Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
/

IBM claims hacker-resistant crypto technology

Today's breaking news
Send to a friendFeedback

Advertisement:

By Kristi Essick
IDG News Service, 8/24/98

A mathematician in IBM Corp.'s Zurich Research Laboratory has devised a new public-key encryption technology for securing Internet communications and transactions that IBM claims is unbreakable.

IBM plans to announce the technology, which was co-developed by another mathematician at the Swiss Federal Institute of Technology (ETH), today at a conference called Crypto '98 in Santa Barbara, California. Dubbed the Cramer-Shoup cryptosystem after the two men who invented it -- Victor Shoup of IBM Research and Ronald Cramer of ETH -- the technology prevents so-called "active attacks" that hackers use to break into encrypted communications, IBM said in a statement.

Though active attacks are very complicated to undertake (a hacker must send nearly a million messages written in a particular way to a system), last year a researcher at Bell Labs Technologies Inc. found that such an active attack could be used to decode information encrypted with the popular Secure Sockets Layer (SSL) technology. That discovery caused an uproar this past June among software vendors who use the product, while SSL-creator RSA Data Security Inc. rushed to fix the problem.

Most commercially available public-key encryption systems today use a set of complex mathematical problems that are thought to be unsolvable, according to IBM. However, hackers using so-called active attacks bypass the need to solve these problems by sending cleverly constructed messages to a server that force this server to respond in ways that leaks encrypted information.

The Cramer-Shoup system eliminates the possibility of active attacks by adding an additional set of complicated mathematical calculations to ensure that the server leaks no information when responding to the bogus messages, IBM said.

While IBM plans to use the Cramer-Shoup solution in upcoming versions of its Vault Registry software, it also plans to make the discovery available to the general public via the Internet. IBM's idea is to get everyone using the new technology in order to make e-commerce more secure and widely-accepted, the company said.

"Businesses and consumers can have greater confidence in Internet transactions because we've effectively closed down the only way around a cyrptosystem's main line of defense," said Jeff Jaffe, general manager of IBM's security products division, in a statement.

RELATED LINKS

Cramer-Shoup overview
In PDF.

Government to review 15 DES alternatives
Network World Fusion, 8/24/98.

U.S. govt.'s encryption standard cracked in record time
Network World Fusion, 7/20/98.

Apply for your free subscription to Network World. Click here. Or get Network World delivered in PDF each week.

Get Copyright Clearance
Request a reprint or permission to use this article.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.