STABILISED SECURE ALGORITHMS
TECHNICAL FILED:
This invention relates to systems for enhancing the security of encryption algorithms and authentication algorithms predominantly used for smart devices. The invention is particularly, but not exclusively, concerned with devices of processes that communicate over public networks, such as the Internet.
BACKGROUND ART:
A major risk in the use of digital transactions in unauthorised invasion by so called "hackers". Attacks may take various forms including physical access to a computing device, infecting a computer with an intelligent agent to cause it to disclose when a user is on-line so that messages can be intercepted for subsequent deciphering, and tapping into a public network to monitor transactions. Once access is had, deciphering can be based on attacking the hardware, the power supply and/or timing of data transmissions and delays between responses. These attacks are used to limit or "scope down" the possible range of encryption keys and algorithms used, from which deciphering can become relatively trivial and even in real time.
The term "smart devices" means smart cards, SIM cards or other secure integrated circuits - chips in pervasive computing devices and like that include a processor, non-volatile memory (e.g. Rom, EEPROM, mini-disk), optional volatile memory (RAM), and an operating system, that can store and process data. Smart devices, while being capable of being used for more functions and on a wider scale, ace currently used to a limited extend for identification, authorisation and storing information.
The term "computing device" means any device of a computer, which can run a program. A computing device can be a smart device.
The term "password" as used herein refers to a password, a personal identification code or PIN, fingerprint, user ID and the like authentication initiator.
The term "encryption" as used herein refers to any security function, such as encryption, decryption, signing, verification, hash function and the like.
This invention seeks to provide systems for enhancing the security of computer systems as applied to authentication or encryption. '
DISCLOSURE OF THE INVENTION:
One aspect of the invention is concerned with providing increased security, nor necessarily but mostly for smart devices, in order to minimise attacks in recognising the security keys and comparing important values as password.
Thus one aspect of the invention provides a method for providing stabilised encryption, wherein: • the encryption key is provided with an additional correction parameter and "the encryption function that uses the key is stimulated to use this parameter in a way, so independently of the content of the encryption key, the encryption function will have additional operations and will have time for execution not less that a constant. • optional spurious calculations are applied randomly to provide random timing of execution, which is added after the encryption.
Preferably for the encryption the additional correction parameter is added as a part of the security key, whether symmetrical or asymmetrical.
Another aspect of the invention provides a method for providing stabilised computing important values, wherein:
• the important value for comparison is provided with additional correction parameter, and the comparison of that important value with outside value is stimulated to use the parameter in a way, so independently of the content of the important value, the comparison will execute additional operations and will have time of execution not less than a constant.
• optional spurious calculations are applied randomly to provide random timing of execution, which is added after the comparing important values.
Preferably the spurious calculations are performed after the steps of comparing the entered data and stored important values like passwords to provide random timing for the generation of the output.
The method for stabilised encryption of data, including the steps of: encrypting the data using a suitable algorithm and an encryption key and causing the computing device to perform a plurality of processing cycles, so as to cause timing delay between entering and encrypting information and generating the encrypted data, wherein a correction parameter is added to the encryption key to control the time required to generate the encrypted data and to additional spurious security functioning.
Preferably the correction parameter is also a function of the transaction state value that is dependent on the contents of a previous communication of the smart device with a server.
This method inhibits hacking by monitoring the power supply, the timing or the hardware by providing spurious information/timing and/or regularising the timing for performing the encryption.
Further features, variants and/or advantages of aspects of the invention will emerge from the following non-limiting description of examples of the invention made with reference to accompanying schematic drawings.
BRIEF DESCRIPTION OF THE DRAWINGTS:
Figure 1 shows an algorithms flow plan for achieving stabilised RSA encryption; and
Figure 2 shows as algorithms flow plan for achieving stabilised comparison of important values as password checking.
BEST KNOWN MODE FOR CARRYING OUT THE INVENTION:
Figure 1 shows an algorithm flow plan 10 to obtain stabilised RSA encrypted data, which comprises three additional phases performed after the standard RSA encryption process. The algorithm comprises an entry point 11 for data, a standard RSA encryption process 12 to encrypt the data, a process 13 to produce additional secure function driven by the correction parameter, a
process 14 to cause looping driven by the correction parameter to achieve standardised timing between receiving the plain data and output point 16 for encrypted data, and process 15 to cause further cycling for random number of cycles. In the event of the algorithms being processed in a smart device, then processes 12 and 13 use the crypto controller in the smart device.
The correction value is a specific value for each type of computing device and is very specific for each chip of the smart device. It is an additional parameter added to the security key, for example to each RSA private key for the RSA encryption function. The correction value is explicit for each security key of a computer device (private key and symmetrical key). The correction values acts to add additional spurious security function and to ensure that each duration of a particular security function appears for almost equal time, independently of the content of the key.
The algorithm is provided mainly to eliminate some attacks related to the smart device and to the environment in which the smart device is running.
Figure 2 shows a stabilised algorithm for comparing important values 20, usually password or a PIN for a smart device. The algorithms 20 comprises a process 21 for receiving the important value (password), a process 22 for performing a comparison of the important value stored in a computer device and an entered important value during each transaction, a process 23 for performing a secure function over a value stored in a smart device, and a process 24 for outputting the result of the comparison. The stored value is optionally a transaction state value representative of a previous communication of the computing device with a server and which differs for each message sent between the computing device and the server.
The stabilised algorithm for comparing important values improves the normal algorithm for comparing important values executed in a smart device to eliminate some attacks related to the smart device and to the environment in which it runs. The important value comparison is a very important authentication mechanism. The stabilised algorithm for comparing important values can be used for all password-checking operations, regardless whether this is for a major password of for secondary passwords that can also be stored in a smart device.
The invention is not limited to the precise details described above and shown in drawings. Modifications may be made and other embodiments developed without departing from the scope of the claims.