Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > Embedded

Experts call for ECC-improved data security

Posted: 23 Nov 2006 ?? ?Print Version ?Bookmark and Share

Keywords:Advanced Encryption Standard? cryptographic scheme? AES? Elliptic curve cryptography? ECC?

Securing applications with elliptic curve cryptography (ECC) was the focal point of discussion at the third annual Certicom ECC Conference held last week in Ontario, Canada.

The three-day event highlighted the security issues, real-world applications of cryptography as well as evolving security standards.

Data security is continually challenged by the fundamental weaknesses of widely-adopted cryptographic schemes at present. Participants in the event agreed that while Advanced Encryption Standard (AES) offers 128bits of security, security executives must ensure that the corresponding public-key scheme for key management and authentication matches the AES in strength.

"If large corporations or manufacturers are spending millions of dollars on research and content generation, wouldn't they want to ensure that the public-key scheme they are using isn't a weak link in the overall security architecture?" asked Scott Vanstone, founder and executive VP of Strategic Technology, Certicom. "Elliptic curve cryptography is the only public-key cryptosystem that scales linearly with AES providing the desired protection without compromising performance."

ECC implementations are used to protect content, securely transmit data and enable digital signatures on documents and transactions. Its small size is a main driver behind its popularity. Companies using ECC in their applications and standards shared their specific use for the solution.

For example, John Manferdelli, general manager, office of the CTO, Microsoft, discussed the use of ECC in Windows Vista. Meanwhile, Michael Epstein, director of standardization, Philips Electronics intellectual property division shared how DisplayPort Content Protection (DPCP) can solve the classic cryptographic problem of protecting copyrighted material from inappropriate use as well as securing communication between legitimate parties while not allowing an unauthorized eavesdropper access to that communication. Ronald Buskey, fellow of the technical staff, Motorola shared how they use ECC for their mobile devices.

Another critical issue raised during the conference was the growing importance of Suite B and its possible adoption in the industry. Suite B is the U.S. National Security Agency's cryptographic recommendations for protecting its government's classified and unclassified communications. The only public key protocols included in Suite B are ECC-based. "Suite B offers high security for government but flexibility for commercial applications. Given these attributes, we believe that Suite B represents best practices not only for government applications but also in industry," commented Vanstone.

Article Comments - Experts call for ECC-improved data s...
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top