Keeping mobile data safe and secure
Over 100 million records of sensitive personal information have been compromised by security breaches in the United States. In response to public pressure, government mandates now outline requirements for protecting personally identifiable information for industries such as health care and finance.
National security depends on the ability to keep classified information secret. The security of digital information is at a crisis, and you could be in for a costly headache if you are unprepared.
Growing numbers of businesses and organizations use cryptographic technology such as encryption and digital signatures to protect information behind firewalls or in storage (data at rest) and data transmitted across networks or on portable devices such as laptops and USB flash drives (data in transit). This is a good start, but is only the first step.
Rapidly accelerating computing power and advances in cryptanalysis—the science of breaking cryptographic codes—constantly put cryptographic technology to the test. Fortunately, several organizations vigilantly monitor advances in cryptography, evaluate their advantages, and publish recommended upgrades.
In 2001, the National Institute of Standards in Technology (NIST) announced the new Advanced Encryption Standard (AES) to replace the twenty-year-old Digital Encryption Standard (DES) used in most public-sector encryption. AES replaced the 56-bit DES keys with 128-bit, 192-bit, or 256-bit keys, depending on their use. At about the same time, recommendations for RSA encryption and digital signature key lengths increased from 1024 bits to 2048 bits. Longer keys significantly increase the complexity of cryptographic algorithms, increasing their strength against code-breaking attempts. However, increased complexity can increase calculation periods up to eight times.
Anticipating the need for higher security standards, the U.S. Department of Defense and the National Security Agency (NSA) organized the Cryptographic Modernization Program to make recommendations to replace the legacy standards for encrypting national security information.
In February 2005, the NSA announced the Suite B cryptographic algorithms for unclassified and classified information based on the new elliptic curve cryptography (ECC). Suite B includes the AES for encryption and adds standards for digital signatures, key exchange, and hashing. Because Suite B algorithms are unclassified, are dual-use (appropriate for both unclassified and classified data), and include all current NIST recommendations, the NSA suggests that all U.S. government agencies adopt the standard. For the highest levels of classified information, the NSA previously adopted Suite A algorithms, which are themselves classified and unavailable for commercial use.
The NSA's new Suite B Cryptographic Algorithms include the above features.
The same week the NSA announced Suite B, three Chinese researchers revealed that they had developed an effective attack against the legacy SHA-1 (Secure Hash Algorithm) standard, the basis of many cryptographic operations. This breakthrough made it obvious that anyone requiring the highest security should move to the new standards.
Why is elliptic curve cryptography so much better than legacy algorithms? Without going into the mathematics involved, the answer is that the ECC algorithms are considerably more resistant to attack than legacy algorithms, such as RSA, with equivalent key lengths. A 384-bit ECC key supplies encryption strength equivalent to a 7860-bit RSA key. Shorter keys also mean that cryptographic operations use less memory space and power, and take considerably less time to encrypt data. The bottom line is that ECC is faster, cheaper, more efficient, and provides stronger encryption.
Estimated data life, the number of years likely before computing power and cryptanalysis advances make an algorithm obsolete, can be used as a measurement of cryptographic algorithm strength.
Printer-friendly version
