TRENDS - ENCRYPTION
Byline: SUELETTE DREYFUS
Data designers increasingly are focusing on transmission security.
IN THE weeks following the Oscars, frantic fashion-chasers pant over
those red-carpet photos with one question on their lipstick: What's the
Next Big Thing? For those more interested in the fashions of the brain
rather than the brawn, look no further to find cutting-edge creativity
than cryptography, the haute couture of the technology world.
Good cryptographic algorithms, so essential in the fine art of
information hiding, reveal a certain mathematical elegance. Just as the
number of Paris fashion houses receiving special approval from the
French Ministry of Industry and Regional Development to call their
collections haute couture is very limited, so these cryptographic
algorithms are relatively rare.
In the millennial world, there can be little doubt that grey matter is
``in''. And Bill Duane, international technical director of RSA
Security, Inc, the world's largest cryptography company, has a few tips
on what it will be wearing next season.
So what is hot in cryptowear? Look for ephemeral keys, template-less
biometrics, sheer digital watermarks lined with a crinoline of crypto
and au natural molecular computing.
Sitting in a trendy Brunswick Street cafe, Duane revealed his
predictions after jetting into Melbourne recently from RSA's
headquarters in the Milan of the IT world, Massachusetts.
Some of these, such as template-less biometrics, are so new they are
little more than a theoretical sparkle in designers' imaginations, but
they are moving fast. Others, such as digital watermarking, will be
retro by the time they become widespread. They've existed for some time,
but Duane predicts they may take off in a much larger way in future.
As an amateur astronomer, the technical director of RSA's Advanced
Development Group has some experience with studying the past to
understand the future.
Musicians might be lining up to try on digital watermarking as a way of
protecting their music distributed over the Net, but webpage designers
could also benefit from the evolving technology.
``If you have drawn a picture as an artist, you have a right to recover
royalties on the use of your images. Today there is no way to stop
people stealing images off one website and using them somewhere else,''
Duane said.
One role for crypto is in hiding the digital watermark amid all the
noise of random characters in a sound or picture file. It's difficult
for pirates to remove what they can't find.
Ephemeral keys, a kind of disposable cryptographic public key, might
also be floating down what could only be described as the
platinum-matter runway in the near future. These keys could radically
change the way in which an average piece of e-mail or other data is
encrypted.
At the moment, most public key, or asymmetric systems, actually encrypt
e-mail with a symmetric key that is randomly generated on the spot by
the software. That key is then encrypted, using the public key system,
and bundled with the encrypted message before being sent.
Why not just use the public key to encrypt the data directly? ``Both RSA
and elliptic curve nowadays are kind of slow and they generate large
blocks of data when you use encryption. So it's better to just encrypt a
little symmetric key and use fast little symmetric algorithms to encrypt
the bulk of the data,'' Duane explained.
``But the newer-generation public key systems are potentially
lightweight enough that you could actually do direct PK encryption and
arbitrarily generate new keys on the fly as you need them. These are
ephemeral keys - short-lived keys that come and go,'' he said.
However, not every new creation wafting forth from a designer's desk has
an immediately obvious use, at least in its early days.
``Do I have a really clear understanding of how we might use them
(ephemeral keys)? No. It just feels like there is something there,''
Duane said.
``Ephemeral keys is an artefact of second-generation PK algorithms and
they (RSA Labs) are looking at doing some research and investigating
second-generation PK algorithms, so they are definitely looking at
that,'' he said.
When asked what ``looking at'' entailed, Duane looked over his latte and
hedged. ``Ephemeral keys is not something that we're spending a lot of
time on, but it is something that is coming up in the general industry
around newer, second-generation PK algorithms. RSA Labs in particular is
looking into those second-generation algorithms.''
How will RSA dress up biometrics in cryptowear? It's complicated. First,
think biometrics tests: iris pattern, fingerprints, hand geometry, voice
print. Some systems measure the veins and nerves inside your tissue.
According to Duane, there's even a system that measures body odor,
although he was quick to add RSA Labs was definitely not working on that
one. (So avant-garde, it's fallen over the edge into tastelessness,
perhaps?)
Consider the underlying problems with biometrics. ``(What if) the
pattern that is presented is different than the template because your
finger may be dirty or cut?" he said. Templates of body parts almost
never match exactly the physical part presented and, worse, they are a
security risk. What if someone stole your template? He could pretend to
be you.
Biometrics is based on the concept of a good-enough match. ``And that is
an actual hard problem in cryptography because crypto is based on the
concept of exact mathematical operations,'' Duane said.
``RSA Labs is looking at unique cryptographic ways to say, `Can we avoid
those problems and use biometrics in a secure way, but not store
templates?'.''
Data communications offers a glimpse of a theoretical solution to this
hard problem.
``Data communications ... doesn't send a message from one end of the
wire to another. It appends at the end a forward error-correcting code
(FECC). And its FECC is a mathematical algorithm that is run over the
message so that, when the receiver gets it, they can run the same
algorithm over the message.
``If any of the bits have been altered, it can not only say, `Hey! some
bits are not correct!' It can also figure out which bits have been
modified and then fix the message so it doesn't have to be
retransmitted.
``So let's say you put your thumb print on an object five times in a row
and then generated a reasonably good template. You then generated a FECC
using that template as if it was a message. Then you destroyed the
template and only kept the FECC. Later on, you could present your
biometric. It's going to be a little different than the one you stored
because of normal variability of biometrics, but, by using the property
of FECC, you could pull it back to the exact copy of the template.
``Now you could use that as an encryption key for something because you
can get a bit-for-bit exact match for what you originally stored as a
template, even though the template doesn't exist any more. So, in that
way, the system is a lot more secure, because you don't store
templates,'' he said.
Gracefully declining to sketch out exactly what RSA Labs is researching
in the area, Duane quickly noted that the company was not ``looking at''
exactly this solution, because biometrics currently had too much
variability. ``But research similar to those lines is what RSA Labs is
looking into,'' he said.
It is, however, interesting to note that both RSA Labs and RSA Data
Security are ``looking at'' biometrics in general, according to Duane.
In contrast, ephemeral keys are primarily being handled by RSA Labs
because, in Duane's words, ``there's really not a product application
for that in the next 12-month horizon.'' This suggests that RSA may be
expecting to have a biometrics product on the market within a year.
Perhaps then we can all look at it.
Next season could also see a return to nature, with molecular computing
used as a way to break cryptographic keys. The natural look is back in
vogue among the large-lobed in other ways as well, with Duane openly
sporting long hair in a pony tail. ``The only time I purposely tuck it
in is when I'm riding my Harley,'' he said.
In an interesting twist, one of the founders of RSA, mathematician Len
Adleman (the `A' in RSA), has been a pioneer in the field of molecular
computing. In 1977, Adleman helped invent the RSA public key
cryptosystem that formed the cornerstone asset of the company.
A former biologist, Duane has a special interest in how cryptography
could use molecular computing. ``It's really analogous to having a soup
full of tiny little simple computers all running the same computation.''
In this case, those ``computers'' are strings of DNA or RNA.
The complex process involves encoding a simple mathematical algorithm on
a sequence of the protein, ``dumping, in the beginning, products of the
reaction and analysing the output of the reaction,'' he explained.
Today, a computer trying to break open an encrypted file might throw out
thousands of ``guesses'' to find the correct key. Given enough time, the
machine might eventually stumble onto the right answer. Molecular
computers could dramatically speed this process by using the laws of
nature - the ways in which certain chains of molecules bind to each
other in particular pairings - to simulate `guessing'.
While this soup is effectively ``a massively parallel computer'' with
``interesting properties in cryptography'', Duane once again coyly
backed away from detailing RSA's role in this area of research.
``I'm not actually implying that these are things we are looking at,''
he said. No, of course not. ``I know I'm being a little obtuse. I can't
explain what they (RSA Labs) are doing, due to patent restrictions.''
His hesitation is probably a wise move, given that RSA's most famous -
and some would say most valuable - cryptographic patent, the US patent
for the original RSA algorithm, expires on 20 September.
Caption: Illustration: DIONNE GAIN
------------------------------
Publication: The Age
Publication date: 4-4-2000
Edition: Late
Page no: 12