a. Background part1: the need of a cryptography system in the NHS
As per Dr John O'Connor Encryption Programme Board representative NHSIA, NHS needs cryptography. NHS Information Authority and NHS Executive’s Information Policy Unit along with BMA have been devising schemes to enhance the security of information collection and transmission in NHS. NHS needs to ensure that all its communication and storage of electronic information related to the patients, their personal and clinical information is secure enough and especially clinical messaging is secure enough. There are high concerns about the confidentiality of the patient information. To satisfy this, encryption has been made compulsory. And hence, whatever security solutions have been envisaged locally and nationally, would have data encryption as a key component. This would pertain to all aspects of messaging where some kind of sharing of patient’s information is involved including booking and changing of appointments, requesting for special services, Alongside, digital stamping techniques to verify that documents have come from a particular institution will also be enabled.
b. Background part2: brief description of Red Pike
Transmission and storage of information, securely involves the use of ciphers or cryptographic algorithms, as they are called. Ciphers are used to encrypt and decrypt data i.e. convert it into a form which is made unrecognisable to all except the recipient who can convert it back into useful form. What is critical to effective cryptography, and effective ciphers, is the kind of “Key” which is used with the algorithm. The longer the key is, the more difficult it is to crack the code. Keys are devised using the binary digits or bits. Each bit can take a value of 0 or 1. Therefore depending on the number of bits used, keys can possess different number of combinations.
An eight bit key could take up anyone of 256 different possible combinations. Hence the longer the key, more difficult would it be to crack the code. Ciphers can be block or stream ciphers. Block ciphers work on blocks of fixed number of symbols while stream ciphers work on set of symbols of indefinite length. Ciphers can also differ on the basis of symmetric or asymmetric key algorithm
Red Cipher is a 64 bit key length and 64 bit block size cipher, which has been proposed to be used by the NHS. It is a classified cipher and hence not much is known about it. It is similar in its function to another cipher named as RC5. It has very basic operations and consists of very simple code but the bits have a cascading influence. It uses the same basic operations as RC5" (add, XOR, and left shift) and "has no look-up tables, virtually no key schedule and requires only five lines of code"; "the influence of each key bit quickly cascades" and "each encryption involves of the order of 100 operations
c. The issues which are discussed in your report
In this report, I shall be discussing the relevance of the usage of classified ciphers such as Red Pike for the NHs, the strengths and weaknesses as well as whether the Red Pike usage is still safe to use today. I will also discuss the alternatives, which can be used in place of Red Pike by the NHS.
d. The structure of your report
The report is divided into five sections. The first section provides the outline and background of the report as well as what the report is going to be about. The second, thirth and fourth sections refers to the issues discussed in the report viz. Relevance of classified ciphers, strengths and weaknesses of red pike and whether it can be used as well as alternatives.
e. The summary of the conclusions reached
In conclusion, my report shows that the red pike is no longer relevant and in fact there are more reasons for its discontinuation as opposed to its continuation. The NHS should look at better cipher alternatives for their systems.
Section 2: the strengths and weaknesses of using a classified cipher, such as Red Pike for an organisation such as the NHS
Ciphers can be block or stream ciphers. Block ciphers work on blocks of fixed number of symbols while stream ciphers work on set of symbols of indefinite length. Ciphers can also differ on the basis of symmetric or asymmetric key algorithms.
Lucifer was considered as the first civilian block cipher and its modified version became the DES.„Even though block ciphers, usually 64 bit or 128 bits have been widely used since the 1970’s its vulnerability was demonstrated in 1998 where a machine was shown to break the key. This is another aspect which makes the use of red pike more difficult. http://www.ccse.kfupm.edu.sa/~talal/Sec/crept_Block.pdf
In addition Red Pike is comparable to the Type 1 Products class or classified ciphers which make use of high quality and confidential encryption algorithms. The US govt uses such ciphers for the storage of highly sensitive govt information. And hence not much details of these ciphers are known. Only the bit size and key size. While such ciphers are good for the storage of super sensitive material which should be out of the purview of most general public and are only accessible to top personnel of government and military, usage of such ciphers for the health services may be restrictive as the health data many times need to be shared between different agencies and will lead to complications in designing access protocols. http://july.fixedreference.org/en/20040724/wikipedia/Classified_information
Even though a classified cipher, because of the simple nature of the code,it can be reverse engineered very easily and hence Red Pike exhibits vulnerability to attack, which should not b e the case with high security algorithms
Section 3: the theoretical safety of Red Pike today
Technically, it has been assumed that the 64 bit key would ensure that this cipher would be difficult to crack and hence quite amenable for use by NHS, which needs very high security systems but there are a couple of questions which raises use about the use of this cipher for extremely long range protection of information from hacking. In fact, this has already been raised by BMA which had recommended the use of alternative algorithms that had already been in use for atleast some time ( 2 years) In fact, they warned against Red pike saying that because of its similarity to RC 5, an attacker would be able to attack it easily. Also, another criticism was that the NIA assessment of the 64 bit key’s sensitivity to attack by hackers indicates that while 64 bit keys are more stronger than 56 bit keys, they can be cracked with some effort . Another challenge presented by the use of Red pike was that by the time it was implemented fully, its vulnerability would be more as by that time its lifetime would be due. Thus depending on 64 bit keys would be dangerous. In fact, the current reports say that in the US, 128 bit keys are considered to be very very tough and for the level of security that NHS wants, it w ould be better to look at other keys. http://cryptome.org/jya/akdfa.txt
Not only that it has been shown that it can be quite easily broken and the cost for breaking this code would be allowable for certain agencies. The cost would have been around 250 million in 1996.
So, it is not that expensive that it would not be broken into.
In addition, some say that 64 bit keys are best suited for storing information that is not related to government and that can be stored for short while. 128 or 256 bit keys would be the best for storing the kind of information w hich NHS needs to save and would protect the information for atleast 0 years or more and would be least vulnerable to brute force attacks.
In addition, the Red Pike mechanism has not been published and this is against established cryptographic procedures.
Section 4: describe and justify what cryptography system you would recommend to the NHS
Basically, what the NHS needs is not dependency upon a single encryption product but rather a family of encryption products which would serve as a general encryption service and which can be used to confer protection against any kind of communication attacks such as eavesdropping and preventing access to those without keys. In addition, a key management system has to be incorporated in order to ensure that keys are managed properly.
Currently NHS uses Public Key System as it is believed to provide highest level of security and confidentiality in messaging services so far. The advantage of using public keys are as: Each pair of users needs separate key and thus you would need a massive number of keys for n number of persons, which could be computationally intensive and expensive monetarily to attempt cracking. There is also a need for independent channels of communication for the distribution of keys. Difficult to memorise so many keys
If NHS needs to replace its current cryptography system, it can take account of Anderson’s paper which recommends that rather than risking on Red pike cipher, the NHS should better focus on encryption algorithms such as SAFER, WAKE and BLOWFISH, which are more well known and studied and their source code is known and in the public domain. They are known to be also more resistant to drastic and sudden attacks. WAKE has been known as the fastest software encryption algorithm on which no shortcut attacks has been ever realised. Some algorithms which are better to be avoided as the level of security they provide is low and they need to be replaced by stronger algorithms are RC$, MD5, DH-768, -1024 RSA-768, -1024DSA-768, -1024
In fact, NHS can focus on NGE (Next generation Encryption) as they provide the best possible security and scalability requirements of the current times as far as cryptography is concerned. These include AES, ECDH, ECDSA. AES Is amongst the most popular symmetric key cryptographic algorithms in use and is considered as gold standard and it encodes a 256 bit key.
The NHS needs to look at a high quality, and long term encryption algorithm which does not have the weaknesses of red pike cipher.
References and Bibliography