Information Security at IBM Almaden

The world of ubiquitous networks brings with it many new problems in securing information within computing systems. Cryptography is a primary tool for securing computers and networks against adversaries. Group members are engaged in the study of both theoretical foundations for cryptography as well as applications to real systems.

Cryptographic protocols and theoretical foundations

Since the discovery of public key encryption in the 1970s, several different schemes have been proposed that are secure as far as anyone can tell. We still lack conclusive scientific proof that any of the systems in widespread use are secure, and this motivates further work in the search for provably secure and practical cryptosystems. In 1991, three IBM Almaden researchers proposed a general framework for constructing "non-malleable" encryption systems that prevent the construction of ciphertexts for related plaintexts [1]. This led to the proposal of "plaintext aware" cryptosystems by Bellare and Rogaway in 1994 [2], and very recently Victor Shoup of IBM Zurich and Ronald Cramer of ETH Zurich have proposed a practical plaintext-aware cryptosystem that is resistant to chosen ciphertext attacks [3]. This is exactly the kind of problem that surfaced in the recent announcement that the use of RSA's PKCS#1 encryption in SSL is vulnerable to chosen ciphertext attacks. Fundamental research on encryption continues to point the way for securing bytes against adversaries.

Members of the group have also invented a public key cryptosystem with the desirable property that breaking it is as hard as breaking the hardest case of the scheme. This discovery suggests that we can expect more of a cryptosystem, namely that it should be as strong as its strongest link rather than its weakest link. A full paper on this is available online.


1. D. Dolev, C. Dwork, and M. Naor, "Non-malleable cryptography", Proceedings of the 22nd Annual Symposium on Foundations of Computer Science, IEEE (1981), pp. 542-552.
2. M. Bellare and P. Rogaway, "Optimal Asymmetric Encryption", Proceedings of Eurocrypt '94, Springer-Verlag (1995), pp. 92-111.
3. V. Shoup and R. Cramer, "A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack, Proceedings of Crypto '98, Springer-Verlag, to appear.
4. M. Ajtai and C. Dwork, "A public key cryptosystem with worst-case/average-case equivalence", Proceedings of the 29th Symposium on Theory of Computing, ACM (1997) pp. 284-293.

Electronic commerce and intellectual property protection

The ready access to information through networks has the potential to change our society as fundamentally as the industrial revolution did over a century ago. Networks are a two-edged sword however, because the same technology that enables worldwide electronic commerce in information products also exposes the information to widespread fraud and abuse. Members of the group are working on new ways to enable commerce securely, including the delivery of multimedia services, protection of copyrights, and payment for communication services. One growing problem in networks is that of unsolicited commercial email, often referred to as spam. One approach to solving this problem has been recently proposed by a member of the department. The basic idea is that prioritization of email can only be accomplished by a combination of free market forces and cryptographic key management.

The role of embedded devices

Moore's law says that microprocessor speed doubles approximately every 18 months. The most noticeable impact of this is that our desktop computers are now as powerful as departmental computers of only a few years ago. Moore's law is driven by miniaturization of discrete components, which allows more capability to be packed into a microprocessor. This same trend in miniaturization also allows small embedded devices to perform tasks that used to be relegated to desktop machines. We are investigating the use of small processing devices as information security tools, including applications to key management and network security.

[ IBM Research | IBM home page | Order | Search | Contact IBM | Help | (C) | (TM) ]