The Age Gurus keep us guessing on next year's fashion code By SUELETTE DREYFUS Tuesday 4 April 2000 IN THE weeks following the Oscars, frantic fashion-chasers pant over those red-carpet photos with one question on their lipstick: What's the Next Big Thing? For those more interested in the fashions of the brain rather than the brawn, look no further to find cutting-edge creativity than cryptography, the haute couture of the technology world. Good cryptographic algorithms, so essential in the fine art of information hiding, reveal a certain mathematical elegance. Just as the number of Paris fashion houses receiving special approval from the French Ministry of Industry and Regional Development to call their collections haute couture is very limited, so these cryptographic algorithms are relatively rare. In the millennial world, there can be little doubt that grey matter is "in". And Bill Duane, international technical director of RSA Security, Inc, the world's largest cryptography company, has a few tips on what it will be wearing next season. So what is hot in cryptowear? Look for ephemeral keys, template-less biometrics, sheer digital watermarks lined with a crinoline of crypto and au natural molecular computing. Sitting in a trendy Brunswick Street cafe, Duane revealed his predictions after jetting into Melbourne recently from RSA's headquarters in the Milan of the IT world, Massachusetts. Some of these, such as template-less biometrics, are so new they are little more than a theoretical sparkle in designers' imaginations, but they are moving fast. Others, such as digital watermarking, will be retro by the time they become widespread. They've existed for some time, but Duane predicts they may take off in a much larger way in future. As an amateur astronomer, the technical director of RSA's Advanced Development Group has some experience with studying the past to understand the future. Musicians might be lining up to try on digital watermarking as a way of protecting their music distributed over the Net, but webpage designers could also benefit from the evolving technology. "If you have drawn a picture as an artist, you have a right to recover royalties on the use of your images. Today there is no way to stop people stealing images off one website and using them somewhere else," Duane said. One role for crypto is in hiding the digital watermark amid all the noise of random characters in a sound or picture file. It's difficult for pirates to remove what they can't find. Ephemeral keys, a kind of disposable cryptographic public key, might also be floating down what could only be described as the platinum-matter runway in the near future. These keys could radically change the way in which an average piece of e-mail or other data is encrypted. At the moment, most public key, or asymmetric systems, actually encrypt e-mail with a symmetric key that is randomly generated on the spot by the software. That key is then encrypted, using the public key system, and bundled with the encrypted message before being sent. Why not just use the public key to encrypt the data directly? "Both RSA and elliptic curve nowadays are kind of slow and they generate large blocks of data when you use encryption. So it's better to just encrypt a little symmetric key and use fast little symmetric algorithms to encrypt the bulk of the data," Duane explained. "But the newer-generation public key systems are potentially lightweight enough that you could actually do direct PK encryption and arbitrarily generate new keys on the fly as you need them. These are ephemeral keys - short-lived keys that come and go," he said. However, not every new creation wafting forth from a designer's desk has an immediately obvious use, at least in its early days. "Do I have a really clear understanding of how we might use them (ephemeral keys)? No. It just feels like there is something there," Duane said. "Ephemeral keys is an artefact of second-generation PK algorithms and they (RSA Labs) are looking at doing some research and investigating second-generation PK algorithms, so they are definitely looking at that," he said. When asked what "looking at" entailed, Duane looked over his latte and hedged. "Ephemeral keys is not something that we're spending a lot of time on, but it is something that is coming up in the general industry around newer, second-generation PK algorithms. RSA Labs in particular is looking into those second-generation algorithms." How will RSA dress up biometrics in cryptowear? It's complicated. First, think biometrics tests: iris pattern, fingerprints, hand geometry, voice print. Some systems measure the veins and nerves inside your tissue. According to Duane, there's even a system that measures body odor, although he was quick to add RSA Labs was definitely not working on that one. (So avant-garde, it's fallen over the edge into tastelessness, perhaps?) Consider the underlying problems with biometrics. "(What if) the pattern that is presented is different than the template because your finger may be dirty or cut?" he said. Templates of body parts almost never match exactly the physical part presented and, worse, they are a security risk. What if someone stole your template? He could pretend to be you. Biometrics is based on the concept of a good-enough match. "And that is an actual hard problem in cryptography because crypto is based on the concept of exact mathematical operations," Duane said. "RSA Labs is looking at unique cryptographic ways to say, `Can we avoid those problems and use biometrics in a secure way, but not store templates?'." Data communications offers a glimpse of a theoretical solution to this hard problem. "Data communications ... doesn't send a message from one end of the wire to another. It appends at the end a forward error-correcting code (FECC). And its FECC is a mathematical algorithm that is run over the message so that, when the receiver gets it, they can run the same algorithm over the message. "If any of the bits have been altered, it can not only say, `Hey! some bits are not correct!' It can also figure out which bits have been modified and then fix the message so it doesn't have to be retransmitted. "So let's say you put your thumb print on an object five times in a row and then generated a reasonably good template. You then generated a FECC using that template as if it was a message. Then you destroyed the template and only kept the FECC. Later on, you could present your biometric. It's going to be a little different than the one you stored because of normal variability of biometrics, but, by using the property of FECC, you could pull it back to the exact copy of the template. "Now you could use that as an encryption key for something because you can get a bit-for-bit exact match for what you originally stored as a template, even though the template doesn't exist any more. So, in that way, the system is a lot more secure, because you don't store templates," he said. Gracefully declining to sketch out exactly what RSA Labs is researching in the area, Duane quickly noted that the company was not "looking at" exactly this solution, because biometrics currently had too much variability. "But research similar to those lines is what RSA Labs is looking into," he said. It is, however, interesting to note that both RSA Labs and RSA Data Security are "looking at" biometrics in general, according to Duane. In contrast, ephemeral keys are primarily being handled by RSA Labs because, in Duane's words, "there's really not a product application for that in the next 12-month horizon." This suggests that RSA may be expecting to have a biometrics product on the market within a year. Perhaps then we can all look at it. Next season could also see a return to nature, with molecular computing used as a way to break cryptographic keys. The natural look is back in vogue among the large-lobed in other ways as well, with Duane openly sporting long hair in a pony tail. "The only time I purposely tuck it in is when I'm riding my Harley," he said. In an interesting twist, one of the founders of RSA, mathematician Len Adleman (the `A' in RSA), has been a pioneer in the field of molecular computing. In 1977, Adleman helped invent the RSA public key cryptosystem that formed the cornerstone asset of the company. A former biologist, Duane has a special interest in how cryptography could use molecular computing. "It's really analogous to having a soup full of tiny little simple computers all running the same computation." In this case, those "computers" are strings of DNA or RNA. The complex process involves encoding a simple mathematical algorithm on a sequence of the protein, "dumping, in the beginning, products of the reaction and analysing the output of the reaction," he explained. Today, a computer trying to break open an encrypted file might throw out thousands of "guesses" to find the correct key. Given enough time, the machine might eventually stumble onto the right answer. Molecular computers could dramatically speed this process by using the laws of nature - the ways in which certain chains of molecules bind to each other in particular pairings - to simulate `guessing'. While this soup is effectively "a massively parallel computer" with "interesting properties in cryptography", Duane once again coyly backed away from detailing RSA's role in this area of research. "I'm not actually implying that these are things we are looking at," he said. No, of course not. "I know I'm being a little obtuse. I can't explain what they (RSA Labs) are doing, due to patent restrictions." His hesitation is probably a wise move, given that RSA's most famous - and some would say most valuable - cryptographic patent, the US patent for the original RSA algorithm, expires on 20 September. | [34]go to top | [t_article_index_w.gif] [dots_90.gif] SOFTWARE [35]News straight from the Trojan horse's mouth Microsoft may be in a spot of multi-billion-dollar bother - but that's not what it's telling its customers, writes ALAN ATTWOOD. Gurus keep us guessing on next year's fashion code Data designers increasingly are focusing on transmission security. [36]Getting all the facts back on file The national archives is about to take public record-keeping into the 21st century. [37]Stock trading goes into WAP drive Down Under New Zealand is pioneering a world first for the sharemarket. [38]Unlock the bag on that know-how According to some industry commentators, "knowledge management" belongs "in the dustbin of marketing speak". [1pix.gif] [1pix.gif] [1pix.gif] [1pix.gif] [1pix.gif] [top_newsfromthe.gif] [title_it.gif] IFRAME: [39]http://ads.fairfax.com.au/html.ng/site=itnews&adspace=468x60&loc=b ottom [40][Params.richmedia=yes&site=itnews&adspace=468x60&loc=bottom] ______________________________________________________________________ Copyright © John Fairfax Holdings Ltd 2000. Any unauthorised use, copying or mirroring is prohibited. View our [41]Privacy Policy. [count] References 1. http://ads.fairfax.com.au/cui/ITF.html 2. file://localhost/masthead 3. http://ads.fairfax.com.au/html.ng/site=itnews&adspace=468x60&loc=top 4. http://ads.fairfax.com.au/click.ng/Params.richmedia=yes&site=itnews&adspace=468x60&loc=top 5. file://localhost/contact_us/index.html 6. file://localhost/site_map.html 7. file://localhost/index.html 8. file://localhost/breaking/index.html 9. file://localhost/industry/index.html 10. file://localhost/recruitment/index.html 11. file://localhost/e-commerce/index.html 12. file://localhost/software/index.html 13. file://localhost/hardware/index.html 14. file://localhost/communications/index.html 15. file://localhost/networking/index.html 16. file://localhost/international/index.html 17. file://localhost/calendar/index.html 18. http://www.itjobs.fairfax.com.au/ 19. http://itjobs.fairfax.com.au/default.asp?j=458722 20. file://localhost/columns/philipson/index.html 21. file://localhost/columns/macman/index.html 22. file://localhost/columns/webmechanic/index.html 23. file://localhost/columns/questiontime/index.html 24. file://localhost/columns/openline/index.html 25. file://localhost/columns/platform/index.html 26. file://localhost/columns/sites/index.html 27. file://localhost/columns/buildingnt/index.html 28. file://localhost/columns/tipex/index.html 29. file://localhost/columns/screenspirit/index.html 30. file://localhost/columns/siliconvalley/index.html 31. http://www.smh.com.au/icon 32. http://www.smh.com.au/icon 33. file://localhost/cgi-bin/email.pl?story=20000404/A42684-2000Mar31 34. file://localhost/orb/s/h/home/lily/articles/cryptowear.html#top 35. file://localhost/software/20000410/A59966-2000Apr10.html 36. file://localhost/software/20000404/A42682-2000Mar31.html 37. file://localhost/software/20000404/A42686-2000Mar31.html 38. file://localhost/software/20000403/A47412-2000Apr3.html 39. http://ads.fairfax.com.au/html.ng/site=itnews&adspace=468x60&loc=bottom 40. http://ads.fairfax.com.au/click.ng/Params.richmedia=yes&site=itnews&adspace=468x60&loc=bottom 41. http://www.members.f2.com.au/help/privacy_policy.html