I received a ton of requests for the article below. One comment. This looks like a perfect application for PGP mainly because of the ease of use and the fact that it includes compression. I may send something in to the editor. REMEMBER: What fallows is a direct quote from the zine. ------------------------------------------------------------ Communications News - August, 1994 Gaining ISDN Privacy with data encryption by Kevin Tanzillo Making the public ISDN network private is possible though data encryption to maintain security, say a pair of ISDN researchers whose organization is soon to become and ISDN user. Wunnava V. Subbarao, professor of electrical and computer engineering Florida International University (FIU), along with research associate Irma B. Fernandez, wrote a paper on testing and evaluating encryption based data security in the ISDN environment. Their interest goes beyond academic. The university, located in Miami, will become an ISDN user when classes resume this fall, linking remote campus in a distance learning application. So far, though, the use of ISDN has been in the university+s research lab. Subbarao explains that BellSouth and Northern Telecom grants have enabled the university to bring in five basic rate ISDN lines and work with a range of equipment. Why we have gotten heavily involved in this is because ISDN is quickly emerging as a real, operational, reliable and cost-effective technology for end-to-end digital connectivity, says Subbarao. Here at FIU a large number of ISDN-based applications are being developed. Some of these are point of sale, security monitoring, medical network and medical imaging. In any of these high-speed data transfers, security is a pressing concern. We have investigated possible standards for ISDN security that allow data, including voice, transmitted over ISDN to have encrypted so that only intended receiver can decipher it. This will make the public network behave like a private network and allow ISDN to be a solution in applications that require authentication, privacy and confidentiality without the expense of leased lines. In a software implementation developed a the FIU lab, the overhead incurred to add security to an ISDN communication is small enough that it will be transparent to the end user, says the paper. We have successfully implemented the DES algorithm in software and the results obtained are satisfactory. The hybrid cryptosystem developed at FIU uses RSA public key cryptogrophy for key pair generation and encrypts a random DES key, then uses DES for encryption of the contents. They used an RSAREF cryptographic tool kit from RSA laboratories. On an average, it takes 68 seconds to generate a pair of 508-bit keys running on a 486 PC base. The RSAREF tool kit allows creation of a key pair of up to 1,024 bits, but the overhead incurred in the time to generate these keys is not warranted, given these keys will only be valid for one communication session. The time to seal, encrypt and decrypt an eight-character file was less than a second, and the time to verify the signature was around three seconds. RSAREF allows for signature and encryption of message files of length up to 1,000 bytes, and timing studies for a file length of 700 bytes resulted in the same overhead as that of the length of eight bytes. We are currently updating our software to test signature and encryption of large binary files, such as image files. Taking more than a minute to create an encryption key may be acceptable in some applications, Subbarao observes, but he has his eye on transmission of medical data, when every second counts. As a result, the FIU lab is working on a time-saving hardware implementation for creating keys. As the Subarao-Fernandez paper concludes, hardware implementation of DES and RSA scheme to privatize public ISDN are virtually transparent to the end users, and the time penalty incurred is insignificant. Regarding privacy of voice, the research paper observes: In the implementation of the ISDN prototype, the voice digitization will require encryption eight characters (64 bits) at a time. Also, for voice applications, since the length and contents of the full voice message is not known beforehand, the message digest and signature for integrity is not applicable. Data transfers over ISDN on the other hand, can take advantage of the message digest and signature for integrity. The appropriate data files will be parsed into eight character (64 bit) blocks for encryption in DES CBC mode. As far as the particulars of the encryption research, the paper explains that the file transfer software was implemented in C programming language. To transfer binary files, we wrote an interrupt-driven serial communications program based on the XModem-1K protocol, which extends the packet size from 128 to 1,024 bytes. File transfers were tested using the B channel in a BRI line. future enhancements include implementation of the Zmodem protocol, which uses a 2K packet size, to take full advantage of the digital characteristics of the transfer medium. What the future holds for this security concept is terminal adapter security extension module that plugs into the PC bus and provides security to the ISDN user while protecting the investment in existing terminal adapters. That module could support speeds to 4 Mb/s. ------------------------------------------- [end of article] ... __o .. -\<, chris.claborne@sandiegoca.ncr.com ...(*)/(*). CI$: 76340.2422 PGP Pub Key fingerprint = A8 FA 55 92 23 20 72 69 52 AB 64 CC C7 D9 4F CA Avail on Pub Key server.