vol. 11, No. 5, Page 20

the only valid approach for the prospective

user of international EDI is caveat emptor!

John Draper

/CL Network Applications Business Cen tre

TECHNICAL EVALUATION

X.25 LINE ENCRYPTOR SAFE 7700

Product: X.25 Line Encryptor SAFE 7700

Developer, Manufacturer and Vendor:

Computer Security Ltd, Olivier House, 18 Marine Parade, Brighton, E. Sussex BN2 lTL,

UK.

Availability: X.25 networks at line speeds up

to 64Kbps.

Price: f4950 per unit (one off), plus

approximately f 1000 per Network User Address as a software licence fee. Both prices

are discounted for large networks.

I recently visited Computer Security Ltd

(CSL) in Brighton to see their in-line X.25

encryption system. For those readers

unfamiliar with with the phrase X.25, this is the

international standard used when messages

are passed between computer systems using

packet switching techniques.

An X.25 supplier (BT or Mercury in the

UK) offers a service whereby messages are transmitted from the sender to the receiver as

a series of packets of data. The network used

to transmit this data will send each individual packet via the best available route, and hardware at the recipient’s site must reconstruct the original message out of the

incoming packets, taking care to account for any packets that arrive in the wrong order.

Packet switched networks are used for

many business purposes, especially financial

systems. The great attraction is their

resilience. The network uses the best

available route at any one time, and can cope with particular parts of the network being

unavailable.

One inherent risk involved is that

messages passing across a network can be monitored. This is difficult to achieve in an X.25 network, because of the complex protocol, and the fact that component packets

of a message can be transmitted by different routes. It is however possible, and the only

way to assure secrecy is to encrypt the

message.

An X.25 line encryptor offers such a

solution. The SAFE 7700 from CSL is inserted

into an X.25 line, and offers facilities whereby

calls that pass through the unit can be

encrypted using either DES (Data Encryption Standard) or a proprietary algorithm. In the

following discussion, all references to DES

could equally well refer to the proprietary algorithm offered by CSL. A SAFE 7700 can be set up to allow combinations of plain text

calls and encrypted calls.

Writing a technical evaluation of such

hardware is difficult, as it is not possible to just

borrow a unit and use it for a couple of days.

The SAFE 7700 only makes sense in the context of an X.25 network. I don’t personally

have one of those, or easy access to one, and the setup of individual co-operating X.25 units

is not a trivial process. However the most

important questions revolve around key

management, the message throughput, any introduced delay, and ease of usage.

First key management. Any halfway

decent encryption system requires a random key to carry out encryption. In the case of a symmetric algorithm (DES), the two

communicating units must have the same key installed. Key management is the process where keys are moved from one unit to another, to achieve the installation of the same

COMPUTER FRAUD & SECURITY BULLETIN

01989 Elsevier Science Publishers Ltd., Engiand.W9/$0.00 + 2.20 No part of (his publication may be re an

6. means, electror$ mechanical, p g

rodwed! s~orcd in a relrieval sys!em, or trammilted by any .fo!‘m UT b otocopymg. recording or othew~se, without the prior pemllssmn of 1 ze

pu hshers. (Readers m the U.S.A.- please see special regulation3 listed on back cover.)

Vol. 11, No. 5, Page 21

random key in both units. It is vitally important destinations, alias addresses and the

that keys are kept secret in transit. If a third maximum key exposure time. The facilities

party knew the keys, and the algorithm in use, available are comprehensive, and there is no

messages could be decrypted. space to go into detail within this article.

The SAFE 7700 uses the RSA encryption

algorithm to transport DES keys securely. RSA is used because it is an asymmetric

encryption algorithm, the same key does not

have to be present in each communicating unit

for secret messages to be transmitted between

the two units.

Operators need to know what they are

doing during the setup phase, but during routine operation the SAFE 7700 requires no

attention, except to extract data at reasonable

intervals from the various audit logs that are

maintained during execution.

The key management system used by the

SAFE 7700 requires an “Issuing Authority” to

be present in the system. Its function is to

certify RSA keys in such a way that they can

be recognized as genuine by all other communicating units. The personnel in charge of the Issuing Authority must make very sure

that all new hardware is genuine, and that the

keys specific to the Issuing Authority are not

compromised.

X.25 offers two different types of call.

These are known by the acronyms SVC

(Switched Virtual Call), and PVC (Permanent

Virtual Circuit). They are analogous to the

familiar concept of a single telephone call (to varying destinations), and a leased line between two points. The SAFE 7700 can

perform encryption using either SVCs or

PVCs. The key management system is subtly

different for PVCs.

The phrase “Issuing Authority” used by CSL, has many synonyms used by other

writers such as “Key Registry” and

“Notarization Process”. They all refer to the

function of accepting a unit as genuine, and providing unforgeable encrypted “signatures”

that can be checked at some future date to

prove that a unit is genuine.

When a unit receives a call from a unit which it knows should be encrypted, but for

which there is no encryption key, then the authorized RSA public keys are used to

transport a key encrypting key (a DES key). This key is randomly generated, and after a

successful transfer is held securely within both

units.

New units introduced to an X.25 network first communicate with the Issuing Authority, then after authorization they can then be used in the X.25 network. A human operator must first set up the SAFE 7700. This is achieved

using a keypad and LCD display on the front of the hardware.

I have only seen a development version of the user manual describing interaction with the

SAFE 7700. It is clearly written but somewhat

complex. Given the complexity of X.25, the complexity of the manual is inevitable. The

operator can control the time of day specified for key update, the number of retries for key updates when one of various errors is

detected, the addresses of encrypted

When a key encrypting key exists between both sites, then whenever a call is received

from a remote unit, this key encrypting key is used to encrypt a data encrypting key which is transferred between the two units. A unique data encrypting key is used for each X.25 call

(when SVCs are used). The data encrypting key is manipulated to provide a unique key and initial value for both directions of

communication.

This completes the description of the

SAFE 7700 four level key management

hierarchy:

- The issuing authority has its own key(s) for

RSA key authorization.

COMPUTER FRAUD & SECURITY BULLETIN

01989 Etsevier Science Publishers Ltd., England./89/$0.00 + 2.20 No part of this publication may be reproduced, slored in a retrieval system, or transmitted by any form or b an pu r,.

means, electronic. mechanical, photocopying, recording or othenvise, witbout the prior permission oft z r Ishers. (Readers in the U.S.A.- please see special regulation7 listed on back cover.)

Vol. 11, No. 5, Page 22

- Each unit has its own RSA keys which It is important that the encryption hardware

must be authorized before they can be is tamper resistant, so that any attempt to gain

used. access to the unit results in all sensitive data being erased. Because of previous knowlege I

- A key encrypting key is established be- shall not write about the tamper resistance, tween each pair of communicating units however CSL state that various levels of using authorized RSA keys. tamper resistance are available to suit the

environment in which the SAFE 7700 is being - Every call using an SVC, or at frequent in- installed. The minimum level fitted as

tervals using a PVC, this data encrypting standard (level 1) exceeds the requirements of key is used to establish key encrypting US Federal Standard 1027, and complies with key(s). the IERE Code of Practice for Cryptographic

I’ve spent much of this article discussing the key management of the SAFE 7700, as I believe that this is the most important part of any encryption system. However it is also necessary that the hardware is capable of performing X.25 communication at high speeds to avoid introducing unnecessary

delays.

The SAFE 7700 uses a multi-processor architecture with a 68000 processor, specialized hardware to perform data encryption, and a fast RSA option using a TMS32020 digital signal processor. Any line speed up to 64Kbps can be used. X.25 communication routinely transmits data in packets of 128 bytes (octets in X.25 parlance). The SAFE 7700 can process 50 packets per second at 48kbps, and is capable of communicating securely with up to 1000 different addresses (NUAs).

Encryption necessarily adds some processing time to each packet passing through the hardware. Eight bit cipher feedback encryption is within each packet to keep this time to a minimum. The SAFE 7700 adds 16.2 msecs per packet from DTE to

DCE, and 18 msecs per packet from DCE to DTE when plain text packets pass through the unit. These figures rise to 18.4 msecs and 19.8 msecs when DES encryption is used.

The delays are not cumulative, and show clearly that the hardware should not be cause of any major overheads on top of normal X.25 communication. Impressive.

Security Equipment.

My apologies to the developers for simplifying the key exchange process for the purposes of discussion, and to fit within the

confines of this article. Any simplification has been made for the purpose of clarity.

All this sounds complex. It is complex, but an X.25 user sees none of the complexity, the key management processes happen automatically and transparently. I agree with

the philosophy behind the system of key management used. The alternative is to use secure couriers to implant pairs of random keys into communication units. This is subject to compromise by bribery, and begins to take on gargantuan proportions for large networks.

A possible change that I can think of is one where the RSA keys transfer data encrypting keys directly whenever an SVC is established. However this requires RSA

decryption (which is slow) for every call. The four tier key management hierarchy in use maximizes throughput. A possible problem with an RSA key management scheme is that it does not use the only published standard on

key management (ANSI X9.17). However I think that this is one case where to circumvent published standards is not only necessary, but

probably desirable.

Indeed I would go further and speculate that secure communication over a wide area

network is going to require the use of an asymmetric algorithm for key management if it is to be at all successful on a large scale.

COMPUTER FRAUD & SECURITY BULLETIN

01989 Elsevier Science Publishers Ltd., England./89/$0.00 + 2.20 No part of this publication may be re an means, electronic, mechanical, p

roduced, snored in a retrieval system, or transmitted by any form or b

z. R otocopying, recording or otherwise, without the prior permission oft L

pu Inshers. (Readers in the U.S.A.-please see special regul,ations listed on back cover.)

Vol. 11, No. 5, Page 23

Addendum: HMX cipher system

In the January 1989 issue of CFSB, the technical evaluation of the HMX cipher system from Gelosia Ltd promised a discussion of the HMX encryption algorithms as the subject of a

future technical evaluation.

Sadly this has not proved possible. Discussion with Gelosia floundered on my refusal to sign a non-disclosure agreement. Its a shame such an evaluation cannot now take

place, as the ideas seem at first sight very promising.

As the vendors of other security products can testify, I always refuse to sign a non- disclosure agreement on the grounds that the technical evaluations are thoroughly

discussed, and any factual errors rectified, before publication. Signing a non-disclosure agreement simply prevents me from giving an honest appraisal of a product.

The encryption algorithms were claimed to be unique, so the future article was going to discuss the principles behind the algorithms, and their relative strength, without revealing any embarrassing details. I looked forward to studying them, but they must now be thought of as yet another unpublished algorithm. C’est la vie.

Keith Jackson

BOOK REVIEW

Title: Computers and Data Protection

Authors: Eddy Peers, Bill Buckley

ISBN: 0 86348 125 1

Publisher: Publications Dept, Deloitte

Haskins and Sells, Melrose House, 42 Dingwall Street, Croydon CR0 2NE, UK; tel: 01-68 l-5242.

Price: f7.95 plus 40 pence postage and

packaging

This book aims to provide guidance on how best to approach the data protection laws which now apply in many countries of Europe. It draws conclusions from a survey carried out by the publisher (Deloitte Haskins and Sells, a large consultancy company) on a Europe wide

basis.

Emphasis is placed on the fact that

European data protection legislation has mainly come about because of influence from the Organization for Economic Cooperation and Development (OECD) which encourages trade and economic growth, and the Council of Europe (CoE) who are interested in the protection of civil liberties and human rights. These two bodies have conflicting aims, so

any resulting legislation is bound to reflect this with variations in emphasis across Europe.

For example with regard to registration under the UK Data Protection Act, the authors state “In our opinion the level of detail required in the UK is particularly tiresome”. As one of

the poor people who had to wade through the forms when registering my own company, I could not agree more.

The main sections of the book aim to explain when the Data Protection laws are applicable, and what you should do if they are

applicable. The Appendices contain sample checklists, action summaries, and data protection census forms. There is even an example of a suitable memorandum which

could be used to explain data protection legislation to your staff. If data protection is new to you, this could be a good starting point.

As you would expect from a consultancy which operates with offices in most European countries, the book explains the status of data protection laws in each member country of the EEC. This Appendix is particularly useful.

The authors believe that the main beneficiaries of this book are people who work in small companies which have so far ignored

COMPUTER FRAUD & SECURITY BULLETIN

01989 Elsevier Science Publishers IAd., Engiand./89/!$0.00 + 2.20 No part of this publication may be re an means, electronic, mechanical, p

IL K

roducedT snored in a retrieval system, or transmitted by any form or b o~ocopymg, recording or otherwise, without the prior permission oft L

pu Inhers. (Readers in the U.S.A.- please see special regulations listed on back cover.)