Chapter 1

The Hypercube Spread Spectrum Encryption System was created as an alternative to DES ( Data Encryption System ).

DES has several problems:

1. Security is very dependent on the length of and mathematical sturcture of the encryption key and the quality of the encryption algorithm.
   
   It's security strength is very dependent on the length of the encryption key. The length of the key determines the number of possible decryption keys. As computers become more powerful, faster and the design of specialized hardware becomes cheaper, the need for a longer and longer key or much better algorithms becomes necessary. As the length of the key becomes longer or as the encryption algorithm becomes more complex the time to encrypt and decrypt data increases.
   
   
2. The data is in the encrypted data and is repeatable given the same data and key.
   
   You get the same results given the same key and data. This requires that passwords be kept on server and client systems. Snooping can intercept user and system responses, and/or forge them ( once a "yes" sequence is known it can be forged without the encrypter ). The management of passwords is a major problem in all security systems.
   
   The encrypted data is just a scrambled version of the unencrypted data.
   
   
3. Requires many inter-related security systems and protocols.
   
   Since the data package is the same for the same key and data, additional methods to verify a valid data package are required.
   
   To protect passwords requires better security access systems with additional encryption to maintain their integrity.
   
   Note:
   
   Certificates in and of themselves require just as much security as the system they are trying to protect and they have all the same weaknesses as physical identification systems like; passports, birth certificates, licenses etc. All forms of identification, digital or physical, can be forged. Identification highjacking is becoming as common digitally as it is physically ( credit cards and checks are the biggest two ). Just take note, that identification verification is a separate security issue from encryption.
   
   Do to the greater weakness of the DES design, systems using DES are more dependent on the following for security ( the encryption process is built into the server and communication protocol ):
   
   Digital signatures ( this can also be called, hashes or digests )
   
   Signatures are used to detect the modification of data after creation. Anyone tampering with the data will cause a receiving systems signature checker to catch that a change has been made ( but not what has been changed ).
   
   Certificates ( global or otherwise )
   
   Digital versions of the identification systems mentioned above.
   
   SSL
   
   Secure Sockets Layer ( developed by Netscape )
   
   When information is sent from one computer to another over a TCP/IP ( Transport Control Protocol / Internet Protocol ) connection, more than your data is sent. Transmitted data is broken down into packets ( of fixed or variable sizes ). A data packet will contain a destination address, port ( socket ) identification ( all header stuff ), maybe your data and other stuff ( all message stuff ). Many packets can be exchanged before, during, and after the packets containing your data. The port number is used to identify the process to receive the data and the protocol used. The standard port number for most http ( Hyper Text Transport Protocol, the world wide web ) communication is 80. SSL uses port 443, that identifies the data as secured ( usually by encryption ). A secured connection is usually created using an https request rather than an http request.
   
   TLS
   
   Transport Layer Security
   
   Many computer communication systems are broken down into layers ( units of code ), with each layer handling a different aspect of communication. The TLS layer is responsible for handling secured communication ( usually encrypted data ).
   
   TLS ( 1.0 ) is the IEFT standard of SSL ( 3.1 ). Not all browsers support this yet ( 7/2000 ).
   
   plus many others
   
   
4. A single system has total trust and therefore complete access to the secured data.
   
   The key is completely dependent on the server ( owner of the decryption key ) system. The user has no control of the data encryption process and must completely trust the owner for the security of their data and promise not to peak. For e-commerce, this is not important for the owner's data, but may be important for the privacy of the user's personal information.

DES has advantages:

1. Uses basically standard public algorithms composed of simple mathematical processes.
   
   The algorithms are public and can be implemented by anyone.
   
   The formulas are easy to analyze and comprehend.
   
   No one has personal responsibility for their security weaknesses.
   
   Anyone can implement the algorithm and pretty much know that the encrypted data can be decrypted by the receiver.
   
   
2. Security is based mainly on a single feature.
   
   If the length of the key determines the strength, then it's a simple calculation to determine the strength of the system. If the encryption algorithm determines the strength, then a little more effort is required to determine the strength of the system.
   
   
3. Decryption can occur simply by running every possible key through the algorithm.
   
   Under brute force any key can be discovered. This makes it easier to maintain national security remotely.
   
   

HCSSES can solve many of these problems with greater simplicity.

1. Security strength is not dependent on any single feature.
   
   The security strength has very little dependency on the length of the key as long as the minimum key length and quality is maintained. The strength of the security is more dependent on the various transformation algorithms and spreading algorithms than the length of the key.
   
   In addition the key is actually a sequence of instructions that are decoded by a key sequencer into micro codes that drives the various functional blocks. This approach, abstracts the key from the resulting output data stream ( the key is not in the output data stream ). The DES requires a final step to make sure the key is removed from the output data stream block ( done for every block that is encrypted ).
   
   As computers get faster and larger in parallel processing capability, increasing the key length requires that more processing must be done to encrypt then decrypt the data. With HCSSES the ever growing speed and power of computers has little impact on key length nor does it slow down the encryption/decryption process.
   
   Since the algorithms are not public and can be dynamically changed with each encryption, breaking the protection is much more complicated and time consuming.
   
   
2. The input data and encryption key are not in the encrypted data.
   
   Because the HCSSES transforms the 1-D input data stream into a path through hyperspace ( 4-D ), the encrypted data is also abstracted from the output data stream ( ODS ), the input data is not in the output data stream ). The spreading system is used to transform the data around a hypersphere. This transformation is different with each encryption. Therefore, the same data and key will produce different results with each encryption. Because of this ODS variation, snoops can not pick off passwords ( or any data for that matter ). There is no need to store passwords or exchanged them, only a verification data block ( VDB ) that can only be decoded by the correct key, needs to be stored. Knowledge of the contents of the VDB provides no information about the key or the password. The VDB can be used to verify that the correct key and password were used during log-on. To add additional security, like challenges, additional VDBs can contain questions and answers. Seeing the encrypted questions, answers or system responses provides no information to a snoop.
   
   
3. No special protocols or complex layered security systems are required.
   
   Only one system is required to provide encryption for user and system communication protection. You still need other kinds of security for total system protection. But, these requirements are independent of communication encryption.
   
   It's easy to add digital signatures to provide another layer of security. This additional layer is not required for basic data storage protection.
   
   Do to a higher level of security, in general, globally managed certificates are not required with HCSSES. More simpler identification processes can be used. But remember that, identification verification is a separate security issue from encryption.
   
   
4. Security of the data is also controlled by the user and not exclusively by someone else.
   
   Because a key is built from the client/server, the application and a user password, the user has as much to do with the security as the others. Data protection is split between three parties rather than one ( usually the server ). The password can be obtained by many means; voice print, DNA sample, retinal scan or typed text. As in all security systems, trust falls to the client not to divulge or abuse the user password. But now does not rest exclusively in the hands of the maintainer of the data ( server or application ).
   
   
5. HCSSES does not use a simple mathematical formula to scramble the actual data.
   
   The key can not be discovered from an automated brute force attack. It would require logical analysis to determine the various algorithms and transformation formulas. This would require a great deal more time than brute force with DES. At the highest levels of encryption, a hacker would have to break the decryption system as it operates. A basic problem of all security systems that encryption can't control.
   
   
6. HCSSES is based on a single session system.
   
   HCSSES encrypters and decrypters are dynamic in nature and can be supplied on demand for a single session. Over a network like the web, applets can be used. This adds another layer of protection, by removing a general purpose algorithm from the clients application ( no longer do you need a browser with encryption built-in that needs to be continuously updated ). This design also eliminates the need for a server to run special protocols specifically for security like SSL ( secured socket layer ) or TLS ( transport layer security ).

HCSSES has several problems:

1. Using standard open algorithms reduces the security strength.
   
   Since the security strength is also due to the algorithms used, security strength is reduced if a standard set of algorithms and transformation formulas are used. However, even with a standard HCSSES implementation, the advantages mentioned above still make this system more secure than DES.
   
   
2. No one system has sole trust of data security.
   
   Total trust and control is removed from the server. Trust is split between three parts; user, application and server. For any one system to gain access to secured data, all three parts must agree. This goes against the current mentality of management today to control everything. It's the same argument of standalone PCs vs. dumb terminals connected to a main frame, i.e. server ( whether the main frame connection is over a local net or the public internet ).
   
   
3. HCSSES doesn't support back doors and is difficult to hack in real-time.
   
   National security issues, force direct intelligence gathering ( as in the past with all security systems before DES ), since remote systems can not effectively monitor ( decrypt ) the data stream.
   
   

Introduction, Dimensions

Last modified Nov 16, 2001