Whitepapers
Why You Need KetuFile File Encryption Software
Links For Additional Security White Papers Are At The End Of This Page
Click Here
Chief Developers Resume
Click Here
Introduction
What would happen if your company's patents, engineering documents, financial records, customer lists, employee files, contracts, and other private and privileged information got into the wrong hands? What would happen if the media was able to snoop into your communications? What would happen if your banking and credit card information were compromised? How could your competitors use any of the aforementioned information to gain an unfair advantage?
KetuFile provides encryption of files on your PC. Once the files are encrypted they can be archived or transmitted as you may require. This provides one aspect of security for the information or functionality that you wish to protect. There are other important aspects to security that should be considered and implemented as will be touched-upon later in this paper.
Cryptography is the domain of mathematics, and to a lesser extent, engineering, usually electronic engineering. Each time a new technique of encryption is evolved (by mathematicians), it may enjoy a period of time where it is considered to be robust against attacks.
What Is A Key?
In the KetuFile program, the key is a series of numbers and letters that are used to encrypt a file (message). When the party who receives an encrypted file (message), wishes to de-encrypt to get back the original, this same key will be used.
A common use for KetuFile might be to encrypt files (messages) that are to be sent over the Internet, perhaps as attachments to an email. These could be word processor files, spread sheets, images, executables, etc. The Sender will enter a random sequence of numbers and letters into the KetuFile program as the 'key', then tell KetuFile which file to encrypt. The Sender must communicate this exact key to the Recipient, so that the Recipient can enter the same key into his/her KetuFile program to de-encrypt the file (message). The Sender might convey the key by telephone, fax, courier, etc.
Attacks
When an attack is made on an encrypted file (message), this is referred-to as 'cracking'. Cracking means that someone is trying to de-encrypt your encrypted file (message) without having your key. In attempting to crack a particular technique of encryption, one could divide the approaches into two categories:
- Brute force attacks
- Intelligent attacks
Attacks - Brute Force
In a brute force attack, a.k.a. 'exhaustive key search', every possible key (numbers and letters, for example) will be tried, to crack the encrypted file (message). In electronic systems of today, is trivial to make the number of key combinations so large that a brute force attack will be entirely unrealistic with the technology available in the next 10 years or so.
Attacks - Intelligent
In an intelligent attack, mathematicians use number theory to find a faster way to crack than the brute force attack.
Evolution Of Attacks
As time goes on, mathematicians will develop new theories and approaches to make intelligent attacks on the latest encryption techniques. It may therefore happen that after a period of time, any given encryption technique is no longer robust, i.e. someone with enough funding can use the newly-developed intelligent approach(s) and can assemble the necessary electronics to crack a file (message) in some reasonable period of time.
Why KetuFile?
KetuFile seeks to offer an encryption utility program to the Windows(tm) desktop user that acknowledges both of the above possible attacks. Specifically:
- a large key, 256 bits or 512 bits, to make a brute force attack take an astronomical amount of time with technology of today and the foreseeable future.
- the latest U.S. standard for encryption, the Advanced Encryption Standard (AES), to offer what is possibly one of the strongest resistances against intelligent attacks in the world today.
Robustness Of AES
There is a large and highly competent community of mathematicians and other scientists in the world today that can offer considered opinions on the robustness of AES and compare AES to older encryption techniques. AES is the result of a global competition for the new U.S. standard.
Robustness Of KetuFile
The robustness of KetuFile rests on the robustness of AES, the randomness of the key that the user selects and the fact that there are no 'back doors' whatsoever in KetuFile and additionally, there are no built in 'key recovery' features. Said another way, if you lose your key and ask the KetuFile manufacturer for help in recovering the original of the encrypted message, there is nothing we can do for you'. Please read on.
Back Doors
'Back Door' is a widely used, and widely defined term-of-art. In the case of KetuFile, it would refer to the existence of a de-encryption process that can be applied to a given encrypted file (message), that does not need the original encrypting key. If an encryption product has such a back door it is, in essence, crippled. There are no 'back doors' whatsoever in KetuFile.
Key Recovery
'Key Recovery' means that there is a way that the user's key can be deduced from either the encrypted file (message), i.e. the key is secretly buried in the encrypted file (message), or some other approach allows a third party to get or generate any users key. If an encryption product has such a key recovery feature, it is in essence, crippled. There are no 'key recovery' features whatsoever in KetuFile.
On the other hand, if you scour the literature for papers on one of the most popular encryption techniques of today, you will find a reference to the inclusion of key recovery in that product.
Some Other Important Areas Of Security
Having a robust encryption product for you files is just one aspect of protection. Following are a just a few ideas that you might want to examine and pay attention to in your particular environment. The following are by no means thought to be all inclusive.
Key Selection
You should only use random keys. This means using sequences of letters and numbers that don't make any sense. Don't use words, phrases, or terms from any language or from any industry or discipline. People who are specialists in cracking encrypted files (messages) have a wealth of 'dictionaries' that contain all of these terms and phrases. If you use such words, phrases or terms it can be billions of times easier (faster) to crack your encrypted file (message). Using a 'dictionary' as just described is called a 'dictionary attack'.
Do not use 'existing numbers' in your key. These include all aspects of personal data (phone, street address, SSN, etc.) as well as model numbers of some favorite piece of equipment, and other 'catchy' or familiar numbers.
Site Security - Computer
If you keep your encryption keys on your personal computer (PC), you need to ensure that the computer is secure. If others have access to your PC then the keys are at risk. Some people use poor (not random as described above) passwords for their PCs and are therefore not too difficult to crack. In addition, the Internet is replete with utility programs that will crack a user or administrator password on a Windows(tm) platform. This means that even a 'good' password can be cracked if enough time is available. In this regard, physical security of the PC is important, i.e. it is in a locked room with intrusion alarms for physical intrusion.
If your PC is 'on the Internet' it needs to be protected by a good firewall and have good intrusion detection for electronic intrusion. If you are on the Internet all the time, the risk is greater. Many people shut down their PCs at night to minimize their exposure time to electronic intrusion.
Telephone Security
In many locations throughout city, urban and rural areas it is very easy to tap a telephone circuit. The technology required is inexpensive, readily available, and easy to use. Physical access points to the telephone circuits can be locked, guarded, and surveilled and voice encryption can be used to address this area of vulnerability.
Wireless Intrusion
This is a broad area to consider. It includes the use of cordless phones, 'cell' phones of all types, 2-way radios, and the wide variety of wireless internetworking such as Wireless Ethernet (IEEE 802.11x), Blue Tooth, etc. All of these areas are subject to eavesdropping and therefore compromise of security.
ELINT - Electronic Intelligence
ELINT, a.k.a. SIGINT (signal intelligence) means that information is gathered from a system, such as your PC, by virtue of unintentional radiated emissions. Electronic systems typically radiate radio frequencies (RF), unintentionally. These RF emissions can contain the information that is handled within the PC and therefore could possibly allow it to be intercepted and read - from a distance. This unintentional RF could be emanating from the CPU box (the main enclosure of your PC), the keyboard, the monitor, or any interconnecting wiring such as Ethernet cabling. If you have very critical information to protect, ELINT should be considered. ELINT has been around for a long time and is a very, very mature technology.
To Be Confident ...
To be most confident of the degree of security that you can achieve with a specific product or specific approach, you should have your entire system of security assessed by experts in this field.
Further Security Whitepapers
Please Read Before Downloading
- You can download any/all of the following whitepapers as PDF files.
- These files require that you have Adobe Reader(r) or compatible reader installed on you PC.
- NOTE: Some Browsers require that you Right Click (below) to begin download.
- CLICK   Download   Introduction_To_Cryptography_For_Non_Technical_Personnel_Part_1.pdf
- CLICK   Download   Introduction_To_Cryptography_For_Non_Technical_Personnel_Part_2.pdf
- CLICK   Download   What_Is_SSL.pdf
- CLICK   Download   Problem_With_Public_Key_Encryption_and_PKI.pdf
- CLICK   Download   Symmetric_vs_Asymmetric_Encryption.pdf
- CLICK   Download   Unspoken_Risk_Of_E_Commerce.pdf
- CLICK   Download   What_E_Commerce_Really_Needs.pdf
- CLICK   Download   Is_There_A_Back_Door_In_KetuFile.pdf
Chief Developers Resume
Resume - Robert Palma
Business Phone: 641-472-1515, Business Fax: 208-474-5445 Internet: support@ketufile.com   http://www.ketufile.com
EXPERIENCE AREAS
Engineering My experience includes detailed research, design and development; subsystem engineering; and system engineering. I have more than 2 decades conducting detailed hardware design at the piece-part / material level. I have designed numerous flight avionics subsystems (electronics, electro-mechanical and electro-explosive devices and subsystems) for (17 total) spacecraft and launch vehicles, as well as "racks" of ground test and simulation hardware for each of those flight systems. These subsystems/disciplines included: instrumentation, control, communications, power conversion/conditioning, radio frequency, electromagnetic compatibility (EMC), reliability, safety.
I have written hundreds of thousands of lines of code (software) for diverse applications. These applications include: circuit modeling, design analysis and synthesis, Fourier analysis, EMC, machine/process control, automatic test equipment, voicemail, auto-attendant, audio text, fax-on-demand, fax-retrieval, fax mailbox, Internet search robot, custom TCP/IP peer-to-peer and client-server applications, PC desktop file encryption using Advanced Encryption Standard (AES), email client with advanced encryption of enclosures, and point-and-execute operating system shell. I have written for numerous computers/chips including: Burroughs, Univac and CDC mainframes; DEC and HP minis; many x86 PCs; many 8080 clone chips. Operating systems for the mainframe/minis were proprietary to the host. PC operating systems were DOS, Win98, Win-NT, Win2K, Win-XP, Linux. Languages included: C/C++, Fortran, Basic, Algol, Vulcan, VAL, Assembler and machine language.
I have served as Design Engineer, Software Engineer, Project Engineer, System Engineer and Chief Engineer in several organizations on numerous projects. A majority of experience was in an industry where it was there was no "second chance". Systems had to be highly reliable at their initial deployment.
Management My experience includes: 1] functional management of highly specialized technology R&D teams, 2] project and program management of diverse technologies with a central focus, and 3] administrative management of business, financial, security and other logistical areas.
All of my 30+ years of experience has been in the vein of having to deliver cost-effective, reliable, technology innovation within the constraints of a given budget and schedule. I have done this in private industry and in the federal government. My management positions have included: supervising and guiding small R&D teams (20 - 40), managing several projects simultaneously with 500+ aggregate staff, and serving as office head with general organizational administrative duties. The environments of these assignments, particularly the government, were quite challenging. There were numerous conflicting bureaucratic and political requirements that had to be satisfied, and there was a constant pressure of competition from various sectors. In the vast majority of my experience, I was the lead 'sales' person for my efforts. I had to find sponsors/investors, make credible and compelling arguments for funding, and most importantly, keep them satisfied during the course of the project. Studying, understanding and abiding-by near countless, and often conflicting laws, regulations and instructions was a common background in my years of service.
SPECIFIC EXPERIENCE
May 1991 to Present: President and Chief Engineer of Midwest Research Corp. Midwest Research develops and markets sophisticated telecommunications systems and data-communications, devices and software; operates a voice response (voicemail) and fax response (fax-on-demand, fax broadcast) system; installs telephone systems for office, industry, military and other applications. Products include Automated Receptionists, Phone Mail, Voice Bulletin Boards, Fax Response, Talking Databases, GoRobot Internet Search Robot, Peer-to-Peer, Client-Server TCP/IP data communication software, email client with strong encryption of attachments, KSU, KSU-less and PBX systems.
Midwest Research Corp also installs and maintains business telephone systems (PBXs) for offices from 20 employees to 600 employees. These efforts include all PBX hardware, wiring, phone sets, Telco and private interfaces, peripheral hardware and un-interruptable power supply systems.
Development of KetuFile, software. This product is an application that allows Window's desktop users to encrypt any PC file, up to 2 gigabytes in size, with strong encryption. This software uses the next-generation Advanced Encryption Standard (AES).
Development of KetuMail, Internet email client software. This product is currently under development. KetuMail is a custom SMTP-TCP/IP communication application that allows Internet users to send selected files on their PC to a another user with strong encryption. This software uses the next-generation Advanced Encryption Standard AES).
Development of GoBack, Internet back-up software. This product is currently under development. GoBack is a custom TCP/IP communication application that allows Internet users to back up selected files on their PC to a file storage server operating a a Storage Server Provider (SSP) or any other peer/client. This application suite includes a server application that binds to a private port address on the server operating system, and a client application that links to the server via TCP/IP and transfers files for back up. The suite will include user authentication and file encryption using the next-generation Advanced Encryption Standard (AES). This suite can also be utilized as a simple peer-to-peer application involving 2 hosts (typically PCs) anywhere on the public Internet.
This application is not limited to back-up. It can be customized for transport of any data that can be reasonably transmitted in a packet-switched network.
The server operates on the Linux operating system. Clients will be available for both Linux hosts as well as Windows hosts. Since Linux allows very small kernals to be compiled, the client or server software can be hosted on an embedded device. This is specifically referring to a small appliance. Small Linux embedded appliances are be developed today by many organizations.
Development of GoRobot, Internet search robot/crawler. GoRobot is a programmable web retrieval application. It 'sweeps' ('crawls', 'scans', etc.) the web looking for files that match a specific criteria. GoRobot can be explained by examining its two principle actions. The first action is to sweep the Web, i.e. download Web pages. The second action is to extract information from the Web pages that it has downloaded. GoRobot was designed as a 'client' application. All that is needed to use GoRobot is a PC running Windows(tm) NT and a connection to the Internet. It does not rely on other sites, servers or portals to operate. GoRobot is written in C/C++.
Development of Magic Voice, a flexible, PC-based Telephony Voice/Fax Response System with voicemail, automated receptionist (auto attendant) capability. In a single chassis this product will handle 64 simultaneous calls, providing simultaneous record (digitization), playback, interactive voice response and database functions. It will interface with Loop-Start, Direct Inward Dialing or (future) T1 circuits. It is compatible with/approved for, the Public Switched Telephone Network, KSU/PBX's and Centrex. The combination of telephony (on-line) code and utility (off-line code) is approximately 100,000 SLOCs. The various executables utilize Symantic C, Boreland Turbo C, Boreland Turbo Assembler, and Voice Application Language. The product runs on the DOS operating system and can be a client on a Windows NT network.
Development of PalmaMenu, a (PC) DOS shell (menu) that operates on top of the DOS command line interface to provide a text-based, mouse-driven point-and-execute environment. It features: sorted, scrolling directories; mouse or keyboard control; automatic launching of applications from interpretation of data file extensions (point-and-execute); browser; editor; directory navigation; automatic re-launch on application program termination; extremely small (600 bytes) resident memory utilization; and other features. The various executables utilize Symantic C, Boreland Turbo C, Boreland Turbo Assembler. It is approximately 11,000 SLOCs.
Activities of Engineering Design, Consulting and Management 1] Design of a complete Wireless Internet provisioning infrastructure for an Internet Service Provider, utilizing 2.4 Ghz Direct Sequence Spread Spectrum and Frequency-Hop Spread Spectrum radios. 2] aerospace systems engineering, 3] electronics design and space qualification, 4] aerospace safety analysis, 5] electromagnetic compatibility, 6] design and analysis of power, ordnance, instrumentation, control, telemetry and command systems, 7] reliability systems design, 8] design and development of computer based instruments and controllers including voice processing/storage/retrieval/mail and voice conferencing systems, and 9] program management principles, approaches/systems, analysis and review.
Projects of Engineering Design, Consulting and Management 1] Consultant Design Engineer to Lisco Inc, Fairfield, Iowa for the design and installation of Wireless Internet provisioning, 2] Systems Engineering, Power and Ordnance Subsystem Engineering, and Program Management consulting for Naval Research Lab DSPSE Program; 3] Systems Engineering, Avionics and Ordnance System design consulting and Deputy Program Manager for ORBEX space launch vehicle for CTA Launch Services; 4] Safety and Reliability analysis of industrial ordnance firing circuitry for the Ensign Bickford Co.
Nov. 1997 to 2001:
Chief Engineer of vidya.net corporation. Vidya.net designs and develops high technology systems for the transport and serving of integrated voice, data and video, content and information. Products and systems are developed through the stage of market/business feasibility and planning. A comprehensive technology and business plan is licensed to service providers. Vidya.net can also spin-off service provider companies that directly offer the service to first level providers or end customers directly.
My major effort in vidya.net was lead developmental engineer and Project Manager of the ADAM Exchange. ADAM (All Digital And MultiMedia) is an integrated Metropolitan Area Network (MAN) architecture that entirely replaces the combined infrastructures of telephone, cable TV and Internet provisioning. It brings fiber-to-the-home (FTTH) and to the business. In addition to traditional phone, cable TV (MPEG-2) and wideband Internet, our design included, true video on demand, security/surveillance systems, and utility power monitoring and control. We concluded our efforts with a prototype system demonstration. Our documentation was quite thorough, including: 1] Strategic Plan, 2] System Performance and Design Requirements, 3] Task Descriptions and Qualifications, 4] Advanced Features, 5] Work Breakdown Structure, 6] Program Management Plan, 7] Business Plan.
Note: The above position was concurrent with Midwest Research Corp. activities.
1985 to May 1991: GM-15 Program Manager and Chief Engineer at the Naval Research Laboratory (NRL) for the SDI Programs. In this position I had total program responsibility from conceptualization, design and qualification, to delivery, launch, deployment and operation and scientific data processing of sophisticated spacecraft systems and the related ground assets. All projects required significant strides in technological innovation and a broad attack on a complex set of interdisciplinary problems to achieve the needed results. The disciplines/subsystems involved in these projects included: 1] Optical and Focal Plane, 2] Radio Frequency, 3] Electrical Power, 4] Telemetry, Tracking and Command, 5] Attitude Control, 6] Reaction Control, 7] Structures and Mechanisms, 8] Thermal Control Subsystems, 9] Ordnance Control, 10] System Safety including ground processing and flight, 11] Reliability and Quality Assurance, and a variety of experimental subsystems and devices.
The largest single project was the Low Power Atmospheric Compensation Experiment (LACE). It comprised 4 experiment subsystems including a wide dynamic range electro-optic laser sensor array with 210 individual sensors, and a high precision gimbaled ultraviolet telescope with automatic acquisition and tracking of rocket plumes. The ground assets included fixed and transportable satellite tracking stations, ground processing facilities and operational control centers. These ground assets included computer and communication technologies such as: mini-computers (VAX); work stations; numerous PC's (Mac and IBM clone); image display and processing platforms; and PBX, data and voice mail communications electronics. The multi-year cost of LACE was $154M (including $46M for the Delta launch vehicle). I was responsible for staffing and directing the efforts of approximately 500 scientists, engineers, technicians and support personnel.
I served as Program Manager and Systems Engineer for the Navy Sealar Program. Sealar is a multi-stage, liquid propellant, sea launched and recovered booster (rocket) system for placing satellites into Earth orbit. This concept offers to reduce the cost of space access by an order of magnitude.
1972 to 1985: Designer and Head of Spacecraft Power Systems and Instrumentation Section (staff of 40 professionals from Ph.D. to electronic Tech.). My responsibilities included: 1] research, design development and qualification of space-borne electrical power and precision instrumentation/control systems, 2] design, development and qualification of space-borne ordnance control systems, 3] explosive control systems safety analysis, 4] electromagnetic compatibility analysis and design, 5] design and safety qualification of numerous ground test sets including bridgewire resistance testers, firing circuit stray voltage test sets, and explosion-proof hydrazine fueling control sets, 6] spacecraft integration and test management, 7] launch vehicle integration, 8] special study project manager and 9] payload manager. I performed these efforts for 13 Earth orbiting satellites, 1 Shuttle attached payload compliment and 3 booster upper stage vehicles including a Shuttle/Titan4 bi-propellant transfer stage capable of 15,000 lb. throw weight.
Other Capabilities/Duties: 1] I provided expert consultation in the area of R.F. hazards and design engineering practices for ordnance and ordnance subsystem designs, to the DOD on the rewrite of MIL-STD-1512 (tailoring for Shuttle) for electro-explosive subsystems. For this effort I was the single ordnance electronics design engineer on the committee, 2] I served as Navy Payload Manager and Systems Engineer for first DOD Space Shuttle flight, STS-4, and signed payload safety submittals as the Certifying Safety Officer, 3] I served as Electrical Launch Vehicle Integration Engineer on the SOLRAD-HI spacecraft, 4] I performed numerous other circuit/subsystem detailed designs and space qualifications including a spacecraft ranging system for a 70,000 nmi. orbit, digital/analog telemetry systems, precision analog instrumentation and control circuits and systems, linear and switch-mode power regulators, PC-based automated flight box environmental test controllers, precision timing and sequencing electronics, 5] I performed design and development, including all software, of a precision instrument utilizing high integration microprocessor with digital readout, engineering unit conversion & numerous serial/parallel interfaces, 6] I performed design and development of PC computer based phone mail system, including software, 7] I performed several major designs of PC based process controllers including spacecraft Power System Test Set and Valve Life Test Set for rocket propulsion subsystems.
1971 to 1972: At the Naval Weapons Laboratory I served as analyst and designer on various projects related to electromagnetic compatibility (EMC) and Hazards of Electromagnetic Radiation to Ordnance (HERO). I worked in the frequency regime of 220 MHz to 18 Ghz.
1967-1971: While obtaining my undergraduate engineering degree I served as Chief Engineer of WCHV (AM 5KW) and WCCV (FM 50KW) in Charlottesville, VA.
EDUCATION: BSEE Univ. of VA, 1971. Also, 16 other Graduate and continuing education courses in technology and management.
MEMBERSHIP: Register EIT VA, former Chairman, Systems Working Group, Interagency Advanced Power Group.
PUBLICATIONS:
* R.E. Palma et.al. "Results from Preliminary Processing of Data from a Rocket Plume Encounter", NRL Publication 185-8102, 1990.
* R.E. Palma et.al. "UV Airglow and Auroral Imaging from the LACE Satellite", presented at the American Geophysical Union, 1990.
* R.E. Palma et.al. "Execution of a Successful Rocket Plume Observation from the LACE Satellite", presented at the 14th Annual Guidance and Control Conference of the American Astronautical Society, 1991.
* R.E. Palma et.al. "(U) Active Survivability Final 88 Report" 1988, NRL
* R.E. Palma et.al. "A 600 Watt Four Stage Phase-Shifted-Parallel DC-to-DC Converter", Proceedings of the 1985 IEEE, PESC.
* R.E. Palma et.al. "Analysis of Magnetic Proportional Drive Circuits for Bipolar Junction Transistors", Proceedings of the IEEE PESC, 1984.
* R.E. Palma et. al. "A Proportional Drive for Discontinuous Mode DC-to-DC Converters", IEEE, Intelec 1984 Conference Record.
* R.E. Palma et.al. "Power MOS Transistor Usage In Space", 1984, Report and Program Control Document to PDE-106.5
* R.E. Palma et. al. "(U) Sortie-Lab Final Report", 1982 NRL Report
* R.E. Palma "HERO High Impedance Voltmeter", 1971
* Introduction_To_Cryptography_For_Non_Technical_Personnel_Part_1
* Introduction_To_Cryptography_For_Non_Technical_Personnel_Part_2
* What_Is_SSL?
* The Problem_With_Public_Key_Encryption_and_PKI
* Symmetric_vs_Asymmetric_Encryption
* Unspoken_Risk_Of_E_Commerce
* What_E_Commerce_Really_Needs
INVENTIONS/PATENTS: "High Accuracy Current Sensor" invention and patent application.
AWARDS: Outstanding Performance Evaluations and publication awards: 26 Also awarded Individual and Group Achievement Award for the LACE Satellite.
LICENSES: FCC General Radio Telephone (formerly termed 1st Class Radio Telephone) and General Amateur.
CERTIFICATIONS: Factory certified for installation and maintenance of PBX and related hardware/software systems for Mitel, Panasonic and Vodavi business telephone systems.
|