Cryptographic Algorit hms by mils electronic

Data Security

Data Security

Cryptographic Algorithms by mils electronic

Protecting your confidential information at the highest level of security is the core competence of mils electronic. From the outset we have integrated the strongest possible encryption algorithms and the unbreakable One Time Key encryption method into the security functions of our products. We strive not only to provide our customers with state-ofthe-art cryptography, but also attach great importance to the protection of this cryptography by incorporating it into a tamper proof environment. This document provides you with an overview of mils electronics cryptographic algorithms, how they are employed and what they protect.

Data Security

mils electronics cryptographic concept can be symbolized by a pyramid. Based on the secure implementation of the relevant components and the exclusive usage of true random keys, various algorithms are employed to guarantee the confidentiality and integrity of your sensitive information.

Encryption Algorithms
 OTK (One Time Key)  MBC (Mils Block Cipher)  AES (Optional)

Authentication Algorithms
 MAS (Mils Authentication System)

Data Security

One Time Key (OTK) encryption - the only proven unbreakable encryption method

One Time Key encryption is a very simple, yet completely unbreakable cipher method. It has been used for decades in mils electronics cipher systems for encrypting our customers sensitive data. Over the years, we have perfected the implementation of One Time Key encryption into our products. Today, our high level of automation, high capacity storage media, continuous key protection and One Time Keys of more than 100 megabytes offer our customers outstanding message security without sacrificing convenience.

Data Security

Characteristics of the One Time Key encryption method

Use
One Time Key encryption can be employed to protect your highly confidential messages and files in transit.

The Encryption Process

The One Time Key encryption method requires a binary additive stream cipher, where a stream of truly random keys is generated and then combined with the plain text for encryption or with the ciphertext for decryption by an exclusive OR (XOR) operation.

Unbreakable?
It is possible to prove a stream cipher encryption algorithm is unbreakable if the following preconditions are met:  The key must be as long as the plain text  The key must be truly random  The key must only be used once The One Time Key implementation in mils electronics products fulfils all these requirements and provides unbreakable protection for your secure data.

Further Readings

 Menezes, Alfred J., Paul C. van Oorschot, and Scott A. Vanstone: Handbook of Applied Cryptography 1997, CRC Press  Schneier, Bruce: Applied Cryptography: Protocols, Algorithms, and Source Code in C 1996, John Wiley and Sons, Inc.

Data Security

Mils Block Cipher (MBC) encryption the essence of the best

The Mils Block Cipher (MBC) is a secure encryption algorithm and has been tailored for customers with the highest security requirements. The MBC uses a large key size, a high degree of non-linearity, maximal diffusion, data dependent rotations and a high number of rounds. It is therefore able to withstand all attempts by crypto-analysts to break the algorithm, both now and in the future. The proprietary design of the MBC is the result of our crypto-mathematicians decision to combine several proven components of the AES finalists with mils electronics specific enhancements. The MBC is therefore the perfect option if a national security level is required.

Data Security

Use
The Mils Block Cipher algorithm is employed to encrypt our customers sensitive messages, e-mails or files. Furthermore, it protects the data traffic in VPN configurations. The MBC is the ideal alternative if you prefer algorithm-based encryption instead of One Time Key (OTK) encryption or as an emergency backup algorithm if OTK is unavailable.

Customization
The forward-looking design of the MBC allows for customer-specific modifications that result in a personal encryption algorithm meeting any requirement for a secret or national algorithm. Using the Mils Block Cipher in CFB mode

Features and Metrics:  Message key: 256 bits, unique for each message  Block size: 128 bits  Cipher mode: 128 bit Cipher Feedback (CFB)  Initialization vector (IV): 128 bits, unique for each message  Total number of pre-settings: 3.94 x 10115

Tranparency
The design of the MBC is fully transparent and can be disclosed to customers anytime. Additionally, our Cipher Check Support allows each customer to independently verify the implementation of the MBC whenever desired.

Data Security

Mils Authentication System (MAS) guaranteed integrity for your data

The Message Authentication System (MAS) provides integrity for messages, cryptographic keys and other important data. To do so, the MAS authentication algorithm compresses the data, a process usually known as hashing, under the control of a Crypto Variable and a Permutation Key. The result of this controlled hash is called a signature and represents the contents of the data.

Data Security

Use
mils electronic solutions rely on the integrity of various data such as messages, programs, address books etc. This data needs to be partially stored on unprotected storage media such as hard disks. MAS is used to sign these data items in order to detect if an outsider has tampered with the information.

Guaranteed Integrity
The Crypto Variable and the Permutation Key prevent outsiders from changing the data and then recreating a new signature. All parts of the data contribute to the output signature, whose length is independent of the data length. To provide the wanted protection, small changes in the data will cause large and unpredictable changes in the signature. Using MAS for data authentication

Features and Metrics:  Crypto Variable: 64 bits  Permutation Key: 256 elements of 8 bits each  Signature length is: 64 bits

Data Security

Tamper Proof Implementation

The MilsCard
Our communication security products offer the highest level of protection on an ordinary personal computer. To guarantee this, the security-related functions must be moved from the vulnerable environment of the PC into a protected area, generally known as a cryptographic security module. The MilsCard provides the required protected area for all mils electronic solutions. It is built around the mils-developed M111 Security Controller, a VLSI ASIC that was specifically designed to achieve the utmost physical protection for sensitive items. The M111 incorporates a microcomputer, a set of algorithms, a true random noise source and highly tamper-resistant key storage. It guarantees absolute protection for the cryptographic keys during storage and processing.

10

Data Security

True Random Key Generation

In mils electronic products, cryptographic keys are exclusively generated by a True Random Noise Source. It is incorporated into the M111 Security Controller chip of the MilsCard, which forms the hardware element of each mils electronic application. Integration into the M111 Security Controller provides tamper protection and a very high key generation speed. The random noise source derives its random bits by sampling a set of parallel ring oscillators, a reliable technology for obtaining truly random bits. This technique uses timing jitter and oscillator drift found in freerunning CMOS ring oscillators as a source of randomness. Timing jitter is a random phenomenon caused by the thermal noise and local voltage variations present at each transistor of a ring oscillator. Local variations in voltage and temperature will cause each ring to oscillate faster (or slower) over time - resulting in a random drift relative to

the other rings. As the frequency of each oscillator randomly drifts with each cycle, the output stream becomes random relative to the lower frequency sampling rate.

The True Random Noise Source of the M111 Security Controller

11

mils electronic is a major player in the field of communication and information security. Our product range includes message cipher systems, VPN solutions and random key production equipment. From the outset, we have integrated the strongest possible encryption algorithms and the unbreakable One Time Key encryption method into the security functions of our products. Being an independent, privately-held Austrian company, free of external influences, puts us in the unique position of being able to provide our global customers with the very highest standards of protection. mils electronic gesmbh & cokg leopold-wedl-strasse 16 6068 mils austria tel: +43 5223 57710-0 fax: +43 5223 57710-110 info@mils.com www.mils.com

TEC-ALG-04E-01