IBM Releases New Cryptosystem for Internet Traffic
- By Scott Bekker
Mathematicians at IBM Research (www.research.ibm.com
) and the Swiss Federal Institute of Technology (ETH) announced they have co-developed a public-key cryptosystem that provides a mathematically proven way to secure information from aggressive Internet hacking attempts.
The Cramer-Shoup cryptosystem, named after the two researchers who developed it, reportedly closes the backdoor on active attacks, which are considered the most dangerous hack attempts that commercial cryptosystems face. It works by doubly encoding the information being sent out by Web sites using the system, meaning the cryptosystem encodes the data being sent, and the server's responses to the messages. That way, hackers will have no response message with which learn about the system. IBM plans to incorporate the system into a future version of its Vault Registry software.
The new fix comes a full two months after Daniel Bleichenbacher, a researcher at Lucent Technologies Inc.’s Bell Labs unit (Murray Hill, N.J., www.bell-labs.com), discovered a hole that enables the decoding of Internet sessions under some circumstances. These sessions were protected by the Public Key Cryptography Standard (PKCS), which includes Secure Sockets Layer (SSL), the data encryption scheme from RSA Data Security Inc. (San Mateo, Calif., www.rsa.com) that is used by most Web browsers such as Netscape Navigator and Microsoft Internet Explorer.
--Brian Ploskina, Assistant Editor
Scott Bekker is editor in chief of Redmond Channel Partner magazine.