Ch3 Wiretapping and Encryption
Download
Report
Transcript Ch3 Wiretapping and Encryption
Ch3b Encryption
2/11/01
CSC309 Miller
1
Uses of Encryption
Electronic Funds transfer trillion dollars a day.
Automated teller machine passwords Pin's.
Credit card numbers on the internet.
Bank records.
Your password.
Cable TV signals.
Cellular phone calls.
2/11/01
CSC309 Miller
2
Encryption
Encryption usually include a coding scheme
(a cryptographic algorithm) and a sequence of
characters (a key) which is used to turn plain
text into a coded message (cipher text). The
cipher text is decoded (decrypted) to produce
the original plain text.
Encryption scheme used by Julius Caesar was
to replace each letter with the one three places
ahead of it in the alphabet. (CaesarFdhwdu)
2/11/01
CSC309 Miller
3
Symmetric Key
The key that is used to encrypt a message is
also the key that is used to decrypt it. This is
also referred to as symmetric private key.
The major problem is that you have to protect
the key.
A related problem is that in some cases it is
going to be extremely difficult to deliver the
key to someone who will use it without
exposing the key.
9/14/01
CSC309 Miller
4
National Security Agency
NSA created in 1952 by President Truman’s
top-secret order.
Monitors all communication between U.S.
and world. That is interpreted to mean all
foreign phone calls, radio transmissions,
and more recently, all Internet traffic.
9/14/01
CSC309 Miller
5
National Security Agency
Interested in designing schemes no other
country can break and to break everybody
else's methods.
Considered itself the repository of all
cryptography information for the country.
9/14/01
CSC309 Miller
6
DES
The Data Encryption Standard was originally
developed by IBM in the 1960’s but was
modified by the National Security Agency
prior to its adoption as a government standard
in 1977. (NSA involvement was the major
reason it was never fully accepted by the
public.)
DES is a symmetric private key cryptography
system.
9/14/01
CSC309 Miller
7
Diffie-Hellman
In May of 1975, Diffie came up with the
thought of splitting the key. One part
(the public part) would be used for encryption
while the other (the private part) would be
used to decrypt the message.
When the private part was used to encrypt
and the public to decrypt then a digital
signature had been generated. They presented
a paper “New Directions in Cryptography”.
9/14/01
CSC309 Miller
8
Public Key Example
from CSC300
= 3522
901 568 803
39 450 645 1173
= 234
1
2
5
11 32
87
141
3522*1171=???(mod1234)
0
1
0
901 568 803
1
0
1
0
39 450 645 1173
= 1252
1252*1171=100(mod1234)
0
1
9/15/01
1
2
0
5
1
0
1
0
11 32
87
141
CSC309 Miller
= 100
9
RSA
RSA (a public key encryption scheme) is
named for the three individuals from MIT,
Rivest-Shamir-Adelman who developed it.
They also built a company to commercialize
their product and licensed the technology to
companies such as Microsoft.
The government kept strong encryption out
of products (in companies such as Microsoft)
by its export regulations.
9/14/01
CSC309 Miller
10
Export Restrictions
Because of military applications, coding
machines and encryption software are
treated as "munitions” and covered by ITAR
(International Traffic in Arms Regulation).
Government noticed that all of the strong
encryption software that was available overseas
could not be regulated so they threatened
prosecution on export software designed to
work with someone’s encryption routines.
9/14/01
CSC309 Miller
11
Going Public
Spring of 1992 the head of NSA was told that
cryptography was going public, that RSA was
selling it, and that the Internet had provided a
way around the export laws. The head of NSA
requested a solution and shortly thereafter
key escrow appeared.
Simply store a copy of the key in a secure area
and then make law enforcement get a search
warrant to get a copy that would let them
decrypt a message. But then there was AT&T.
9/14/01
CSC309 Miller
12
AT&T
AT&T had been selling a secure phone to the
government but in 92 decided to sell a version
(TSD3600) to the public.
The FBI saw their ability to do wiretaps slipping
away and proposed adding a chip to TSD3600
which would allow them to set up an escrow
system but no one could figure out why this was
good for them.
9/14/01
CSC309 Miller
13
Clipper Chip is Born
Politically the security advocates thought they
were in serious trouble because escrow became
a privacy issue.
Presentations by the FBI gained the support of
the executive branch of government and AT&T
was offered a deal it couldn’t turn down. The
promise of the purchase of lots of these devices
and no hassle on exports allowed the process to
move forward. The modified A&T device
became known as the Clipper Chip.
10/20/08
CSC309 Miller
14
Clipper Chip
Sort of complicated. When two people
exchanged information in a phone call a
packet of information was exchanged which
included the chip’s serial numbers and a
special session key. The FBI could decode
chip serial numbers but not the session key
which was stored in pieces in two different
government agencies and available to the
FBI only after a legal wiretap was approved.
9/14/01
CSC309 Miller
15
Clipper Chip (Cont.)
There were problems. Clipper was based on a
secret algorithm and was to be implemented in
hardware (cost and up-grade considerations),
Clipper phones only worked with Clipper phones,
and there was the problem of escrowed keys.
In 1994 NSA let a few Clipper chips out for
inspection. Matt Blase of Bell labs quickly broke
the code, wrote his findings to NAS, and got a
technical publication out.
His results made it to the front page of the New
York Times and Clipper was dead.
2/11/01
CSC309 Miller
16
Key Escrow Won’t Work
Experts and lawmakers opposed legislation that
would require people using encryption to put
their encryption keys in escrow with a third
party, as the keys would become targets for
terrorists. Responding to claims that a key
escrow system could allow law enforcement
officials to decode communication between
terrorists and other criminals, Rep. Bob
Goodlatte (R-Va) remarked that such persons
are not likely to place their encryption keys in
escrow anyhow.
http://www.fcw.com/fcw/articles/2001/1001/web-keys-10-03-01.asp
10/15/01
CSC309 Miller
17
Key Escrow Plan Abandoned
“ ... the temptation to abuse key escrow or
create a mass repository of stored keys would
pose a single point of security risk unlike ever
before. Furthermore, he says fear of its abuse
could have a chilling effect on people's sense
of privacy and security, forcing users to shy
away from the very technology created to
safeguard their transmitted messages.”
The key escrow debate mirrors a dropped
effort on the part of the government to
institute a "Clipper chip"
http://www.infoworld.com/articles/hn/xml/01/10/18/011018hnencryption.xml
10/23/01
CSC309 Miller
18
Escrow
Lots of situations where escrow needs to be used.
9/15/01
CSC309 Miller
19
Researchers Claim to Crack
Car Alarm Code
Computer science faculty at John Hopkins have found
a way to crack the code used in the keys of more than
150 million new Fords, Toyotas and Nissans involves a
transponder chip embedded in the key and a reader
inside the car. They also cracked the code for new
gasoline purchase system in which a reader inside the
gas pump is able to recognize a small key-chain tag
when the tag is waved in front of it. Texas Instruments,
said the hardware used to crack the codes is
cumbersome, expensive and not practical for common
thieves.
1/30/05
CSC309 Miller
20
Pretty Good Protection
Phillip Zimmerman, a programmer concerned
about the governments plans to limit the use of
strong encryption, in 1991 developed a program
using public key cryptography for e-mail.
Zimmerman gave his “PGP” software
to a friend who uploaded it to as many bulletin
boards as he could find. It quickly became
the most popular encryption scheme for e-mail.
9/14/01
CSC309 Miller
21
Pretty Good Protection (Cont.)
In February of 1993, Zimmerman was notified
that he was being investigated to see if he had
violated the International Traffic In Arms Regs.
The investigation was dropped three years later.
This slowed down distribution as did the fact
that it used patented technology and was at
that time in competition with the government’s
Clipper chip.
9/15/01
CSC309 Miller
22
PGP
Zimmerman defended his actions by arguing
that if ordinary people didn’t have access to
“military grade” public key encryption then
only the organizations with big money such as
governments, giant corporations, drug cartels,
etc. would have privacy.
2/11/01
CSC309 Miller
23
Ten Years Later
Phil Zimmermann, has been crying every
day since last week's terrorist attacks. He has
been overwhelmed with feelings of guilt. In a
telephone interview from his home, he said he
doesn't regret posting the encryption program
on the Internet. Yet he has trouble dealing with
the reality that his software was likely used for
evil. "The intellectual side of me is satisfied with
the decision, but the pain that we all feel because
of all the deaths mixes with this," he said. "It
has been a horrific few days." (Washington Post 9/21/01)
9/24/01
CSC309 Miller
24
Three Days Later
Phil Zimmermann did not find the Washington
Post article “entirely accurate”. Concerning the
“overwhelmed with feelings of guilt” comment,
“I never implied that in the interview, and
specifically went out of my way to emphasize
to her that that was not the case, and made her
repeat back to me the point so that she could
not get it wrong in the article.”
“...strong cryptography does more for a democratic society than harm, even if it can be used
by terrorists.” No regrets.
10/10/01
CSC309 Miller
25
Steganography
The word steganography comes from the Greek
steganos (covered or secret) and -graphy (writing
or drawing) and thus means, literally, covered
writing. Steganography is usually given as a
synonym for cryptography but it is not normally
used in that way. Through recent usage,
steganography has come to mean hidden writing,
i.e., writing that is not readily discernible to the
casual observer. For example, the childhood
practice of writing messages in 'invisible ink'
would qualify as steganography since the writing
is hidden in the sense that it is not obvious that it
is there
unless
you
know
to
look
for
it.
3/29/02
CSC309 Miller
26
Steganography
Steganography, is the practice of embedding
secret messages in other messages -- in a way
that prevents an observer from learning that
anything unusual is taking place.
http://www.cl.cam.ac.uk/
~fapp2/steganography/image_downgrading/
A really good site that we have been watching
for years (last update Jan/09). Gives the best
explanation I’ve found.
1/30/09
CSC309 Miller
27
Steganography
You used steganography to find the CSC309
downloads. The first line reads:
“9/11/08 I've started updating this CSC309 site
and have made first contact with textbook folks.”
Click on the period at the end of the line
(it does have a little line under it)
for a another article on steganography.
1/30/09
CSC309 Miller
28
Modern Steganography
Modern steganographers use software like
White Noise Storm and S-Tools allow a
paranoid sender to embed messages in
digitized information, typically audio, video
or still image files, that are sent to a recipient.
The software usually works by storing information in the least significant bits of a digitized
file -- those bits can be changed without in ways
that aren't dramatic enough for a human eye or
ear to detect.
1/27/02
CSC309 Miller
29
ABC Presentation on
Steganography
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
•
QuickT ime™ and a
T IFF (Uncompressed) decompressor
are needed to see thi s pi cture.
2/2/05
• ABC gave a
presentation on
Steganography in
2001 where they
claimed the top
picture contained a
picture of a B-52.
The actual content is
a B-52 graveyard.
CSC309 Miller
30
56-bit DES cracked
In 1997, a series of contests were initiated,
offering a $10,000 prize to any one that
could break a message encrypted with
56-bit DES. With the best plan of attack
known at that time (sort of brute force)
requiring an estimated 2,285 years of
computer time on a dedicated 200 mhz
computer no winners were anticipated.
2/15/09
CSC309 Miller
31
56-bit DES cracked
The first contest was won by a team of
computer scientist who got on the Internet
with a request to use idle cycles on
computers attached to the Internet with an
offer to pay $4,000 if your machine was the
one that came up with the answer. Code
cracked in 96 days. 78,000 computers had
participated in the search.
2/11/01
CSC309 Miller
32
56-bit DES cracked
EFF, a free speech advocacy group, in July
of 1998, cracked the 56-bit DES encryption
in 56 hours on a $250,000 custom built
computer named “Deep Crack”.
In January 1999, the third contest saw a
joint effort between distributed.net and
Deep Crack find the key in 22 hours 15
minutes.
2/15/09
CSC309 Miller
33
AES Replaces DES
The Advanced Encryption Standard (AES)
was adopted by the U.S. government
after a 5-year standardization process in
which fifteen competing designs were
evaluated. It became effective as a
standard May 26, 2002. AES is the
first publicly accessible and open cipher
approved by the NSA for top secret
information.
2/15/09
CSC309 Miller
34
White House Reverses
Crypto Policy 09/17/99
Reversing two decades of U.S. encryption
policy, the White House has proposed allowing
the export of software or hardware using any
encryption key length without license.
Companies can't sell to designated terrorist
countries and must report all exports in excess
of 64 bits.
Exporting up to 40 bit keys had always been
legal.
2/11/01
CSC309 Miller
35
White House Reverses
Crypto Policy 09/17/99
The announcement also included a final
version of The Cyberspace Electronic Security
Act of 1999 (CESA). This act would provide
"federal statutory protections for the privacy
of decryption keys" and protect law
enforcement from having to disclose how they
obtained information.
2/11/01
CSC309 Miller
36
Encryption Smuggling Arrests
08/29/01
The Customs Service has reported that two
men have been arrested and accused of
scheming to smuggle military encryption
technology to China. The technology, two
devices known as KIV-7HS units, are used to
encode classified government communications
and are protected under ITAR.
9/15/01
CSC309 Miller
37
Quantum Encryption Product
11/17/03 MagiQ Technologies has begun
selling Navajo systems, reputedly unbreakable
encryption technology that employs the laws of
quantum physics. Navajo systems use photons
to transmit encryption keys over fiber-optic
lines; photons are so sensitive that their
behavior changes if they are examined. MagiQ
is requesting governmental permission to sell
Navajo abroad.
http://www.informationweek.com/story/showArticle.jhtml?articleID=16100877
2/8/04
CSC309 Miller
38
Interesting
Aoccdrnig to a rscheearch at Cmabrigde Uinervtisy,
it deosn't mttaer in waht oredr the ltteers in a
wrod are, the olny iprmoetnt tihng is taht the frist
and lsat ltteer be at the rghit pclae. The rset can
be a total mses and you can sitll raed it wouthit a
porbelm. Tihs is bcuseae the huamn mnid deos not
raed ervey lteter by istlef, but the wrod as a wlohe.
Amzanig huh???
9/18/03
CSC309 Miller
39
History Snapshot (What does this have
to do with encryption/privacy?)
David Gelernter took a bachelor's
degree in religious studies and a
master's in Hebrew literature from
Yale. He went on to collect a PhD in
computer science from the State
University of New York at Stony Brook,
but joined Yale as faculty in 1982. He
made a name for himself by developing
a computer language named "Linda”.
2/15/09
40