home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
OS/2 Shareware BBS: Security
/
Security.zip
/
quipu10.zip
/
quipu_e.doc
< prev
next >
Wrap
Text File
|
1995-12-16
|
14KB
|
368 lines
*****************************
********** QUIPU **********
*****************************
QUIPU offers
- IT-Security for stored and transferred files by symmetric
encryption.
- continuous encryption byte by byte, no block cipher or
cipher feedback.
- transfer without propagation of line errors.
- the simple key management of the public key cipher and the
asymmetric encryption.
- the high security of the symmetric cipher methods.
- high data security for a low price.
Short description of the encryption method
==========================================
The effective key length is 1632 bits.
Authentication is done by a character string of any length between 1 to
255 bytes.
The character string for the authentication is used as seed for a
high quality random generator, which generates a key file of
selectable length longer then 2 kilobytes. Only by the same
authentication string generates an identical key file. A file can only
be deciphered, when the available key file is identical to the key
file which was used for encipher the file.
The actual working key for the encryption is taken in two pieces from
the key file at two randomly selected locations. These locations
are different for each encryption process.
The two positions in the key file, the original file name (without
path, long file names are supported) and an 32 bit CRC of the
original plain file are encrypted and added to the ciphered file.
The key generator of QUIPU will be initialized with the two parts of the
key taken from the key file. The key generator produces one key
byte for each plain byte. The key byte and the plain byte are the
entries for a logic condition to produce the ciphered byte.
To decrypt a encrypted file, one needs an identical key file, which
was generated by the same authentication string. This file needs at
least a length of the longest of the two position pointers, which
were chosen during encryption. The length of the file is checked
and if it is too short a message indicating the minimum length pops up.
The decryption runs as the encryption. The logic combination of key
byte and ciphered byte produce the plain byte. After the decryption
the 32 bit CRC of the decrypted file is compared with the
transferred CRC of the original file. Any difference in the CRCs
indicates either a transmission error or a try of manipulation.
QUIPU step by step
==================
1st step: Creation of the key file
------------------------------------
(not necessary for each encryption of a file)
Authentication -> key file
QUIPU -m \
-p <parameter file> \
-k <key file> \
-l <length of the key file> \
-a <authentication>
If the authentication consists of several words
seperated by spaces it has to be put in double quotes:
-a "This is the authentication"
2nd step: Encryption
---------------------
plain file ->
>- encrypted file
key file -> key generator ->
QUIPU -e \
-p <parameter file> \
-f <plain file> \
-c <ciphered file> \
-k <key file>
3rd step: Decryption
---------------------
encrypted file ->
>- plain file
key file -> key generator ->
QUIPU -d \
-p <parameter file> \
-c <encrypted file> \
-k <key file> \
[-f <plain file>]
QUIPU uses the transferred original file name if the name for the
plain file is omitted.
Special terms used and other interesting facts
----------------------------------------------
Plain file: The original and unprotected file.
Encrypted file: The file which was encrypted by QUIPU.
(Enciphered file)
Key file: A file of any length > 2 kilobytes out of which the
working key is taken from 2 different, randomly
selected positions. These positions change for
each encryption.
Authentication: QUIPU uses a string of 2 to 255 bytes as
authentication for the creation of the key file.
The creation of the key file is done using a
complex mathematical algorithm. Slightest changes
in the authentication string, only one bit,
result in completely different key files.
It is recommended to use clear words or phrases,
which are easy to memorize, or excerpts from books,
whose locations are easy to keep in mind, to
avoid any written note. This can be done without
any lack of security due to the high quality of
the built-in random generator.
The creation of the key files using clear text
has several advantages:
- no notes have to be written, due to easy memorizing
- the key file can be erased after each session,
since the creation is quick and easy
- typing errors are reduce to minimum for input
The authentication string should be known only
to authorized persons.
The authentication string should be transferred
always on a separate way (Fax or telephone).
Parameter file: In this file one can put the parameters for
standard operation. The parameters on the
command line overrule the ones in the file.
In this file one can also put the registration
parameters (name, license number).
CRC: A number calculated by a mathematical formula
using the bytes of a file and their sequence as
input.
Even one bit change in megabyte file produces a
different CRC.
Comparing the CRCs of a file before and after
transfer can be used as proof of the integrity.
Key generator: A mathematical algorithm built into QUIPU. This
algorithm is initialized by 1632 bits and then
produces for each step of encryption or
decrypting one key byte. This key byte is
combined with a plain byte in an logical
operation. The result is the encrypted byte.
On the decrypting side the combination of the
same key byte with the encrypted byte reproduces
the plain byte.
The sequence of the generated key bytes is quasi
random. That means the sequence itself is statistical
flat, but it must be reproducible and that fact
is contradictory to the pure randomness.
Working key: Out of the key file randomly choosen bits(1632),
which are used to initialize the key generator.
This key must be identical for encryption and
decryption (symmetrical encryption).
The symmetrical encryption includes
authorization and authentication.
A built-in random generator selects different
sets of keys for each encryption process. The
longer the key file the more different sets
of keys are available.
Security aspects and recommendations
====================================
- Authentication string should be clear text to avoid written
notes
- Using different authentication strings in closed user groups can
be used for controlled encapsulation of parts of the group.
- The key file should be put on a RAM disk. This will be erased
when switched off. An automatic security feature.
- For frequent use the key file should be long to allow a high
variety of key sets.
- The key variety, the length of the generated key byte sequence
and its statistical flatness make QUIPU immune against any kind
of attack.
- The key generator of QUIPU has many one-way functions to avoid
tracing back to the working keys.
- QUIPU does not feed the plain bytes through its registers like
many other encrypters do. The plain bytes are only combined
with the output of QUIPU. Therefore no correlation occurs
between key bytes and the plain bytes. And even long files do not
show repetition patterns in the crypted output.
- Since the original name of a file is transferred to the receiver
in encrypted form it is possible by using random names for the
crypted files to hide also the files name not only the content.
- Data compression has to be done before encryption since the
quasi random encrypted output does not leave a chance for
compression.
- QUIPU is a slim software and can easily added to data diskettes
or internet file transfers to partners who do not have it already.
The authentication string for the decryption of the data can be
conveyed on a different way (fax or telephone).
- QUIPU is perfectly suited to secure notebooks. An literal
authentication string allows easy generation of a key file,
when needed. After each session the key file can be erased.
- To improve the authorization problem in closed user groups,
the two parts of the working key could be placed into two
different key files generated by two different authentication
strings. On this way it is possible to have two persons to be
present for the encryption or decryption process.
- Carefully used QUIPU offers all factors of IT-security for data
storage and data transfer:
* Authentication of the file
* Authorization of the sender and the recipient
* Encryption of the data
* Proof of integrity at the receive site
License
=======
Private use
-----------
This software is the shareware version of QUIPU V1.0. It can be
used for test and trial by private users for a period of 60 days.
Any use after this period is illegal.
This software is available for DOS and OS/2. The source code is
written in ANSI C. The source code is available on request.
The only limitation of the shareware version is the reminder for
registration and a beep on start-up.
For registration send a check of DEM 80,- (Europe) or DEM 100,-
(Non-Europe) to my address below. Please indicate the name to be
used for the registration. The name has to be used later on
together with the license number to run the program in licensed
mode. The writing of the name is case sensitive.
The license number can be used for updates.
The license number will be send by mail or E-Mail. Updates will be
distributed by mailboxes and FTP servers.
Commercial Users
================
The commercial use of this shareware is not allowed.
Commercial users might only test the usability of this software
during a period of 30 days.
Licenses for commercial use and source code is available on
request.
For commercial users modifications are possible:
- automatic erase of the plain file after encryption.
- Use of two different key files to have a better authorization
control.
- Different basic settings or customized initialization.
- name and license number only from command line for authorization
control with program termination on wrong authorization.
Others on request.
Liability
=========
The author can not be hold responsible for any direct or indirect
damage to persons, goods or data caused by the use of this software.
Customer service and updates
============================
All questions, wishes, remarks or suggestions can be sent to one of
my addresses. Registered users will have preference.
For the next future I plan
- faster encryption and decryption
- including the OS/2 EAs into the encrypted file
- integration of compression
- integration of UU coding
Suggestions are welcome.
Addresses
=========
Michael Mieves
Wessobrunner Weg 1
D-82407 Wielenbach
Germany
Fax: +49-9881-63543 ( Only when my PC is running)
CIS: 100334,142
Internet: mieves@ibm.net
******************************************************
* By the way: *
* *
* Quipu is named after the knotted strings used in *
* the Inca empire. They kept their messages secret *
* for a long time. *
* *
* QUIPU secured files shall do the same. *
******************************************************