• No results found

Introduction to Encryption

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Introduction to Encryption"

Copied!
35
0
0

Loading.... (view fulltext now)

Download now ( 35 Page )

Full text

(1)

Computers and Society

Introduction to Encryption

Chris Brooks

Department of Computer Science University of San Francisco

(2)

3-0:

Terminology

Code

Replacement based on words or semantic structures Each word has a corresponding code word.

(3)

3-1:

Terminology

Code

Replacement based on words or semantic structures Each word has a corresponding code word.

Code has many other meanings we’ll be interested in ...

(4)

3-2:

Terminology

Code

Replacement based on words or semantic structures Each word has a corresponding code word.

Code has many other meanings we’ll be interested in ...

Cipher

Replacement based on symbols

(5)

3-3:

Terminology

Cryptography

The science of encrypting or hiding secrets Cryptanalysis

The science of decrypting messages or breaking codes and ciphers

Cryptology

(6)

3-4:

Applications

(7)

3-5:

Applications

Why might someone want to use encryption? Military uses

Protect business secrets

Protect financial information (credit card numbers, etc) Protect communication from unauthorized access

(8)

3-6:

Applications

Why might someone want to use encryption? Authenticating payment or permission

More flexible payment schemes (digital cash) Protecting intellectual property

Espionage/sabotage Others?

(9)

3-7:

More Terminology

Plaintext - an unencrypted message Ciphertext - an encrypted message

An encryption scheme will depend on being easy to

generate ciphertext from plaintext, but hard to generate plaintext from ciphertext.

(10)

3-8:

More Terminology

Symmetric-key encryption

Also called secret key encryption

One key is used for both encryption and decryption Asymmetric key encryption

Also called public key encryption

(11)

3-9:

Three eras of cryptology

Pre-WWII

Cryptography as a craft

Widely used, but not mathematically rigorous 1940s-1970

Secret key encryption introduced

Mathematical techniques developed to characterize how secure a cipher was.

1970-present

(12)

3-10:

Early cryptography

Caesar cipher (shift cipher)

Replace each letter with +3 mod 26

“Attack at dawn” becomes “Dttdfn dw gdzq” Two components:

Algorithm: shift each letter by a fixed amount Key: The amount to shift each letter.

Knowing the algorithm (but not the key) makes this cipher easy to crack.

How many possible plaintexts does “Dwwdfn dw gdzq” have?

(13)

3-11:

Weaknesses of the Caesar

Cipher

Word structure is preserved.

An attacker could notice that ’dw’ is a two-letter word, so either d or w must be a vowel.

Solution: Break message into equal-sized blocks. “dww dfn dwg dzq”

(14)

3-12:

Weaknesses of the Caesar

Cipher

Letter frequency is a big clue

e,t,a,o are the most common English letters. Using a single key preserves frequency.

Solution: use multiple keys

E.g. shift first char by 3, second by 5, third by 7. “Attack at dawn” becomes “dva dhr dvk dbu” Better, but there is still frequency information present.

An attacker that knows the block size can determine which characters were encoded with each key.

(15)

3-13:

Caesar cipher

The Caesar cipher is still useful as a way to prevent people from unintentionally reading something.

ROT-13

By taking action to decrypt, the user agrees that they want to view the content.

Fundamental problem with Caesar cipher: message is longer than the key.

(16)

3-14:

Vernam Cipher

1920’s: introduction of the one-time pad. Message represented as a bitstring Randomly generated key

Same length as message XORed with message

Theoretically unbreakable

Attacker can do no better than guessing

(17)

3-15:

Vernam Cipher

Example: winning lottery number is 117 1110101 (7 bits)

Randomly generated key: 0110101 XOR: 1000000

No two bits are encoded with the same mapping

An attacker has no frequency information to help guess the key.

(18)

3-16:

Symmetric Key Encryption

Caesar cipher and the one-time pad are examples of symmetric key (secret key) encryption.

Same key used to encrypt and decrypt. All users share key.

Advantage: Very fast

(19)

3-17:

Enigma

Enigma was developed in the 1920s by the German Navy Symmetric-key cipher

Used internal rotors to choose key and encrypt Different permutations of the rotors produced different keys

Manual indicated starting positions of plugboard and rotors

To decode a message, one needed: An Enigma machine

Knowledge of the starting position of the rotors and plugs.

(20)

3-18:

Enigma

After the capture of a German U-boat, British scientists were able to crack the Enigma.

Primary work done by Alan Turing

British would intercept encoded messages and compare them to past messages to determine the starting

configuration.

150,000,000,000,000 possible starting positions

Cracking the Enigma codes was one of the key turning points in WWII.

(21)

3-19:

Public Key Encryption

More sophisticated secret-key techniques were developed throughout the 50s and 60s.

Problem: How to securely distribute the keys? Symmetric key encryption works nicely for repeated communication.

(22)

3-20:

Public Key Encryption

Public key encryption is based on the idea that a user has two keys:

A public key which is shared with everyone A private key that is kept secret

A message that is encrypted with the public key can only be decrypted with the private key.

A message that is encrypted with the private key can only be decrypted with the public key.

(23)

3-21:

Encrypting and signing

If Alice encrypts a message with Bob’s public key, she can then send it to him securely.

Only someone with Bob’s private key can decrypt the message.

This is sometimes called authentication

If Alice encrypts a message with her private key and sends it to Bob, Bob can use Alice’s public key to verify that it actually came from Alice.

Only someone with Alice’s private key could encrypt this message.

(24)

3-22:

Public Key Encryption

Public key encryption has the following advantages: Can be used for one-shot communication

Can be used to digitally sign a message Disadvantage:

More computationally expensive that secret key encryption.

(25)

3-23:

Legal Issues with Encryption

Encryption and its use has been a controversial topic for many years.

For many years (until late 90s), encryption algorithms were classified as munitions.

This led to secure encryption algorithms being subject to export control.

Companies had to develop two versions of their software, one for domestic use and one for export.

(26)

3-24:

Legal Issues with Encryption

An early case was the development of PGP in 1991. Free public key encryption system.

Given away on the Internet. The US government felt that this was de facto export.

Zimmermann argued that this was a free speech/privacy issue.

(27)

3-25:

Legal Issues with Encryption

US companies found it difficult to compete with foreign companies.

Electronic commerce was developing - encryption essential.

Less secure techniques had to be used. Multiple versions of a product developed.

Most businesses just developed the weakest version of a product.

(28)

3-26:

Legal Issues with Encryption

Controls weakened by late 90s.

Combination of business pressure and legal challenges.

Is encryption (or comuter code) a form of speech? Can academics write papers about research

developments?

1996: Computer code ruled to be speech.

(29)

3-27:

Legal Issues with Encryption

Why was US government so resistant?

Strong crypto already available abroad.

Extra work for NSA - more potential messages to be decoded.

Prevent the adoption of standards Also eases NSA’s job

Export rules required companies to disclose

(30)

3-28:

Clipper Chip

1993: US government announces development of Clipper Chip.

Uses a system known as key escrow.

A copy of your private keys are kept with a third party. These keys could be accessed with a court order.

Intended government standard for computer and telephone communications.

(31)

3-29:

Clipper Chip

Actual algorithm kept secret.

No one could use it without providing keys to escrow agents.

Dropped due to technical flaws and political opposition. Replaced with key recovery schemes

Also useful if keys are lost. Mostly voluntary.

(32)

3-30:

Issues

Secrecy

As a government tool Evaluating algorithms

Public vetting has proved quite helpful at testing security schemes.

Potential “back doors”

(33)

3-31:

Issues

Policies for new technology

Legal standards were in place for tapping phones and reading mail.

Law enforcement can also get a list of phone numbers that are called.

Is this the same as an email header?

Is email the same as a phone conversation?

Rapid change in technology changes what is considered “secure”

(34)

3-32:

Trust in Government

The essential tension is between providing government with the tools to protect us and keeping them from the tools to oppress us.

One’s view of government affects where you stand in this debate.

(35)

3-33:

Examples

PGP is used by white supremacists to coordinate illegal activity.

Journalists documenting human-rights abuses use PGP to encrypt their stories.

Drug dealers use PGP to encrypt details of payment transfer.

References

Download now ( PDF - 35 Page - 301.57 KB )

Related documents

Evaluation of markers of beige adipocytes in white adipose tissue of the mouse

Only the transcripts for CD137 and TMEM26 (Fig. 6g-h) did not display a significant increase in the adipocyte fraction of those animals exposed to cold treatment. The conditions are:

The relationship between emotional intelligence, job demand and in-role job performance among senior 'P.T.D.' officers in Malaysia

THE RELATIONSHIP BETWEEN EMOTIONAL INTELLIGENCE, JOB DEMAND AND IN-ROLE JOB PERFORMANCE AMONG SENIOR P.T.D, OFFICERS IN MALAYSIA.. Seperti yang tercatat di muka surat tajuk dan

Relação entre gestão do conhecimento e inovação na cadeia produtiva da maçã

Studies on knowledge management and their applicability in the strategic processes of organizations highlight the importance of research on knowledge processes (creation,

Risk for second malignancies in non-Hodgkin's lymphoma survivors: a meta-analysis

Meta-analysis of risk for overall secondary malignancy and overall solid tumors in non-Hodgkin’s lymphoma survivors.. Type of study Model

SLOVAKIA A report by the European Roma Rights Centre

4 Government of the Slovak Republic, National Roma Integration Strategy up to 2020, (Strategy) available at:

Cambridge DELTA Diane Larsen-F

The purpose of language learning is communication (therefore students need to learn how to ask questions as well as

IR64: a high-quality and high-yielding mega variety

The major breakthrough in the development of IR64 was the combination of the high yield and disease and insect resistance of earlier IRRI varieties with the superior grain

Message from Creative Living

Entries must be on exhibit at the official opening of the Fair or at any other time specified in the Competition Handbook and shall not be removed from the Fairgrounds prior to