Showing papers on "On-the-fly encryption published in 2000"

Partial encryption of compressed images and videos

Abstract: The increased popularity of multimedia applications places a great demand on efficient data storage and transmission techniques. Network communication, especially over a wireless network, can easily be intercepted and must be protected from eavesdroppers. Unfortunately, encryption and decryption are slow, and it is often difficult, if not impossible, to carry out real-time secure image and video communication and processing. Methods have been proposed to combine compression and encryption together to reduce the overall processing time, but they are either insecure or too computationally intensive. We propose a novel solution called partial encryption, in which a secure encryption algorithm is used to encrypt only part of the compressed data. Partial encryption is applied to several image and video compression algorithms in this paper. Only 13-27% of the output from quadtree compression algorithms is encrypted for typical images, and less than 2% is encrypted for 512/spl times/512 images compressed by the set partitioning in hierarchical trees (SPIHT) algorithm. The results are similar for video compression, resulting in a significant reduction in encryption and decryption time. The proposed partial encryption schemes are fast, secure, and do not reduce the compression performance of the underlying compression algorithm.

Selective and renewable encryption for secure distribution of video on-demand

Abstract: Selective encryption is provided in a process which includes: determining whether a predetermined criterion is satisfied; setting a selective encryption status field (1402) if the predetermined criterion is satisfied; and encrypting an unencrypted payload to generate an encrypted payload, and constructing a packet with the encrypted payload (1406), if the predetermined criterion is satisfied. The predetermined criterion may be one of several criteria, each of which reduce the required amount of encryption and decryption while maintaining a high level of security. Renewable encryption is provided in a process which includes: copying a first encrypted digital video program from a remote server to a video source; decrypting the first encrypted digital video program using a first key to generate an unencrypted digital video program; encrypting the unencrypted digital video program using a second key to generate a second encrypted digital video program; transmitting the second encrypted digital video program from the video source to the remote server; and deleting the first encrypted digital video program from the remote server.

Unforgeable Encryption and Chosen Ciphertext Secure Modes of Operation

Abstract: We find certain neglected issues in the study of private-key encryption schemes. For one, private-key encryption is generally held to the same standard of security as public-key encryption (i.e., indistinguishability) even though usage of the two is very different. Secondly, though the importance of secure encryption of single blocks is well known, the security of modes of encryption (used to encrypt multiple blocks) is often ignored. With this in mind, we present definitions of a new notion of security for private-key encryption called encryption unforgeability which captures an adversary's inability to generate valid ciphertexts. We show applications of this definition to authentication protocols and adaptive chosen ciphertext security. Additionally, we present and analyze a new mode of encryption, RPC (for Related Plaintext Chaining), which is unforgeable in the strongest sense of the above definition. This gives the first mode provably secure against chosen ciphertext attacks. Although RPC is slightly less efficient than, say, CBC mode (requiring about 33% more block cipher applications and having ciphertext expansion of the same amount when using a block cipher with 128-bit blocksize), it has highly parallelizable encryption and decryption operations.

Encode-Then-Encipher Encryption: How to Exploit Nonces or Redundancy in Plaintexts for Efficient Cryptography

Abstract: We investigate the following approach to symmetric encryption: first encode the message via some keyless transform, and then encipher the encoded message, meaning apply a permutation FK based on a shared key K. We provide conditions on the encoding functions and the cipher which ensure that the resulting encryption scheme meets strong privacy (eg. semantic security) and/or authenticity goals. The encoding can either be implemented in a simple way (eg. prepend a counter and append a checksum) or viewed as modeling existing redundancy or entropy already present in the messages, whereby encode-then-encipher encryption provides a way to exploit structured message spaces to achieve compact ciphertexts.

Image encryption for secure Internet multimedia applications

Abstract: Internet multimedia applications have become very, popular. Valuable multimedia content such as digital images, however, is vulnerable to unauthorized access while in storage and during transmission over a network. Streaming digital images also require high network bandwidth for transmission. For effective image transmission over the Internet, therefore, both security and bandwidth issues must be considered. We present a novel scheme, which combines the discrete wavelet transform (DWT) for image compression and block cipher Data Encryption Standard (DES) for image encryption. The simulation results indicate that our proposed method enhances the security for image transmission over the Internet as well as improves the transmission rate.

Long-Lived Broadcast Encryption

Abstract: In a broadcast encryption scheme, digital content is encrypted to ensure that only privileged users can recover the content from the encrypted broadcast. Key material is usually held in a "tamper-resistant," replaceable, smartcard. A coalition of users may attack such a system by breaking their smartcards open, extracting the keys, and building "pirate decoders" based on the decryption keys they extract. In this paper we suggest the notion of long-lived broadcast encryption as a way of adapting broadcast encryption to the presence of pirate decoders and maintaining the security of broadcasts to privileged users while rendering all pirate decoders useless. When a pirate decoder is detected in a long-lived encryption scheme, the keys it contains are viewed as compromised and are no longer used for encrypting content. We provide both empirical and theoretical evidence indicating that there is a long-lived broadcast encryption scheme that achieves a steady state in which only a small fraction of cards need to be replaced in each epoch. That is, for any fraction β, the parameter values may be chosen in such a way to ensure that eventually, at most β of the cards must be replaced in each epoch. Long-lived broadcast encryption schemes are a more comprehensive solution to piracy than traitor-tracing schemes, because the latter only seek to identify the makers of pirate decoders and don't deal with how to maintain secure broadcasts once keys have been compromised. In addition, long-lived schemes are a more efficient long-term solution than revocation schemes, because their primary goal is to minimize the amount of recarding that must be done in the long term.

Disk drive comprising encryption circuitry selectively enabled by verifying a circuit that provides plaintext data

Abstract: A disk drive comprising a disk for storing encrypted data is disclosed. The disk drive comprises a first circuit for providing plaintext data to a second circuit. The second circuit comprises controllable encryption circuitry for encrypting the plaintext data into the encrypted data. The controllable encryption circuitry comprises a data input, an enable input, and a data output. The second circuit further comprises a plaintext input for providing the plaintext data to the data input, an encrypted text output for providing the encrypted data from the data output, and a first control input for receiving a first device authentication signal for authenticating the first circuit. The second circuit comprises a first verification circuit, responsive to the first device authentication signal, for producing a first verification signal for use in controlling the enable input of the encryption circuitry to enable the encryption circuitry to provide the encrypted data via the encrypted text output.

Hidden Link Dynamic Key Manager for use in Computer Systems with Database Structure for Storage and Retrieval of Encrypted Data

Abstract: of Disclosure A computer system (20) with a security domain (22), at least one client business domain (26), and a plurality of client terminals (34) utilizes a hidden link dynamic key manager (24, 84) and a database structure including encrypted data entities (30C, 30D) and a security identification attribute (32) for storage of encrypted data. A method for encryption, storage, decryption, and retrieval of encrypted data operates on the computer system (20), which also includes an information database (62) and a key database (44). The key database (44) is isolated from the information database (62). The security domain (22) includes a system key manager (84) operable to generate system keys with system key common names and an encryption key manager (24) operable to generate encryption keys having encryption key identifications. The key managers (24, 84) operate on a key server (40), which is mirrored by a secondary key server (42). A general security manager (82) also operates on the key server (40) to control access to the security domain (22). The security information attribute (32) is stored with a persistent data entity (30A) that is associated with the other data entities (30C, 30D) by a database schema. The security information attribute (32) includes the encryption key identification (112) for the encryption key used to encrypt the data entities (30C, 30D). The encryption key identification is encrypted by the system key, and the system key common name hash value (114) is also stored in the security information attribute (32). The information data entities (30) are stored on the information database (62), but the encryption key identification (153), encryption key (154), system key common name hash value (156, 157), and system key common name (158) are stored in the key database (44) inside the security domain (22). The system key itself is stored on a Smart Card reader (56) inside the security domain.

Secure data storage and retrieval in a client-server environment

Abstract: Methods, systems and computer program products are provided for controlling access to digital data in a file by obtaining a passphrase from a user and generating a personal key based on the obtained passphrase. A file encryption key is generated and the digital data in the file encrypted with the file encryption key to provide an encrypted file. The file encryption key is encrypted with the personal key to provide an encrypted file encryption key. A file header containing the encrypted file encryption key and associated with the encrypted file. The encrypted file and the file header associated with the encrypted file may be stored at a file server.

Apparatus and method for reducing transmission bandwidth and storage requirements in a cryptographic security system

Abstract: An apparatus and methods for facilitating a reduction in data transmission bandwidth removes unnecessary data relating to encryption keys prior to sending a message or storing the encrypted information for a recipient. Encrypted data, such as message data for multiple recipients, is analyzed to determine whether encryption related data for other recipients may be removed.

Method and apparatus for secure authentication and sensitive data management

Abstract: A method and apparatus for improved data management are described. In one embodiment, the method comprises generating a first key component, generating an encryption key using the first key component, a token key and a personal identification number (PIN), encrypting data using the encryption key, and sending the data encrypted with the encryption key to a server along with the first key component.

Encrypting virtual memory

Abstract: In modern operating systems, cryptographic file systems can protect confidential data from unauthorized access. However, once an authorized process has accessed data from a cryptographic file system, the data can appear as plaintext in the unprotected virtual memory backing store, even after system shutdown. The solution described in this paper uses swap encryption for processes in possession of confidential data. Volatile encryption keys are chosen randomly, and remain valid only for short time periods. Invalid encryption keys are deleted, effectively erasing all data that was encrypted with them. The swap encryption system has been implemented for the UVM [7] virtual memory system and its performance is acceptable.

Efficient multi-layer coding and encryption of MPEG video streams

Abstract: This paper introduces a novel, light-weight video encryption algorithm that supports light-weight, multi-layered encryption. The objectives of this encryption algorithm are to reduce the total amount of data encrypted (while providing reasonable privacy and security) and to allow for the playback of the encrypted stream in the presence of network packet loss and bit-errors. The latter property allows for the easy adaptation of encrypted video over best-effort networks, such as the Internet. This algorithm partitions the stream into three layers and provides encryption on the lower two layers. An adaptive algorithm is provided that shows how to adaptively partition the video data so that the user can ensure a maximum peak signal to noise ratio in the base layer. Our results show that we can provide security by encrypting only a fraction of the data depending on the level of security the user requires.

The Security of All-or-Nothing Encryption: Protecting against Exhaustive Key Search

Abstract: We investigate the all-or-nothing encryption paradigm which was introduced by Rivest as a new mode of operation for block ciphers. The paradigm involves composing an all-or-nothing transform (AONT) with an ordinary encryption mode. The goal is to have secure encryption modes with the additional property that exhaustive key-search attacks on them are slowed down by a factor equal to the number of blocks in the ciphertext. We give a new notion concerned with the privacy of keys that provably captures this key-search resistance property. We suggest a new characterization of AONTs and establish that the resulting all-or-nothing encryption paradigm yields secure encryption modes that also meet this notion of key privacy. A consequence of our new characterization is that we get more efficient ways of instantiating the all-or-nothing encryption paradigm. We describe a simple block-cipher-based AONT and prove it secure in the Shannon Model of a block cipher. We also give attacks against alternate paradigms that were believed to have the above keysearch resistance property.

Method and system for secure information handling

Abstract: Information that must remain secure is often stored on untrusted storage devices. To increase security, this information is encrypted by an encryption value prior to storing on the untrusted storage device. The encryption value itself is then encrypted. The encryption value is decrypted by correctly solving an access formula describing a function of groups. Each group includes a list of at least one consumer client. A requesting consumer client is granted access to the information if the requesting consumer client is a member of at least one group which correctly solves the access formula.

Combined hardware and software based encryption of databases

Abstract: A relational database system for encryption of individual data elements comprising a encryption devices of at least two different types, the types being tamper-proof hardware and software implemented. The encryption processes of the system are of at least two different security levels, differing in the type of encryption device holding the process keys for at least one of the process key categories and also differing in which type of device executing the algorithm of the process. Each data element to be protected is assigned an attribute indicating the usage of encryption process of a certain security level.

Method for reencryption of a database

Abstract: The present invention relates to a method for encryption of the content in a database, for accomplishing increased protection against unauthorised access to the data. The method assures that every row and item is re-encrypted with a valid key. More specifically this process, the so-called KeyLife process, is executed every time a row is inserted, updated or retrieved after a scanning operation. The key life value, defining the number of days a key is valid for each item, could differ for the items, and could typically be between 30 and 90 days. The scanning operation, checking the validity of the presently used keys, the so-called KeyLife checking, is executed each time a new key generation is created.

Methods and apparatus for secure personal identification number and data encryption

Abstract: A system and methods for implementing a low cost and simple PIN encryption device is disclosed. The PIN encryption device may be incorporated into customer transaction terminals, ATMs and PIN pads for use with POS terminals or other transaction devices. The PIN encryption device securely stores PIN encryption keys and PIN encryption algorithms that are used to encrypt user entered PINs on a cryptographic smart card. The system disclosed is a physically secure device that protects the integrity of the encryption keys and algorithms. The system also protects the cryptographic smart card from tampering, and prevents the discovery of PIN data by tapping the external interfaces of the customer transaction terminal.

Why Textbook ElGamal and RSA Encryption Are Insecure

Abstract: We present an attack on plain ElGamal and plain RSA encryption. The attack shows that without proper preprocessing of the plaintexts, both ElGamal and RSA encryption are fundamentally insecure. Namely, when one uses these systems to encrypt a (short) secret key of a symmetric cipher it is often possible to recover the secret key from the ciphertext. Our results demonstrate that preprocessing messages prior to encryption is an essential part of both systems.

Secure voice communication system

Abstract: A secure real time voice communication system 70 is provided that allows for the secure transmission of voice communications between a sending device 72 and a receiving device 78 through the public switch telephone network 76 . The device 72 uses an encryption decryption engine 30 which is capable of executing a number of encryption algorithms which are selected using an encryption selection table 80 . An encryption key can be calculated from a periodic key value and a public variable key value. Further, the encryption algorithm used can be periodically changed during a voice communication session so that multiple encryption techniques can be used within the same communication session.

Method and system for managing keys for encrypted data

Abstract: A computer system and method manages encryption keys for data. The system and method generates a session key and encrypts given data with the session key. The system and method generates a key encryption key based on a secret initial vector, or password. The session key is encrypted using the key encryption key. The encrypted data and the encrypted session key are then interleaved according to a set of indices created by a one-way transform. The one-way transform takes as its input the initial vector, the length of the encrypted session key and the length of the encrypted data. The data is recovered by a party knowing the initial vector using the one-way transform to determine the location of the encrypted session key in the interleaved data. The session key is decrypted which allows the data to be decrypted.

Method and system for restricting access to the private key of a user in a public key infrastructure

Abstract: An encryption/decryption system for providing restricted use of each key in a plurality of keys to preserve confidentiality of the plurality of keys. Each key is usable by an associated user in a public key infrastructure to encrypt and decrypt data. The encryption/decryption system comprises a key storage means for storing a plurality of keys, user authentication means for determining whether a prospective user of a key in the plurality of keys is the associated user of the key, and an encryption/decryption means for encrypting and decrypting data using the plurality of keys when the user authentication means authenticates the prospective user. The encryption/decryption means is operable in a browser on a client computer.

Methods and apparatus for selective encryption and decryption of point to multi-point messages

Abstract: Methods and systems for selectively encrypting and decrypting messages transmitted on a channel of a communication network, such as a broadcast channel, are provided. Group encryption keys are provided for one or more services utilizing the broadcast channel to communicate messages. A message associated with a particular service first receives an error check value, such as a cyclical redundancy check (CRC) value generated from the unencrypted message. The message is then encrypted using the group encryption key for the service and the CRC is added to the encrypted message and transmitted with a broadcast address of the communication network. A receiver then receives the message and determines that the CRC indicates an error (as it is generated from the encrypted message rather than the unencrypted message). The receiver then decrypts the message using the group encryption key for the service (assuming the receiver is authorized to receive the service, i.e., has access to the group encryption key) and generates a CRC from the decrypted message. If this CRC matches the CRC received with the message, the receiver recognizes the message as being associated with the corresponding service and processes the message accordingly. Where multiple services are supported and the receiver has a corresponding plurality of group encryption keys, each encryption key can be tested until a CRC without error is provided thereby indicating the service with which the message is associated.

Secure internet user state creation method and system with user supplied key and seeding

Abstract: A method and system for creating secure Internet user states between one or more servers and one or more users. The invention is carried out by a server receiving over the Internet from a user private data relating to the user and a user key; creating an encryption key from the user key; encrypting the private data with the encryption key; assigning the encrypted private data to the data field of a cookie; and sending the cookie back to the user's computer for storage, so that when the user later requests data from the server or a related server, the cookie is sent back by the user's computer to the server or related server, which extracts the encrypted private data; receives the user key; recreates the encryption key; decrypts the encrypted private data with the encryption key and uses the decrypted private data to establish an Internet state between that server and the user. Optionally, the private data may be seeded by a server prior to encryption and assignment.

Encrypting communications between wireless mobile units

Abstract: A wireless mobile unit includes a voice encoder circuit that receives an analog voice signal and creates digital voice data representing a user's voice The mobile unit receives an encryption key entered by the user, typically on the keypad or through a voice recognition circuit, and stores the encryption key in a storage device An encryption circuit encrypts the digital voice data using the encryption key A transmitter then modulates the encrypted voice data onto an RF signal and transmits the RF signal to a base station in a wireless network The base station uses the same encryption key to decrypt the signal before transmitting it to another base station or mobile unit Signals transmitted from the base station to the mobile unit are encrypted and decrypted using a user-selected encryption key in a similar manner

A cryptographic device having reduced vulnerability to side-channel attack and method of operating same

Abstract: A cryptographic device and method of operation for encrypting messages. The device can be incorporated into a postage metering system to provide cryptographically secured postal indicia. The device and method provide increased security against side-channel attacks such as differential power analysis (DPA). An encryption key is transformed with a first function to generate a temporary key as a function of a random number. A message is encrypted with the temporary key to generate a modified message. The modified message is transformed with a second function to generate an encryption. The encryption generated is identical to a direct encryption of the message with the untransformed key. The temporary key is changed frequently to protect against side-channel attacks.

Method of updating encryption keys in a data communication system

Abstract: The invention discloses a method of updating, in nodes on both ends of a secure link, the encryption key they share to encrypt and decrypt data When having to transmit data from one of the nodes towards its peer remote node, a data base in the forwarding node, is first updated from the data to be transmitted Then, encryption is performed and data transmitted to the peer remote node while a next-to-use encryption key is derived from the new contents of the data base When received, data are decrypted with the current value of the encryption key and the peer remote node data base is updated identically from the received decrypted data after which a next-to-use encryption key is derived, thereby obtaining in the peer remote node, a next-to-use identical key The data base is preferably the dictionary of a data compression/decompression system used simultaneously with encryption/decryption to transmit data over the secure link While keys are frequently updated, for improved security, the invention does not require that key updates need to be actually distributed

Method and apparatus for encrypting transmissions in a communication system

Abstract: Method and apparatus for encrypting transmission traffic at separate protocol layers L1 (220), L2 (210), and L3 (200) so that separate encryption elements (204) can be assigned to separate types of transmission traffic (201, 203, 205), which allows the implementation of different levels of encryption according to service requirements. Encryption elements (204) use variable value inputs, called crypto-syncs, along with semi-permanent encryption keys to protect from replay attacks from rogue mobile stations. Since crypto-sync values vary, a method for synchronization and authentificated registration of crypto-syncs is also presented. Crypto-scancs can be built expediently for each different type of traffic frame by using different system resources. In one embodiment, a cyclic redundancy check (CRC) can be used to verify crypto-syncs.

Information encryption system and method

Abstract: An encryption system permits end-to-end encryption of information over an untrusted interconnection network. The information encryption system includes at least one client for processing information. The system also includes at least one storage device for holding the information. At least one key server provides a data key for encrypting and decrypting the information. An encryption module is associated with each client. Each encryption module has a first processor accessing a first memory and a second processor accessing a second memory different from the first memory. The first processor communicates with the associated client. The second processor communicates with the storage device. The first processor communicates with the second processor through a dedicated channel. The second processor obtains the data key from the key server. Information is received from the first processor over the dedicated channel and encrypted using the data key. The encrypted information is then stored on the storage device. The second processor also reads the encrypted information from the storage device, decrypts the information using the data key, and sends the decrypted information to the first processor over the dedicated channel.

Standing the Test of Time : The Data Encryption Standard

Abstract: F ast and hard, that is all that cryptographers have ever wanted: a system that encrypts quickly but is essentially impossible to break. With their reliance on elementary number theory, public-key systems have captured mathematicians' imagination. Public-key algorithms are too slow to be used for most data transmissions, and instead public-key algorithms are used for establishing a key. Then a private-key system does the encryption. Private-key algorithms are typically faster than public-key ones. The workhorse private-key algorithm is the Data Encryption Standard (DES), which relies on cryptographic design principles that predate public key. With the exception of RC4 in Web browsers and relatively insecure cable-TV signal encryption, DES is the most widely used public cryptosystem in the world. DES is the cryptographic algorithm used by banks for electronic funds transfer, DES is used for the protection of civilian satellite communications , and a variant of DES is used for UNIX password protection. Proposed in 1975 and approved in 1977 as a Federal Information Processing Standard, 1 DES was immediately attacked by those who felt that its 56-bit key length was insecure. In spite of such claims, DES remained a strong encryption algorithm until the middle of the 1990s—several times longer than the government had reason to expect. Now, however, DES is past the end of its useful lifetime. In the summer of 1998 DES's insecurity was definitively demonstrated when a $250,000 computer built by the Electronic Frontier Foundation (EFF) decrypted a DES-encoded message in 56 hours. In January 1999 this was improved to 22 hours through a combination of 100,000 networked PCs and the EFF machine. But until a substitute is found, DES remains a de facto standard. The National Institute of Standards and Technology (NIST)—whose predecessor, the National Bureau of Standards, certified DES—is currently seeking a successor to the algorithm. The Advanced Encryption Standard (AES) will work in three key lengths: 128, 192, and 256 bits. Fifteen candidates were submitted in June 1998 (there were actually twenty-one submissions, but six candidates had not fulfilled NIST's requirements). In August 1999 NIST eliminated ten of the fifteen. The agency is scheduled to pick DES's successor in the summer of 2000. The winning algorithm will be one whose security should stand well into the new century. The publication of DES heralded a new era in cryptography. Academic and industrial researchers had an algorithm available for study that the National Security Agency had …