09-08-2012, 12:41 PM
The Data Encryption Standard Past and Futur
The Data Encryption Standard.pdf (Size: 2.27 MB / Downloads: 78)
THE BIRTH OF THE DES
The Development of Security Standards
In 1972, the National Bureau of Standards (NBS), a part of the U.S. Department of
Commerce, initiated a program to develop standards for the protection of computer
data. The Institute for Computer Sciences and Technology (ICST), one of the major
operating units of the National Bureau of Standards, had been recently established in
response to a 1965 federal law known as the Brooks Act (PL89-306) that required new
standards for improving utilization of computers by the federal government. Computer
security had been identified by an ICST study as one of the high-priority areas requiring
standards if computers were to be effectively used. A set of guidelines and standards
were defined by the ICST that were to be developed as resources became available in
computer security. The guidelines were to include areas such as physical security, risk
management, contingency planning, and security auditing. Guidelines were adequate in
areas not requiring interoperability among various computers. Standards were required
in areas such as encryption, personal authentication, access control, secure data storage,
and transmission because they could affect interoperability.
Standards come in different "flavors": basic, interoperability, interface, and implementation.
1. Basic standards (also called 4'standards of good practice") are used to specify
generic functions (services, methods, results) required to achieve a certain set of
common goals. Examples include standards for purity of chemicals, contents of
food products, and in the computer field, structured programming practices.
2. Interoperability standards specify functions and formats so that data transmitted
from one computer can be properly acted on when received by another computer.
The implementation (hardware, firmware, software) or structure (integrated, isolated,
interfaced layers) need not be specified in interoperability standards, since
there is no intent of replacing one implementation or structure within a system
with another.
Interface standards specify not only the function and format of data crossing the
interface, but also include physical, electrical, and logical specifications sufficient
to replace one implementation (device, program, component) on either side of the
interface with another.
4. Implementation standards not only specify the interfaces, functions, and formats,
but also the structure and the method of implementation. These may be necessary
to assure that secondary characteristics such as speed, reliability, physical security,
etc. also meet certain needs. Such standards are often used to permit component
replacement in an overall system.
Each of the above types of standards was considered for the specification of the
DES. A basic standard did not achieve telecommunications interoperability if different
algorithms were selected by the communicating parties. Although an interface standard
was desirable in some applications (e.g., data encryption on a RS-232C interface device)
it would not be applicable in other applications (e.g., secure mail systems). An
implementation standard was rejected because it would restrict vendors from using new
technologies. Therefore, the DES was developed as an interoperability standard, requiring
complete specification of basic function and format yet remaining independent of
physical implementation.
Public Perception of Cryptography
Cryptography is a word that has been derived from the Greek words for "secret writing."
It generally implies that information that is secret or sensitive may be converted
from an intelligible form to an unintelligible form. The intelligible form of information
or data is called plaintext and the unintelligible form is called ciphertext. The process of
converting from plaintext to ciphertext is called encryption and the reverse process is
called decryption. Most cryptographic algorithms make use of a secret value called the
key. Encryption and decryption are easy when the key is known, but decryption should
be virtually impossible without the use of the correct key. The process of attempting to
find a shortcut method, not envisioned by the designer, for decrypting the ciphertext
when the key is unknown is called cryptanalysis.
Chapter 1 The Data Encryption Standard 47
In the early 1970s, there was little public understanding of cryptography. Most
people knew that the military and intelligence organizations used special codes or code
equipment to communicate, but few understood the science of cryptography. The International
Business Machines Corp. (IBM) initiated a research program in cryptography
because of the perceived need to protect electronic information during transmission between
terminals and computers and between computers (especially where the transmissions
were to authorize the transfer or dispensing of money). Several small companies
in the United States made cryptographic equipment for sale, much of it overseas. Several
major companies made cryptographic equipment under contract to the U.S. government,
but most such equipment was itself classified.
There was an interest in the mathematics of cryptography at several universities,
including Stanford and MIT. Cryptographic algorithms were frequently based on mathematics
or statistics and hence were often of interest to mathematicians. Making and
breaking cryptographic algorithms was considered an intellectual challenge. However,
there was only a limited market for expertise in cryptography outside the military and
intelligence circles.
The NBS project in computer security identified a number of areas requiring research
and the development of standards. A cryptographic algorithm that could be used
in a broad spectrum of applications by many different users to protect computer data
during transmission and storage was identified as a needed standard. A standard cryptographic
algorithm was considered necessary so that only one algorithm needed to be
implemented and maintained, and so that interoperability could be easily achieved. This
led to the initiation of the NBS project in data encryption and the first solicitation for
candidate algorithms.
The NBS-NSA-IBM Roles
The National Bureau of Standards initiated development of the DES when it published
in the Federal Register of May 15, 1973, a solicitation for encryption algorithms for
computer data protection. Responses to this solicitation demonstrated that there was an
interest in developing such a standard, but that little technology in encryption was publicly
available. NBS requested assistance from the National Security Agency (NSA) in
evaluating encryption algorithms if any were received or in providing an encryption
algorithm if none were received.
IBM had initiated a research project in the late 1960s in computer cryptography.
The research activity, led by Dr. Horst Feistel, resulted in a system called LUCIFER
[1]. In the early 1970s, Dr. W. Tuchman became leader of a development team in cryptographic
systems at IBM. This development activity resulted in several publications,
patents, cryptographic algorithms, and products. One of the algorithms was to become
the Data Encryption Standard.
IBM submitted its cryptographic algorithm to NBS in response to a second solicitation
in the Federal Register of August 27, 1974. NBS requested that the NSA evaluate
the algorithm against an informal set of requirements and simultaneously requested that
IBM consider granting nonexclusive, royalty-free licenses to make, use, and sell apparatus
that implemented the algorithm. A great deal of discussion was conducted by NBS
with both organizations in response to these requests.
On March 17, 1975, nearly 2 years following the first solicitation, NBS published
two notices in the Federal Register. First, the proposed *'Encryption Algorithm for
48 Section 1 Cryptography
Computer Data Protection" was published in its entirety. NBS stated that it satisfied
the primary technical requirements for the algorithm of a DES. It also notified readers
to be aware that certain U.S. and foreign patents contain claims that may cover implementation
and use of this algorithm and that cryptographic devices and technical data
relating to them may come under the export control. The second notice contained a
statement by IBM that it would grant the requested nonexclusive, royalty-free licenses
provided that the Department of Commerce established the DES by September 1, 1976.
On August 1, 1975, NBS published in the Federal Register the fourth notice of a
proposed Federal Information Processing Data Encryption Standard. Comments were
requested from federal agencies and the public regarding the proposed standard. On
October 22, 1975, Dr. M. Hellman sent his criticism of the proposed standard. His
letter began, "Whit Diffie and I have become concerned that the proposed data encryption
standard, while probably secure against commercial assault, may be extremely vulnerable
to attack by an intelligence organization." He then outlined a "brute force"
attack on the proposed algorithm, using a special-purpose "parallel computer using one
million chips to try one million keys each" per second. He estimated the financial
requirements to build such a machine to be twenty million dollars [2].
Because of the concern for adequate protection to be provided by the DES, NBS
continued to evaluate the algorithm, the requirements for security in the private and
public sectors, and the alternatives to issuing the standard. Finally, NBS recommended
that the standard be issued and it was published on January 15, 1977. The standard
included provisions for a review by NBS every 5 years.
THE DES CONTROVERSY
How Long Is Long Enough?
The DES security controversy forced consideration of basic security questions about
how good is good enough and how long is long enough. Every practical security system
must be evaluated with respect to security, costs (initial, operational, maintenance), and
user "friendliness." These factors were studied in great depth during the evaluation of
the proposed standard.