ch3b encryption n.
Skip this Video
Loading SlideShow in 5 Seconds..
Ch3b Encryption PowerPoint Presentation
Download Presentation
Ch3b Encryption

play fullscreen
1 / 40
Download Presentation

Ch3b Encryption - PowerPoint PPT Presentation

nico
63 Views
Download Presentation

Ch3b Encryption

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Ch3b Encryption CSC309 Miller

  2. Uses of Encryption Electronic Funds transfer trillion dollars a day. Automated teller machine passwords Pin's. Credit card numbers on the internet. Bank records. Your password. Cable TV signals. Cellular phone calls. CSC309 Miller

  3. Encryption Encryption usually include a coding scheme (a cryptographic algorithm) and a sequence of characters (a key) which is used to turn plain text into a coded message (cipher text). The cipher text is decoded (decrypted) to produce the original plain text. Encryption scheme used by Julius Caesar was to replace each letter with the one three places ahead of it in the alphabet. (CaesarFdhwdu) CSC309 Miller

  4. Symmetric Key The key that is used to encrypt a message is also the key that is used to decrypt it. This is also referred to as symmetric private key. The major problem is that you have to protect the key. A related problem is that in some cases it is going to be extremely difficult to deliver the key to someone who will use it without exposing the key. CSC309 Miller

  5. National Security Agency NSA created in 1952 by President Truman’s top-secret order. Monitors all communication between U.S. and world. That is interpreted to mean all foreign phone calls, radio transmissions, and more recently, all Internet traffic. CSC309 Miller

  6. National Security Agency Interested in designing schemes no other country can break and to break everybody else's methods. Considered itself the repository of all cryptography information for the country. CSC309 Miller

  7. DES The Data Encryption Standard was originally developed by IBM in the 1960’s but was modified by the National Security Agency prior to its adoption as a government standard in 1977. (NSA involvement was the major reason it was never fully accepted by the public.) DES is a symmetric private key cryptography system. CSC309 Miller

  8. Diffie-Hellman In May of 1975, Diffie came up with the thought of splitting the key. One part (the public part) would be used for encryption while the other (the private part) would be used to decrypt the message. When the private part was used to encrypt and the public to decrypt then a digital signature had been generated. They presented a paper “New Directions in Cryptography”. CSC309 Miller

  9. Public Key Examplefrom CSC300 = 3522 901 568 803 39 450 645 1173 = 234 1 2 5 11 32 87 141 3522*1171=???(mod1234) 0 1 0 1 0 1 0 = 1252 901 568 803 39 450 645 1173 1252*1171=100(mod1234) 0 1 0 1 0 1 0 = 100 1 2 5 11 32 87 141 CSC309 Miller

  10. RSA RSA (a public key encryption scheme) is named for the three individuals from MIT, Rivest-Shamir-Adelman who developed it. They also built a company to commercialize their product and licensed the technology to companies such as Microsoft. The government kept strong encryption out of products (in companies such as Microsoft) by its export regulations. CSC309 Miller

  11. Export Restrictions Because of military applications, coding machines and encryption software are treated as "munitions” and covered by ITAR (International Traffic in Arms Regulation). Government noticed that all of the strong encryption software that was available overseas could not be regulated so they threatened prosecution on export software designed to work with someone’s encryption routines. CSC309 Miller

  12. Going Public Spring of 1992 the head of NSA was told that cryptography was going public, that RSA was selling it, and that the Internet had provided a way around the export laws. The head of NSA requested a solution and shortly thereafter key escrow appeared. Simply store a copy of the key in a secure area and then make law enforcement get a search warrant to get a copy that would let them decrypt a message. But then there was AT&T. CSC309 Miller

  13. AT&T AT&T had been selling a secure phone to the government but in 92 decided to sell a version (TSD3600) to the public. The FBI saw their ability to do wiretaps slipping away and proposed adding a chip to TSD3600 which would allow them to set up an escrow system but no one could figure out why this was good for them. CSC309 Miller

  14. Clipper Chip is Born Politically the security advocates thought they were in serious trouble because escrow became a privacy issue. Presentations by the FBI gained the support of the executive branch of government and AT&T was offered a deal it couldn’t turn down. The promise of the purchase of lots of these devices and no hassle on exports allowed the process to move forward. The modified A&T device became known as the Clipper Chip. CSC309 Miller

  15. Clipper Chip Sort of complicated. When two people exchanged information in a phone call a packet of information was exchanged which included the chip’s serial numbers and a special session key. The FBI could decode chip serial numbers but not the session key which was stored in pieces in two different government agencies and available to the FBI only after a legal wiretap was approved. CSC309 Miller

  16. Clipper Chip (Cont.) There were problems. Clipper was based on a secret algorithm and was to be implemented in hardware (cost and up-grade considerations), Clipper phones only worked with Clipper phones, and there was the problem of escrowed keys. In 1994 NSA let a few Clipper chips out for inspection. Matt Blase of Bell labs quickly broke the code, wrote his findings to NAS, and got a technical publication out. His results made it to the front page of the New York Times and Clipper was dead. CSC309 Miller

  17. Key Escrow Won’t Work Experts and lawmakers opposed legislation that would require people using encryption to put their encryption keys in escrow with a third party, as the keys would become targets for terrorists. Responding to claims that a key escrow system could allow law enforcement officials to decode communication between terrorists and other criminals, Rep. Bob Goodlatte (R-Va) remarked that such persons are not likely to place their encryption keys in escrow anyhow. http://www.fcw.com/fcw/articles/2001/1001/web-keys-10-03-01.asp CSC309 Miller

  18. Key Escrow Plan Abandoned “ ... the temptation to abuse key escrow or create a mass repository of stored keys would pose a single point of security risk unlike ever before. Furthermore, he says fear of its abuse could have a chilling effect on people's sense of privacy and security, forcing users to shy away from the very technology created to safeguard their transmitted messages.” The key escrow debate mirrors a dropped effort on the part of the government to institute a "Clipper chip" http://www.infoworld.com/articles/hn/xml/01/10/18/011018hnencryption.xml CSC309 Miller

  19. Escrow Lots of situations where escrow needs to be used. CSC309 Miller

  20. Researchers Claim to Crack Car Alarm Code Computer science faculty at John Hopkins have found a way to crack the code used in the keys of more than 150 million new Fords, Toyotas and Nissans involves a transponder chip embedded in the key and a reader inside the car. They also cracked the code for new gasoline purchase system in which a reader inside the gas pump is able to recognize a small key-chain tag when the tag is waved in front of it. Texas Instruments, said the hardware used to crack the codes is cumbersome, expensive and not practical for common thieves. CSC309 Miller

  21. Pretty Good Protection Phillip Zimmerman, a programmer concerned about the governments plans to limit the use of strong encryption, in 1991 developed a program using public key cryptography for e-mail. Zimmerman gave his “PGP” software to a friend who uploaded it to as many bulletin boards as he could find. It quickly became the most popular encryption scheme for e-mail. CSC309 Miller

  22. Pretty Good Protection (Cont.) In February of 1993, Zimmerman was notified that he was being investigated to see if he had violated the International Traffic In Arms Regs. The investigation was dropped three years later. This slowed down distribution as did the fact that it used patented technology and was at that time in competition with the government’s Clipper chip. CSC309 Miller

  23. PGP Zimmerman defended his actions by arguing that if ordinary people didn’t have access to “military grade” public key encryption then only the organizations with big money such as governments, giant corporations, drug cartels, etc. would have privacy. CSC309 Miller

  24. Ten Years Later Phil Zimmermann, has been crying every day since last week's terrorist attacks. He has been overwhelmed with feelings of guilt. In a telephone interview from his home, he said he doesn't regret posting the encryption program on the Internet. Yet he has trouble dealing with the reality that his software was likely used for evil. "The intellectual side of me is satisfied with the decision, but the pain that we all feel because of all the deaths mixes with this," he said. "It has been a horrific few days." (Washington Post 9/21/01) CSC309 Miller

  25. Three Days Later Phil Zimmermann did not find the Washington Post article “entirely accurate”. Concerning the “overwhelmed with feelings of guilt” comment, “I never implied that in the interview, and specifically went out of my way to emphasize to her that that was not the case, and made her repeat back to me the point so that she could not get it wrong in the article.” “...strong cryptography does more for a demo- cratic society than harm, even if it can be used by terrorists.” No regrets. CSC309 Miller

  26. Steganography The word steganography comes from the Greek steganos (covered or secret) and -graphy (writing or drawing) and thus means, literally, covered writing. Steganography is usually given as a synonym for cryptography but it is not normally used in that way. Through recent usage, steganography has come to mean hidden writing, i.e., writing that is not readily discernible to the casual observer. For example, the childhood practice of writing messages in 'invisible ink' would qualify as steganography since the writing is hidden in the sense that it is not obvious that it is there unless you know to look for it. CSC309 Miller

  27. Steganography Steganography, is the practice of embedding secret messages in other messages -- in a way that prevents an observer from learning that anything unusual is taking place. http://www.cl.cam.ac.uk/ ~fapp2/steganography/image_downgrading/ A really good site that we have been watching for years (last update Jan/09). Gives the best explanation I’ve found. CSC309 Miller

  28. Steganography You used steganography to find the CSC309 downloads. The first line reads: “9/11/08 I've started updating this CSC309 site and have made first contact with textbook folks.” Click on the period at the end of the line (it does have a little line under it) for a another article on steganography. CSC309 Miller

  29. Modern Steganography Modern steganographers use software like White Noise Storm and S-Tools allow a paranoid sender to embed messages in digitized information, typically audio, video or still image files, that are sent to a recipient. The software usually works by storing infor- mation in the least significant bits of a digitized file -- those bits can be changed without in ways that aren't dramatic enough for a human eye or ear to detect. CSC309 Miller

  30. ABC Presentation on Steganography • ABC gave a presentation on Steganography in 2001 where they claimed the top picture contained a picture of a B-52. The actual content is a B-52 graveyard. CSC309 Miller

  31. 56-bit DES cracked In 1997, a series of contests were initiated, offering a $10,000 prize to any one that could break a message encrypted with 56-bit DES. With the best plan of attack known at that time (sort of brute force) requiring an estimated 2,285 years of computer time on a dedicated 200 mhz computer no winners were anticipated. CSC309 Miller

  32. 56-bit DES cracked The first contest was won by a team of computer scientist who got on the Internet with a request to use idle cycles on computers attached to the Internet with an offer to pay $4,000 if your machine was the one that came up with the answer. Code cracked in 96 days. 78,000 computers had participated in the search. CSC309 Miller

  33. 56-bit DES cracked EFF, a free speech advocacy group, in July of 1998, cracked the 56-bit DES encryption in 56 hours on a $250,000 custom built computer named “Deep Crack”. In January 1999, the third contest saw a joint effort between distributed.net and Deep Crack find the key in 22 hours 15 minutes. CSC309 Miller

  34. AES Replaces DES The Advanced Encryption Standard (AES) was adopted by the U.S. government after a 5-year standardization process in which fifteen competing designs were evaluated. It became effective as a standard May 26, 2002. AES is the first publicly accessible and open cipher approved by the NSA for top secret information. CSC309 Miller

  35. White House ReversesCrypto Policy 09/17/99 Reversing two decades of U.S. encryption policy, the White House has proposed allowing the export of software or hardware using any encryption key length without license. Companies can't sell to designated terrorist countries and must report all exports in excess of 64 bits. Exporting up to 40 bit keys had always been legal. CSC309 Miller

  36. White House ReversesCrypto Policy 09/17/99 The announcement also included a final version of The Cyberspace Electronic Security Act of 1999 (CESA). This act would provide "federal statutory protections for the privacy of decryption keys" and protect law enforcement from having to disclose how they obtained information. CSC309 Miller

  37. Encryption Smuggling Arrests 08/29/01 The Customs Service has reported that two men have been arrested and accused of scheming to smuggle military encryption technology to China.  The technology, two devices known as KIV-7HS units, are used to encode classified government communications and are protected under ITAR. CSC309 Miller

  38. Quantum Encryption Product 11/17/03 MagiQ Technologies has begun selling Navajo systems, reputedly unbreakable encryption technology that employs the laws of quantum physics. Navajo systems use photons to transmit encryption keys over fiber-optic lines; photons are so sensitive that their behavior changes if they are examined. MagiQ is requesting governmental permission to sell Navajo abroad. http://www.informationweek.com/story/showArticle.jhtml?articleID=16100877 CSC309 Miller

  39. Interesting Aoccdrnig to a rscheearch at Cmabrigde Uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the frist and lsat ltteer be at the rghit pclae. The rset can be a total mses and you can sitll raed it wouthit a porbelm. Tihs is bcuseae the huamn mnid deos not raed ervey lteter by istlef, but the wrod as a wlohe. Amzanig huh??? CSC309 Miller

  40. History Snapshot (What does this have to do with encryption/privacy?) David Gelernter took a bachelor's degree in religious studies and a master's in Hebrew literature from Yale. He went on to collect a PhD in computer science from the State University of New York at Stony Brook, but joined Yale as faculty in 1982. He made a name for himself by developing a computer language named "Linda”.