Scientists from PricewaterhouseCoopers and Citibank have unveiled major new research into cryptographic key lengths designed to increase the security of e-commerce.
Dr Eric Verheul, cryptographic consultant at PricewaterhouseCoopers, and Dr Arjen Lenstra, Vice-President, Emerging Technologies at Citibank, have produced a model which determines adequate key sizes, thought to be the first uniform, properly documented treatment of the subject.
Says Doug Fanke, Partner and leader of the PricewaterhouseCoopers E-business GOLD Team in South Africa:
"SA businesses, like businesses in all countries face risks from "secure" transactions being broken. This new tool developed by Dr Verheul and Dr Lenstra enables a client to determine the level of risk that they are willing to absorb. Many clients may not be aware that their cryptographic solution has a predefined level of security that could be hacked or broken, within hours, by determined and well financed hackers. The new tool takes into account how "effective" hacking technology is and allows users to identify for how long (period of time) they would like their transaction or transmission to be secure."
The model, which formulates a series of explicit hypotheses about future developments and applies these to existing data about the cryptosystems, will enable organisations to arrive at a balanced evaluation of key size aspects when purchasing or developing cryptographic applications. The resulting key size recommendations are thus unbiased and not influenced by non-scientific considerations.
All commercial applications rely on cryptography to provide data integrity, authentication, and confidentiality - Internet security is critical to today`s business needs. However, two widely known cryptographic standards, developed in the seventies, have recently been broken. Last year, a message secured with the Data Encryption Standard (DES), using a key of size 56 binary digits, was broken in 56 hours using a cracking machine built for the Electronic Frontier Foundation. In August, after a period of 7 months of work, an international collaboration of scientists broke an RSA public key of 512 binary digits, widely used over the Internet to secure information.
Says Dr Verheul: "The breaking of DES and RSA-155 demonstrates that the suggested key lengths in these standards have become obsolete, exposing Internet users to unacceptably high risks of fraud. Our research seeks to address this problem - it sets out fundamental guidelines on which key lengths can be expected to provide adequate security for the future. As far as we know, this is the first research of this kind that takes all popular cryptosystems into account."
Dr Verheul and Dr Lenstra will present a summary of their work in the autumn 1999 issue of the PricewaterhouseCoopers Cryptographic Centre of Excellence (CCE) Quarterly Journal. Their research will be presented at the 2000 International Workshop on Practice and Theory in Public Key Cryptography (PKC2000), Melbourne, Australia, January 2000.
Copies of the CCE quarterly journal are available from Geoffrey Grabow on 0171 804 8409 or on-line from the PricewaterhouseCoopers Website http://www.pwcglobal.com/cce.
Share
Global Risk Management Solutions
Global Risk Management Solutions, part of PricewaterhouseCoopers, has over 5,000 professionals worldwide who offer a comprehensive enterprise-wide risk management service. Many of these professionals are specialists with in-depth knowledge and experience in particular industries. Whether your risks are strategic, financial or operational in nature our specialists work with you to identify and manage complex issues and risks to protect and enhance shareholder value.
By addressing the changing needs of today`s business leaders, we are able to assist senior management across their whole organisation. Our risk professionals are trained to take an enterprise-wide view of risk, helping clients to develop risk management solutions that minimise hazard, resolve uncertainty and maximise opportunity.
PricewaterhouseCoopers
PricewaterhouseCoopers (www.pwcglobal.com) is the world`s largest professional services organisation. Drawing on the knowledge and skills of 150,000 people in 150 countries, we help our clients solve complex business problems and measurably enhance their ability to build value, manage risk and improve performance.
PricewaterhouseCoopers refers to member firms of the worldwide PricewaterhouseCoopers organisation.