If you can't read please download the document

View

50Download

2

Tags:

Embed Size (px)

DESCRIPTION

http://www.cs.virginia.edu/evans/talks/cyberlaw.ppt. Encryption: How it works, why it (sometimes) doesn’t, and what it can do. - PowerPoint PPT Presentation

David Evansevans@cs.virginia.eduhttp://www.cs.virginia.edu/evansEncryption: How it works, why it (sometimes) doesnt, and what it can doUniversity of VirginiaDepartment of Computer Sciencehttp://www.cs.virginia.edu/evans/talks/cyberlaw.pptWith a magnetic card and his dog Buddy's name as a password, President Clinton e-signed a bill Friday that will make electronic signatures as real as those on paper.

FoxNews, 30 June 2000

Cyberlaw: Encryption

TerminologyEncryptDecryptPlaintextCiphertextPlaintextAliceBobInsecure ChannelC = E(P)P = D(C)E must be invertible: P = D (E (P))

Cyberlaw: Encryption

EncryptDecryptPlaintextCiphertextPlaintextAliceBobInsecure ChannelC = E(P, K)P = D(C, K)KKThe enemy knows the system being used. Claude Shannon

Cyberlaw: Encryption

Jefferson Wheel Cipher

Cyberlaw: Encryption

EnigmaAbout 50,000 used by Nazis in WWIIModified throughout WWII, believed to be perfectly secureBroken by Bletchley Park led by Alan Turing (and 30,000 others)First computer (Collossus) developed to break Nazi codes (but kept secret through 1970s)Allies used decrypted Enigma messages to plan D-Day

Cyberlaw: Encryption

Modern Symmetric Ciphers A billion billion is a large number, but it's not that large a number. Whitfield DiffieSame idea but:Use digital logic instead of mechanical rotorsLarger keysEncrypt blocks of letters at a time

Cyberlaw: Encryption

DES [1976]Plaintext16x RoundL0R0FK1L1R1SubstitutionPermutationInitial Permutation56-bit key256 = 72 quadrillion

Cyberlaw: Encryption

Modern CiphersAES (Rijndael) successor to DES selected last year128-bit keys, encrypt 128-bit blocksBrute force attackTry 1 Trillion keys per secondWould take 10790283070806000000 years to try all keys! If thats not enough, can use 256-bit keyNo known techniques that do better than brute force search

Cyberlaw: Encryption

Problem with all Symmetric CiphersEncryptDecryptPlaintextCiphertextPlaintextAliceBobInsecure ChannelHow do Alice and Bob agree on K (without Eve hearing it)?KK

Cyberlaw: Encryption

Padlocked BoxesAliceHi!

Cyberlaw: Encryption

Padlocked BoxesAliceHi!

Cyberlaw: Encryption

Padlocked BoxesAliceAlices Padlock Key

Cyberlaw: Encryption

Padlocked BoxesAliceHi!BobAlices Padlock Key

Cyberlaw: Encryption

Padlocked BoxesAliceHi!BobAlices Padlock Key

Cyberlaw: Encryption

Padlocked BoxesAliceHi!BobAlices Padlock Key

Cyberlaw: Encryption

Padlocked BoxesAliceHi!BobBobs Padlock Key

Cyberlaw: Encryption

Padlocked BoxesAliceHi!BobBobs Padlock KeyHi!

Cyberlaw: Encryption

Secret Paint MixingAnalogy due to Simon Singh, The Code Book.AliceBobYellow paint (public) Eve

Cyberlaw: Encryption

One-Way FunctionsLike mixing paint easy to mix, hard to unmixSimple example:Middle 100 digits of n2, n random 100 digit numberGiven n, easy to calculate.Given 100 digits, hard to find n.Trap-door one way function:D (E (M)) = ME and D are easy to compute.Revealing E doesnt reveal an easy way to compute D

Cyberlaw: Encryption

Public-Key Applications: PrivacyAlice encrypts message to Bob using Bobs Private KeyOnly Bob knows Bobs Private Key only Bob can decrypt messageEncryptDecryptPlaintextCiphertextPlaintextAliceBobBobs Public KeyBobs Private Key

Cyberlaw: Encryption

SignaturesBob knows it was from Alice, since only Alice knows Alices Private KeyNon-repudiation: Alice cant deny signing message (except by claiming her key was stolen!)Integrity: Bob cant change message (doesnt know Alices Private Key)EncryptDecryptPlaintextSignedMessagePlaintextAliceBobAlices Private KeyAlices Public Key

Cyberlaw: Encryption

RSA[Rivest, Shamir, Adelman 78]E(M) = Me mod nPublic key (e, n)D(C) = Cd mod nPrivate key de, d and n chosen so Med mod n = MD(E(M)) = E(D(M)) = M

Cyberlaw: Encryption

Choosing e, d, nChoose 2 secret primes p and qn = p * qe * d 1 mod (p 1)(q 1)Depends on number theory theorems of Euler and Fermat

Cyberlaw: Encryption

- RSA in Perlprint pack"C*", split/\D+/, `echo "16iII*o\U@{$/=$z; [(pop,pop,unpack"H*",)]} \EsMsKsN0[lN*1lK[d2%Sa2/d0
Security of RSAn is public, but not p and q where n = p * q If we can find p and q, easy to find d (private key)Sounds easy: just need to factor n 4th grade factoring: divide by 2, 3, 4, n is ~200 digits would take quintillions of years Better algorithms known, but not much better

Cyberlaw: Encryption

Key ManagementEveryone can know the public key, but to be useful must know it is the owners public key.AliceHi!Alices Padlock Key

Cyberlaw: Encryption

Approach 1: Meet SecretlyAlice and Bob meet secretly and swap public keysIf you can do that, might as well agree on a secret (symmetric key) insteadDoesnt work for Internet transactions

Cyberlaw: Encryption

Approach 2: Public AnnouncementPublish public keys in a public forumAppend to email messagesPost on web siteNew York Time classifiedsEasy for rogue to pretend to be someone elseForge email, alter web site, lie to New York Times

Cyberlaw: Encryption

Approach 3: Public DirectoryTrusted authority maintains directory mapping names to public keysEntities register public keys with authority in some secure wayAuthority publishes directoryPrint using watermarked paper, special fonts, etc.Allow secure electronic accessDepends on secure distribution of directorys key

Cyberlaw: Encryption

Approach 4: CertificatesVeriSignAliceBobKUAHow do I know Alice is Alice?$$$$

Cyberlaw: Encryption

Data encrypted using secret key exchanged using some public keyassociated with some certificate.

Cyberlaw: Encryption

Cyberlaw: Encryption

Cyberlaw: Encryption

Cyberlaw: Encryption

SummaryCryptology can do a lot:Keep secretsProvide signaturesAnonymity, Money, Voting, Zero-Knowledge Proofs, etc.But, its not perfect:Depends on humans not making mistakesTough to associate keys with principals

http://www.cs.virginia.edu/evans/talks/cyberlaw.ppt

Cyberlaw: Encryption