Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Strategies & Market Trends : India Coffee House -- Ignore unavailable to you. Want to Upgrade?

To: Mohan Marette who wrote (3289)	11/24/1998 8:51:00 PM
From: Mohan Marette	Respond to of 12475

Indian encryption software for US Air Force Date: 25-11-1998 :: Pg: 15 :: Col: f B. G. Prakash THE average Indian may feel justifiably proud of the country's technical capability on knowing that a piece of encryption software developed by a small company at Salt Lake Electronics Complex, Calcutta has been evaluated and tested for about seven months and that 500 licensed copies of the product have been purchased by the US Air Force (USAF). But the catch is that the USAF believes it to be an American product and does not know it was developed in India; the USAF would not have touched it if it had known this, says the director of the company. Unbelievable? Yes, but true. The few companies involved with information security products are Symantec, with their product called Norton YEO (YEO stands for Your Eyes Only); RSA; PGP of Network Associates; McAfee; and others. About a year ago, the USAF purchased two encryption engine products through the associate of the developer in the US, who had 'renamed' the Salt Lake product. US laws forbid the export of encryption software. Even information on encryption cannot be exported. Violations attract a penalty of one million dollars and a jail term of ten years. The US-based associate of the Salt Lake developer cannot tell what tests and procedures the USAF carried out before evaluating and accepting the quality, after which it has ordered 500 more copies. The Salt Lake encryption engine is built on an unpatented 448-bit algorithm called Blowfish, which is available on the Internet. The developer admits that he is not a cryptographer but a software engineer. Equipment is available with the US Army, which can recover data from a hard disk that has been actually overwritten or erased. In the technology used by the Salt Lake product, the plain text, or data to be encrypted, is not written on the hard disk at all as in other known encryption procedures. The algorithm creates a 'pipe', as described by the director of the Salt Lake company. The 'pipe' is created through the device-driver in the Windows operating system. The encryption takes place 'on the fly' as data is keyed in. If there is any disruption of power supply or any link, there are no 'leftovers' from which data can be retrieved by undesirable intruders. Obviously, the recipient PC, too, has the encryption software installed. At the recipient, a similar 'pipe' enables decryption 'on the fly'. The associate in the US acknowledges that this is the only 'fully online' encryption software product available in the market today. YEO claims to have similar 'on-line' encryption. In this technology, when a file is opened, it is decrypted and stored on the hard disk. When the file is closed, it is encrypted back. If there is a power failure in between, the plain text data is available either fully or in part on the hard disk. The hard disk is used as an intermediary. Even if the data is erased or wiped out on the hard disk, there is a possibility of recovery of data- compromising security. The Salt Lake encryption software first recognises that the communication is linked only with the recipient authorised to receive the encrypted data. Unencrypted and encrypted data cannot go together. The crypto file system supplies the missing security component to the Microsoft Windows family of operating systems to ride on both the FAT and NTFS file systems. There is another innovative product in the US. If a notebook computer containing this licensed software is stolen in the US and the thief hooks it to a modem to use it, a transparent warning is sent automatically to a 'server' in the company. It reads the telephone number from which the notebook is hooked through the modem. The 'server' compares the telephone number to a road map and locates it geographically. This information is faxed automatically to the nearest police station whose squad can zoom in on the thief. Lost notebooks can be recovered and the thief can perhaps be caught, but the data can be stolen by then, if it resides on the hard disk. This company bought the 'encryption engine' from the Salt Lake company after evaluating many known products in the market. On and off, a comparative comment in relation with a product of RSA or another company would be passed on to the associate, who, in turn, would relay it to Salt Lake. Often, benchmarking had to be done by this Salt Lake company using a P- 100 computer to satisfy the queries brought to the associate by 'supposedly' non- technical personnel. They asked if this encryption technology could be integrated with a product from CSS which could be customised. The queries were successfully satisfied, which made them declare that the '... product has the fastest encryption technology known'. Bharat Electronics Limited has developed encryption software built on 160 bits for a PC-to-PC configuration, which the Indian Armed Forces is currently using. Eighteen months back, when encryption products from RSA had a data communication speed of 25 mega bytes per minute, the Salt Lake software could reach 60 mega bytes per minute during laboratory tests. Microsoft Corporation has not come out with encryption with the Windows operating system. The Windows NT 5.0, renamed Win 2000, is likely to hit the market a year from now and will contain encryption algorithm which can work on NTFS file system, which Microsoft cannot sell outside US. About 60,000 licences have been sold in the US, which the developer modestly acknowledges as 'insignificant in the US market'. Another channel that the associate used was a software publisher to sell the package to retailers, once again after renaming it. (The author is a former Squadron Leader in the Indian Air Force.) hindubusinessline.com