NIST New Field For New Security Standard

For Nev Zunic, program manager in the IBM Cryptographic Center of Competence and a member of the MARS development team, DES is coming to the end of its useful life. In the next few years, he said, the 56-bit key will come under increasing attack. Zunic noted that all of the finalists are faster, stronger and more flexible than the Triple DES used today. By flexibility, he means that all can be implemented on the full range of devices.One area that does demand attention and will require deeper analysis is security."Security has not been analyzed too much on the first round. How safe and secure are the algorithms? Do they have an acceptable number of rounds? How many times do they perform encryption operations? And what is an acceptable limit of rounds?" said Zunic.He raised the issues of calculating a security margin and the need for a common measurement scheme. For example, an algorithm with 10 rounds that is capable of performing 12 would have a 20 percent security margin."There is a need to extend the security margin and to develop a common measurement scheme. Perhaps a 50 percent security margin would do. There also is more work needed on cryptanalysis, the art of cracking algorithms, of understanding how algorithms operate and the data paths that can be manipulated or controlled to leak information," said Zunic.He believes the AES activity and selection should instill trust and confidence in customers, vendors and service providers that information will be well protected in electronic transactions. All that information will be protected with a minimal 128-bit key length.Beyond the AES, Zunic sees the AES competition stirring up interest in both algorithm design and cryptanalysis. Aside from the cryptographic community, the AES competition is raising security awareness in general for Web- and non-Web-based transactions and networked environments.Burt Kaliski, chief scientist and director at RSA Laboratories, and another finalist, believes the choice of an advanced encryption standard by NIST is very important. He, too, feels DES has reached the end of its useful life in many applications."Users need a stronger encryption standard, and DES provides only 56-bit security," he said. "There are many other choices today, including Triple DES and various proprietary algorithms, than there were when DES was first published more than 20 years ago. "But there are also many more applications that need security," Kaliski said. Rather than just a proliferation of choices, it is helpful to have one or a small number of well-trusted algorithms that everyone can implement."Kaliski noted that public-key algorithms, such as NIST's digital signature algorithm, the RSA public-key cryptosystems and elliptic curve cryptography will continue to have a role alongside AES and will not be replaced by AES.Since AES is being developed by an international community of cryptographers, it may find support by governments worldwide, Kaliski said.Like DES, AES supports encryption for both confidentiality (keeping messages secret) and authentication (detecting unauthorized modifications). He reasons that AES, like DES, will find applications in many different areas of computer and communications security."AES has been a focal point for cryptography research over the past few years and should serve as a reference point for further collaborations between government standards-setting bodies and the academic community," Kaliski said.This is in marked contrast to DES development, which essentially was done in secret. Hopefully, the knowledge gained through AES will increase public confidence in the algorithm, and future security standards will be developed in a similar way to AES, said Kaliski.Yet another finalist, Joan Daemen, president of Proton World in Brussels, feels the importance of AES resides in the fact that it will replace DES and Triple DES by a new algorithm that is better suited for modern platforms."Encryption and decryption and message authentication will become available at faster speeds," Daemen said. "It will also simplify the specifications of systems that make use of DES. Because of its small key length and block length and some peculiar undesired properties, such as weak keys and complementation property, DES is used in many 'strengthened' modes, of which Triple DES is an example, that often differ from each other in subtle ways. "For AES, this kind of strengthening will no longer be necessary, resulting in systems that are easier to understand, document and maintain," Daemen said.Daemen believes it is not unlikely that in the long term AES will replace DES and Triple DES in a lot of its applications, including banking, virtual private networks and PC security. However, he added AES is not likely to attain the monopolistic position DES has had because many good block cipher designs are around."All five AES finalists are excellent high-speed encryption functions, and they will not disappear when one of them is chosen as winner," said Daemen.For Bruce Schneier, president of Counterpane Systems, Minneapolis, and a member of the team that developed the Twofish algorithm, the winner will be chosen based on such factors as performance, flexibility and suitability. He feels that to the average consumer, the choice of AES is unimportant. What is important is that NIST has made a choice."Right now, we don't have an encryption standard that is secure," he said. "DES has too short a key. People are using Triple DES, but that has other problems, such as performance and use in some weird applications. AES is a new encryption standard that will hopefully remain secure for a few decades."Schneier does not believe AES selection will have a big impact on electronic business or commerce. "E-commerce works just fine without any security. Future Internet protocols will implement AES, just as they now implement DES. Hardware performance will be better, but the impact on e-commerce will be negligible," he said.As Schneier noted in an essay published on his Web page, AES will have to work in a variety of applications, doing all sorts of encryption tasks. These include 32-bit microprocessors, 64-bit microprocessors, small 8-bit smart cards and everything else that cannot be imagined yet."Choosing a single algorithm for all these applications is not easy, but that's what we have to do," he said. "It might make more sense to have a family of algorithms, each tuned to a particular application, but there will be only one AES. "And when AES becomes a standard, customers will want their encryption products to be 'buzzword-compliant,' " Schneier said. "They'll demand it in hardware, in desktop computer software, on smart cards, in electronic-commerce terminals and other places we never thought it would be used. Anything we pick for AES has to work in all those applications." XXXSPLITXXX- Data Encryption Standard first approved (reaffirmed by the secretary of commerce in 1993 until December 1998) Through the Computer Security Act of 1987 (and later Section 513 of the Information Technology Management Reform Act of 1996, P.L. 104-106, Executive Order 13011 and Office of Management and Budget Circular A-13), the National Institute of Standards and Technology develops standards and guidelines for federal computer systems. These are approved by the secretary of commerce. Standards and guidelines are issued by NIST as Federal Information Processing Standards (FIPS) for use throughout the federal government. According to its mandate, NIST develops these standards when there are compelling federal government requirements, such as security and interoperability, and there are no acceptable industry standards or solutions. Data encryption standard (DES) adopted as one of the FIPS (46-2). DES is for use in special-purpose electronic devices or computer systems or networks for cryptographic protection to binary coded data. However, included in the standard was this statement by the commerce secretary: "At the next review (1998), the algorithm specified in this standard will be over 20 years old. NIST will consider alternatives that offer a higher level of security. One of these alternatives may be proposed as a replacement standard at the 1998 review." NIST issues Special Publication 800-12, "An Introduction to Computer Security: The NIST Handbook." (www.nist.gov) NIST announces in the Federal Register the initiation of a process to develop a FIPS for advanced encryption standard (AES) using an advanced encryption algorithm. As the first step, NIST publishes for comment draft minimum-acceptability requirements and draft criteria to evaluate candidate algorithms. Also announced for comment are draft submission requirements. According to NIST documents, AES is intended to specify an unclassified, publicly disclosed encryption algorithm available royalty free, worldwide and able to protect sensitive government information well into the next century. Comments were due by April 2, 1997. NIST announces 15 AES candidate algorithms at the First AES Candidate Conference. They were submitted by members of the cryptographic community throughout the world. NIST issues "Special Publication 800-18, Guide for Developing Security Plans for Information Technology Systems." (www.nist.gov) NIST holds Second AES Candidate Conference to discuss the results of the analysis conducted by the global cryptographic community on the candidate algorithms. The public comment period on the initial review of the algorithms closes. NIST announces five contenders as finalists to develop the advanced encryption algorithm for the advanced encryption standard. NIST will sponsor the Third AES Candidate Conference in New York to discuss the analyses of the AES finalists. Proposed papers for the conference are due to NIST by Jan. 15, 2000. Closing date for comments on the remaining algorithms. Comments and analysis to be actively sought by NIST. AES FIPS completed.XXXSPLITXXX-By John MakulowichA division of the Commerce Department, Bureau of Export Administration, Office of Strategic Trade and Foreign Policy Controls. This Web page carries information on regulations, criteria, special guidance, White House documents, testimony, press releases, speeches and correspondence as well as links to other government sites. The most recent news on the site is the June 21 announcement about the Justice Department's petition to rehear a case about the constitutionality of the federal government's export controls on encryption products. A key national advisory committee on international trade. PEC is a forum for resolving trade problems among the business, industrial, agricultural, labor and government sectors. The council, set up by executive order in 1973, maintains separately chartered subcommittees. One formed in 1997 is the subcommittee on encryption, which reviews commercial encryption issues. Subcommittee members are appointed by the secretary of commerce. On the site are recommendations about encryption policy. Through the Computer Security Act of 1987, NIST issues guidance to federal agencies on security controls for unclassified systems. This site houses the complete collection of that guidance.FedCIRC issues security advisories and offers free and for-fee services, such as incident response and onsite recovery and audit-trail analysis. The FedCIRC partnership is made up of federal incident response teams, law enforcement, private sector, academia and U.S. government agencies responsible for securing the National Information Infrastructure.This page includes references to the Government Paperwork Elimination Act, Title XVII of Public Law 105-277; H.R. 439, Paperwork Elimination Act of 1999; S.761, Millennium Digital Commerce Act; H.R. 1714, Electronic Signatures in Global and National Commerce Act; H.R. 1572, Digital Signature Act of 1999; and H.R. 1685, Internet Growth and Development Act of 1999.ISSO provides security for the communications and information systems of the Defense Department and other government agencies. Its services include information systems security engineering and threat and vulnerability assessments for information systems and operations. Numerous solutions are described at this site, which carries a revision date of Aug. 27, 1997.NIAP is designed to meet the security testing needs of both IT producers and users and to foster the development of commercial testing laboratories. The partnership is a collaboration of NIST and NSA.The Web Security frequently asked questions list, housed on the World Wide Web Consortium server, tries to answer some of the most commonly asked questions about the security implications of running a Web server and using Web browsers.