next up previous contents index
Next: Event generation and dispatch Up: Karma Programming Manual Previous: Interprocess Communications

Security

Purpose

The need for authentication and encryption is constantly increasing as more people gain access to the Internet and more people use it to conduct their daily business. As more people conduct financial transactions over the Internet, the potential for breach of privacy and fraud is enormous. The demand for secure network applications is set to explode.

Architecture

Like the rest of the library, the security support in Karma is built on a layered approach. The various packages in the Karma library which provide security support are listed below.

``en'' package

The en package provides strong encryption. Currently, only IDEA (International Data Encryption Algorithm) is supported (using the more secure Cipher Feedback Mode). Below is some information on the algorithm:

    The IDEA(tm) block cipher is covered by a patent held by ETH and a
    Swiss company called Ascom-Tech AG.  The Swiss patent number is
    PCT/CH91/00117.  International patents are pending. IDEA(tm) is a
    trademark of Ascom-Tech AG.  There is no license fee required for
    noncommercial use.  Commercial users may obtain licensing details
    from Dieter Profos, Ascom Tech AG, Solothurn Lab, Postfach 151, 4502
    Solothurn, Switzerland, Tel +41 65 242885, Fax +41 65 235761.

    The IDEA block cipher uses a 64-bit block size, and a 128-bit key 
    size.  It breaks the 64-bit cipher block into four 16-bit words
    because all of the primitive inner operations are done with 16-bit 
    arithmetic.  It likewise breaks the 128-bit cipher key into eight 
    16-bit words.

    For further information on the IDEA cipher, see these papers:
    1) Xuejia Lai, "Detailed Description and a Software Implementation of 
       the IPES Cipher", Institute for Signal and Information
       Processing, ETH-Zentrum, Zurich, Switzerland, 1991
    2) Xuejia Lai, James L. Massey, Sean Murphy, "Markov Ciphers and 
       Differential Cryptanalysis", Advances in Cryptology- EUROCRYPT'91

``md'' package

The md package provides message digest (secure hash) algorithms. While CRC algorithms have the potential for fraud (a document may be forged and yet have the same CRC checksum as a document with a published checksum), this is not computationally feasible with secure hash algorithms. Currently, only the MD5 algorithm is supported (developed by Ron Rivest).

``rp'' package

The rp package provides a random pool of bytes which may be used in cryptographic applications (such as IDEA session key generation). Ordinary random number generators are not suited to cryptographic applications.

``cen'' package

The cen package provides an encrypting filter mechanism for Channels. Once a channel is created, the data transfer may be secured by pushing an encryption filter onto the channels converter stack. Currently, only IDEA encryption is supported.

``pgp'' package

The pgp package utilites PGP (Philip R. Zimmermann's Pretty Good Privacy) to encrypt blocks of data. To decrypt, PGPdaemon is used (part of the PGPsendmail/Unix Suite available from: ftp://ftp.atnf.csiro.au/pub/people/rgooch/).

``conn'' package

The conn package integrates all the security support in Karma into a flexible, simple to use scheme which is transparent to applications. See the Karma communications guide for details.

Restrictions

Some countries have repressive laws which either restrict the use of encryption or the export of encryption technology (sometimes termed ``munitions''). While many consider the the effective policing of these laws an impossibility, it is still prudent to familiarise yourself with the laws of countries:

Naturally, the author cannot assume any responsibility for your actions.


next up previous contents index
Next: Event generation and dispatch Up: Karma Programming Manual Previous: Interprocess Communications

Richard Gooch
Wed Sep 16 16:25:36 EST 1998