This section provides a brief overview of example companies undertaking business in cryptography and data security.
3.7.1 RSA Security Inc.
RSA Security (formerly Security Dynamics Technologies) is a top maker of hardware and software used to protect and manage computer network access. Most of its sales come from flagship product SecurID, which authorises entry by PINs and random- access codes displayed on cards or tokens. The company also makes data encryption and e-business security tools. Its products are sold to corporations, as well as to users in the finance, research, and government markets. RSA Security generates about 70% of its sales in the US.
3.7.2 Rainbow Technologies
Rainbow Technologies pretty much covers the spectrum of antipiracy software and hardware. The company makes products that prevent the unauthorised use of soft- ware, and information security products that protect the security of satellite, In- ternet, and network communications. Its software protection products contain a hardware key included with each copy of a client’s software program and software that tells the program to search for the key. Its information and Internet secu- rity products utilise encryption technology and are marketed to government entities and commercial businesses. Rainbow’s growing Spectria division offers e-commerce consulting services and wireless communication tools.
3.7.3 Cylink Corporation
The company’s security software, remote-access tools, and other products protect the transmission of information across the Internet and corporate computer networks. Cylink also sells encryption tools, smart cards, and management software. Its clients include large banks (about a third of sales) and government agencies, as well as electronics experts such as Cisco, WorldCom, and Motorola. The company generates about 45% of its sales outside North America. Cylink divested a line of modems and other wireless products to focus on security. Honeywell, through its acquisition of security alarm maker Pittway, owns 28% of Cylink.
3.7.4 Network Associates
Network Associates makes a viral computer more virile. The acquisitive security software maker is continually duking it out with Symantec to be the top data se- curity specialist. The company develops antivirus, network management, and help desk software. Its products include VirusScan and the Sniffer family of network monitoring and troubleshooting programs. Network Associates sells its products through a direct sales force and through top distributors such as Ingram Micro and Tech Data. The company also generates a share of sales on the Internet through its publicly traded McAfee.com subsidiary, of which Network Associates owns about 85%. Services such as consulting and support account for nearly a third of sales. 3.7.5 Check Point Software Technologies Ltd
Network intruders get burned when playing with Check Point Software Technologies’ firewalls. The company’s resource protection, or firewall, software shields corporate networks from internal and external unauthorised access. Its FireWall-1 verifies remote users, controls access, and blocks viruses and other unwanted Web content. VPN-1 lets companies set up virtual private networks for secure internal and remote communications. Check Point sells its products directly and through manufacturers, resellers, and systems integrators including IBM, Hewlett-Packard, and EDS. Over half of the company’s business comes from resellers in the the US.
3.7.6 AXENT Technologies Inc.
AXENT Technologies puts its emphasis on hacker stress. Its security management and firewall software provide companywide network security, including access con- trol, data confidentiality, intrusion detection, and remote-access and Internet au- thentication services. AXENT derives about 70% of its sales from software license fees; the rest come from the service fees for consulting, maintenance, and training that it offers through its Secure Network Consulting subsidiary. The company mar- kets its products to customers such as WorldCom, Mobil, Xerox, Unilever, and the
US Air Force. AXENT has agreed to be acquired by rival security software maker Symantec
3.7.7 BindView Development Corporation
BindView Development gives computer network managers a bird’s-eye view. The company makes systems management and security software for complex computer networks operating on Microsoft’s Windows NT and Novell’s NetWare operating systems. Its line of enterprise management software products includes tools for network management, security, asset management, inventory analysis, and report- ing. BindView also offers Web-based risk management (bv-Control), systems mi- gration (bv-Admin), and anti-hacker software. The company has more than 5,000 customers, including Nabisco Holdings, Rockwell International, and the United Na- tions. Founder and chairman Eric Pulaski owns 19% of the company
3.7.8 Internet Security Systems Inc.
Who is hacking into my system? Internet Security Systems (formerly ISS Group) keeps e-commerce safe with its network security monitoring, detection, and response software and services. The company’s SAFEsuite product line protects corporate networks, extranets, and the Internet from misuse and security violations. Internet Security Systems also offers its ePatrol software for remote security management. The company also offers outsourced security management services, which include continuous monitoring of network traffic and devices, detection of and response to security risks, and frequent review of security policies. Products are available individually or in suites that provide comprehensive network security.
3.7.9 Baltimore Technologies plc
Baltimore Technologies would have you balk no more at the thought of sending sensi- tive electronic transmissions. The company makes cryptographic software and hard- ware designed to protect digital data within a company’s electronic infrastructure, from its MailSecure e-mail software to its UniCERT system for business networks. Baltimore also offers consulting and systems integration services to customers, which include ABN AMRO Bank, Bank of Ireland, and VISA. Baltimore made Internet history in 1998 when US President Bill Clinton and Ireland Prime Minister Bertie Ahern digitally ‘signed a communiqu´e using the company’s technology. However, Baltimore Technologies went into receivership in 2002.
3.7.10 Entrust Technologies Inc.
Whom do you trust with your network security? Entrust Technologies’ security software ensures the privacy of electronic communications and transactions across
corporate intranets and the Internet. Its Entrust suite of tools automates the man- agement of digital certificates (electronic passports that identify computer users) and monitors applications such as remote access and e-mail. Entrust also issues digital certificates through Entrust.net, offers systems integration services, and (through its 2000 acquisition of privately held enCommerce) offers software for managing e-business portals. Customers include Citibank, J.P. Morgan, and NASA. Canada- based telecom giant Nortel Networks owns 32% of Entrust.
3.7.11 VeriSign Inc.
Online transmissions may soon be VeriSign-ed, sealed, and delivered. The com- pany’s software provides digital certificates of authentication used to encrypt data and protect access to data and transactions sent over the Internet and large networks. VeriSign has worked with such companies as Microsoft, Visa, and American Express to deploy electronic safeguards for online activities that include e-mail, home bank- ing, and credit card purchases. The company also provides its certification services and products, primarily in the US, to such companies as Bank of America and AT& T. VeriSign is expanding internationally and is tapping a new stream of clients from its subsidiary, Internet domain registrar Network Solutions.
3.7.12 Trend Micro Inc
Trend Micro won’t let the Web bugs bite. The company develops antivirus software for the server systems that power computer networks and desktop PCs. Its products protect data in file servers, e-mail servers, Internet gateways, and other systems. Trend Micro sells its software through resellers including Ingram Micro and Tech Data and through partnerships with manufacturers such as Cisco and Compaq. Nearly 60% of sales are to customers outside of Japan. The company’s ipTrend subsidiary is developing electronic transaction protection products for the Linux operating system. The company was founded in 1988 by chairman and CEO Steve Chang, an ex-HP engineer, after he was swindled by software pirates
3.7.13 WatchGuard Technologies Inc
WatchGuard Technologies watches businesses and guards their transactions and communications. The company’s subscription-based LiveSecurity products and ser- vices protect computer networks from intruders, providing threat responses, software updates, and information alerts. The company also offers user authentication and data encryption software for virtual private networks. Internet service providers use the system to provide ourtsourced security services. WatchGuard targets customers ranging from home office users and educational institutions to its core market of small and large corporations. AT& T, PSINet, and Verio count themselves among its clients. Half of WatchGuard’s sales come from outside the US.
4
Encryption using Determnistic Chaos
The concepts of randomness, unpredictability, complexity and entropy form the ba- sis of modern cryptography and a cryptosystem can be interpreted as the design of a key-dependent bijective transformation that is unpredictable to an observer for a given computational resource. For any cryptosystem, including a Pseudo-Random Number Generator (PRNG), encryption algorithm or a key exchange scheme, for ex- ample, a cryptanalyst has access to the time series of a dynamic system and knows the PRNG function (the algorithm that is assumed to be based on some iterative process) which is taken to be in the public domain by virtue of the Kerchhoff- Shannon principal, i.e. the enemy knows the system. However, the time series is not a compact subset of a trajectory (intermediate states are hidden) and the iteration function is taken to include a ‘secret parameter’ - the ‘key’. We can think of the sample as being ‘random’, ‘unpredictable’ and ‘complex’. What do these properties mean mathematically and how do they relate to chaos? This paper focuses on an- swers to this question, links these properties to chaotic dynamics and consider the issues associated with designing pseudo-random number generators based on chaotic systems. The theoretical backound associated with using chaos for encryption is in- troduced with regard to randomness and complexity. A complexity and information theortic approach is considered based on a study of the complexity and entropy measures associated with chaotic systems. A study of pseudo-randomness is then given which provides the foundations for the numerical methods that need to be realed for the practical implementation of data encryption. We study cryptographic systems using finite-state approximations to chaos or ‘pseudo-chaos’ and develop an approach based on the concept of multi-algorithmic cryptography that exploits the properties of pseudo-chaotic algorithms.
4.1 Randomness and Complexity
The concepts of randomness, unpredictability, complexity and entropy form the basis of modern cryptography and a cryptosystem can be interpreted as the design of a key-dependent bijective transformation that is unpredictable to an observer for a given computational resource. In the first part of this paper we link these concepts to chaotic dynamics and consider the issues associated with designing pseudo-random number generators based on chaotic systems.
For any cryptosystem, including a Pseudo-Random Number Generator (PRNG), encryption algorithm or a key exchange scheme, for example, a cryptanalyst has ac- cess to the time series of a dynamic system and knows the PRNG function (the algorithm assumed to be based on some iterative process) which is taken to be in the public domain by virtue of the Kerchhoff-Shannon principle, i.e. the enemy knows the system. However, the time series is not a compact subset of a trajec- tory (intermediate states are hidden) and the iteration function is taken to include
a ‘secret parameter’ - the ‘key’. We can think of the sample as being ‘random’, ‘unpredictable’ and ‘complex’. What do these properties mean mathematically and how do they relate to chaos? This paper focuses on answers to this question. In addition to probabilistic properties, we consider algorithmic complexity, i.e. the length of the shortest algorithm capable of producing a cryptographically secure sequence.
Intuitively, the internal complexity of a system provides its external unpre- dictability and a sequence is called algorithmically random if its algorithmic complexity equals the length of the sequence. An algorithmically random sequence is computationally incompressible and contains no recognizable patterns (redun- dancies). Clearly, a purely random system is also algorithmically random. However, the concepts of pseudo and algorithmic randomness are different; a pseudo-random string is generated with a compact seed, but the external observer is not able (prac- tically) to reconstruct the generator and predict the sequence. In other words, the string is highly compressible for authorized communicators but computationally in- compressible for the potential adversary and, in a general sense, an algorithmically random string can be predicted by a probabilistic machine.
Randomness or unpredictability can be ‘measured’ using such properties as algo- rithmic complexity and/or entropy, i.e. the degree of uncertainty about the system. Quantitatively, the Shannon entropy is in direct proportion to the algorithmic com- plexity in ergodic systems, where statistical properties of a single sequence coincides with that of all sequences generated by a PRNG. A randomness measure for chaos is the Kolmogorov-Sinai entropy that is, roughly speaking, a multi-resolution inte- gration of Lyapunov exponents.