C= Me(mod n) (974) (mod n) For equivalent security, the computational burden of RSA and similar public-key cryptosystems is signifi antly greater than DES and similar single-key cryptosystems. As a result, where large amounts of information must be communicated, public-key systems are frequently used for secure communication of a key intended for a single-key system, which is then in turn used for mainstream encryption RSA has well known cryptographic digital signature capabilities( transformed by the sender using the sender secret key; transformed by the receiver using the senders public key), which gives assurance that the information was initiated by the signer and that the sender cannot deny creating the information. a signature technique Digital Signature Standard(DSS)(NIST, 1991], has been proposed by NIST. The basic differences between DSS ed only for digital signatures, DSS the proposed DSS key lengths will be constrained, and the security of DSS is based on the difficulty of finding logarithms of large numbers Examples of relatively new encryption techniques coming into popular use are PGP( Pretty Good Privacy) IDEA (International Data Encryption Algorithm), and PEM(Privacy Enhanced Mail). The U.S. Government has proposed SKIPJACK, a secret and controlled system, as an intended replacement for DES. The proposal which includes"trusted third-party "key escrow, has met with ant controversy. Sof A number of techniques that are commonly implemented in software can contribute to protection against adversaries. These include password authentication; memory, file, and database access restrictions; restrictions on processing actions; development and maintenance controls; and auditing. asswords, which are intended to authenticate a computer user in a cost-effective way, are sometimes user selected(a technique resulting in a relatively small potential population), sometimes user-selected from a computer-generated collection, sometimes randomly generated, and sometimes randomly generated from a phonetic construction(for pronounceability and memorization ease)[Cooper, 1989]. Examples of phonetic passwords are TAMOTUT, OTOOBEC, SKUKOMO, ALTAMAY, and ZooLTEE. These five were each chosen om a different phonetic construction(five of the approximately 25 commonly used) Security control can be physical, temporal, logical, or procedural. Two important logical or procedural contr principles are part of fundamental multilevel security(multiple levels of sensitivity and multiple user clearance levels on the same system), as described by part of the Bell-La Padula model. The simple security principle restricts users of a particular clearance level from reading information that is of a more sensitive(more highly classified)level. The star property prohibits information flow from the level at which its sensitivity has been determined to any lower level(write-down). Analogous integrity protection is provided by the Biba integrity Protection rules can be mandatory(used mainly by the government or military) or discretionary(compart mented according to need-to-know regimes of trust typically determined by file owners ). The combination of security levels and protection rules at the same level can be associated with a lattice model. In addition to matching the security controls, the lattice model facilitates mathematical verification of security implementations. A common logical protection rule specification gives the rights of subjects(action initiators)to act on objects (action targets) at any particular time. One way to view these rules(although seldom implemented in this manner)is to consider an access matrix(Table 97. 1) containing rows for subject indicators and columns for object indicators. The matrix entries are the rights of subjects to objects. Actual implementation may differ e.g., by using directories, or capability lists, or capability tokens(row designations for rights of subjects)or access control lists(column designation for rights to objects) These types of rules can be augmented by software(and/or hardware)memory protection through techniques including fences, base/bounds registers, tagged registers, and paging [Gasser, 1988] Database management system(DBMS)security and integrity protections include access controls but generally require finer granularity and greater protection(especially for relational databases)against subtle forms of c 2000 by CRC Press LLC© 2000 by CRC Press LLC C = Me (mod n) (97.4) M = Cd (mod n) (97.5) For equivalent security, the computational burden of RSA and similar public-key cryptosystems is signifi- cantly greater than DES and similar single-key cryptosystems. As a result, where large amounts of information must be communicated, public-key systems are frequently used for secure communication of a key intended for a single-key system, which is then in turn used for mainstream encryption. RSA has well known cryptographic digital signature capabilities (transformed by the sender using the sender’s secret key; transformed by the receiver using the sender’s public key), which gives assurance that the information was initiated by the signer and that the sender cannot deny creating the information. A signature technique, Digital Signature Standard (DSS) [NIST, 1991], has been proposed by NIST. The basic differences between DSS and RSA are that DSS is intended only for digital signatures, DSS patents are intended to be government owned, the proposed DSS key lengths will be constrained, and the security of DSS is based on the difficulty of finding logarithms of large numbers. Examples of relatively new encryption techniques coming into popular use are PGP (Pretty Good Privacy), IDEA (International Data Encryption Algorithm), and PEM (Privacy Enhanced Mail). The U.S. Government has proposed SKIPJACK, a secret and controlled system, as an intended replacement for DES. The proposal, which includes “trusted third-party” key escrow, has met with significant controversy. Software Security A number of techniques that are commonly implemented in software can contribute to protection against adversaries. These include password authentication; memory, file, and database access restrictions; restrictions on processing actions; development and maintenance controls; and auditing. Passwords, which are intended to authenticate a computer user in a cost-effective way, are sometimes user￾selected (a technique resulting in a relatively small potential population), sometimes user-selected from a computer-generated collection, sometimes randomly generated, and sometimes randomly generated from a phonetic construction (for pronounceability and memorization ease) [Cooper, 1989]. Examples of phonetic passwords are TAMOTUT, OTOOBEC, SKUKOMO, ALTAMAY, and ZOOLTEE. These five were each chosen from a different phonetic construction (five of the approximately 25 commonly used). Security control can be physical, temporal, logical, or procedural. Two important logical or procedural control principles are part of fundamental multilevel security (multiple levels of sensitivity and multiple user clearance levels on the same system), as described by part of the Bell–La Padula model. The simple security principle restricts users of a particular clearance level from reading information that is of a more sensitive (more highly classified) level. The star property prohibits information flow from the level at which its sensitivity has been determined to any lower level (write-down). Analogous integrity protection is provided by the Biba integrity model [Gasser, 1988]. Protection rules can be mandatory (used mainly by the government or military) or discretionary (compart￾mented according to need-to-know regimes of trust typically determined by file owners). The combination of security levels and protection rules at the same level can be associated with a lattice model. In addition to matching the security controls, the lattice model facilitates mathematical verification of security implementations. A common logical protection rule specification gives the rights of subjects (action initiators) to act on objects (action targets) at any particular time. One way to view these rules (although seldom implemented in this manner) is to consider an access matrix (Table 97.1) containing rows for subject indicators and columns for object indicators. The matrix entries are the rights of subjects to objects. Actual implementation may differ, e.g., by using directories, or capability lists, or capability tokens (row designations for rights of subjects) or access control lists (column designation for rights to objects). These types of rules can be augmented by software (and/or hardware) memory protection through techniques including fences, base/bounds registers, tagged registers, and paging [Gasser, 1988]. Database management system (DBMS) security and integrity protections include access controls but generally require finer granularity and greater protection (especially for relational databases) against subtle forms of