Information Security Technical Report, Vol. 2, No. 2 (1997) 1-2

Introduction

Gay Hardy, Director of Conszdtuncy, Zergo Ltd.

This issue of the Information Security Technical Report provides a Technical Cryptography Update, and covers current hot topics dealing with u technology that is having more and more impact in the world of information security. Chez Ciechanwicz, assisted by other members of Information Security Group at Rpyal Hollowayy (University of London), has provided a great deal of support in producing this issue.

Cryptography has been around for a very long time, and has always played a part in protecting information systems - most experts agree that the use of these techniques is probably the only way to provide proper network security.

Up until recently, however, the application of these techniques has been limited to ‘serious’ institutions like banks and the military. Electronic commerce, changes in legislation, and new technologies will change all this. With the arrival of cheap global networks like the Internet, and the latest easy to use client/server technologies, cryptographic security techniques will become much more widespread. A quick examination of current versions of Netscape or Explorer will reveal how much is already available to the home user - and much is highly automated.

Experts and ‘newcomers’ alike need to improve their awareness of current developments, and need to make sure they know how and where to use cryptographic security mechanisms.

The use of encryption is increasing daily and, as use of the Internet increases and electronic commerce becomes a reality, the increase is

likely to continue. Most of the ‘new’ users will not need to understand the intricacies of the encryption algorithms, but will need to know how to use these algorithms and must understand all the associated problems. So they must, for instance, appreciate the importance of the cryptographic keys and the potentially disastrous consequences of failing to give them adequate protection.

When it was decided to publish this issue on cryptography we invited authors representing a wide cross section of users to provide articles on various aspects of using encryption to provide secure systems. The articles cover topics as diverse as attacks on algorithms to crypt0 security on the Internet, and in Microsoft’s products. The response to our request for articles was so great that we have split the articles into two separate issues.

This issue begins with a general introduction and then two historical articles; one on the global history while the other concentrates on the Data Encryption Standard (DES) which is almost certainly the most widely used encryption algorithm.

As our brief introduction illustrates, the security of a cryptographic system is dependent on many parameters other than the strength of the algorithm. To emphasize this point we include complementary articles on assessing the strength of a cryptographic algorithm and on assessing the strength of systems which use cryptography (the second of these articles will appear in Volume 2 Number 4). The point is then emphasized even more by articles devoted to the fundamentally important topics of key management, authentication and protocols. An important component in any digital

0167-4048/97/$17.00 0 1997, Elsevier Science Ltd 1

Introduction

signature scheme is the hash function. In view of recent attacks on well-established hash functions, we include an article on hashing.

To complete this issue there are two articles which might be deemed ‘futuristic’. The first discusses the feasibility of elliptic curve

cryptosystems. This is an area where there is considerable activity as cryptographers try to decide whether or not it is ‘safe’ to use them. The second discusses the potentially attractive key distribution capability offered by quantum cryptography.

2 Information Security Technical Report, Vol. 2, No. 2