Blurry Box Encryption Scheme and Why it Matters to Industrial IoT
RSA cryptosystem . These problems usually are stated with a parameter for their scale , used mostly to indicate the key length .
The term “ hard to solve ” has a specific meaning in cryptography : The problem is not only difficult , but its difficulty grows exponentially as the scale increases . For state-of-the-art cryptosystems , for example , RSA encryption with 2048 bit keys 3 , these scales are high enough to make finding solutions practically impossible , even given all the computation power in the world .
Additionally , cryptography has evolved from statements like “ this looks random ” into a science with exact definitions and rigorous proofs based on mathematical concepts , mostly from algebra , number theory , and probability theory . Such proofs always use the abstract concept of an attacker , without defining one specific strategy . Similar to the concept of known or chosen plaintext attacks , defining the attacker usually results in a stronger notion of security – assuming security can still be proven and the proof is correct .
Therefore , it is common practice to publish a new cryptographic system with a proof and exact description of security properties . Abiding by Kerckhoffs ’ Principle , this does not compromise the security of the system , because the security of each instance depends on the cryptographic keys . Publication is considered very important , because only it can establish that Kerckhoffs ’ Principle applies , and everyone can validate the proof .
3 . COPY PROTECTION
Companies are interested in preventing the unauthorized reproduction of software and intellectual property . Over the years , various methods have been designed , but a hidden conflict remains : Software should be able to operate unhindered by the protection methods . At the same time , the protection methods should make it difficult to reproduce or recreate the software .
3.1 COMMON PRACTICE AND THE ARMS RACE
In the past , most copy protection relied on security through obscurity . The reason for this is that to run an algorithm , it has to be available to regular users . At best , these mechanisms can make it more difficult to analyze a program , but not on the scale required for a cryptographically hard problem . An example of this is code obfuscation , which increases the effort to analyze and reverse-engineer the algorithm , but does not make it practically impossible .
Therefore , copy protection schemes and the closely related digital rights management are usually only secure for some time , until an attacker determines the method , and security through obscurity fails . Once an attack is published , developers go on to release the next version of their schemes . However , this results in an arms race between the developers of software protection and the people trying to break it .
3
Recommendation for Key Management , Special Publication 800-57 Part 1 Rev . 4 , NIST , 01 / 2016
- 8 - June 2016