Tuesday, February 6, 2007

Encryption Techniques

This semester, I'm taking ISA 662, Intro to Information Security, and here are some of the encryption techniques we discuss in class.

Blind Signatures
Blind signatures are used in situations where an author wants to get his or her message signed by a third party without revealing any information about the message to this party. They have many uses including timestamping, anonymous access control, digital cash, and cryptographic election systems. Blind signature schemes were first introduced by David Chaum using RSA signatures.

Identity-based Encryption
Identity-based encryption is a key authentication system that uses a public and private keys pair. It is called identity-based encryption, because the public key is some unique information about the identity of the user, such as his or her email address, and the system requires a trusted third party called Private Key Generator or PKG to generate the private key for the user based on the user’s unique value or public key.

Threshold Cryptography
Threshold Cryptography enables a private RSA key to be shared among K individuals called shareholders that are engaged in encryption or decryption, such that any K-1 or K-2 of them can decrypt incoming messages without reconstructing the key. The objective of Threshold Cryptography is to implement a distributed architecture in a hostile environment. It can be implemented to redundantly split the message into n pieces such that with t or more pieces the original message can be recovered.

Key Escrow
Key escrow is the arrangement where the user’s private key is generated and held in escrow by a trusted third party so that this key can be later used by a government agency to decrypt suspicious messages. Key escrow is used in identity-based encryption. The Private Key Generator or PKG generates and holds in escrow the private key it helps generate based on the user’s unique characteristic.

Side Channel Analysis
Side Channel Analysis helps assure the effectiveness of measures taken to protect cryptographic devices from leaking secret information. Attackers can take advantage of this secret information, which is gained from the physical implementation of a cryptosystem, rather than theoretical weaknesses in the encryption algorithms. This type of attack is known as side channel attack, which uses the extra source of information, such as timing information, power consumption, electromagnetic leaks or even sound to break the system.

No comments: