Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Second Part

advertisement 
Public Key Cryptography
Alice and Bob agree on a key,
without meeting!
The Problem Remains:
How to Get the Key from Alice
to Bob?
1324-5465-2255-9988
key
SENDER
(Alice’s Credit Card #)
Sf&*&3vv*+@@Q
AES ciphertext
The Internet
1324-5465-2255-9988
key
RECEIVER
(Alice’s Credit Card #)
Alice
Bob
(You)
(An on-line store)
ATTACKER
(Identity thief)
Eve
Public-Key Cryptography
 Whit Diffie and
Marty Hellman, New
Directions in
Cryptography, 1976
Clifford Cocks and Malcolm
Williamson, secret work in
the British GCHQ, 1973-74,
revealed only in 1997
A Way for Alice and Bob to
agree on a secret key
through messages that
are completely public
The basic idea of DiffieHellman key agreement
 Arrange things so that
 Alice has a secret number that only Alice
knows
 Bob has a secret number that only Bob knows
 Alice and Bob then communicate something
publicly
 They somehow compute the same number
 Only they know the shared number -- that’s the
key!
 No one else can compute this number without
knowing Alice’s secret or Bob’s secret
 But Alice’s secret number is still hers alone, and
Bob’s is Bob’s alone
 Sounds impossible …
One-Way Computation
Easy to compute, hard to “uncompute”
What is 28487532223✕72342452989?
Not hard -- easy on a computer -about 100 digit-by-digit
multiplications
What are the factors of
206085796112139733547?
Seems to require vast numbers
of trial divisions
Modular arithmetic
• Let’s do arithmetic modulo 100
•That is, drop everything but the last 2 digits
• 12 ✕ 12 = 144, which reduces to 44
• 28487532223 ✕ 72342452989 =
206085796112139733547, which reduces to 47
• But you can save yourself a lot of work and get the right
answer anyway by doing the reduction ahead of time
• 23 ✕ 89 = 2047, which reduces to 47
Repeated squaring
• You can compute huge modular powers quickly by repeated
squaring
• Suppose you wanted to compute 1765
• 172 = 89, 174 = 21
• 178 = 41, 1716 = 81
• 1732 = 61, 1764 = 21, and 1765 = 21*17 = 57
• 7 multiplications instead of 64
There’s no shortcut for
computing logarithms
modulo p
 Problem: Given x and z, find y such that
xy = z (where everything is modular arithmetic)
 As far as anyone knows, there are no shortcuts.
 The only way to do this is essentially by bruteforce search among all possibilities for y.
 Example: If the modulus is not 100 but a 500digit number, finding y so that
xy = z
requires about 10500 steps.
“Discrete logarithm”
problem
 It is easy to compute modular powers but
seems to be hard to reverse that operation
 For what value of n does 54321n=18789
(modulo 70707)?
 Try n=1, 2, 3, 4, …
 Get 54321n= 54321, 26517, 57660, 40881 …
 n=43210 works, but no known quick way to
discover that
The math behind DiffieHellman key agreement
Given an equation of the form
xy = z
Then it is exponentially harder to
compute y given x and z, than it is to
compute z given x and y.
For 500-digit numbers, we’re talking
about a computing effort of 1700 steps
vs. 10500 steps.
Discrete logarithm seems
to be a one-way function
Fix numbers g and p (big
numbers, g<p)
Let g * a = ga (mod p)
Given a, computing g * a = A is
easy
But it is impossibly hard, given A,
to find an a such that g * a = A.
Another useful fact
Note that, for any three numbers
x, y, z,
(x * y) * z = (x * z) * y
since
(xy)z = xyz = (xz)y
Diffie-Hellman Key Agreement
A
B
Bob
Alice
Pick a secret number a
Pick a secret number b
Compute A = g * a
Shout out A
Compute B = g * b
Shout out B
Compute B * a
Compute A * b
Main point: Alice and Bob have computed the same number
Use this number as the encryption key!
Diffie-Hellman Key Agreement
A
B
Bob
Alice
Eve
Let K = a * B = b * A
Alice and Bob can now use this number as a shared key for
encrypted communication
Eve the eavesdropper knows
A
and
B
And (per Kerckhoffs) she also knows the value of p and how to compute *.
But going from these back to a or b requires reversing a one-way
computation.
Secure Internet
Communication
https://www99.americanexpress.com/
 https (with an “s”) indicates a secure, encrypted
communication is going on
 We are all cryptographers now
 So is Al Qaeda(?)
 Internet security depends on difficulty of factoring
numbers -- doing that quickly would require a deep
advance in mathematics
Confidential email from
anyone
Bob picks secret key b and computes his
public key B
Bob publishes B in a public directory!
Now Anyone can send Bob secret email:
Pick secret key a and compute public key A
Compute encryption key K using a and B
Send encrypted message and also include
public key A in the same email!
Bob computes K using A and b and decrypts
the message!
Eve
But there’s a problem …
How can Alice know that the listing
in the directory is really Bob’s?
Maybe it is Eve pretending to be
Bob!
Certificates and certifying
authorities provide solution to
authentication problem
Two more problems solved
by digital signatures
Integrity: When Bob receives a
message, he can be sure that it was
not modified en route after Alice sent
it.
Non-repudiation: Alice cannot later
deny that the message was sent.
Bob cannot later deny that the
message was received.
 Digital signatures are a variant on publickey encryption technology
Cryptography and National Security
There is a very real and critical
danger that unrestrained public
discussion of cryptologic matters
will seriously damage the ability of
this government to conduct signals
intelligence and the ability of this
government to carry out its mission
of protecting national security
information from hostile
exploitation.
-- Admiral Bobby Ray Inman
(Director of the NSA, 1979)
CALEA, October 1994
… a telecommunications carrier … shall ensure that its
equipment, facilities, or services … are capable of …
expeditiously isolating and enabling the government,
pursuant to a court order or other lawful authorization,
to intercept … all wire and electronic communications
carried by the carrier within a service area to or from
equipment, facilities, or services of a subscriber of
such carrier concurrently with their transmission to or
from the subscriber's equipment, facility, or service, or
at such later time as may be acceptable to the
government …
Government’s big hammer:
Crypto export controls
Pre-1995: Encryption technology
classified by State Department as a
munition
Illegal to export hardware, software,
technical information, unless you register as
an arms dealer and adhere to stringent
regulations
Illegal to provide material or technical
assistance to non-US citizens (even within
the US)
1996: Jurisdiction for crypto exports
transferred to Commerce Department,
but restrictions remain.
The basic proposal:
escrowed encryption
Require encryption products to have a
back door controlled by a set of keys
(“escrowed keys”) that are held by the
government or by its licensed agents
Might require this for products that can be
exported, or maybe all encryption products
Proposal first unveiled for telephones in
1994 (the “Clipper phone”)
Modified in various ways throughout 19941998
The crypto wars, 1994-1998
Dramatis Personae
Industry
Law enforcement
National security
Civil libertarian groups
Industry claims and issues
Customers want security for electronic
commerce, for protecting remote
access, for confidentiality of business
information.
Export restrictions are a pain in the
butt.
Providing encryption is cheap, but
providing an escrow infrastructure is
not, and there’s no commercial demand
for it.
Law enforcement claims
and issues
Wiretapping is a critical lawenforcement tool.
Wiretaps are conducted on specific,
identified targets under lawful authority.
Many criminals are often sloppy and/or
stupid: They won’t use encryption
unless it becomes ubiquitous. Some
criminals are far from sloppy or stupid:
They will use encryption if it is
available.
Civil libertarian claims and
issues
 As computer communication technology
becomes more pervasive, allowing
government access to communications
becomes much more than traditional
wiretapping of phone conversations.
 How do we guard against abuse of the
system?
 If we make wiretapping easy, then what
are the checks on its increasing use?
 There are other tools (bugging, data
mining, DNA matching) that can assist law
enforcement. People have less privacy
than previously, even without wiretapping.
National security
establishment claims and
issues
We can’t tell you, but they are really
serious.
Legislation, 1997
Bills introduced in Congress all
over the map, ranging from
elimination of export controls to
bills that would mandate key
escrow, even for domestic use.
More recently …
 1998-2000: Crypto export regulations modified and
relaxed, but still exist (e.g., can’t export to the
C/I/NK/S/S countries)
 Sept. 13, 2001: Sen. Judd Gregg (New Hampshire)
calls for encryption regulations, saying encryption
makers “have as much at risk as we have at risk as a
nation, and they should understand that as a matter
of citizenship, they have an obligation” to include
decryption methods for government agents.
 By October, Gregg had changed his mind about
introducing legislation.
Why Aren’t Emails Encrypted?
 Email is more like postcards than letters!
 Standard email software doesn’t make it easy
 But encrypted-email software is freely available
(PGP)
 Regulations require some businesses to know what
their employees are doing
December 1, 2006
Related documents
Homework
Homework
cs772MidtermFall14
cs772MidtermFall14
Public key encryption, crypto hashes, and key management
Public key encryption, crypto hashes, and key management
Computer Security Exercises
Computer Security Exercises
RSA – An Example
RSA – An Example
1 - Colgate University
1 - Colgate University
Test 2
Test 2
Download
advertisement