Tuesday, February 19, 2008

Original DataHush Encryption Strategies

Description

This section discusses some of the encryption strategies originally employed by DataHush. Some novel strategies remain unpublished.

In general, an encryption’s strength relies upon the following:

- Encryption algorithm – the ‘formula’ used to encrypt

- Length of key

- Processing power/time

We have the following techniques that we feel make it possible to strongly secure a transmission:

Dual encryption technique and compression

Two strong encryptions are used. One method is based on a known published method, the other proprietary. A third layer is related in that the stream is compressed according to one of a battery of techniques. Compression is a form of encoding that effectively strengthens the encryption, since even if the decompression technique is known, it increases the burden of overhead required to break the code.

Physical possession

It is possible to require a proprietary hardware device. This would require physical possession of the hardware device to make a transmission (the software would not work without it).

Challenge-response

The system can be configured to require a challenge-response from either party to a transmission. This involves in addition a ‘two-way’ lock box of data that has never been transmitted, as well as a real-time requirement by a spoofing machine that will likely exceed the ability of any known machine.

Processor dependent key-scaling

This is an aid to making the encryption future-proof. The length of the key and the intensity of the calculations required are negotiated by either end of the system based on the CPU cycles available at either end. Ten years from now, the same software will require much greater capacity, even of a trusted party to decrypt. This means that if the processing power of a common workstation such as a PC is 4 orders of magnitude below that of the largest known machine, and it can force a real-time response that exceeds the capability of the larger machine, then as long as the differential in capacity holds true, the encryption can never be broken by superior processing power.

Two-way lock box

A large body of data used only as additional encryption will be transmitted by a trusted means to both parties. This store of data will be used by both parties as a method of lengthening the encryption key. Without access to this store, an intercepting party is forced to crack the encryption using the entire key.

Non-deterministic decryption algorithm

This technique is used to ‘up the ante’ in terms of required processing power. Not all of the information required to decrypt will be available to the receiving party. This can impose an arbitrary time of decryption, even if keys are intercepted. This will require the decryption process to actually guess part of the key. Sometimes, a packet will fail to transmit end to end, since the receiving party simply does not have the resources to decrypt. This introduces a further variable of noise that will confound an intruder, but be scaled within the limits of both ends of the trusted parties.

Decoying and nested decoys

Not all of the data in our secured transmissions will be data. Some of it will be noise, and the amount will vary from transmission to transmission. In addition, mock data that appears to be encrypted by simpler methods will be included in the transmission. This will occupy the resources of an intruder that might otherwise be engaged in breaking the true transmission. Decoying is nested at each level of the encryption process, requiring an intruder to follow many blind alleys at each level.

No comments:

Success as a Senior Developer

What qualities make a senior software developer successful? Many of them are the same qualities that make anyone successful at work. Here, I...