clear

Comparison of Service Technology

Service

1. All the Vulnerable Points should be Renovated from the bottom!

Current IM/SNS Services
Strengths
a. Most of them are for Free.
b. Some of them encrypt Network.
c. Huge user base
Weaknesses
a. Symmetric encryption – Vulnerable to Hacking & Tapping
b. Device Authentication by Numeric Key – Vulnerable to Illegal Copy
c. Vulnerable to impersonators
d. Weak Password – Easy to be cracked
e. Attachments (files, pictures & videos) are kept not encrypted in the phone.
f. Susceptible to Spam Mail
g. Susceptible to SIM Cloning – Duplicated communication can be retrieved.
h. Data leakage when the phone is stolen or the number is sold to another
SY-Talk Service
Strengths
a. Proven technology used by Military, Intelligence & Government agencies
b. From Secure SMS to private IM & VOIP
c. Unique ECC encryption technology based on Proven & Recognized Standard
d. Secure Private Communication invisible from nonmembers
e. Platform Security tested & certified by Common Criteria (CC) body
f. Protection & Encryption by Access Code
g. All attachments are kept encrypted.
h. Secure against SIM Cloning through PKID device-specific key generation technology
Weaknesses
a. Chargeable application
b. New Service (Low Level of Awareness)

2. Basic Concept & Comparative Advantages

  • A. Definition of ECC Algorithm

    Elliptic Curve Cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. The use of elliptic curves in cryptography was suggested independently by Neal Koblitz and Victor S. Miller in 1985.

  • B. Primary Benefit & Security of ECC Algorithm

    The primary benefit promised by ECC is its smaller key size, reducing storage and transmission requirements, and guaranteeing absolute security as well. For example, a 320 bit ECC public key provides comparable security to an around 6,400 bit RSA public key. That is why ECC is called “the Most Efficient & Secure Asymmetric Algorithm in the world”.

  • C. Approval of ECC Algorithm as International Standard

    In 2001, U.S. NSA(National Security Agency) approved ECC Algorithm as DSS (Digital Signature Standard) by releasing “FIPS(Federal Information Processing Standard) 186-2”. From that time, ECC Algorithm has widely been approved as International Standardized Encryption Technology among the Global Security Industry.

3. A Sound Position as Independent Technology

  • A. Certicom’s ECC Protocol

    As US Government’s National Security Agency (NSA) purchased licensing rights of Certicom’s ECC protocols in 2003, it has got its non-exclusive, worldwide license, with the right to grant sublicenses, to 26 US patents and applications, and corresponding foreign rights, in a limited field of use. Of course, outside the field of use, Certicom retains all rights to the technology. This means that most of the other governments or companies have to make license contracts with either NSA or Certicom unless they have their unique ECC protocols.

  • Our Independent ECC Protocol implemented in SY-TALK Products ECC Protocols implemented in all the products have nothing to do with those of Certicom because each protocol or technology has already been developed independently by our own R&D center for the past 10 years.

4. Comparative Analysis

A. Certicom.com’s ECC Protocol vs. SY-Talk ECC Protocol
Brand Certicom’s ECC Protocol SY-Talk ECC Protocol
Security Builder SSL™ (Secure Sockets Layer) based on C & Java Language SSL™ (Secure Sockets Layer) based on C & Java Language
Efficiency of Prime Generator Less efficient prime number generator based on its engine as dictated by RSA Unique prime number generator of producing seven 80-digit prime numbers with unfailing efficiency0
Encryption Speed Quite less than 2MB/Sec. More than 2MB/Sec.
Customization & Backdoor Protection Not available (Only SDK License is available.) / Backdoor Hacking is possible. Available (Turnkey System + Master Key Generator & Modifying S/W)
Strong Point Backgrounds of US NSA Generation Tech of Secure Identity (International Patent / CC & NIST Certificate)
B. ECC vs. RSA
ECC
Full Name Elliptic Curve Cryptosystem
Basic Principle Elliptic Curve Cryptography (ECC) was discovered in 1985 by Victor Miller (IBM) and Neil Koblitz (University of Washington) as an alternative mechanism for implementing public-key cryptography such as RSA.
Strong & Weak Points Strong Points
1. Most secure with a smaller key size
2. Most suitable for Mobile Devices and Chips
3. Very fast in encryption and decryption based on calculation by simple addition
4. Global Standard Technology approved by NSA and FIPS
5. Found to be strong by Timing Attacks and Side-channel Analysis Attacks /

Weak Point
No critical weakness found yet

Recommendation
Over 160 bit of ECC is recommended for commercial products. In this sense, 256 or 320 bit can guarantee its absolute security for many decades at least.
RSA
Full Name Rivest Shamir Adleman(Abbreviation of its Developers’ Names)
Basic Principle RSA is an algorithm for public-key cryptography based on the presumed difficulty of factoring large integers, the factoring problem. It stands for Ron Rivest, Adi Shamir and Leonard Adleman, who first publicly described it in 1978.
Strong & Weak Points Strong Points
Based on Free Source since 2000

Weak Point
1. 1,024 bit of RSA was cracked by Michigan Univ. in 2010, and 4,096 bit was also cracked by the Professors in Tel Aviv Univ. in Dec., 2013.
2. Not suitable for Mobile Devices or Smart Cards
3. Very slow in encryption and decryption based on calculation by multiplication (Need more than 10 times slower than ECC processing)
4. Found to be weak in Timing Attacks, Adaptive Chosen Ciphertext Attacks and Side-channel Analysis Attacks

Recommendation
Over 4,096 bit of RSA is recommended for commercial products, but it seems impossible because a huge system enhancement is necessary.