X.25 line encryptor safe 7700
-
Upload
keith-jackson -
Category
Documents
-
view
214 -
download
0
Transcript of X.25 line encryptor safe 7700
vol. 11, No. 5, Page 20
the only valid approach for the prospective
user of international EDI is caveat emptor!
John Draper
/CL Network Applications Business Cen tre
TECHNICAL EVALUATION
X.25 LINE ENCRYPTOR SAFE 7700
Product: X.25 Line Encryptor SAFE 7700
Developer, Manufacturer and Vendor:
Computer Security Ltd, Olivier House, 18 Marine Parade, Brighton, E. Sussex BN2 lTL,
UK.
Availability: X.25 networks at line speeds up
to 64Kbps.
Price: f4950 per unit (one off), plus
approximately f 1000 per Network User Address as a software licence fee. Both prices
are discounted for large networks.
I recently visited Computer Security Ltd
(CSL) in Brighton to see their in-line X.25
encryption system. For those readers
unfamiliar with with the phrase X.25, this is the
international standard used when messages
are passed between computer systems using
packet switching techniques.
An X.25 supplier (BT or Mercury in the
UK) offers a service whereby messages are transmitted from the sender to the receiver as
a series of packets of data. The network used
to transmit this data will send each individual packet via the best available route, and hardware at the recipient’s site must reconstruct the original message out of the
incoming packets, taking care to account for any packets that arrive in the wrong order.
Packet switched networks are used for
many business purposes, especially financial
systems. The great attraction is their
resilience. The network uses the best
available route at any one time, and can cope with particular parts of the network being
unavailable.
One inherent risk involved is that
messages passing across a network can be monitored. This is difficult to achieve in an X.25 network, because of the complex protocol, and the fact that component packets
of a message can be transmitted by different routes. It is however possible, and the only
way to assure secrecy is to encrypt the
message.
An X.25 line encryptor offers such a
solution. The SAFE 7700 from CSL is inserted
into an X.25 line, and offers facilities whereby
calls that pass through the unit can be
encrypted using either DES (Data Encryption Standard) or a proprietary algorithm. In the
following discussion, all references to DES
could equally well refer to the proprietary algorithm offered by CSL. A SAFE 7700 can be set up to allow combinations of plain text
calls and encrypted calls.
Writing a technical evaluation of such
hardware is difficult, as it is not possible to just
borrow a unit and use it for a couple of days.
The SAFE 7700 only makes sense in the context of an X.25 network. I don’t personally
have one of those, or easy access to one, and the setup of individual co-operating X.25 units
is not a trivial process. However the most
important questions revolve around key
management, the message throughput, any introduced delay, and ease of usage.
First key management. Any halfway
decent encryption system requires a random key to carry out encryption. In the case of a symmetric algorithm (DES), the two
communicating units must have the same key installed. Key management is the process where keys are moved from one unit to another, to achieve the installation of the same
COMPUTER FRAUD & SECURITY BULLETIN
01989 Elsevier Science Publishers Ltd., Engiand.W9/$0.00 + 2.20 No part of (his publication may be re an
6. means, electror$ mechanical, p g
rodwed! s~orcd in a relrieval sys!em, or trammilted by any .fo!‘m UT b otocopymg. recording or othew~se, without the prior pemllssmn of 1 ze
pu hshers. (Readers m the U.S.A.- please see special regulation3 listed on back cover.)
Vol. 11, No. 5, Page 21
random key in both units. It is vitally important destinations, alias addresses and the
that keys are kept secret in transit. If a third maximum key exposure time. The facilities
party knew the keys, and the algorithm in use, available are comprehensive, and there is no
messages could be decrypted. space to go into detail within this article.
The SAFE 7700 uses the RSA encryption
algorithm to transport DES keys securely. RSA is used because it is an asymmetric
encryption algorithm, the same key does not
have to be present in each communicating unit
for secret messages to be transmitted between
the two units.
Operators need to know what they are
doing during the setup phase, but during routine operation the SAFE 7700 requires no
attention, except to extract data at reasonable
intervals from the various audit logs that are
maintained during execution.
The key management system used by the
SAFE 7700 requires an “Issuing Authority” to
be present in the system. Its function is to
certify RSA keys in such a way that they can
be recognized as genuine by all other communicating units. The personnel in charge of the Issuing Authority must make very sure
that all new hardware is genuine, and that the
keys specific to the Issuing Authority are not
compromised.
X.25 offers two different types of call.
These are known by the acronyms SVC
(Switched Virtual Call), and PVC (Permanent
Virtual Circuit). They are analogous to the
familiar concept of a single telephone call (to varying destinations), and a leased line between two points. The SAFE 7700 can
perform encryption using either SVCs or
PVCs. The key management system is subtly
different for PVCs.
The phrase “Issuing Authority” used by CSL, has many synonyms used by other
writers such as “Key Registry” and
“Notarization Process”. They all refer to the
function of accepting a unit as genuine, and providing unforgeable encrypted “signatures”
that can be checked at some future date to
prove that a unit is genuine.
When a unit receives a call from a unit which it knows should be encrypted, but for
which there is no encryption key, then the authorized RSA public keys are used to
transport a key encrypting key (a DES key). This key is randomly generated, and after a
successful transfer is held securely within both
units.
New units introduced to an X.25 network first communicate with the Issuing Authority, then after authorization they can then be used in the X.25 network. A human operator must first set up the SAFE 7700. This is achieved
using a keypad and LCD display on the front of the hardware.
I have only seen a development version of the user manual describing interaction with the
SAFE 7700. It is clearly written but somewhat
complex. Given the complexity of X.25, the complexity of the manual is inevitable. The
operator can control the time of day specified for key update, the number of retries for key updates when one of various errors is
detected, the addresses of encrypted
When a key encrypting key exists between both sites, then whenever a call is received
from a remote unit, this key encrypting key is used to encrypt a data encrypting key which is transferred between the two units. A unique data encrypting key is used for each X.25 call
(when SVCs are used). The data encrypting key is manipulated to provide a unique key and initial value for both directions of
communication.
This completes the description of the
SAFE 7700 four level key management
hierarchy:
- The issuing authority has its own key(s) for
RSA key authorization.
COMPUTER FRAUD & SECURITY BULLETIN
01989 Etsevier Science Publishers Ltd., England./89/$0.00 + 2.20 No part of this publication may be reproduced, slored in a retrieval system, or transmitted by any form or b an pu r,.
means, electronic. mechanical, photocopying, recording or othenvise, witbout the prior permission oft z r Ishers. (Readers in the U.S.A.- please see special regulation7 listed on back cover.)
Vol. 11, No. 5, Page 22
- Each unit has its own RSA keys which It is important that the encryption hardware
must be authorized before they can be is tamper resistant, so that any attempt to gain
used. access to the unit results in all sensitive data being erased. Because of previous knowlege I
- A key encrypting key is established be- shall not write about the tamper resistance, tween each pair of communicating units however CSL state that various levels of using authorized RSA keys. tamper resistance are available to suit the
environment in which the SAFE 7700 is being - Every call using an SVC, or at frequent in- installed. The minimum level fitted as
tervals using a PVC, this data encrypting standard (level 1) exceeds the requirements of key is used to establish key encrypting US Federal Standard 1027, and complies with key(s). the IERE Code of Practice for Cryptographic
I’ve spent much of this article discussing the key management of the SAFE 7700, as I believe that this is the most important part of any encryption system. However it is also necessary that the hardware is capable of performing X.25 communication at high speeds to avoid introducing unnecessary
delays.
The SAFE 7700 uses a multi-processor architecture with a 68000 processor, specialized hardware to perform data encryption, and a fast RSA option using a TMS32020 digital signal processor. Any line speed up to 64Kbps can be used. X.25 communication routinely transmits data in packets of 128 bytes (octets in X.25 parlance). The SAFE 7700 can process 50 packets per second at 48kbps, and is capable of communicating securely with up to 1000 different addresses (NUAs).
Encryption necessarily adds some processing time to each packet passing through the hardware. Eight bit cipher feedback encryption is within each packet to keep this time to a minimum. The SAFE 7700 adds 16.2 msecs per packet from DTE to
DCE, and 18 msecs per packet from DCE to DTE when plain text packets pass through the unit. These figures rise to 18.4 msecs and 19.8 msecs when DES encryption is used.
The delays are not cumulative, and show clearly that the hardware should not be cause of any major overheads on top of normal X.25 communication. Impressive.
Security Equipment.
My apologies to the developers for simplifying the key exchange process for the purposes of discussion, and to fit within the
confines of this article. Any simplification has been made for the purpose of clarity.
All this sounds complex. It is complex, but an X.25 user sees none of the complexity, the key management processes happen automatically and transparently. I agree with
the philosophy behind the system of key management used. The alternative is to use secure couriers to implant pairs of random keys into communication units. This is subject to compromise by bribery, and begins to take on gargantuan proportions for large networks.
A possible change that I can think of is one where the RSA keys transfer data encrypting keys directly whenever an SVC is established. However this requires RSA
decryption (which is slow) for every call. The four tier key management hierarchy in use maximizes throughput. A possible problem with an RSA key management scheme is that it does not use the only published standard on
key management (ANSI X9.17). However I think that this is one case where to circumvent published standards is not only necessary, but
probably desirable.
Indeed I would go further and speculate that secure communication over a wide area
network is going to require the use of an asymmetric algorithm for key management if it is to be at all successful on a large scale.
COMPUTER FRAUD & SECURITY BULLETIN
01989 Elsevier Science Publishers Ltd., England./89/$0.00 + 2.20 No part of this publication may be re an means, electronic, mechanical, p
roduced, snored in a retrieval system, or transmitted by any form or b
z. R otocopying, recording or otherwise, without the prior permission oft L
pu Inshers. (Readers in the U.S.A.-please see special regul,ations listed on back cover.)
Vol. 11, No. 5, Page 23
Addendum: HMX cipher system
In the January 1989 issue of CFSB, the technical evaluation of the HMX cipher system from Gelosia Ltd promised a discussion of the HMX encryption algorithms as the subject of a
future technical evaluation.
Sadly this has not proved possible. Discussion with Gelosia floundered on my refusal to sign a non-disclosure agreement. Its a shame such an evaluation cannot now take
place, as the ideas seem at first sight very promising.
As the vendors of other security products can testify, I always refuse to sign a non- disclosure agreement on the grounds that the technical evaluations are thoroughly
discussed, and any factual errors rectified, before publication. Signing a non-disclosure agreement simply prevents me from giving an honest appraisal of a product.
The encryption algorithms were claimed to be unique, so the future article was going to discuss the principles behind the algorithms, and their relative strength, without revealing any embarrassing details. I looked forward to studying them, but they must now be thought of as yet another unpublished algorithm. C’est la vie.
Keith Jackson
BOOK REVIEW
Title: Computers and Data Protection
Authors: Eddy Peers, Bill Buckley
ISBN: 0 86348 125 1
Publisher: Publications Dept, Deloitte
Haskins and Sells, Melrose House, 42 Dingwall Street, Croydon CR0 2NE, UK; tel: 01-68 l-5242.
Price: f7.95 plus 40 pence postage and
packaging
This book aims to provide guidance on how best to approach the data protection laws which now apply in many countries of Europe. It draws conclusions from a survey carried out by the publisher (Deloitte Haskins and Sells, a large consultancy company) on a Europe wide
basis.
Emphasis is placed on the fact that
European data protection legislation has mainly come about because of influence from the Organization for Economic Cooperation and Development (OECD) which encourages trade and economic growth, and the Council of Europe (CoE) who are interested in the protection of civil liberties and human rights. These two bodies have conflicting aims, so
any resulting legislation is bound to reflect this with variations in emphasis across Europe.
For example with regard to registration under the UK Data Protection Act, the authors state “In our opinion the level of detail required in the UK is particularly tiresome”. As one of
the poor people who had to wade through the forms when registering my own company, I could not agree more.
The main sections of the book aim to explain when the Data Protection laws are applicable, and what you should do if they are
applicable. The Appendices contain sample checklists, action summaries, and data protection census forms. There is even an example of a suitable memorandum which
could be used to explain data protection legislation to your staff. If data protection is new to you, this could be a good starting point.
As you would expect from a consultancy which operates with offices in most European countries, the book explains the status of data protection laws in each member country of the EEC. This Appendix is particularly useful.
The authors believe that the main beneficiaries of this book are people who work in small companies which have so far ignored
COMPUTER FRAUD & SECURITY BULLETIN
01989 Elsevier Science Publishers IAd., Engiand./89/!$0.00 + 2.20 No part of this publication may be re an means, electronic, mechanical, p
IL K
roducedT snored in a retrieval system, or transmitted by any form or b o~ocopymg, recording or otherwise, without the prior permission oft L
pu Inhers. (Readers in the U.S.A.- please see special regulations listed on back cover.)