CONNOTECH Experts-conseils Inc.
The Frogbit Semi-Proprietary Scheme
by Thierry Moreau
May 1997
© 1997 CONNOTECH Experts-conseils Inc.
The present document explains how to apply the Frogbit
semi-proprietary scheme for software integrity protection. The rationale for this
approach is found in a document entitled
"Rationale for Using a Proprietary Algorithm for Software Integrity
Protection".
The Frogbit cipher may be implemented with ten completely unrelated
pseudo-random generators, either with a single secret key and a seed
derivation specification for each generator, or with ten secret seeds.
This creates an opportunity for a multitude of different proprietary
ciphers (ciphers of which design are kept secret by commercial
organizations).
It is thus possible to describe the steps for the use of the Frogbit
data integrity algorithm for the creation of proprietary algorithms.
- Design of ten pseudo-random generators
- Starting from the many pseudo-random generator proposals reported in
the specialized literature, ten unique pseudo-random generators are
designed. Then, they are programmed in source code and merged with the
source code for the core Frogbit algorithm.
- Preparation of subprograms for data concealment and data recovery
- The subprogram for data concealment comprises the steps of prefixing
the cleartext data with random bits (see the document entitled
"Message salting with the Frogbit
algorithm"), appending some message redundancy, and feeding this expanded
data stream to the encrypting part of the core Frogbit algorithm
combined with the ten pseudo-random generators.
The subprogram for data recovery comprises the steps of feeding the
ciphertext to the decrypting part of the core Frogbit algorithm combined
with the ten pseudo-random generators, checking the message
redundancy appendix, and discarding the random prefix.
- Preparation of Frogbit secret key
- The Frogbit secret key is a constant in the Frogbit semi-proprietary
scheme. The secret key choice may be detached from the secret designs
of pseudo-random generators, giving two distinct points of control for
security management. A special computer utility may be required to
"load" or "link" a secret key into executable
programs.
- Creation of data concealment utility
- If the semi-proprietary scheme is used for constant software
parameters, the production programs needs only the data recovery subprogram and
the data concealment function should be part of a computer utility.
The access to the data concealment utility gives another point of
control for security management. The result of the data concealment utility
may be either a scrambled configuration file or some initialization
data "loaded" or "linked" into executable programs.
- Creation of production programs
- The production programs need to be "linked" with the data
recovery subprogram, and then "loaded" with the secret key. If
the semi-proprietary scheme is used for read/write data (e.g. for to
store the internal state of a private random source used for
cryptographic key generation), the production programs need to be
"linked" with the data concealment subprogram.
[ security scheme design
| alternative to
PKI
| patent publications
| SAKEM
| scholarly web contents
| consulting services ]
[ CONNOTECH home page:
http://www.connotech.com/
| about us
| e-mail to: info@connotech.com ]
CONNOTECH Experts-conseils Inc.
9130 Place de Montgolfier
Montréal, Québec, Canada, H2M 2A1
Tél.: +1-514-385-5691
Fax: +1-514-385-5900