Ch3b Encryption. Uses of Encryption. Electronic Funds transfer trillion dollars a day. Automated teller machine passwords Pin's. Credit card numbers on the internet. Bank records. Your password. Cable TV signals. Cellular phone calls. Encryption.
Electronic Funds transfer trillion dollars a day.
Automated teller machine passwords Pin's.
Credit card numbers on the internet.
Cable TV signals.
Cellular phone calls.
Encryption usually include a coding scheme
(a cryptographic algorithm) and a sequence of
characters (a key) which is used to turn plain
text into a coded message (cipher text). The
cipher text is decoded (decrypted) to produce
the original plain text.
Encryption scheme used by Julius Caesar was
to replace each letter with the one three places
ahead of it in the alphabet. (CaesarFdhwdu)
The key that is used to encrypt a message is
also the key that is used to decrypt it. This is
also referred to as symmetric private key.
The major problem is that you have to protect
A related problem is that in some cases it is
going to be extremely difficult to deliver the
key to someone who will use it without
exposing the key.
NSA created in 1952 by President Truman’s
Monitors all communication between U.S.
and world. That is interpreted to mean all
foreign phone calls, radio transmissions,
and more recently, all Internet traffic.
Interested in designing schemes no other
country can break and to break everybody
Considered itself the repository of all
cryptography information for the country.
The Data Encryption Standard was originally
developed by IBM in the 1960’s but was
modified by the National Security Agency
prior to its adoption as a government standard
in 1977. (NSA involvement was the major
reason it was never fully accepted by the
DES is a symmetric private key cryptography
In May of 1975, Diffie came up with the
thought of splitting the key. One part
(the public part) would be used for encryption
while the other (the private part) would be
used to decrypt the message.
When the private part was used to encrypt
and the public to decrypt then a digital
signature had been generated. They presented
a paper “New Directions in Cryptography”.
901 568 803 39 450 645 1173
1 2 5 11 32 87 141
0 1 0 1 0 1 0
901 568 803 39 450 645 1173
0 1 0 1 0 1 0
1 2 5 11 32 87 141
RSA (a public key encryption scheme) is
named for the three individuals from MIT,
Rivest-Shamir-Adelman who developed it.
They also built a company to commercialize
their product and licensed the technology to
companies such as Microsoft.
The government kept strong encryption out
of products (in companies such as Microsoft)
by its export regulations.
Because of military applications, coding
machines and encryption software are
treated as "munitions” and covered by ITAR
(International Traffic in Arms Regulation).
Government noticed that all of the strong
encryption software that was available overseas
could not be regulated so they threatened
prosecution on export software designed to
work with someone’s encryption routines.
Spring of 1992 the head of NSA was told that
cryptography was going public, that RSA was
selling it, and that the Internet had provided a
way around the export laws. The head of NSA
requested a solution and shortly thereafter
key escrow appeared.
Simply store a copy of the key in a secure area
and then make law enforcement get a search
warrant to get a copy that would let them
decrypt a message. But then there was AT&T.
AT&T had been selling a secure phone to the
government but in 92 decided to sell a version
(TSD3600) to the public.
The FBI saw their ability to do wiretaps slipping
away and proposed adding a chip to TSD3600
which would allow them to set up an escrow
system but no one could figure out why this was
good for them.
Politically the security advocates thought they
were in serious trouble because escrow became
a privacy issue.
Presentations by the FBI gained the support of
the executive branch of government and AT&T
was offered a deal it couldn’t turn down. The
promise of the purchase of lots of these devices
and no hassle on exports allowed the process to
move forward. The modified A&T device
became known as the Clipper Chip.
Sort of complicated. When two people
exchanged information in a phone call a
packet of information was exchanged which
included the chip’s serial numbers and a
special session key. The FBI could decode
chip serial numbers but not the session key
which was stored in pieces in two different
government agencies and available to the
FBI only after a legal wiretap was approved.
There were problems. Clipper was based on a
secret algorithm and was to be implemented in
hardware (cost and up-grade considerations),
Clipper phones only worked with Clipper phones,
and there was the problem of escrowed keys.
In 1994 NSA let a few Clipper chips out for
inspection. Matt Blase of Bell labs quickly broke
the code, wrote his findings to NAS, and got a
technical publication out.
His results made it to the front page of the New
York Times and Clipper was dead.
Experts and lawmakers opposed legislation that
would require people using encryption to put
their encryption keys in escrow with a third
party, as the keys would become targets for
terrorists. Responding to claims that a key
escrow system could allow law enforcement
officials to decode communication between
terrorists and other criminals, Rep. Bob
Goodlatte (R-Va) remarked that such persons
are not likely to place their encryption keys in
“ ... the temptation to abuse key escrow or
create a mass repository of stored keys would
pose a single point of security risk unlike ever
before. Furthermore, he says fear of its abuse
could have a chilling effect on people's sense
of privacy and security, forcing users to shy
away from the very technology created to
safeguard their transmitted messages.”
The key escrow debate mirrors a dropped
effort on the part of the government to
institute a "Clipper chip"
Lots of situations where escrow needs to be used.
Computer science faculty at John Hopkins have found
a way to crack the code used in the keys of more than
150 million new Fords, Toyotas and Nissans involves a
transponder chip embedded in the key and a reader
inside the car. They also cracked the code for new
gasoline purchase system in which a reader inside the
gas pump is able to recognize a small key-chain tag
when the tag is waved in front of it. Texas Instruments, said the hardware used to crack the codes is cumbersome, expensive and not practical for common thieves.
Phillip Zimmerman, a programmer concerned
about the governments plans to limit the use of
strong encryption, in 1991 developed a program
using public key cryptography for e-mail.
Zimmerman gave his “PGP” software
to a friend who uploaded it to as many bulletin
boards as he could find. It quickly became
the most popular encryption scheme for e-mail.
In February of 1993, Zimmerman was notified
that he was being investigated to see if he had
violated the International Traffic In Arms Regs.
The investigation was dropped three years later.
This slowed down distribution as did the fact
that it used patented technology and was at
that time in competition with the government’s
Zimmerman defended his actions by arguing
that if ordinary people didn’t have access to
“military grade” public key encryption then
only the organizations with big money such as
governments, giant corporations, drug cartels,
etc. would have privacy.
Phil Zimmermann, has been crying every
day since last week's terrorist attacks. He has
been overwhelmed with feelings of guilt. In a
telephone interview from his home, he said he
doesn't regret posting the encryption program
on the Internet. Yet he has trouble dealing with
the reality that his software was likely used for
evil. "The intellectual side of me is satisfied with
the decision, but the pain that we all feel because
of all the deaths mixes with this," he said. "It
has been a horrific few days." (Washington Post 9/21/01)
Phil Zimmermann did not find the Washington
Post article “entirely accurate”. Concerning the
“overwhelmed with feelings of guilt” comment,
“I never implied that in the interview, and
specifically went out of my way to emphasize
to her that that was not the case, and made her
repeat back to me the point so that she could
not get it wrong in the article.”
“...strong cryptography does more for a demo-
cratic society than harm, even if it can be used
by terrorists.” No regrets.
The word steganography comes from the Greek steganos (covered or secret) and -graphy (writing or drawing) and thus means, literally, covered writing. Steganography is usually given as a synonym for cryptography but it is not normally used in that way. Through recent usage, steganography has come to mean hidden writing, i.e., writing that is not readily discernible to the casual observer. For example, the childhood practice of writing messages in 'invisible ink' would qualify as steganography since the writing is hidden in the sense that it is not obvious that it is there unless you know to look for it.
Steganography, is the practice of embedding
secret messages in other messages -- in a way
that prevents an observer from learning that
anything unusual is taking place.
A really good site that we have been watching for years (last update Jan/09). Gives the best explanation I’ve found.
You used steganography to find the CSC309
downloads. The first line reads:
“9/11/08 I've started updating this CSC309 site
and have made first contact with textbook folks.”
Click on the period at the end of the line
(it does have a little line under it)
for a another article on steganography.
Modern steganographers use software like
White Noise Storm and S-Tools allow a
paranoid sender to embed messages in
digitized information, typically audio, video
or still image files, that are sent to a recipient.
The software usually works by storing infor-
mation in the least significant bits of a digitized
file -- those bits can be changed without in ways
that aren't dramatic enough for a human eye or
ear to detect.
In 1997, a series of contests were initiated,
offering a $10,000 prize to any one that
could break a message encrypted with
56-bit DES. With the best plan of attack
known at that time (sort of brute force)
requiring an estimated 2,285 years of
computer time on a dedicated 200 mhz
computer no winners were anticipated.
The first contest was won by a team of
computer scientist who got on the Internet
with a request to use idle cycles on
computers attached to the Internet with an
offer to pay $4,000 if your machine was the
one that came up with the answer. Code
cracked in 96 days. 78,000 computers had
participated in the search.
EFF, a free speech advocacy group, in July
of 1998, cracked the 56-bit DES encryption
in 56 hours on a $250,000 custom built
computer named “Deep Crack”.
In January 1999, the third contest saw a
joint effort between distributed.net and
Deep Crack find the key in 22 hours 15
The Advanced Encryption Standard (AES)
was adopted by the U.S. government
after a 5-year standardization process in
which fifteen competing designs were
evaluated. It became effective as a
standard May 26, 2002. AES is the
first publicly accessible and open cipher
approved by the NSA for top secret
Reversing two decades of U.S. encryption
policy, the White House has proposed allowing
the export of software or hardware using any
encryption key length without license.
Companies can't sell to designated terrorist
countries and must report all exports in excess
of 64 bits.
Exporting up to 40 bit keys had always been
The announcement also included a final
version of The Cyberspace Electronic Security
Act of 1999 (CESA). This act would provide
"federal statutory protections for the privacy
of decryption keys" and protect law
enforcement from having to disclose how they
The Customs Service has reported that two
men have been arrested and accused of
scheming to smuggle military encryption
technology to China. The technology, two
devices known as KIV-7HS units, are used to
encode classified government communications
and are protected under ITAR.
11/17/03 MagiQ Technologies has begun
selling Navajo systems, reputedly unbreakable
encryption technology that employs the laws of
quantum physics. Navajo systems use photons
to transmit encryption keys over fiber-optic
lines; photons are so sensitive that their
behavior changes if they are examined. MagiQ
is requesting governmental permission to sell
Navajo abroad. http://www.informationweek.com/story/showArticle.jhtml?articleID=16100877
Aoccdrnig to a rscheearch at Cmabrigde Uinervtisy,
it deosn't mttaer in waht oredr the ltteers in a
wrod are, the olny iprmoetnt tihng is taht the frist
and lsat ltteer be at the rghit pclae. The rset can
be a total mses and you can sitll raed it wouthit a
porbelm. Tihs is bcuseae the huamn mnid deos not
raed ervey lteter by istlef, but the wrod as a wlohe.
David Gelernter took a bachelor's
degree in religious studies and a
master's in Hebrew literature from
Yale. He went on to collect a PhD in
computer science from the State
University of New York at Stony Brook,
but joined Yale as faculty in 1982. He
made a name for himself by developing
a computer language named "Linda”.