News
Tascomm Product News
Browse a complete archive of Tascomm product news and announcements.
Strong data encryption for DTS messaging

30th September 1998

From now on new Distributed Transaction System middleware implementations can be equipped with a strong data transfer encryption, based on effective Public/Private Key cryptography. This software option implemented for DTS TCP/IP protocol drivers is called DTSCRYPT.

DTSCRYPT provides DTS transactions and intersystem communication a very secure environment where business critical data may be transferred as DTS messages over insecure communication lines safely. Since DTS is a Finnish product the level of security that can be achieved is not limited by US export rules or other legal restrictions, just the computation capacity of the hardware used. Expections to the above may apply when DTS is imported to certain countries outside European Union.

In practice the length of the crypting key used is limited only by the arithmetic calculation capacity of the computing hardware. Generation and exchange of keys is handled using the Diffie-Hellman algorithm and DTSCRYPT allows key lengths from 64 to 65536 bits. With current computing systems the practical range of key lengths is from 256 to 2048 bits. The crypting key is unique for each executed transaction, and can be reconstructed several times a second, depending on the length of the key selected and the calculation power of the hardware. The symmetric cryptography algorithm has been chosen to be Triple DES-EDE3-CBC. In addition to the symmetric encryption the crypted message is always recrypted using a mask constructed from the unused bits of the Diffie-Hellman key.

Breaking the method used for DTSCRYPT data encryption would require breaking the original Diffie-Hellman keys. This is the more impossible the longer the key length used gets. If necessary the unique key pairs for each transaction can be signed with a special identity known by the client and server system only. Using the key signature option will even protect the transfer against "man in the middle" IP address rerouting attacks.

Further information about the Distributed Transaction System product family is available.

© Copyright 2000 Tascomm Engineering Oy Home  Company  Products  Services  Customers  News