David Evans evans@cs.virginia cs.virginia/evans

  • View
    48

  • Download
    2

Embed Size (px)

DESCRIPTION

http://www.cs.virginia.edu/evans/talks/cyberlaw.ppt. Encryption: How it works, why it (sometimes) doesn’t, and what it can do. - PowerPoint PPT Presentation

Text of David Evans evans@cs.virginia cs.virginia/evans

  • David Evansevans@cs.virginia.eduhttp://www.cs.virginia.edu/evansEncryption: How it works, why it (sometimes) doesnt, and what it can doUniversity of VirginiaDepartment of Computer Sciencehttp://www.cs.virginia.edu/evans/talks/cyberlaw.pptWith a magnetic card and his dog Buddy's name as a password, President Clinton e-signed a bill Friday that will make electronic signatures as real as those on paper.

    FoxNews, 30 June 2000

    Cyberlaw: Encryption

  • TerminologyEncryptDecryptPlaintextCiphertextPlaintextAliceBobInsecure ChannelC = E(P)P = D(C)E must be invertible: P = D (E (P))

    Cyberlaw: Encryption

  • EncryptDecryptPlaintextCiphertextPlaintextAliceBobInsecure ChannelC = E(P, K)P = D(C, K)KKThe enemy knows the system being used. Claude Shannon

    Cyberlaw: Encryption

  • Jefferson Wheel Cipher

    Cyberlaw: Encryption

  • EnigmaAbout 50,000 used by Nazis in WWIIModified throughout WWII, believed to be perfectly secureBroken by Bletchley Park led by Alan Turing (and 30,000 others)First computer (Collossus) developed to break Nazi codes (but kept secret through 1970s)Allies used decrypted Enigma messages to plan D-Day

    Cyberlaw: Encryption

  • Modern Symmetric Ciphers A billion billion is a large number, but it's not that large a number. Whitfield DiffieSame idea but:Use digital logic instead of mechanical rotorsLarger keysEncrypt blocks of letters at a time

    Cyberlaw: Encryption

  • DES [1976]Plaintext16x RoundL0R0FK1L1R1SubstitutionPermutationInitial Permutation56-bit key256 = 72 quadrillion

    Cyberlaw: Encryption

  • Modern CiphersAES (Rijndael) successor to DES selected last year128-bit keys, encrypt 128-bit blocksBrute force attackTry 1 Trillion keys per secondWould take 10790283070806000000 years to try all keys! If thats not enough, can use 256-bit keyNo known techniques that do better than brute force search

    Cyberlaw: Encryption

  • Problem with all Symmetric CiphersEncryptDecryptPlaintextCiphertextPlaintextAliceBobInsecure ChannelHow do Alice and Bob agree on K (without Eve hearing it)?KK

    Cyberlaw: Encryption

  • Padlocked BoxesAliceHi!

    Cyberlaw: Encryption

  • Padlocked BoxesAliceHi!

    Cyberlaw: Encryption

  • Padlocked BoxesAliceAlices Padlock Key

    Cyberlaw: Encryption

  • Padlocked BoxesAliceHi!BobAlices Padlock Key

    Cyberlaw: Encryption

  • Padlocked BoxesAliceHi!BobAlices Padlock Key

    Cyberlaw: Encryption

  • Padlocked BoxesAliceHi!BobAlices Padlock Key

    Cyberlaw: Encryption

  • Padlocked BoxesAliceHi!BobBobs Padlock Key

    Cyberlaw: Encryption

  • Padlocked BoxesAliceHi!BobBobs Padlock KeyHi!

    Cyberlaw: Encryption

  • Secret Paint MixingAnalogy due to Simon Singh, The Code Book.AliceBobYellow paint (public) Eve

    Cyberlaw: Encryption

  • One-Way FunctionsLike mixing paint easy to mix, hard to unmixSimple example:Middle 100 digits of n2, n random 100 digit numberGiven n, easy to calculate.Given 100 digits, hard to find n.Trap-door one way function:D (E (M)) = ME and D are easy to compute.Revealing E doesnt reveal an easy way to compute D

    Cyberlaw: Encryption

  • Public-Key Applications: PrivacyAlice encrypts message to Bob using Bobs Private KeyOnly Bob knows Bobs Private Key only Bob can decrypt messageEncryptDecryptPlaintextCiphertextPlaintextAliceBobBobs Public KeyBobs Private Key

    Cyberlaw: Encryption

  • SignaturesBob knows it was from Alice, since only Alice knows Alices Private KeyNon-repudiation: Alice cant deny signing message (except by claiming her key was stolen!)Integrity: Bob cant change message (doesnt know Alices Private Key)EncryptDecryptPlaintextSignedMessagePlaintextAliceBobAlices Private KeyAlices Public Key

    Cyberlaw: Encryption

  • RSA[Rivest, Shamir, Adelman 78]E(M) = Me mod nPublic key (e, n)D(C) = Cd mod nPrivate key de, d and n chosen so Med mod n = MD(E(M)) = E(D(M)) = M

    Cyberlaw: Encryption

  • Choosing e, d, nChoose 2 secret primes p and qn = p * qe * d 1 mod (p 1)(q 1)Depends on number theory theorems of Euler and Fermat

    Cyberlaw: Encryption

  • RSA in Perlprint pack"C*", split/\D+/, `echo "16iII*o\U@{$/=$z; [(pop,pop,unpack"H*",)]} \EsMsKsN0[lN*1lK[d2%Sa2/d0
  • Security of RSAn is public, but not p and q where n = p * q If we can find p and q, easy to find d (private key)Sounds easy: just need to factor n 4th grade factoring: divide by 2, 3, 4, n is ~200 digits would take quintillions of years Better algorithms known, but not much better

    Cyberlaw: Encryption

  • Key ManagementEveryone can know the public key, but to be useful must know it is the owners public key.AliceHi!Alices Padlock Key

    Cyberlaw: Encryption

  • Approach 1: Meet SecretlyAlice and Bob meet secretly and swap public keysIf you can do that, might as well agree on a secret (symmetric key) insteadDoesnt work for Internet transactions

    Cyberlaw: Encryption

  • Approach 2: Public AnnouncementPublish public keys in a public forumAppend to email messagesPost on web siteNew York Time classifiedsEasy for rogue to pretend to be someone elseForge email, alter web site, lie to New York Times

    Cyberlaw: Encryption

  • Approach 3: Public DirectoryTrusted authority maintains directory mapping names to public keysEntities register public keys with authority in some secure wayAuthority publishes directoryPrint using watermarked paper, special fonts, etc.Allow secure electronic accessDepends on secure distribution of directorys key

    Cyberlaw: Encryption

  • Approach 4: CertificatesVeriSignAliceBobKUAHow do I know Alice is Alice?$$$$

    Cyberlaw: Encryption

  • Data encrypted using secret key exchanged using some public keyassociated with some certificate.

    Cyberlaw: Encryption

  • Cyberlaw: Encryption

  • Cyberlaw: Encryption

  • Cyberlaw: Encryption

  • SummaryCryptology can do a lot:Keep secretsProvide signaturesAnonymity, Money, Voting, Zero-Knowledge Proofs, etc.But, its not perfect:Depends on humans not making mistakesTough to associate keys with principals

    http://www.cs.virginia.edu/evans/talks/cyberlaw.ppt

    Cyberlaw: Encryption