Encryption Today and Tomorrow

When organizations move to the Internet, either as consumers of information or as providers of goods and services, there is a single, common concern shared among all managers: security. Internet insecurity is so prevalent that entire legends build up around break-in incidents and reports that encryption schemes have been broken.

Encryption is crucial because without it, electronic commerce will never flourish. What about the news that an inexpensive computer, using widely available parts and very little special programming, has broken Digital Encryption System (DES), the data encryption standard in use by millions of Internet users for secure Web sessions? Should we worry once again that the Internet will never be a safe place for business?

To protect its own documents, the U.S. Government used an IBM-developed cryptography technology called the DES to encode all secret electronic communications. The algorithms used in DES have been published and have undergone extensive public examination. It has been widely accepted in the Internet security community that it is impossible to break DES by any process except brute force: trying every possible key combination until you discover the message.

In years past the sophistication of DES, and the fact that there was no simple way to crack the code, made it highly reliable for securing messages and data. That's why DES has picked to provide the underlying security for Secure Sockets Layer (SSL), the system that makes it possible to establish secure channels between a Web server and a browser.

Like an elderly actor that forgets his lines but makes up for it with charm and guile, DES is beginning to show its age. DES is based on 56-bit keys. Once thought uncrackable, 56-bit keys are now considered susceptible to a determined attack. In fact, one company, RSA Laboratories (San Mateo, Calif., www.rsa.com), sponsors an annual contest to prove the limitations of DES and the 56-bit key.

This year a small team led by the Electronic Frontier Foundation (www.eff.org), an Internet public interest advocacy group based in San Francisco, using inexpensive but sophisticated computing platforms, cracked the contest code in 3 days. Their exploits and their analysis of DES can be found in an entertaining book, Cracking DES, published by O'Reilly and Associates (Sebastopol, Calif., www.oreilly.com). With DES "cracked," is it time for a new cryptographic standard? Should we wait until a stronger form of encryption is available before embracing electronic commerce?

Yes and no! Work is underway to replace DES. The replacement is to be called the Advanced Encryption Standard (AES), and you will hear quite a bit about it in the coming year. The development of AES has already been in process for more than a year. In early January 1997, the U.S. Government announced its intent to develop AES and asked for comments from the government, commercial and academic communities. A set of specifications was built from these comments and a set of requirements and procedures was put together. In September of last year the U.S. Government made a formal call for a replacement for DES.

Ten different countries submitted 21 candidates. To make sure that the selected algorithm works as advertised, the National Telecommunications and Information Administration will submit it to a formal review process. The public review means that anyone can examine the mathematics that makes the encryption scheme work and analyze how difficult it might be to crack. Besides having this formal, public review, the chosen standard will also be royalty-free on a worldwide basis.

Perhaps just as important is that the public analysis ensures that there isn't a backdoor built into the cipher that would allow its designers (or someone else) to easily decode messages and sessions. Another crucial feature of AES is that it is more efficient and secure than DES. This means that it can be used in confidence in situations where DES might not be appropriate.

The public review of candidates continues until April 15, 1999. At that time five finalists will be chosen. Another public review follows that for 6 to 9 months, and then a selection will be made. Obviously that could mean that AES would not be available until well after the world goes dark in January 2000. Until then, we'll be stuck with DES and its variants. Is that a disaster? After all, wasn't DES cracked over a weekend?

The fact that a single message was decoded over a weekend this year is academically interesting, but it shouldn't keep organizations from embracing electronic commerce. The team knew in advance that the message was in English and had as much time as they needed to decode it. Few transactions on the Internet are like that. It's far more common to see short transactions whose meaningful lifetime is short.

Decrypting any DES message is an impressive achievement. But even with advances in processing power and parallelism, business use of the fundamental tools that protect Internet commerce are still secure. Best of all, better tools are on the way. --Mark McFadden is a consultant and is communications director for the Commercial Internet eXchange (Washington). Contact him at mcfadden@cix.org.