PPT ON NETWORK SECURITY AND CRYPTOGRAPHY -paper presentation

NETWORK SECURITY AND CRYPTOGRAPHY An Elliptic Curve Cryptography (ECC) Primer Why ECC is the next generation of public key cryptography? ABSTRACT “The Right to privacy…is the most comprehensive of rights and the right most valued by civilized man”. - Justice Louis Brandies, US Supreme Court, 1928. Network security in the simplest form, is making sure that nosy people cannot read, or worse yet, secretly modify messages intended for other recipients. It also reads with the problems of legitimate messages being captured and replayed. Network security

ensures that there is Privacy, Authenticity, Data integrity, Non-repudiation when two parties communicate with each other. Network Security has never been at its best with the usage of ‘Public Key Encryption’ until the implementation of ‘Elliptic Curve Cryptography’. Though the earlier implementations of Public Key Encryption were successful at implementation level, they were unable to succeed at the user or the customer level. ’ECC’ has proved to be the best way to keep the data safe and secure, in cases where protection of data is an acute and privacy is the major concern. This paper will explore Cryptography from its earliest instances through potential future application. Our paper covers the recent developments in encryption techniques namely Elliptical Curve Cryptography (ECC), what it is, how it is implemented, how the concepts of privacy, authenticity, data integration and non-repudiation are addressed by ‘ECC’ and the application of ‘ECC’ to smart cards and mobile devices like PDAs and PCs. Along with the recent developments we also provide a justification as to how ‘ECC’ is the next generation public key encryption. Keywords: Encryption, Decryption, Algorithms, Cryptanalysis, RSA, DES, PKC, Elliptic curves, Diffie Hellman, Discrete Logarithmic Problem, Smart cards, Mobile devices. History Cryptography is derived from Greek kryptós meaning "hidden" and gráphein meaning "to write". It has been used in various forms for 2500 years. Generally, the earliest forms of secret writing, termed classical cryptography required only pen and paper. The two main categories of classical ciphers are transposition ciphers, which rearrange the order of letters in a message and substitution ciphers, which systematically replace letters or groups of letters with other letters or groups of letters. One of the earliest and simplest substitution ciphers was the Caesar cipher, used by Julius Caesar. Text encrypted by classical ciphers tends to reveal certain statistical information about the plaintext. Various devices and aids have been used for encryption. One of the earliest may have been the scytale. Early in the 20th century, several mechanical devices were invented for performing encryption, including rotor machines — most famously the Enigma machine used by Germany in World War II. The ciphers implemented by these machines brought about a significant increase in the complexity of cryptanalysis. With the advent of digital computers and electronics, very complex ciphers could be implemented. A characteristic of computer ciphers is that they operate on binary strings, unlike classical and mechanical schemes, which use an alphabet of around 26 English letters. Computer ciphers are also much more resistant to cryptanalysis; few are susceptible to a ciphertext-only attack. Introduction As computers have become more ubiquitous and connected, their security has become a major concern. This includes efforts directed at improving security of networks, hosts, and individual applications or computer programs. Network security is the effort to create a secure computing platform, designed so that users can only perform actions that have been allowed. It protects the network and their services from unauthorized modification, destruction, or disclosure. It provides assurance to the network to perform its critical functions correctly and there are no harmful side-effects. It is also referred as Network Perimeter Security, Computer Network Security and Perimeter Security. Cryptography plays a key role in network security. Advances of cryptography can make computer networks more secure. The new cryptographic methods and tools must follow up in order to adapt to these new technologies. Recent attacks on computer networks, especially on IEEE 802.11 and IEEE 802.15, are increasing, since underlying radio communication medium for wireless network provides serious exposure to attacks against wireless networks. Security must be enforced to suit the emerging technologies. Cryptography is the science of providing security for information through the reversible transformation of data. It is a science of great antiquity. The development of digital computing revolutionized cryptography, and made today's highly complex and secure cryptographic systems possible. Modern cryptography is typically concerned with the processes of scrambling ordinary text into encrypted text at the sender’s end of a connection, and decrypting the encrypted text back into clear text at the receiver’s end. The primary goal of cryptography is to conceal data to protect it against unauthorized third-party access by applying encryption. Secure communications In cryptographic terminology, the original message is called plaintext or cleartext. Encoding the contents of the message in such a way that hides its contents from outsiders is called encryption. The encrypted message is called ciphertext. The process of retrieving the plaintext from the ciphertext is called decryption. Encryption and decryption usually make use of a key, and the coding method is such that decryption can be performed only by knowing the proper key. Cryptography is the art or science of mathematical techniques commonly used for securing communications related to such aspects of data security as: Confidentiality, also known as secrecy: only an authorized recipient should be able to extract the contents of the message from its encrypted form. Otherwise, it should not be possible to obtain any significant information about the message contents. Data integrity: the recipient should be able to determine if the message has been altered during transmission. Authentication: the recipient should be able to identify the sender, and verify that the purported sender actually did send the message. Non-repudiation: the sender should not be able to deny sending the message. Cryptanalysis is the study of mathematical methods which are used in attempting to defeat cryptographic techniques. Cryptology means the study of cryptography and cryptanalysis. Cryptographic algorithms A formula used to turn ordinary data, or "plaintext," into a secret code known as "ciphertext." Each algorithm uses a string of bits known as a "key" to perform the calculations. The larger the key (the more bits), the greater the number of potential patterns can be created, thus making it harder to break the code and descramble the contents. Most encryption algorithms use the block cipher method, which codes fixed blocks of input that are typically from 64 to 128 bits in length. Some use the stream method, which works with the continuous stream of input. Until 1976 the algorithms were symmetric, that is, the key used to encrypt the plaintext was the same as the key used to decrypt the ciphertext. In 1977 the asymmetric or public key algorithm was introduced by the American mathematicians W. Diffie and M. E. Hellman. This algorithm requires two keys, an unguarded public key used to encrypt the plaintext and a guarded private key used for decryption of the ciphertext; the two keys are mathematically related but cannot be deduced from one another. The advantages of asymmetric algorithms are that compromising one of the keys is not sufficient for breaking the cipher and fewer unique keys must be generated. There are two classes of key-based encryption algorithms, symmetric (or private-key) and asymmetric (or public-key) algorithms. The difference is that symmetric algorithms use the same key for encryption and decryption (or the decryption key is easily derived from the encryption key), whereas asymmetric algorithms use a different key for encryption and decryption, and the decryption key cannot be derived from the encryption key. Symmetric key cryptography Symmetric key ciphers either use the same key for encryption and decryption, or the key used for decryption is easily calculated from the key used for encryption. Other terms include secret-key, private-key, one-key and single-key cryptography. Symmetric key ciphers can be broadly grouped into block ciphers and stream ciphers. Stream ciphers encrypt one bit at a time, in contrast to a block cipher, which operates on a group of bits of a certain length all in one go. Depending on the mode of operation, block ciphers can be implemented as self-synchronizing stream ciphers. Likewise, stream ciphers can be made to work on individual blocks of plaintext at a time. Thus, there is some duality between the two. The block ciphers DES, IDEA and AES, and the stream cipher RC4, are among the most well-known symmetric key ciphers. Other cryptographic primitives are sometimes classified as symmetric cryptography: • Private key cryptography is widely used for the encryption of data due to its speed. The most commonly used today is the Data Encryption Standard (DES). It has an extremely fast encryption speed and this is a very attractive quality in terms of efficiency; however, it has certain shortcomings that make it unsuitable for use in the m-commerce environment. • Cryptographic hash functions produce a hash of a message. While it should be easy to compute, it must be impossible to invert (one-way), and given a hash, it must be computationally difficult to find a message that computes to that hash (collision). Other properties are usually needed as well. MD5 and SHA-1 are well-known hash functions. Cryptographic hash functions Cryptographic hash functions are used in various contexts, for example, to compute the message digest when making a digital signature. A hash function compresses the bits of a message to a fixed-size hash value in a way that distributes the possible messages evenly among the possible hash values. A cryptographic hash function does this in a way that makes it extremely difficult to come up with a message that would hash to a particular hash value. Cryptographic hash functions typically produce hash values of 128 or more bits. The number of different hash values thus obtained, 2128, is vastly larger than the number of different messages likely to ever be exchanged in the world. The reason for requiring more than 128 bits is based on the birthday paradox. The birthday paradox roughly states that given a hash function mapping any message to an 128-bit hash digest, we can expect that the same digest will be computed twice when 264 randomly selected messages have been hashed. As cheaper memory chips for computers become available it may become necessary to require larger than 128 bit message digests (such as 160 bits as has become standard recently). Many good cryptographic hash functions are freely available. The most famous cryptographic hash functions are those of the MD family: MD4, MD5, SHA-1, and RipeMD-160. Of these, MD4, MD5, and SHA-1 have been broken. MD4 and MD5 should be considered insecure and not used anymore. SHA-1 is still widely used, although its stronger counterparts, SHA-256, SHA-384, and SHA-512 are likely to replace it in the future. Asymmetric key encryption Symmetric key encryption has a troublesome drawback — two people who wish to exchange confidential messages must share a secret key. The key must be exchanged in a secure way, and not by the means they would normally communicate. This is usually inconvenient, and public-key (or asymmetric) cryptography provides an alternative. In public key encryption there are two keys used, a public and a private key, with the public key for encryption and the private key for decryption. It must be difficult to derive the private key from the public key. This means that someone can freely send their public key out over an insecure channel and yet be sure that only they can decrypt messages encrypted with it. Public key algorithms are usually based on hard computational problems. RSA, for example, relies on the (conjectured) difficulty of factorization. For efficiency reasons, hybrid encryption systems are used in practice; a key is exchanged using a public-key cipher, and the rest of the communication is encrypted using a symmetric-key algorithm (which is typically much faster). Elliptic curve cryptography is a type of public-key algorithm that may offer efficiency gains over other schemes. To date, the ECC has the highest strength-per-bit compared to other public key cryptosystems. Small key sizes translate into savings in bandwidth, memory and processing power. This makes ECC the obvious choice in this situation. Asymmetric cryptography also provides mechanisms for digital signatures, which are a way to establish with high confidence (under the assumption that the relevant private key has not been compromised in any way) that the message received was sent by the claimed sender. Such signatures are often, in law or by implicit inference, seen as the digital equivalent of physical signatures on paper documents. In a technical sense, they are not as there is no physical contact nor connection between the "signer" and the "signed". Properly used high quality designs and implementations are capable of a very high degree of assurance, likely exceeding any but the most careful physical signature. Examples of digital signature protocols include DSA and ElGamal signatures. Digital signatures are central to the operation of public key infrastructure and many network security schemes. Like encryption, hybrid algorithms are typically used in practice; rather than signing an entire document, a cryptographic hash of the document is signed instead. Asymmetric cryptography also provides the foundation for password-authenticated key agreement and zero-knowledge password proof techniques. This is important in light of empirical and theoretical proof that secure password-only authentication over a network cannot be achieved with just symmetric cryptography and hash functions. Digital signatures Some public-key algorithms can be used to generate digital signatures. A digital signature is a small amount of data that was created using some private key, and there is a public key that can be used to verify that the signature was really generated using the corresponding private key. The algorithm used to generate the signature must be such that without knowing the private key it is not possible to create a signature that would verify as valid. Digital signatures are used to verify that a message really comes from the claimed sender (assuming only the sender knows the private key corresponding to the public key). This is called authentication. They can also be used to timestamp documents: a trusted party signs the document and its timestamp with his/her private key, thus testifying that the document existed at the stated time. Digital signatures can also be used to certify that a public key belongs to a particular entity. This is done by signing the combination of the public key and the information about its owner by a trusted key. Cryptanalysis Cryptanalysis is the art of deciphering encrypted communications without knowing the proper keys. There are many cryptanalytic techniques. The goal of cryptanalysis is to find some weaknesses or insecurity in a cryptographic scheme. Cryptanalysis might be undertaken by a hostile attacker, attempting to subvert a system; or by the system's designer (or others) wishing to evaluate whether a system is secure. There are a wide variety of cryptanalytic attacks, and they can be classified in several ways. One distinction concerns what an attacker can know and do in order to learn secret information. For example, does the cryptanalyst have access only to the ciphertext? Does he also know or can he guess some corresponding plaintexts? Or even: Can he choose arbitrary plaintexts to be encrypted? These scenarios correspond to ciphertext only, known plaintext and chosen plaintext attacks respectively. Linear and differential cryptanalysis are general methods for symmetric key cryptography. When cryptography relies on hard mathematical problems, as is usually the case in asymmetric cryptography, algorithms for tasks such as factoring become potential tools for cryptanalysis. (a). Cryptanalysis of a pocket Enigma. (b). Linear Cryptanalysis. Elliptic curve cryptography What is ECC? Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the mathematics of elliptic curves. The use of elliptic curves in cryptography was suggested independently by Neal Koblitz and Victor Miller in 1985. It is a public key cryptography method that provides fast decryption and digital signature processing. ECC uses points on an elliptic curve to derive a 163-bit public key that is equivalent in strength to a 1024-bit RSA key. The public key is created by agreeing on a standard generator point in an elliptic curve group and multiplying that point by a random. Although the starting point and public key are known, it is extremely difficult to backtrack and derive the private key. Once the public key is computed by ECC, it can be used in various ways to encrypt and decrypt. One way is to encrypt with the public key and decrypt with the private one. Another is to use the Diffie-Hellman method which uses a key exchange to create a shared secret key by both parties. Finally, ECC allows a digital signature to be signed with a private key and verified with the public key. Why asymmetric cryptography? Asymmetric cryptographic algorithms have the property that you do not use a single key, as in symmetric cryptographic algorithms such as AES, but a key pair. One of the keys (the public key) is used for encryption, and its corresponding private key must be used for decryption. The critical feature of asymmetric cryptography, which makes it useful, is this key pair and more specifically, a particular feature of the key pair: the fact that one of the keys cannot be obtained from the other. Asymmetric cryptography has, in fact, proved so useful for securing communications that it has become pervasive in modern life. Every time you buy something on the Internet, if the vendor is using a secure server, you're using asymmetric cryptography to secure the transaction. But asymmetric cryptography is demanding and complex, by its very nature. The hard problems in number theory, the key to the algorithms' functionality are all intrinsically difficult enough that the processor cycles you must throw at doing it, and/or the chip space you must dedicate to the implementation, inevitably far outstrip the resources you must dedicate for doing symmetric cryptography. If you need asymmetric cryptography, you should be considering elliptic curve cryptography (ECC). • ECC offers considerably greater security for a given key size. • The smaller key size also makes possible much more compact implementations for a given level of security, which means faster cryptographic operations, running on smaller chips or more compact software. This means less heat production and less power consumption, all of which is of particular advantage in constrained devices, but of some advantage anywhere. • There are extremely efficient, compact hardware implementations available for ECC exponentiation operations, offering potential reductions in implementation footprint even beyond those due to the smaller key length alone. Asymmetric cryptography is demanding. But if you're looking for the cryptosystem that will give you the most security per bit, you want ECC. The Diffie Hellman discrete logarithm problem / key exchange Diffie Hellman, along with the Digital Signature Algorithm (DSA) based on it, is one of the asymmetric cryptosystems in general use. ECC, in a sense, is an evolved form of Diffie Hellman. So to understand how ECC works, it helps to understand how Diffie Hellman works first. Diffie Hellman uses a problem known as the discrete logarithm problem as its central, asymmetric operation. The discrete log problem concerns finding a logarithm of a number within a finite field arithmetic system. A cryptographic key exchange method developed by Whitfield Diffie and Martin Hellman in 1976. Also known as the "Diffie-Hellman-Merkle" method and "exponential key agreement," it enables parties at both ends to derive a shared, secret key without ever sending it to each other. Using a common number, both sides use a different random number as a power to raise the common number. The results are then sent to each other. The receiving party raises the received number to the same random power they used before, and the results are the same on both sides. Diffie-Hellman key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher. The simplest and original, implementation of the protocol uses the multiplicative group of integers modulo p, where p is prime and g is primitive mod p. Modulo (or mod) simply means that the integers between 1 and p − 1 are used with normal multiplication, exponentiation and division, except that after each operation the result keeps only the remainder after dividing by p. Here is an example of the protocol: 1. Alice and Bob agree to use a prime number p=23 and base g=5. 2. Alice chooses a secret integer a=6, then sends Bob (ga mod p) • 56 mod 23 = 8. 3. Bob chooses a secret integer b=15, then sends Alice (gb mod p) • 515 mod 23 = 19. 4. Alice computes (gb mod p)a mod p • 196 mod 23 = 2. 5. Bob computes (ga mod p)b mod p • 815 mod 23 = 2. Both Alice and Bob have arrived at the same value, because gab and gba are equal. Note that only a, b, gab and gba are kept secret. All the other values are sent in the clear. Once Alice and Bob compute the shared secret they can use it as an encryption key, known only to them, for sending messages across the same open communications channel. Of course, much larger values of a,b, and p would be needed to make this example secure, since it is easy to try all the possible values of gab mod 23 (there will be, at most, 22 such values, even if a and b are large). If p was a prime of more than 300 digits, and a and b were at least 100 digits long, then even the best known algorithms for finding a given only g, p, and ga mod p (known as the discrete logarithm problem) would take longer than the lifetime of the universe to run. g need not be large at all, and in practice is usually either 2 or 5. There are several slightly different versions of elliptic curve cryptography, all of which rely on the widely believed difficulty of solving the discrete logarithm problem for the group of an elliptic curve over some finite field. Elliptic curves What ECC also offers, however, is a difference in the method by which the group is defined, how the elements of the group are defined and how the fundamental operations on them are defined. It's the difference in the way the group is defined both the numbers in the set and the definitions of the arithmetic operations used to manipulate them, that give ECC its more rapid increase in security as key length increases. To clarify this point, we'll describe briefly how elliptic curves are defined. Elliptic curves over finite fields are used in some cryptographic applications as well as for integer factorization. Typically, the general idea in these applications is that a known algorithm which makes use of certain finite groups is rewritten to use the groups of rational points of elliptic curves. The way that the elliptic curve operations are defined is what gives ECC its higher security at smaller key sizes. An elliptic curve is defined in a standard, two dimensional x,y Cartesian coordinate system by an equation of the form: y2 = x3 + ax + b. (a). Elliptic Curve of equation: y2 = x3 + ax + b. (b). Point Multiplication. The graphs turn out to be gently looping lines of various forms. In elliptic curve cryptosystems, the elliptic curve is used to define the members of the set over which the group is calculated, as well as the operations between them which define how math works in the group. It's done as follows: imagine a graph labeled along both axes with the numbers of a large prime field. That is to say: a square graph, p x p in size, where p is a very large prime number. Fp is the field of integers modulo p, and consists of all the integers from 0 to p-1. Now the prime numbers actually employed in practical ECC implementations are quite large, so it's difficult to visualize this graph if you use the real kinds of numbers used. But as an exercise, you can imagine a more comprehensible prime, such as 17. So you'd be looking at a graph 17x17 units in size. Now if you define an elliptic curve an equation of the form given above so that there are points (x, y) on the curve that satisfy the condition that both x and y are members of the prime field, you have implicitly created a group from the set of integer points on the curve; it is a subset of all the points in the p by p matrix created when you drew the graph specifically the ones the curve passes directly through. Note that unlike the groups used in Diffie Hellman, the elements of the set aren't integers, but points. But the system that will result is still going to be, in most senses, the same, familiar arithmetic system. The Elliptic Curve Discrete Logarithm Problem (ECDLP) The dominant operation in ECC cryptographic schemes is point multiplication. This is the operation which is the key to the use of elliptic curves for asymmetric cryptography the critical operation which is itself fairly simple, but whose inverse is very difficult. ECC arranges itself so that when you wish to perform an operation the cryptosystem should make easy encrypting a message with the public key, decrypting it with the private key the operation you are performing is point multiplication. The inverse operation to point multiplication finding a log in a group defined on an elliptic curve over a prime field is defined as follows: given points Q and P, find the integer k such that Q=kP. This is the elliptic curve discrete logarithm problem and this is the inverse operation in the cryptosystem, the one you effectively have to perform to get the plaintext back from the ciphertext, given only the public key. ECC as the Answer for High Security and for the Future. Consider these three facts of the problem, now: • The fact that the security and practicality of a given asymmetric cryptosystems relies upon the difference in difficulty between doing a given operation and its inverse. • The fact that the difference in difficulty between the forward and the inverse operation in a given system is a function of the key length in use, due to the fact that the difficulty of the forward and the inverse operations increase as very different functions of the key length; the inverse operations get harder faster. • The fact that as you are forced to use longer key lengths to adjust to the greater processing power now available to attack the cryptosystem, even the 'legitimate' forward operations get harder, and require greater resources (chip space and/or processor time), though by a lesser degree than do the inverse operations. If you understand these three things, you are now in a position to grasp the advantages ECC offers over other asymmetric cryptosystems. ECCs advantage is this: its inverse operation gets harder, faster, against increasing key length than do the inverse operations in Diffie Hellman and RSA.What this means is: as security requirements become more stringent, and as processing power gets cheaper and more available, ECC becomes the more practical system for use. And as security requirements become more demanding, and processors become more powerful, considerably more modest increases in key length are necessary, if you're using the ECC cryptosystem to address the threat. This keeps ECC implementations smaller and more efficient than other implementations. ECC can use a considerably shorter key and offer the same level of security as other asymmetric algorithms using much larger ones. Moreover, the gulf between ECC and its competitors in terms of key size required for a given level of security becomes dramatically more pronounced, at higher levels of security. The contrast in key lengths of RSA, DSA and ECC are shown in the graph below. Equivalent key sizes for DSA, RSA, ECC. Applications When the ECC was first introduced in 1985, there was a lot of skepticism about its security. However, ECC has since come a long way. After nearly a decade of serious study and scrutiny, ECC has yielded highly efficient and secure. Presently, many product vendors have incorporated ECC in their products, and this number has only been on the rise. Uncertainty still exists among some proponents of traditional cryptographic systems, but they are starting to become more accepting of this promising new technology. Another factor is the strong promotion of the use of ECC through a Canadian-based certicom Corporation. Certicom is a company that specializes in information security solutions in a mobile computing environment through providing software and services to its clients. Below is a short survey of ECC applications seen on the market today. Results of the survey can be broadly divided into four categories: the Internet, Digital postage marks, Smart cards, PDAs and PCs. Smart cards Smart cards are one of the most popular devices for the use of ECC. Many manufacturing companies are producing smart cards that make use of elliptic curve digital signature algorithms. Smart cards are very flexible tools and can be used in many situations. For example, smart cards are being used as bank (credit/debit) cards, electronic tickets and personal identification (or registration) cards. Smart cards often use 8bit microcontrollers derived from 1970s families such as the Intel 8051 [25] and the Motorola 6805. The use of public key algorithms such as RSA or DSA, which are based on modular arithmetic with very long operands, on such a processor predictably results in unacceptably long processing delays. To address this problem, many smart card microcontroller manufacturers include additional on chip hardware to accelerate long number arithmetic operations. However, in cost sensitive applications it can be attractive to execute public key operations on smart cards without coprocessors. The challenge addressed in this contribution is to implement a public key digital signature algorithm which does not introduce performance problems or require additional hardware beyond an 8bit microcontroller. To address this problem, we turn to the computational savings made available by elliptic curve cryptosystems. An elliptic curve cryptosystem relies on the assumed hardness of the Elliptic Curve Discrete Logarithm Problem (ECDLP) for its security. Implementing ECCs on the 8051 is a challenging task. The processor has only 256 bytes of internal RAM available, and only the lower 128 bytes are directly addressable. The upper 128 bytes must be referenced through the use of the two pointer registers: R0 and R1. Accessing this upper half takes more time per operation and incurs more overhead in manipulating the pointers. To make matters worse, the lower half of the internal RAM must be shared with the system registers and the stack, thus leaving fewer memory locations free. XRAM may be utilized, but there is essentially only a single pointer for these operations, which are at typically at least three times slower than their internal counterparts. This configuration makes the 8051 a tight fit for an ECC. Each curve point in our group occupies 34 bytes of RAM, 17 bytes each for the X and Y coordinates. A scalar multiplication of a fixed point of an EC can be performed in less than 2 seconds on an 8051 microcontroller. This is the core operation for signature generation in the ECDSA scheme. Although the performance and security threshold may not allow the use of our implementation in all smart card applications, we believe that there are scenarios where these parameters offer an attractive alternative to more costly smart cards with coprocessors, especially if public key capabilities are added to existing systems. We also believe that our implementation can be further improved. Mobile devices The explosive growth in the use of mobile and wireless devices demands a new generation of PKC schemes that has to accommodate limitations on power and bandwidth, at the same time, to provide an adequate level of security for such devices. This paper examines the use of ECC in such constrained environments and discusses the basis of its security, explores its performance and lastly, surveys the use of ECC applications on the market today. PDAs are considered to be a very popular choice for implementing public key cryptosystems because they have more computing power compared to most of the other mobile devices, like cell phones or pagers. However, they still suffer from limited bandwidth and this makes them an ideal choice for using ECC. Constrained devices have been considered to be the most suitable platforms for implementing the ECC. Recently, several companies have created software products that can be used on PCs to secure data, encrypt e-mail messages and even instant messages with the use of ECC. It can also be used with e-mail clients such as Microsoft Outlook and Outlook Express to encrypt e-mail messages. This product uses both private and public key cryptosystems, including a 307-bit key for its implementation of the ECC. Advantages Much like the RSA challenge, the Certicom ECC challenge offers prize money for finding various key sizes of the ECDLP. The current record was set in November 2002 where a 109-bit encryption key was broken with 10,000 computers running 24 hours a day for 549 days. The Certicom ECC challenge website reports that breaking a 163-bit key, which is the standard applied to most commercial ECC applications that Certicom uses, would be a hundred million times harder than breaking the 109-bit key. It is worthy to note that a 160-bit ECC key has about the same level of security as a 1024-bit RSA key. The most important difference between ECC and other conventional cryptosystems is that for a well-chosen curve, the best method currently known for solving the ECDLP is fully exponential, while sub-exponential algorithms exist for conventional cryptosystems. This difference largely contributes to the huge disparity in their respective running times. It also means that ECC keys have much fewer bits than IFP and DLP based applications. Clearly, ECC keys take much more effort to break compared to RSA and DSA keys. Due to this, many people believe that ECDLP is intrinsically harder than he other two problems. While this deduction might be true, we have no way of roving it. We do not know if a fast and efficient elliptic curve DL algorithm that runs in sub-exponential time will be discovered, say, in the next ten years, Or if another class of weak curves will be identified that could compromise the security of elliptic curve cryptosystems. But one thing is certain. After years of intensive study, there is currently no faster way to attack the ECDLP other than fully exponential algorithms. The absence of a sub-exponential time algorithm for the ECDLP means that significantly smaller parameters can be used in ECC than with DSA or RSA. The advantages that can be gained from smaller parameters include speed and smaller keys or certificates. These advantages are especially important in environments where at least one of the following resources is limited: • Processing power, Storage space, Bandwidth, Power consumption002Ev Conclusion ECC for Portable Devices, Applications …and for the Future. And this, in the end, is the reason ECC is a stronger option than the RSA and discrete logarithm systems for the future. And this, in the end, is why ECC is such an excellent choice for doing asymmetric cryptography in portable, necessarily constrained devices right now. The difference becomes more and more pronounced as security levels increase. The smaller ECC keys mean the cryptographic operations that must be performed by the communicating devices can be squeezed into considerably smaller hardware, that software applications may complete cryptographic operations with fewer processor cycles, and operations can be performed that much faster, while still guaranteeing equivalent security. This means, in turn, less heat, less power consumption, less real estate consumed on the printed circuit board, and software applications that run more rapidly and make lower memory demands. Leading in turn to more portable devices which run longer, and produce less heat. In short, if you're trying to make your devices smaller and if you need to do asymmetric cryptography, you need ECC. If you're trying to make them run longer on the same battery, and produce less heat, and you need asymmetric cryptography, you need ECC. And if you want an asymmetric cryptosystem that scales for the future, you want ECC. And if you just want the most elegant, most efficient asymmetric cryptosystem going, you want ECC. If you just want the most elegant, most efficient asymmetric cryptosystem going, you want ECC. After examining the security, implementation and performance of ECC applications on various constrained devices, we can conclude that ECC is the most suitable PKC scheme for use in a constrained environment. Its efficiency and security makes it an attractive alternative to conventional cryptosystems, like RSA and DSA, not just in constrained devices, but also on powerful computers. It is, without a doubt, fast being recognized as a powerful cryptographic scheme. References http://www.iacr.org http://www.certicom.com http://www.deviceforge.com http://www.ieee-security.org http://www.crptoheaven.com Bibliography • “Cryptography and Network Security”, by Barnes and Noble. • “Cryptography and Security”, by Ronald L.Rivest. • “A survey of Public Key Infrastructures”, by Marc Branchaud.