Hashing - Computer Science
Download
Report
Transcript Hashing - Computer Science
Government and
Cryptography
Sandy Kutin
CSPP 532
8/14/01
We, the people, ...
How, and why, does government get
involved in cryptography?
Role of government:
Establish justice
Ensure domestic tranquility
Provide for the common defense
Promote the general welfare
Secure the blessings of liberty to ourselves
and our posterity
in order to form...
Provide for the common defense
National Security: Import/export restrictions
Ensure domestic tranquility
Law enforcement: Key escrow
Secure the blessings of liberty
Encryption does this through confidentiality
Government restrictions can be restrictive
a more perfect union
Establish justice
Contract law: what is a signature?
Digital copyright laws, patent law
Balance rights of software/hardware companies,
content providers with rights of consumers
Standard or approved algorithms
Legal standards
Also affects national security: infrastructure
Promote the general welfare
Dan Bernstein vs.
the Department of Justice
In 1990, Dan Bernstein wrote a paper
Showed how to use one-way hashes for
encryption; included source code
1992: tried to get permission to publish
1995: with EFF, sued the government
Case is still being appealed
May be made irrelevant by changes to the
export laws
Current Export Laws
January, 2000: U.S. eased restrictions:
Can’t export cryptanalytic materials
Strong products exportable with a license
Exports not allowed to Cuba, Iran, Iraq, Libya,
North Korea, Syria, Sudan
Posting on web sites could still be a problem
Europe is less restrictive
Wassenaar agreement:
DES decontrolled, stronger systems controlled
Pros & Cons
Harder for terrorists to Approval process
get sensitive material
complicated
NSA keeps its edge
“Bad guys will have
crypto anyway”
Now, U.S. companies
can compete
Infringes on free
speech, academics
Key Escrow
Technical issues: secret-sharing schemes
Clipper (voice), Capstone (data)
Algorithm is Skipjack, designed by NSA
Each chip has a unit key, KU, held in escrow
Law Enforcement Access Field (LEAF):
session key encrypted with KU
U encrypted with KF (fixed key)
16-bit checksum; invalid LEAFs disallowed
Proposal never really caught on
American Standards
Government standards: AES, SHA, HMAC
Helps large companies choose secure
systems, defend national infrastructure
Bank doesn’t care whether NSA can break in
If you don’t trust government, don’t use them
What key length corresponds to “beyond
reasonable doubt”?
Expert witnesses, or government standards?
What’s your sign?
What is a signature?
Electronic Signatures in Global and
National Commerce Act (E-Sign)
Contract can’t be rejected because it’s digital
Doesn’t apply to checks, wills, court filings,
…
Problem: as we’ve said, there are lots of
ways to attack a digital signature scheme
Courts will work this out, eventually
Divorce in Dubai
Divorce in traditional Islamic law:
Husband makes declaration to wife
Let’s avoid religious argument; assume we live
in a country in which this is the rule
Dubai (in United Arab Emirates):
16 recent divorces by cell phone text message
Singapore, last week:
Islamic authorities declared such divorces illegal
Issues of authentication
©: All Rights Reserved?
Can someone copyright encryption?
Can you reverse-engineer your own
hardware or software?
What if encryption, digital watermarks
interfere with fair use?
Digital Millenium Copyright Act (DMCA)
1998: Work which could be used for
copyright violation is an illegal “circumvention
device”
DVD encryption: theory
Decryption key stored on DVD
Not directly accessible by player
But: piracy easy (copy DVD, key included)
2-way authentication with player’s key
Each player uses one of 408 keys
If one player is compromised, phase it out of
future releases
How secure is it?
What if I want a Linux player?
DVD encryption: practice
40-bit keys
One player was weak, key was broken
Weakness just made attack even faster
Scheme published; 216 attack found
Can break encryption in 20 seconds
MPAA prosecuting people who write,
distribute tools to break encryption
Last week: Pavlovich (lost jurisdiction
battle)
Felten vs. SDMI
1999: Secure Digital Music Initiative
Record companies, RIAA, some techs
Verance Corp. developed watermarking
9/00: SDMI announces hack challenge
11/00: Fentel et al. (Princeton, Rice)
Broke the encryption; decided to publish
Accepted for April conference, then pulled
Slated for tomorrow at USENIX
eBooks
eBooks: convenient, easy to use, but
easy to copy; publishers nervous
Adobe provides a solution: locking
Pro: can’t make illegal copies
Con: fair use: extra copies, excerpts, resale
You can resell or upgrade computers, but
you have to contact the publisher
What if the publisher no longer exists?
Adobe vs. Sklyarov
Elcomsoft (Russian) broke encryption
Legal in Russia; right to make backup
PhD student Dmitry Sklyarov wrote code
Elcomsoft sold 7 copies in US
7/17: FBI arrested Sklyarov in Las Vegas
Adobe has since dropped suit, but
Sklyarov still charged with federal crime
Sklyarov released on bail last week
Around the World
European Software Directive (1993)
User has right to make back-up
Reverse-engineering permitted if it is
“indispensable” for the purpose of achieving
interoperability; may not be used to infringe
copyright or conflict with the program owner’s
“legitimate interests”
Canada working on a DMCA-like law
Recommended Reading
Discrete Logarithms, Diffie-Hellman
Stallings, Section 6.4
Elliptic Curves
Stallings, Section 6.5
Import/Export Laws
http://www.rsa.com/rsalabs/faq/
DMCA cases
http://www.eff.org/