[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
POST:Gaining ISDN Privacy with data encryption
I received a ton of requests for the article below.
One comment. This looks like a perfect application for PGP mainly because
of the ease of use and the fact that it includes compression. I may send
something in to the editor.
REMEMBER: What fallows is a direct quote from the zine.
------------------------------------------------------------
Communications News - August, 1994
Gaining ISDN Privacy with data encryption
by Kevin Tanzillo
Making the public ISDN network private is possible though data encryption to
maintain security, say a pair of ISDN researchers whose organization is soon
to become and ISDN user.
Wunnava V. Subbarao, professor of electrical and computer engineering
Florida International University (FIU), along with research associate Irma
B. Fernandez, wrote a paper on testing and evaluating encryption based data
security in the ISDN environment.
Their interest goes beyond academic. The university, located in
Miami, will become an ISDN user when classes resume this fall, linking
remote campus in a distance learning application. So far, though, the use
of ISDN has been in the university+s research lab.
Subbarao explains that BellSouth and Northern Telecom grants have
enabled the university to bring in five basic rate ISDN lines and work with
a range of equipment.
Why we have gotten heavily involved in this is because ISDN is quickly
emerging as a real, operational, reliable and cost-effective technology for
end-to-end digital connectivity, says Subbarao.
Here at FIU a large number of ISDN-based applications are being
developed. Some of these are point of sale, security monitoring, medical
network and medical imaging. In any of these high-speed data transfers,
security is a pressing concern.
We have investigated possible standards for ISDN security that allow
data, including voice, transmitted over ISDN to have encrypted so that only
intended receiver can decipher it. This will make the public network behave
like a private network and allow ISDN to be a solution in applications that
require authentication, privacy and confidentiality without the expense of
leased lines.
In a software implementation developed a the FIU lab, the overhead
incurred to add security to an ISDN communication is small enough that it
will be transparent to the end user, says the paper. We have successfully
implemented the DES algorithm in software and the results obtained are
satisfactory.
The hybrid cryptosystem developed at FIU uses RSA public key
cryptogrophy for key pair generation and encrypts a random DES key, then
uses DES for encryption of the contents. They used an RSAREF cryptographic
tool kit from RSA laboratories.
On an average, it takes 68 seconds to generate a pair of 508-bit keys
running on a 486 PC base. The RSAREF tool kit allows creation of a key pair
of up to 1,024 bits, but the overhead incurred in the time to generate these
keys is not warranted, given these keys will only be valid for one
communication session.
The time to seal, encrypt and decrypt an eight-character file was less
than a second, and the time to verify the signature was around three
seconds. RSAREF allows for signature and encryption of message files of
length up to 1,000 bytes, and timing studies for a file length of 700 bytes
resulted in the same overhead as that of the length of eight bytes.
We are currently updating our software to test signature and encryption
of large binary files, such as image files.
Taking more than a minute to create an encryption key may be acceptable
in some applications, Subbarao observes, but he has his eye on transmission
of medical data, when every second counts. As a result, the FIU lab is
working on a time-saving hardware implementation for creating keys.
As the Subarao-Fernandez paper concludes, hardware implementation of
DES and RSA scheme to privatize public ISDN are virtually transparent to the
end users, and the time penalty incurred is insignificant.
Regarding privacy of voice, the research paper observes:
In the implementation of the ISDN prototype, the voice digitization
will require encryption eight characters (64 bits) at a time. Also, for
voice applications, since the length and contents of the full voice message
is not known beforehand, the message digest and signature for integrity is
not applicable. Data transfers over ISDN on the other hand, can take
advantage of the message digest and signature for integrity. The
appropriate data files will be parsed into eight character (64 bit) blocks
for encryption in DES CBC mode.
As far as the particulars of the encryption research, the paper
explains that the file transfer software was implemented in C programming
language. To transfer binary files, we wrote an interrupt-driven serial
communications program based on the XModem-1K protocol, which extends the
packet size from 128 to 1,024 bytes.
File transfers were tested using the B channel in a BRI line. future
enhancements include implementation of the Zmodem protocol, which uses a 2K
packet size, to take full advantage of the digital characteristics of the
transfer medium.
What the future holds for this security concept is terminal adapter
security extension module that plugs into the PC bus and provides security
to the ISDN user while protecting the investment in existing terminal
adapters. That module could support speeds to 4 Mb/s.
-------------------------------------------
[end of article]
... __o
.. -\<,
[email protected] ...(*)/(*). CI$: 76340.2422
PGP Pub Key fingerprint = A8 FA 55 92 23 20 72 69 52 AB 64 CC C7 D9 4F CA
Avail on Pub Key server.