Académique Documents
Professionnel Documents
Culture Documents
THESIS SYNOPSIS
SUPERVISED BY
INTRODUCTION
The three tenets of information security are confidentiality, integrity, and availability.
Confidentiality refers to keeping information private or a secret; integrity in this context refers to
ensuring that no unauthorized party alters the information; and availability refers to being able to
access the information when desired. Cryptographic algorithms and systems can assist with the
first two of these tenets via encryption and digital signatures, respectively, whereas maintaining
availability is a matter of total security and maintenance and is not discussed further in this
review.
Cryptography itself can be divided into two broad fields: private-key cryptography and publickey cryptography. Private-key cryptography is also known as symmetric cryptography because
both sides of the communication link use the same cryptographic key for all of their processing.
This type of cryptography has the advantages of using relatively small keys to produce strong
encryption and is therefore quite fast. However, private-key cryptography also suffers from the
key exchange problem: that is, how does one share the private-key with the other party over a
public and insecure network? One solution is the Diffie-Hellman (D-H) key exchange algorithm,
which involves a process that uses random numbers and the discrete logarithm problem to
exchange a shared secret. This process is computationally difficult to reverse for an
eavesdropper, so it is therefore considered secure. Another method is the use of public-key
cryptography, whereby each party uses a public/private key pair for all of their cryptographic
operations. In public-key cryptography, the public key is meant to be shared and its security is
not a concern, whereas security of the private key is a top priority and it is not intended to be
shared with any other party. The public/private key pair can be used together because they are
mathematically related but in such a way that the private key cannot be derived from the public
key, or at least it is computationally difficult to do so, even with modern computer systems.
The Rivest, Shamir and Adleman (RSA) algorithm was the first publicly-known algorithm that
implemented public-key cryptography with strong encryption and that stood the test of time
against peer reviewed attacks. In order for RSA to do so, however, it requires the use of
relatively large keys. Using such keys is not a problem for modern clients that implement RSA in
software and only have to negotiate one secure connection per session; however, for today's
servers that must process hundreds or thousands of connections per second, or for smaller,
power-limited devices, having to process cryptographic algorithms using large keys can quickly
consume the devices' resources. In such cases, the device may be forced to use smaller, less
secure keys, unless a suitable alternative could be used. One such alternative is the use of
Elliptical Curve Cryptography (ECC).
Suite B
On February 16, 2005 the National Security Agency (NSA) presented its strategy and
recommendations for securing U.S. Government sensitive and unclassified communications. The
strategy included a recommended set of advanced cryptography algorithms known as Suite B.
The protocols included in Suite B are Elliptic Curve Diffie-Hellman (ECDH) and Elliptic Curve
Menezes-Qu-Vanstone (ECMQV) for key transport and agreement; the Elliptic Curve Digital
Signature Algorithm (ECDSA) for digital signatures; the Advanced Encryption Standard (AES)
for symmetric encryption; and the Secure Hashing Algorithm (SHA).
In order to properly meet the Suite B standards, vendors must have a firm grasp on ECC-based
algorithms or work with a security partner who does. They must also decide on the best way to
implement these algorithms into their existing solutions, as well as plan for those in the future.
Solution
Ultimately, selling successfully into the government comes down to compliance: compliance
with standards for security; compliance with expectations of performance. Understanding the
development choices available within the requirements is essential; applying them efficiently is
the key to a competitive advantage.
Working with Certicom as a security partner, vendors can quickly and easily build missioncritical national security applications into their products by using Security Builder NSE .
This toolkit enables organizations to build applications that meet the field-of-use guidelines set
out by the NSA.
The Security Builder NSE toolkit covers the technology that was part of the 26 patents licensed
by the NSA plus optimized implementations that enable developers to meet both the NSA fieldof-use guidelines and FIPS 140-2 validation requirements.
By using the toolkit, vendors can look forward to proven implementations, faster NSA approvals
and faster FIPS 140-2 validations. This means vendors not only meet Suite B and FIPS
government requirements, but they do so quickly, ensuring themselves a competitive advantage.
Suite B is not just for government use, however. As with other technologies in the past, the U.S.
Government has led the way in what it considers adequate for secure communications. Many
corporations have sensitive intellectual property online and/or electronically process sensitive
information. Suite B algorithms are also appropriate in these types of situations.
1. Historical introduction
i) Motivation and examples
ii) Elementary group theory and number theory
iii) Finite fields
iv) Simple encryption algorithms
2. Discrete logarithm problem
i) Statement and examples
ii) Basic attacks
iii) Diffie-Hellman key exchange
iv) The ElGamal cryptosystem
3. The RSA cryptosystem
i) Algorithm, examples and cautions
ii) Primality tests and factorization algorithms
iii) Introduction to the number field sieve
4. Elliptic curve cryptography
i) Elliptic curves and group law
ii) Elliptic curves and factorization
iii) The elliptic version of the discrete logarithm problem
5. Complementary topics
i) Digital signatures
ii) The algorithm DES
iii) Knapsack cryptosystems
iv)Lattices and cryptography