On the Importance of Evolving Cryptography
By Roy D. Follendore III
Copyright (c)1999 RDFollendoreIII
All Rights Reserved
Current commercial technologies utilize outdated and narrowly defined NSA approved language for its technical components, which limit its ability to evolve. This is because they are conceived of as part of an artifact. By this I mean that they are either an adjunct to or an incremental solution to a specified problem that involves the prevention of access rather than the promotion of informative services. Another reason that cryptographic solutions become limited is that they do not have a rich engineering language to express and promote the objectives of organizational communications performance.
The linguistic plan for how to do things with cryptography has been dominated, predetermined and predicated on a core set of definitions approved by the Government. Because approved commercial applications use NSA language, current technology considers the heart of security to be the cryptographic algorithm, around which all activities are directed.
The strategy for establishing the strategic role of cryptography is protectively rich but operationally hollow. The core functional technical design criteria for current technology is simply to encrypt data rather than to communicate better. The cryptographic objective of current technology is to obtain and use the strongest possible encryption permutation often using symmetrical fixed keys with specific key lengths with specific algorithms.
This means that the limitations associated with what cryptography is capable of and what our expectations have been for what it is to be used for, are preventing the technology from itís true potential. Using current technology, a typical transaction requires the sharing of a secret message key between people. The constraints associated with the defined cryptographic parts have prevented cryptographic concepts from being well used beyond their expected traditional ways. Within current technology the definitions and relationships of a key, cryptographic algorithm, ciphertext and plaintext are predefined and are the primary means of connectivity and security control. This is particularly true where algorithms are concerned.
Current technology is logically centered on mathematical logic expressed as algorithmic bit level permutations, which are combined with data. Within current technology scenario, keys are considered optimum when they are pseudo-random alphanumeric strings. Current crypto technology uses mathematical recursion for technically masking internal permutation processes of the cryptographic algorithm. Moreover, current crypto technology is designed as an adjunct to operations so that within organizations it is managed and accounted for as a necessary security overhead rather than a performance-enhancing tool.
Current encryption technology/techniques are designed to secure independent files and messages from one individual to another so that files and messages are the basis of transactions rather than a matrix of information and knowledge. Without understanding this matrix complex, it is impossible to untangle the desired stage of the operational process. Current encryption technology/techniques require that data must be associated to algorithms prior to use so that the benefit of algorithms as a unknown permutation factor is eliminated. This lack of a general purpose conceptualization places huge unknowable limits on the potential solutions possible because exclusive design factors such as the meaningfulness of the key are not accountable.
Encryption technology/techniques require that each key must be created, distributed, maintained with external pointers outside of the cryptographic process, and then managed and used with assigned algorithms for the proper reasons by all parties, which results in security flaws by design (or are formed over time) and the eventual loss of cryptographic control. The potential for requiring exceptions grow in number and importance over time. Serious flaws in the cryptographic security inevitably form from current encryption technology/techniques because over time operational wavers have to be ignored under the terms of inflexible cryptographic definitions and technical process control, thereby remaining undocumented and unaccountable.
Serious breaches in security are created because of operational demands. With current encryption technology/techniques, sensitive transaction keys are operationally used prematurely or reused because they do not cryptographically inherit start and expiration date attributes, which give a cryptographic life span thereby reduces the accumulation of unnecessary junk data. Furthermore, with current encryption technology/techniques, key maintenance and audit trails are not cryptographically authenticated and enforceable to the ultimate key used by the algorithm to encrypt plaintext and decrypt ciphertext, therefore requiring multiple asynchronous references. Algorithmic logic is incapable of providing the necessary degrees of freedom to resolve these critical issues.
Current encryption technology/techniques use keys that are treated as simple single-dimensional concepts and therefore have only one degree of freedom because they are logical pseudo-random mathematical strings. Without a general purpose threaded solution, even understanding the problem as it currently may exist becomes difficult or impossible.
With current encryption technology/techniques, key generation and audit trails are not cryptographically bound to applied circumstantial use so cryptographic enforcement of operational accountability and use does not exist along with the valuable reasoning related to transaction pricing and improvements in the performance of transactions. Even as the operational problems increase over time the definitions and solutions imposed by current cryptographic technology even limits the potential logical security processes available. With current Encryption technology/techniques, cryptographic algorithms, which greater permutation factors than keys, are treated as a give away.
This is a mind-limiting consequence of cryptographic exceptions formed by strict adherence to linear mathematical logic. With current encryption technology/techniques, the secure distribution of information has involved the use of non rational certificates which increase in size in accordance with the complexity of user relations and purposes of the cryptographic transaction. From Von Neuman we have known that there are certain limits to expressions possible from simple algorithms. He understood the limitations of pure algorithmic solutions. We have been seeing the mark of those limits now within the expression of cryptography.
For the past year, advanced technical development has been taking place to develop cryptographic solutions that can provide cryptographic control of matrixes of data, information and knowledge. I called this the resulting design Premonition. Premonition was a distributed cryptographic based system that transparently secured and distributed highly granular information and knowledge over the Internet with both enforced authorization and accountability as opposed to the narrow traditional encryption techniques which are boiled down to an algorithmic process of permutation. In this way it is possible to express cryptography as a powerful means for disseminating knowledge.
Premonition is a secure Internet web page publishing system rather than simply a cryptographic process for encrypting data. Unlike traditional encryption technology and techniques, Premonition is a system that utilizes Traditional Cryptographic elements both as independent objects and secondary object attributes with the objective of improving communications through enforceable flexibility and enforced adherence to the rational association with organizational policies and procedures.
The Premonition process which I created and patented was not just a logical exercise of an algorithm, so it was not have algorithmic limitations. Premonition represented the first a system that wraps the product of traditional cryptography within levels of rational abstraction rather than the external and one-dimensional way that traditional encryption technologies have treated cryptographic transactions. Unlike traditional cryptography, the heart of Premonition was a cryptographically bound matrix of labels, which tell the story of the information/knowledge and can be rationally associated with approved organizational procedure and policies.
By telling the story of information and knowledge, we are able to fuel solutions to the dissemination and processing. To accomplish this feat, the information and knowledge story has to exist at just the right moment. Premonition is a cryptographic security system that binds internal cryptographic objects late, avoiding the inflexible security problems found by traditional cryptographic techniques. One of the major problems that arise is the inability to maintain informed continuity after dissemination.
When web pages are disseminated, common information across different web pages must be tracked. This is particularly true when the information is compartmented through standard encryption practices. Premonition is a secure information and knowledge-publishing system utilizing cryptography to assure the continuity of information on published web pages. Part of the problem is that traditional cryptography does not express security in terms of information.
Traditional cryptography essentially encrypts or fails so that there is only a binary solution. There is no inherent means inherent in the encrypted data to disseminate when the possibility of success is incomplete. The traditional cryptographic system is simply designed to fail because that is all it does.
Unlike traditional cryptographic techniques designed with a narrow paradigm to never fail, Premonition accepts the fact that in the real world failure is possible and internally authenticates, verifies and validates itself using its own proprietary Object Oriented paradigm with each use. Whereas the object of traditional cryptography is to scramble, Premonition is to succeed in moving information and knowledge. To do this it is important that the process is certifiable. Unlike traditional cryptographic techniques which attempt to use Public Key (PK) methods as the end all, Premonition is designed to utilize PK processes as objects having inputs and attributes for such things as initialization and multiparty certification. In fact, the importance of the design is to insure that the communication process is well reasoned.
Premonition was designed to be a flexible paradigm based on reasoning rather than being built around a single algorithm, when changes are required they are understandable to the engineers and the users.
In further addressing the traditional shortcomings of traditional encryption we have to manage participation in the business process. .Security of information and knowledge must far exceed the constraints imposed by point to point driven security policies. Premonition cryptographically binds authentication, authorization, cryptography and accounting processes related to the transparent distribution of highly granular information across the Intranet and the Internet rather than just encrypting and posting files. The objective is to reduce the complexity for the user and to eliminate direct access and transport of first order sensitive technical components.
While traditional cryptography manages keys, Premonition eliminates the distribution of highly sensitive operational keys used with algorithms by distributing the rational justification related to the generation of those keys. The objective is also to keep humans out of sensitive distribution processes but also to maintain their participation within the information control loop.
Where traditional cryptography isolates direct management oversight and control from operational process, Premonition rational labeling involves human managers in the management of operational, environmental and policy reasoning. This means that humans that publish should contribute to information and knowledge dissemination. Publisher are the people who have a stake in the issues associated with dissemination security.
Traditional cryptography designs do not account for the differences in the role of publishers and authors but Premonition provides publishers highly granular cryptographic control of the security related to information and knowledge transfer. In this way, security processes are raised to the level of information dissemination experts, avoiding the conflicts that inevitably arise between the INFOSEC staff and operations management.
With traditional cryptography the role of the security manager is considered a necessary burden to organizational staffing with the objective of assuring the prevention of information loss but Premonition upgrades the role of security manager to that of a communications manager dedicated to improving active organizational performance.
Make no mistake about the fact that information security goes with the complete lifecycle of information. With traditional cryptography, managed information-publishing stops with the protection of information, but with Premonition the cryptographic solution extends from the birth to demise of the information publishing process. This means that the controlling authentication process for information dissemination must remain a part of information throughout itís lifecycle.
It is not enough just to plan expectations around the short-term point to point security processes of the moment. Unlike traditional algorithm bound cryptographic techniques, each and every Premonition key is bound cryptographically to rational levels of abstraction so that user permissions are independently authenticated and authorized. The importance of this point is particularly reflected in degree of difficult care that must exist in any design, which offers to solve the long-term publishing paradigm.
With traditional cryptographic techniques the act of securing information is distinct and different from the act of publishing, but with Premonition they are the same. The ability to publish is the ability to get the right information, to the right place, at the right moment. This means communications connectivity not just a single communication connection. Unlike traditional cryptography, Premonition is designed to support the resolution of communications and appropriate connectivity even when successful encryption or decryption is not possible.
Finally, the economics as well as the historical management of the communication must be considered. Unlike traditional cryptography which does not extend to the publishing paradigm, information secured and transferred using Premonition is always capable of authorized archived retrieval and is always accountable, and billable.
Copyright (c) 2001-2007 RDFollendoreIII All Rights Reserved