When I first became interested in network security I read about data encryption, specifically encryption algorithms associated with the Session layer of the OSI model. I had an idea and although doesn't directly pertain to network communication security, it can however be compared with the Public\Private key distribution concept.

My idea would more than likely be implemented on a single system. Say there is an encryption algorithm name SESS (Secure Encryption Algorithm System). The systems components could consist of a Main algorithm module, a Map translation module (I'll explain how a Map might work) and a Key generation module. Now if a hacker or cracker were to obtain encrypted or hashed data, and worse the key, he might use a bruteforce method, among others, to crack the encryted or hashed data. But what if an encryption system used generated sub algorithms in conjunction with the main algorithm along with a key? Wouldn't that make it nearly impossible for a cracker or hacker to crack the message? I then thought of how'd this be done, thus I came up with Maps. Maps can be uniquely created for a given corporation or department thereof. Maps would consist of pre-formatted or dynamically formatted symbols that'd be translated, by the Map translation module for example, with single expressions along with pre-defined operands (i.e. a stream buffer). It also might be possible for a given company to write certain functions that would operate on the data if a "special" symbol were encountered in the Map. Along with an associated Key, wouldn't this be secure?

A domain would probably keep the map and key and encrypted data on different systems for better security. I don't know if this would be feasible or even as secure as it sounds to me. I'd really appreciate any suggestions, opinions and/or criticizm (constructive).

Thanks in advanced, LamaBot

11 Years
Discussion Span
Last Post by Lazaro Claiborn

isnt that basically what kerberos does?
except in kerberos maps = tickets

I guess in a sense, but not quite. A kerberos ticket is assigned to a user when he or she authenticates to a network with his or her PennKey and password. The ticket sent along with the packets or messages to request data. The PennKey and password never get used to log into the servers, if the servers use Kerberos then it'll use these keys instead.

Say you have a file that needs to be hashed, not encrypted to be sent over the wire, but an acutally file, archive etc. There is an encryption system called SESS that has a base algorithm, could be represented as a base class in C++, that has a predefined interface. It uses its own algorithm, generated key and another generated map. This map is created according to specifications and standards defined under SESS, but is unique to each corporation. A map can be consider a template which gets populated with random expressions along with other symbols that represent the data to be operated on (i.e. a stream buffer). The Map and main algorithm are mathematically related so that when you execute the main algorithm
it works in conjunction with the generated map. Also, the map doesn't necessarily have to random all the time, it might be able to be reused for certain sections of data on the network. Although there'd be very rigid rules on how the system works. The benefit is, is that a hacker or cracker were to his or her hands on the encrypted data, he couldn't brute force it even if he had the main algorithm because he'd need to map along with the key and the main aglorithm to get an exact hash.

I don't know, I hope I can get some feed back I'm tired of mulling over this idea. :)


This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.