Austin, Texas (PRWEB) September 13, 2012
As credit card companies and the security industry scramble to provide point-to-point encryption for their users, MerlinCryption reports how these algorithms have already been broken, and how the industry can effectively close encryption security gaps.
“Financial transactions are blatantly at risk of criminal attack since TDES, SSL, and RSA encryptions can be cracked in minutes to hours,” explains Paul (Prem) Sobel, “Hackers can now decrypt client requests and hijack so-called “safe” SSL/TLS sessions in online banking, e-commerce and payment sites.”
In the newly-released white paper "ASBE Defeats Statistical Analysis and Other Cryptanalysis," author, Sobel, succinctly covers advanced attack methods against encryption and how Anti-Statistical Block Encryption (ASBE) overcomes inherent vulnerabilities in today’s encryption security.
ASBE uses blocks as part of the algorithm. These blocks are manipulated in ways different from all currently known and published existing encryption algorithms in a variable way, which depends on the key.
The algorithm employs variable key length and requires no key transfer, which overcomes two major vulnerabilities for the cryptographic design community.
TDES, AES, and SSL use short keys, which are attacked by brute-force and by using knowledge of the algorithm. Once attackers compromise a private key, derived from a short public key, they can decrypt both past and future SSL-secured connections, by intercepting the encrypted traffic. Attackers can also impersonate the organization to which the SSL certificate was issued, by manipulating DNS lookups.
“NIST has recommended sub-2048-bit RSA public keys be phased out by the end of 2013,” continues Sobel. “This is treated as a guideline versus a rule, by the Certificate Authorities, who unfortunately continue to issue certificates with keys as low as 512-RSA.”
MerlinCryption raises the bar far beyond standard, with variable keys that scale from 2008 bits to 2 gigabytes in length, and variable passwords to 64KB. While ASBE’s larger and changing key length leverages the difficulty of prediction, its use is not cyclic. Standard differential analysis and any attempt at byte frequency cannot crack it.
Every ASBE encryption instance is different, as the algorithm produces different cyphertext with varying length, even when repeating the same plaintext, key, and password input.
In addition to variable key length, ASBE key generation, communication, and storage cannot be detected, as keys are generated-destroyed-recreated, on demand. This eliminates a need to communicate the key, circumventing criminal interception.
The ASBE white paper concisely relates a large volume of information, which makes a quick reference resource to cryptographers, solution developers, and security professionals interested in encryption attacks and vulnerabilities.
ABOUT MerlinCryption, Inc.
The Smart-World’s Smart-Encryption™ software company in Austin TX, MerlinCryption develops encryption and authentication solutions that protect against counterfeiting, cloning, software compromise, physical machine compromise, and man-in-the-middle attack, designed specifically for the embedded and M2M (machine-to-machine) market.
The unprecedented security platform protects integrity of data-at-rest, data-in-motion, data-in-use, and data-in-change as it is created, viewed, edited, shared, stored, and moved across communications channels and through the Cloud. The encryption is NSA reviewed, BIS approved for export, and OFAC compliant. The cryptosystem enables compliance with FDA, HIPAA, and HITECH.
MerlinCryption offers full-scale encryption platforms for M2M, authentication, and enterprise, as well as eleven stand-alone software programs for Information Security professionals. MerlinCryption is changing the way the world protects data and secures connectivity. http://www.MerlinCryption.com.
About Paul “Prem” Sobel
Paul “Prem” Sobel graduated with honors with a B.S.E.E. Electrical Engineering from Pratt Institute, and an M.S.E.E. Electrical Engineering from California Institute of Technology.
On a summer job Sobel identified a recurrent problem in IBM’s testing system that saved the company $1 million per year. NASA recognized him with an individual commendation for his automation of spacecraft programming on planetary probes.
His security work encompasses log management, NAC, super computer design, graphical and audio presentation of Big Data in eleven or more dimensions, and image processing. He has held chief scientist/principal engineer positions at Xerox, Northrop, Intel, Vitesse, Phillips, and AMD.
He holds three patents in CPU Architecture, one classified patent, and one patent pending.