POST:Gaining ISDN Privacy with data encryption

["Claborne, Chris" <claborne@microcosm.sandiegoca.NCR.COM>]

I received a ton of requests for the article below.
One comment.  This looks like a perfect application for PGP mainly because 
of the ease of use and the fact that it includes compression.  I may send 
something in to the editor.

REMEMBER:  What fallows is a direct quote from the zine.

 ------------------------------------------------------------
Communications News - August, 1994
Gaining ISDN Privacy with data encryption
by Kevin Tanzillo

Making the public ISDN network private is possible though data encryption to 
maintain security, say a pair of ISDN researchers whose organization is soon 
to become  and ISDN user.

     Wunnava V. Subbarao, professor of electrical and computer engineering 
Florida International University (FIU), along with research associate Irma 
B. Fernandez, wrote a paper on testing and evaluating encryption based data 
security in the ISDN environment.

     Their interest goes beyond  academic.  The university, located in 
Miami, will become an ISDN user when classes resume this fall, linking 
remote campus in a distance learning application.  So far, though, the use 
of ISDN has been in the university+s research lab.

     Subbarao explains that BellSouth and Northern Telecom grants have 
enabled the university to bring in five basic rate ISDN lines and work with 
a range of equipment.

     Why we have gotten heavily involved in this is because ISDN is quickly 
emerging as a real, operational, reliable and cost-effective technology for 
end-to-end digital connectivity, says Subbarao.

     Here at FIU a large number of ISDN-based applications are being 
developed.  Some of these are point of sale, security monitoring, medical 
network and medical imaging.  In any of these high-speed data transfers, 
security is a pressing concern.

     We have investigated possible standards for ISDN security that allow 
data, including voice, transmitted over ISDN to have encrypted so that only 
intended receiver can decipher it.  This will make the public network behave 
like a private network and allow ISDN to be a solution in applications that 
require authentication, privacy and confidentiality without the expense of 
leased lines.

     In a software implementation developed a the FIU lab, the overhead 
incurred to add security to an ISDN communication is small enough that it 
will be transparent to the end user, says the paper.  We have successfully 
implemented the DES algorithm in software and the results obtained are 
satisfactory.

     The hybrid cryptosystem developed at FIU uses RSA public key 
cryptogrophy for key pair generation and encrypts a random DES key, then 
uses DES for encryption of the contents.  They used an RSAREF cryptographic 
tool kit from RSA laboratories.

     On an average, it takes 68 seconds  to generate a pair of 508-bit keys 
running on a 486 PC base.  The RSAREF tool kit allows creation of a key pair 
of up to 1,024 bits, but the overhead incurred in the time to generate these 
keys is not warranted, given these keys will only be valid for one 
communication session.

    The time to seal, encrypt and decrypt an eight-character file was less 
than a second, and the time to verify the signature was around three 
seconds.  RSAREF allows for signature and encryption of message files of 
length up to 1,000 bytes, and timing studies for a file length of 700 bytes 
resulted in the same overhead as that of the length of eight bytes.

     We are currently updating our software to test signature and encryption 
of large binary files, such as image files.

     Taking more than a minute to create an encryption key may be acceptable 
in some applications, Subbarao observes, but he has his eye on transmission 
of medical data, when every second counts.  As a result, the FIU lab is 
working on a time-saving hardware implementation for creating keys.

     As the Subarao-Fernandez paper concludes, hardware implementation of 
DES and RSA scheme to privatize public ISDN are virtually transparent to the 
end users, and the time penalty incurred is insignificant.

     Regarding privacy of voice, the research paper observes:
     In the implementation of the ISDN prototype, the voice digitization 
will require encryption eight characters (64 bits) at a time.  Also, for 
voice applications, since the length and contents of the full voice message 
is not known beforehand, the message digest and signature for integrity is 
not applicable.  Data transfers over ISDN on the other hand, can take 
advantage of the message digest and signature for integrity.  The 
appropriate data files will be parsed into eight character (64 bit) blocks 
for encryption in DES CBC mode.

     As far as the particulars of the encryption research, the paper 
explains that the file transfer software was implemented in C programming 
language.  To transfer binary files, we wrote an interrupt-driven serial 
communications program based on the XModem-1K protocol, which extends the 
packet size from 128 to 1,024 bytes.

     File transfers were tested using the B channel in a BRI line.  future 
enhancements include implementation of the Zmodem protocol, which uses a 2K 
packet size, to take full advantage of the digital characteristics of the 
transfer medium.

     What the future holds for this security concept is terminal adapter 
security extension module that plugs into the PC bus and provides security 
to the ISDN user while protecting the investment in existing terminal 
adapters.  That module could support speeds to 4 Mb/s.
 -------------------------------------------
[end of article]

                                        ...  __o
                                       ..   -\<,
chris.claborne@sandiegoca.ncr.com      ...(*)/(*).          CI$: 76340.2422
PGP Pub Key fingerprint =  A8 FA 55 92 23 20 72 69  52 AB 64 CC C7 D9 4F CA
Avail on Pub Key server.