characteristics of a password from a known operator, thus establishing two-way crypto communication.
Abstract: A secure voice transmission system is disclosed in which enemy interception problems are overcome by analyzing the speech characteristics of a password from a known operator. Some of the voice characteristics remain in the central computer, while others are stored in the message entry device. If a captured operator is forced to enter the password, the characteristics under such extreme stress will not match those stored within the devices and the capture of the operator will be assumed. Before the start of the mission, the portable device receives a preliminary public key; the first remote message of the mission can thus be sent in the clear, with no chance of the enemy using the information or the device, should the operator be prematurely captured. After the operator has been recognized as being a noncaptive, his device requests permission from the command center to create a crypto keyset; the device keeps the private key and transmits the public key to the command center. In this way, the command center has an opportunity to send the final public key to the device, thus establishing two-way crypto communication.
Patent•
06 Oct 1989TL;DR: An encryption key required to encrypt and decrypt data according to a predefined algorithm is usually retained in a volatile memory device Detection of loss or corruption of the key is frequently possible only be means of the encryption circuit itself testing the key Automated and repetitive testing of encryption keys by means of a processor or a control circuit periodically requesting the encryption key to test an encryption key minimizes data loss and system down time due to corrupted or lost keys as discussed by the authors.
Abstract: An encryption key, required to encrypt and decrypt data according to a predefined algorithm is usually retained in a volatile memory device Detection of loss of the key or corruption of the key is frequently possible only be means of the encryption circuit itself testing the key Automated and repetitive testing of encryption keys by means of a processor or a control circuit periodically requesting the encryption circuit to test an encryption key minimizes data loss and system down time due to corrupted or lost keys
TL;DR: This paper analyzes the behaviour of a ''generic'' key distribution protocol using a model checker based on temporal logic to bring the automatic verification of finite systems closer to a practical proposition.
Patent•
19 Sep 1989TL;DR: In this paper, an item bearing bit-mapped indicia with information encrypted by a public key which verifies a status of the item and a method and apparatus for applying such indicia is presented.
Abstract: An item bearing bit-mapped indicia with information
encrypted by a public key which verifies a status of the
item and a method and apparatus for applying such indicia.
The indicia represents an encrypted message and has the form
of an array of pixels, each pixel having a value selected
from a predetermined set of values in accordance with a
mapping of an encrypted message on to the array. Thus, a
person having knowledge of the appropriate decryption key
may scan the indicia to obtain the message and verify the
status by decrypting the message. In one embodiment
disclosed, the item is a mail piece and the status is the
payment of postage. The indicia may have the form of a
binary matrix transformed by matrix multiplication by a
corresponding Hadamard matrix and the encrypted message may
be encrypted using a public key encryption system.
Book•
01 Jun 1989
TL;DR: The author looks at the security afforded by the S-boxes, especially at the S -4 box, and with a computer program an attempt is made to find the four bits that exit from theS-box using only a limited number of entering bits.
Abstract: From the Publisher:
The simplified DES algorithm found in this book makes analysis easy. Everything takes place from the top of the page to the bottom of the page. There is no permutation of bits, no rotation of bits, no permuted choices. DES problems where the number of iterations are small are discussed in detail. Several problems, where the task is to recover the initial key, are provided. Moreover, the problems show the reader why 16 iterations or rounds contribute to the system's security. The author looks at the security afforded by the S-boxes, especially at the S-4 box, and with a computer program an attempt is made to find the four bits that exit from the S-box using only a limited number of entering bits. Text contains BASIC computer programs.
Proceedings Article•
01 Jul 1989
TL;DR: Minimizing the number of rounds in zero-knowledge proofs will make these proofs much more attractive from a practical standpoint, because the protocol will require transmitting much less bits.
Abstract: What are the resources of a zero-knowledge Proof? Interaction, communication, and envelops. That interaction, that is the number of rounds of a protocol, is a resource is clear. Actually, it is not a very available one: having someone on the line to answer your questions all the time is quite a luxury. Thus, minimizing the number of rounds in zero-knowledge proofs will make these proofs much more attractive from a practical standpoint. That communication, that is the number of bits exchanged in a protocol, is a resource is also immediately clear. Perhaps, what is less clear is why envelopes are a resource. Let us explain why this is the case.Zero-knowledge proofs work by hiding data from a verifier. Only some of this data will be later revealed, at the verifier's request: enough to convince him that the statement at end is true, but not enough to give him any knowledge beyond that. Data can be hidden in two ways: physically - e.g. by putting it into an envelope - or digitally - by encrypting it. But why is it important to minimize the number of envelopes? Physically, because a GOOD envelope is expensive - it actually must be a led box or a safe. Digitally, because minimizing the number of envelopes corresponds to reducing the transmitted bits. In fact, to transmit an encrypted message, one needs to send more bits than in the message itself. For instance, to send an encrypted bit, one needs to send at least 60 bits in some probabilistic encryption scheme. Also, to decrypt each ciphertext, one has to send the decryption key. However, many bits may be encrypted and decrypted with the same overhead of a few bits. Thus if one manages to package the data that should be hidden in as few envelopes as possible, while maintaining zero-knowledge, the protocol will require transmitting much less bits.