Deciphering the world of crypto

IETF opens its arms to lesser-known algorithms such as SEED and GOST.

It's the computational magic for scrambling data to keep it secret, and in the U.S., the best-known cryptographic algorithms go by names such as Triple-DES and AES. But in other countries, such as South Korea, Russia and Japan, it is SEED, GOST and Camellia that say security, say nothing of specialized cryptos such as CAVE and A5/1.

Illustration It's the computational magic for scrambling data to keep it secret, and in the U.S., the best-known cryptographic algorithms go by names such as Triple-DES and AES.

But in other countries, such as South Korea, Russia and Japan, it is SEED, GOST and Camellia that say security, say nothing of specialized cryptos such as CAVE and A5/1.

It's a wide world of encryption, and the IETF, which shepherds Internet protocols, is embracing it.

The IETF standards for Web, VPN and e-mail security have been driven with crypto algorithms approved by the U.S. government, primarily via the National Institute of Standards and Technology.

Triple-DES is defined as a must for any product implementation based on IETF standards. The newer 128-bit Advanced Encryption Standard (AES) - a cipher invented by Belgian cryptographers that was selected as the U.S. standard in late 2001 after a five-year review - will eventually gain must-have status.

The IETF isn't in the job of vetting crypto algorithms, as that's regarded as a job for government agencies throughout the world, typically with a lot of input from outside experts. But the IETF is careful to include only sound crypto into its protocols.

Like practically everything in the IETF standards process, getting new crypto into IETF protocols such as Secure Multi-purpose Internet Mail Extensions (S/MIME), IPSec and Transport Layer Security (TLS) can take years. The Russians and the South Koreans have been among the most persevering in seeking to get their national ciphers through the process.

In a sign of success, several IETF RFCs recently were issued for using South Korea's 128-bit symmetric key SEED and the Russian 256-bit GOST, which is extensible to 768 bits. (The longer the key size, the presumably harder it is to break encrypted data, though other factors define an algorithm's intrinsic strength.)

"In this conscious effort to register a cipher suite, they're being good Internet citizens," says Russ Housley, the IETF security area director who heads his own firm, Vigil Security.

SEED, developed by the Korean Information Security Agency (KISA), is defined for use in TLS and S/MIME, with IPSec support on the way. Four of KISA's security experts, Hyangjin Lee, Jaeho Yoon, Seoklae Lee and Jaeil Lee, wrote the technical drafts, detailing use of SEED and testifying that it is "robust against known attacks." It is said to be widely used by financial services companies, including the Bank of Korea, for VPN and digital rights management. SEED is supported in products from an assortment of global companies, including Chrysalis-ITS, nCipher, Rainbow Technologies and Schlumberger.

The Russians also are making a splash at the IETF, with security vendors Crypto-Pro, Factor-TC, Infotecs and Fguestc lobbying for the Russian block cipher GOST 28147-89 (GOST is short for the Russian word for government). Because of their efforts, GOST recently became an option for use in IETF protocols.

"GOST is the Russian national standard, but it turns out GOST left something unsaid about what was needed for interoperability, so the Russian crypto vendors got together to make sure the standard could support interoperable products," Housley says.

The vendors worked with Russian security agencies to square away some details, because in Russia vendors can't sell an encryption product until the government inspects it. GOST, which is going into the Russian Federal Treasury's massive public-key infrastructure project for document encryption and signing, doesn't generate much excitement among crypto professionals.

"It's an old Soviet-era algorithm that got declassified," says Burt Kaliski, vice president of research and chief scientist at RSA Security, whose RSA algorithm is famous for helping to establish public-key technology in the 1970s. "Sometimes weaknesses have been discerned in it."

Global crypto

Cryptographic technologies from around the world have started working their way into the IETF standards process. A sampling:
South Korean crypto contribution:
RFC 4009 (The SEED encryption algorithm)
RFC 4010 (Use of SEED encryption algorithm in cryptographic message syntax)
RFC 4162 (The Addition of the SEED Cipher Protocol Suites to Transport Layer Security)
Russian crypto contribution:
Internet draft (Using the GOST 28147-89, GOST R. 34.11-94, GOST R 34.10-94 and GOST R 34.10-2001 algorithms with the cryptographic message system)
Note: The addition of new crypto to IETF protocols is described in the IETF working group document, “Summary of S/MIME Mail Security work on updating cryptographic algorithms.”

But it's not known to be broken, Kaliski says.

"There are debates about the validity of GOST," says Jon Callas, CTO at PGP, the company that makes e-mail and file encryption software. "But there's a need for it inside Russia, because if you're in banking or government, you have to use GOST."

Callas, who heads the IETF group that developed the OpenPGP standard, is holding discussions with colleagues on whether to implement GOST in OpenPGP. He notes that there's "always tension between more ciphers and less ciphers. If there are more ciphers, then implementers have more work."

In addition, if a crypto algorithm chosen for selection in an IETF standard were broken, it would generate a collective sense of disappointment.

Once it was known that 56-bit DES, defined as the U.S. standard in the 1970s, was breakable in the 1980s, the shift was made to Triple-DES for longer key length. But Triple-DES encryption is often viewed as slow, and the search was on for a DES replacement.

AES emerged as the winning algorithm in the U.S. - the fact that Americans didn't craft it has boosted its appeal internationally, many say - but a number of other worthy contenders have come and gone.

A Canadian algorithm called CAST (named after its inventors Carlisle Adams and Stafford Taveres) is viewed as a classic, even if not widely used today. "It's blindingly fast," Callas says.

One advantage in an IETF registration for a crypto algorithm is that it not only provides an endorsement, but defines technical depth that helps support interoperability, Kaliski says. That's important for anyone working on business projects in countries around the world, he says.

Learn more about this topic

More Wider Net stories

From CSO: 7 security mistakes people make with their mobile device
You Might Like
Join the discussion
Be the first to comment on this article. Our Commenting Policies