|
ENTROPIC
SECURITY SYSTEM
MAY 2005
1. Introduction
1.1. Purpose of Document
This document introduces Entropic
Security; an Electronic Security (e-security) Solution developed
to overcome the limitations and difficulties of today’s e-security
technologies. Due to the limitations and difficulties of today’s
e-security solutions, despite the Internet’s own popularity
and inherent advantages; it still faces a great degree of skepticism
in sofar as security is concerned. This has somewhat limited the
proliferation of Internet’s e-Commerce and Mobile’s
m-Commerce. This technology overview of Entropic Security presents
its applicability to many applications such as Smartcard, the Internet,
the Mobile Communication’s commerce, e-Government Infrastructure,
and many others. Realising the simple but yet effective e-security
solution that Entropic Security can provide will bring tremendous
financial rewards.
2. Technical Overview
2.1. Background
The dogma of security today…“NOTHING
CAN BE MADE UNBREAKABLE”, because as one is
able to use a computer to encrypt/secure data, another will be able
to use the same to crack the codes. Thus, “Given
Time, someone will always be able to crack it !!! - IT IS ONLY A
MATTER OF TIME”.
Because of the belief in the said dogma due to the eventuality that
someone will crack it, the philosophy towards providing strength
to e-security today is by tweaking one of the following factors
to keep ahead of the code breaker and
ensure that it will take years to crack it:
a. Algorithms:
One depends on complex and powerful algorithms to crypt the data
to keep ahead of the code breaker and ensure that it takes years
to crack it.
One needs to create new algorithms ever so often to keep one step
ahead of code breaker and ensure that it takes years to crack it.
b. Key Strength:
One depends on keys of Large Bit Strength : 1024 bits, 2048 bits,
4096 bits, to keep ahead of the code breaker to and ensure that
it will take years to crack it.
2.2. Entropic Security Overview
Entropic Security is a confident
initiative that challenges the said “Dogma of the Day”
by inventing a security system that automatically
stays ahead of the code breaker to remain infallible.
It is simple and may prove to be the next revolution in e-security
and change the approach and landscape of e-security the world over
in the future.
The Dogma premises that …“Nothing Can Be Made Unbreakable”,
as “Given TIME,
someone will always be able to crack it”. Thus, the premise
here too is that there is nothing one can do about it. However,
if it was possible to devise an e-security system that intentionally
deny code breakers the element of TIME
to crack codes, then the dogma that “Nothing Can Be Made Unbreakable”
will not hold true anymore. The challenge here is to find practical
ways to apply this Paradigm in e-security thinking. Above all, it
should be SIMPLE.
In trying to deny the element of TIME, one could just change codes
regularly, say everyday at the stroke of midnight. However, with
such a mechanism, different locations in communication would first
have to:
a) agree and publish the set of codes to use, then
b) physically distribute the publish codes,
c) agree on when to change codes, and maintain secrecy over the
set of codes.
However, in such a system, the Publication
and Distribution of codes inevitably becomes its Achilles heel.
It was deployed in the 2nd World War but was easily compromised
when the Cypher Machine and Code Books were captured as in the case
of the German Enigma Cypher System. Despite, this vulnerability,
Publication and Distribution of Codes Technique is still a major
technique deployed in many sensitive areas today with the proviso
that one invest heavily in ways and means to ensure the Published
Codes secrecy.
Entropic Security was invented to overcome the said vulnerability.
As compared to the Publication and Distribution of Codes Technique,
it will have the following advantages:
a) The changing codes are not published and therefore cannot be
stolen.
b) The codes can be made to change every minute or even less if
need be.
c) Changing codes can be made unique to the lowest subset of an
individual, a machine and upwards towards groups of people or groups
of machines. Thus, unlike the former system, if one is compromised,
the rest will not be compromised.
d) Codes are changed in an “Entropic Manner” and be
made unique to each individual if required.
2.3 What is Entropy?
To put it in lay-man’s terms,
it is simply “Random and Chaos”. Thus, changing codes
entropic-ly is to “Change Codes in a Random and Chaotic Manner”
very much like throwing a pair of red and blue dice. The very nature
of its outcome is higfhly entropic, i.e. random and chaotic. Thus,
one can only guess at its outcome but can never say for certain
as it is truly entropic.
It would be impossible to mirror the outcome of every throw on another
pair of red and blue dice. However, that would precisely be the
challenge in deploying an entropic manner of changing codes. The
technology to deploy changing codes in this seemingly impossible
manner i.e. being able to mirror its outcome elsewhere is the core
technology of Entropic Security. In addition the system would have
to have the following attributes for it to be practical and deployable:
a) Though seemingly complicated, the Entropic Code Change should
be simple and have low dependency on power and computing resources
to fit on devices such as smartcards.
b) The Entropic Code Change would have to be correct every time
for each individual, for perpetuity, no matter how long the code
is.
c) The Entropic Code Change should be highly robust and stable,
for if it failed, the communication would fail and any data would
be effectively being lost.
d) The Entropic Code Change should work “Synchronously”
and “Asynchronously” to deal with data in communication
(streaming data) and data that has been stored (static data) respectively.
3. Conclusion
If this was all possible, it would
not be another “evolution” of existing technologies.
Instead, it will indeed be the next “revolution”
in e-security and change the approach and landscape of e-security
the world over in the future. It will indeed be what the Internet
World, e-Commerce and m-Commerce is waiting for towards a simple
and infallible e-security technology that can cheaply and effectively
secure today’s digital communication and overcome the belief
that the Internet, e-Commerce and m-Commerce is open and not foolproof
for the commercial benefits it can bring.
AZMAN ZAHARI
|
