Ch3b encryption
This presentation is the property of its rightful owner.
Sponsored Links
1 / 40

Ch3b Encryption PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Ch3b Encryption. Uses of Encryption. Electronic Funds transfer trillion dollars a day. Automated teller machine passwords Pin's. Credit card numbers on the internet. Bank records. Your password. Cable TV signals. Cellular phone calls. Encryption.

Download Presentation

Ch3b Encryption

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Ch3b Encryption

CSC309 Miller

Uses of Encryption

Electronic Funds transfer trillion dollars a day.

Automated teller machine passwords Pin's.

Credit card numbers on the internet.

Bank records.

Your password.

Cable TV signals.

Cellular phone calls.

CSC309 Miller


Encryption usually include a coding scheme

(a cryptographic algorithm) and a sequence of

characters (a key) which is used to turn plain

text into a coded message (cipher text). The

cipher text is decoded (decrypted) to produce

the original plain text.

Encryption scheme used by Julius Caesar was

to replace each letter with the one three places

ahead of it in the alphabet. (CaesarFdhwdu)

CSC309 Miller

Symmetric Key

The key that is used to encrypt a message is

also the key that is used to decrypt it. This is

also referred to as symmetric private key.

The major problem is that you have to protect

the key.

A related problem is that in some cases it is

going to be extremely difficult to deliver the

key to someone who will use it without

exposing the key.

CSC309 Miller

National Security Agency

NSA created in 1952 by President Truman’s

top-secret order.

Monitors all communication between U.S.

and world. That is interpreted to mean all

foreign phone calls, radio transmissions,

and more recently, all Internet traffic.

CSC309 Miller

National Security Agency

Interested in designing schemes no other

country can break and to break everybody

else's methods.

Considered itself the repository of all

cryptography information for the country.

CSC309 Miller


The Data Encryption Standard was originally

developed by IBM in the 1960’s but was

modified by the National Security Agency

prior to its adoption as a government standard

in 1977. (NSA involvement was the major

reason it was never fully accepted by the


DES is a symmetric private key cryptography


CSC309 Miller


In May of 1975, Diffie came up with the

thought of splitting the key. One part

(the public part) would be used for encryption

while the other (the private part) would be

used to decrypt the message.

When the private part was used to encrypt

and the public to decrypt then a digital

signature had been generated. They presented

a paper “New Directions in Cryptography”.

CSC309 Miller

Public Key Examplefrom CSC300



901 568 803 39 450 645 1173

= 234

1 2 5 11 32 87 141


0 1 0 1 0 1 0



901 568 803 39 450 645 1173


0 1 0 1 0 1 0

= 100

1 2 5 11 32 87 141

CSC309 Miller


RSA (a public key encryption scheme) is

named for the three individuals from MIT,

Rivest-Shamir-Adelman who developed it.

They also built a company to commercialize

their product and licensed the technology to

companies such as Microsoft.

The government kept strong encryption out

of products (in companies such as Microsoft)

by its export regulations.

CSC309 Miller

Export Restrictions

Because of military applications, coding

machines and encryption software are

treated as "munitions” and covered by ITAR

(International Traffic in Arms Regulation).

Government noticed that all of the strong

encryption software that was available overseas

could not be regulated so they threatened

prosecution on export software designed to

work with someone’s encryption routines.

CSC309 Miller

Going Public

Spring of 1992 the head of NSA was told that

cryptography was going public, that RSA was

selling it, and that the Internet had provided a

way around the export laws. The head of NSA

requested a solution and shortly thereafter

key escrow appeared.

Simply store a copy of the key in a secure area

and then make law enforcement get a search

warrant to get a copy that would let them

decrypt a message. But then there was AT&T.

CSC309 Miller


AT&T had been selling a secure phone to the

government but in 92 decided to sell a version

(TSD3600) to the public.

The FBI saw their ability to do wiretaps slipping

away and proposed adding a chip to TSD3600

which would allow them to set up an escrow

system but no one could figure out why this was

good for them.

CSC309 Miller

Clipper Chip is Born

Politically the security advocates thought they

were in serious trouble because escrow became

a privacy issue.

Presentations by the FBI gained the support of

the executive branch of government and AT&T

was offered a deal it couldn’t turn down. The

promise of the purchase of lots of these devices

and no hassle on exports allowed the process to

move forward. The modified A&T device

became known as the Clipper Chip.

CSC309 Miller

Clipper Chip

Sort of complicated. When two people

exchanged information in a phone call a

packet of information was exchanged which

included the chip’s serial numbers and a

special session key. The FBI could decode

chip serial numbers but not the session key

which was stored in pieces in two different

government agencies and available to the

FBI only after a legal wiretap was approved.

CSC309 Miller

Clipper Chip (Cont.)

There were problems. Clipper was based on a

secret algorithm and was to be implemented in

hardware (cost and up-grade considerations),

Clipper phones only worked with Clipper phones,

and there was the problem of escrowed keys.

In 1994 NSA let a few Clipper chips out for

inspection. Matt Blase of Bell labs quickly broke

the code, wrote his findings to NAS, and got a

technical publication out.

His results made it to the front page of the New

York Times and Clipper was dead.

CSC309 Miller

Key Escrow Won’t Work

Experts and lawmakers opposed legislation that

would require people using encryption to put

their encryption keys in escrow with a third

party, as the keys would become targets for

terrorists. Responding to claims that a key

escrow system could allow law enforcement

officials to decode communication between

terrorists and other criminals, Rep. Bob

Goodlatte (R-Va) remarked that such persons

are not likely to place their encryption keys in

escrow anyhow.

CSC309 Miller

Key Escrow Plan Abandoned

“ ... the temptation to abuse key escrow or

create a mass repository of stored keys would

pose a single point of security risk unlike ever

before. Furthermore, he says fear of its abuse

could have a chilling effect on people's sense

of privacy and security, forcing users to shy

away from the very technology created to

safeguard their transmitted messages.”

The key escrow debate mirrors a dropped

effort on the part of the government to

institute a "Clipper chip"

CSC309 Miller


Lots of situations where escrow needs to be used.

CSC309 Miller

Researchers Claim to Crack Car Alarm Code

Computer science faculty at John Hopkins have found

a way to crack the code used in the keys of more than

150 million new Fords, Toyotas and Nissans involves a

transponder chip embedded in the key and a reader

inside the car. They also cracked the code for new

gasoline purchase system in which a reader inside the

gas pump is able to recognize a small key-chain tag

when the tag is waved in front of it. Texas Instruments, said the hardware used to crack the codes is cumbersome, expensive and not practical for common thieves.

CSC309 Miller

Pretty Good Protection

Phillip Zimmerman, a programmer concerned

about the governments plans to limit the use of

strong encryption, in 1991 developed a program

using public key cryptography for e-mail.

Zimmerman gave his “PGP” software

to a friend who uploaded it to as many bulletin

boards as he could find. It quickly became

the most popular encryption scheme for e-mail.

CSC309 Miller

Pretty Good Protection (Cont.)

In February of 1993, Zimmerman was notified

that he was being investigated to see if he had

violated the International Traffic In Arms Regs.

The investigation was dropped three years later.

This slowed down distribution as did the fact

that it used patented technology and was at

that time in competition with the government’s

Clipper chip.

CSC309 Miller


Zimmerman defended his actions by arguing

that if ordinary people didn’t have access to

“military grade” public key encryption then

only the organizations with big money such as

governments, giant corporations, drug cartels,

etc. would have privacy.

CSC309 Miller

Ten Years Later

Phil Zimmermann, has been crying every

day since last week's terrorist attacks. He has

been overwhelmed with feelings of guilt. In a

telephone interview from his home, he said he

doesn't regret posting the encryption program

on the Internet. Yet he has trouble dealing with

the reality that his software was likely used for

evil. "The intellectual side of me is satisfied with

the decision, but the pain that we all feel because

of all the deaths mixes with this," he said. "It

has been a horrific few days." (Washington Post 9/21/01)

CSC309 Miller

Three Days Later

Phil Zimmermann did not find the Washington

Post article “entirely accurate”. Concerning the

“overwhelmed with feelings of guilt” comment,

“I never implied that in the interview, and

specifically went out of my way to emphasize

to her that that was not the case, and made her

repeat back to me the point so that she could

not get it wrong in the article.”

“...strong cryptography does more for a demo-

cratic society than harm, even if it can be used

by terrorists.” No regrets.

CSC309 Miller


The word steganography comes from the Greek steganos (covered or secret) and -graphy (writing or drawing) and thus means, literally, covered writing. Steganography is usually given as a synonym for cryptography but it is not normally used in that way. Through recent usage, steganography has come to mean hidden writing, i.e., writing that is not readily discernible to the casual observer. For example, the childhood practice of writing messages in 'invisible ink' would qualify as steganography since the writing is hidden in the sense that it is not obvious that it is there unless you know to look for it.

CSC309 Miller


Steganography, is the practice of embedding

secret messages in other messages -- in a way

that prevents an observer from learning that

anything unusual is taking place.


A really good site that we have been watching for years (last update Jan/09). Gives the best explanation I’ve found.

CSC309 Miller


You used steganography to find the CSC309

downloads. The first line reads:

“9/11/08 I've started updating this CSC309 site

and have made first contact with textbook folks.”

Click on the period at the end of the line

(it does have a little line under it)

for a another article on steganography.

CSC309 Miller

Modern Steganography

Modern steganographers use software like

White Noise Storm and S-Tools allow a

paranoid sender to embed messages in

digitized information, typically audio, video

or still image files, that are sent to a recipient.

The software usually works by storing infor-

mation in the least significant bits of a digitized

file -- those bits can be changed without in ways

that aren't dramatic enough for a human eye or

ear to detect.

CSC309 Miller

ABC Presentation on Steganography

  • ABC gave a presentation on Steganography in 2001 where they claimed the top picture contained a picture of a B-52. The actual content is a B-52 graveyard.

CSC309 Miller

56-bit DES cracked

In 1997, a series of contests were initiated,

offering a $10,000 prize to any one that

could break a message encrypted with

56-bit DES. With the best plan of attack

known at that time (sort of brute force)

requiring an estimated 2,285 years of

computer time on a dedicated 200 mhz

computer no winners were anticipated.

CSC309 Miller

56-bit DES cracked

The first contest was won by a team of

computer scientist who got on the Internet

with a request to use idle cycles on

computers attached to the Internet with an

offer to pay $4,000 if your machine was the

one that came up with the answer. Code

cracked in 96 days. 78,000 computers had

participated in the search.

CSC309 Miller

56-bit DES cracked

EFF, a free speech advocacy group, in July

of 1998, cracked the 56-bit DES encryption

in 56 hours on a $250,000 custom built

computer named “Deep Crack”.

In January 1999, the third contest saw a

joint effort between and

Deep Crack find the key in 22 hours 15


CSC309 Miller

AES Replaces DES

The Advanced Encryption Standard (AES)

was adopted by the U.S. government

after a 5-year standardization process in

which fifteen competing designs were

evaluated. It became effective as a

standard May 26, 2002. AES is the

first publicly accessible and open cipher

approved by the NSA for top secret


CSC309 Miller

White House ReversesCrypto Policy


Reversing two decades of U.S. encryption

policy, the White House has proposed allowing

the export of software or hardware using any

encryption key length without license.

Companies can't sell to designated terrorist

countries and must report all exports in excess

of 64 bits.

Exporting up to 40 bit keys had always been


CSC309 Miller

White House ReversesCrypto Policy


The announcement also included a final

version of The Cyberspace Electronic Security

Act of 1999 (CESA). This act would provide

"federal statutory protections for the privacy

of decryption keys" and protect law

enforcement from having to disclose how they

obtained information.

CSC309 Miller

Encryption Smuggling Arrests


The Customs Service has reported that two

men have been arrested and accused of

scheming to smuggle military encryption

technology to China.  The technology, two

devices known as KIV-7HS units, are used to

encode classified government communications

and are protected under ITAR.

CSC309 Miller

Quantum Encryption Product

11/17/03 MagiQ Technologies has begun

selling Navajo systems, reputedly unbreakable

encryption technology that employs the laws of

quantum physics. Navajo systems use photons

to transmit encryption keys over fiber-optic

lines; photons are so sensitive that their

behavior changes if they are examined. MagiQ

is requesting governmental permission to sell

Navajo abroad.

CSC309 Miller


Aoccdrnig to a rscheearch at Cmabrigde Uinervtisy,

it deosn't mttaer in waht oredr the ltteers in a

wrod are, the olny iprmoetnt tihng is taht the frist

and lsat ltteer be at the rghit pclae. The rset can

be a total mses and you can sitll raed it wouthit a

porbelm. Tihs is bcuseae the huamn mnid deos not

raed ervey lteter by istlef, but the wrod as a wlohe.

Amzanig huh???

CSC309 Miller

History Snapshot (What does this have to do with encryption/privacy?)

David Gelernter took a bachelor's

degree in religious studies and a

master's in Hebrew literature from

Yale. He went on to collect a PhD in

computer science from the State

University of New York at Stony Brook,

but joined Yale as faculty in 1982. He

made a name for himself by developing

a computer language named "Linda”.

  • Login