Upload
aya
View
25
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Computers in Society. Encryption The Biological Metaphor. Homework. Questions on the encryption story? This is due in class Thursday. The next homework is up – Google court cases. Quiz Wrapup. Let's check out your answers …. The Lockbox. - PowerPoint PPT Presentation
Citation preview
Computers in Society
Encryption
The Biological Metaphor
Homework
Questions on the encryption story?
This is due in class Thursday.
The next homework is up – Google court cases.
Quiz Wrapup
Let's check out your answers …
The Lockbox
I want to be able to receive something from a friend without worrying about anybody peeking in.
My solution: use an unbreakable lockbox with a lock that can't be picked.
I'll give my friend the lockbox and one key, I'll keep the other key. He can mail me the locked box and only I can open it.
What sort of encryption is this?
The Key Problem
I don't want to meet my friend in
private to hand him the key but I can't mail him the key either (why?).
So what if instead I put a diagram of the key on my website so he can build it himself?
Will that work?
Locks
Since anyone can build a key, anyone can pick locks on my private message.
Instead of keys, let's talk about locks.Think of a combination lock – if it's open,
you can lock something with it even if you don't know the combination.
You only need the combination to unlock!Now instead of sharing keys, I give an
unlocked lock to my friend.
Building Locks
Instead of telling everyone in the world how to build my key, I'll tell everyone how to build an open lock than only I can unlock.
Wouldn't seeing the plans for this lock make it possible for others to deduce the combination?
The Unexpected Truth
NO! I can place a "plan" for a lock in public that would allow ANYONE to build a lock without telling them enough to deduce the combination!
Plan = Public Key
Combination = Private Key
Hard math problems
Public key encryption is based on operations which are much harder to undo than do. Example: factoring large integers. It is easy to multiply but hard to factor.
Can we prove these algorithms are so tough that they can’t be solved quickly? No! The NSA might have a secret algorithm or mega-computer that cracks encryption but they are not talking! Maybe they have a working quantum computer hiding somewhere.
How It Works
Alice runs a program that generates a random key pair – one is public, one is private.
Alice places her public key on her websiteBob downloads the key and uses it to create an
encrypted messageBob sends the message to AliceTrudy knows HOW Bob created the message (that
is, she knows the same secrets that Bob does)Only Alice can decode this message since she has
the private key
What Can Go Wrong?
Lots of things can go wrong with this!
* Alice might accidentally disclose her private key – she won’t know if someone else is also decoding the message from Bob
* Bob might be tricked into using the wrong key to encode the message, allowing someone else to understand it
* The software that Bob and Alice trust to do the encryption / decryption might be compromised
What Can Go Wrong?
Lots of things can go wrong with this!
* The software Alice uses to generate keys might generate a key someone else knows or generate keys in a predictable way
* Someone with a lot of computing power might break the code with “Brute Force”
* The key could be lost – in this case there is NO realistic way to unlock the message (for big keys the brute force attack just can't work!)
Public Key Infrastructure
PKI is needed to link keys to people or institutions.
The crucial trust is the connection between Alice and her key.
This is usually handled by a certificate – a statement by a trusted 3rd party that a particular key belongs to a particular person.
Your web browser knows a lot about these things!
Hashing
Hashing is a technique for turning a big piece of information (a document) into a small one (hash code / digest) in a way that ensures small changes in the big thing will result in some change to the hash code.
This verifies the integrity of an object with a small amount of extra information (the “digest”)
Digital Signatures
A digital signature is something that produces a publicly verifiable record that you have “approved” or “signed” a document.
Someone with your public key can test whether a particular document has been signed or not by you.
Very similar to hashing except there’s also a “secret” involved.
Example
Bob generates a pair of encryption keys, one public and one private
Alice presents a document to Bob for signatureUsing his private key, Bob generates a signature
that indicates he has approved the documentUsing Bobs public key, Alice can verify that Bob
did in fact sign the documentAny third party, when presented with the
document, Bob’s signature, and Bob’s public key and verify the Bob did indeed sign the document
Digital vs Real Signatures
How do digital signatures differ from real ones?
Digital vs Real Signatures
How do digital signatures differ from real ones?
Digital signatures are affixed to a specific document – you can’t change the document after it has been signed
Anyone with the “secret” (the private key) can sign things as Bob
No real possibility of forgingSmall possibility of document tampering!
Usage of Digital Signatures
Commerce: digital signatures are as binding as ordinary ones in the law
Trust: vendors sign their products to prevent tampering (microsoft signs drivers, for example)
Identity: sign emails, postings to message boards, anything you want to guarantee is really being said by you
What You Can’t Keep Secret
Crypto doesn’t solve all problems! Just remember:• Somewhere in the system stuff gets decrypted; if someone is able to read your screen or monitor keystrokes then encryption can’t help.• Human issues (you write down a pass phrase in an unsecured place or enter your PIN number into a fake ATM) are very hard to deal with.
Computer Programs & Biology
* What is a "zombie"?
* What is a "virus"?
* What is a "worm"?
* What is a "Trojan"?
The Internet as an Ecosystem
Let's talk biology:* What is the "goal" of aliving organism?* What is "food"?* How can an organism interact with its environment?* What is evolution?* What is a parasite?* What is the "immune system"? How does it work?* How are living organisms encoded?* What is an ecosystem?* What is a vector?