35
David Evans [email protected] http://www.cs.virginia.edu/ evans Encryption: How it works, why it (sometimes) doesn’t, and what it can do University of Virginia Department of Computer Science http://www.cs.virginia.edu/evans/talks/cyberlaw.pp With a magnetic card and his dog Buddy's name as a password, President Clinton e-signed a bill Friday that will make electronic signatures as real as those on paper. FoxNews, 30 June 2000

David Evans [email protected] cs.virginia/evans

  • Upload
    daphne

  • View
    112

  • Download
    2

Embed Size (px)

DESCRIPTION

http://www.cs.virginia.edu/evans/talks/cyberlaw.ppt. Encryption: How it works, why it (sometimes) doesn’t, and what it can do. - PowerPoint PPT Presentation

Citation preview

Page 1: David Evans evans@cs.virginia cs.virginia/evans

David [email protected]

http://www.cs.virginia.edu/evans

Encryption: How it works, why it (sometimes) doesn’t, and what it can do

University of VirginiaDepartment of Computer Science

http://www.cs.virginia.edu/evans/talks/cyberlaw.ppt

With a magnetic card and his dog Buddy's name as a password, President Clinton e-signed a bill Friday that will

make electronic signatures as real as those on paper.

FoxNews, 30 June 2000

Page 2: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 2

Terminology

Encrypt DecryptPlaintextCiphertext

Plaintext

Alice BobEve

Insecure Channel

C = E(P)P = D(C)E must be invertible: P = D (E (P))

Page 3: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 3

Encrypt DecryptPlaintextCiphertext

Plaintext

Alice Bob

Insecure Channel

C = E(P, K)P = D(C, K)

K K

“The enemy knows the system being used.”

Claude Shannon

Eve

Page 4: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 4

Jefferson Wheel Cipher

Page 5: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 5

Enigma• About 50,000 used by Nazi’s in

WWII• Modified throughout WWII,

believed to be perfectly secure• Broken by Bletchley Park led by

Alan Turing (and 30,000 others)• First computer (Collossus)

developed to break Nazi codes (but kept secret through 1970s)

• Allies used decrypted Enigma messages to plan D-Day

Page 6: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 6

Modern Symmetric Ciphers A billion billion is a large number, but it's

not that large a number.— Whitfield Diffie

• Same idea but:– Use digital logic instead of

mechanical rotors– Larger keys– Encrypt blocks of letters at a time

Page 7: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 7

DES [1976]Plaintext

16x

Rou

nd

L0 R0

F

K1

L1 R1

Sub

stitu

tion

Per

mut

atio

n

Initial Permutation 56-bit key256 = 72 quadrillion

Can try 1 Trillion keys per second,break DES in < 1 day

Page 8: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 8

Modern Ciphers• AES (Rijndael) successor to DES selected

last year• 128-bit keys, encrypt 128-bit blocks• Brute force attack

– Try 1 Trillion keys per second– Would take 10790283070806000000 years to try

all keys! – If that’s not enough, can use 256-bit key

• No known techniques that do better than brute force search

Page 9: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 9

Problem with all Symmetric Ciphers

Encrypt DecryptPlaintextCiphertext

Plaintext

Alice BobEve

Insecure Channel

How do Alice and Bob agree on K (without Eve hearing it)?

K K

Page 10: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 10

Padlocked Boxes

Alice

Hi!

Page 11: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 11

Padlocked Boxes

Alice Hi!

Alice’s Padlock

Alice’s Padlock Key

Page 12: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 12

Padlocked Boxes

Alice

Alice’s Padlock Key

Shady Sammy’s

Slimy Shipping Service

Page 13: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 13

Padlocked Boxes

Alice

Hi!

Bob

Bob’s Padlock

Bob’s Padlock KeyAlice’s Padlock Key

Page 14: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 14

Padlocked Boxes

Alice

Hi!

Bob

Bob’s Padlock KeyAlice’s Padlock Key

Page 15: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 15

Padlocked Boxes

Alice

Hi!

Bob

Bob’s Padlock KeyAlice’s Padlock Key

Page 16: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 16

Padlocked Boxes

Alice

Hi!

Bob

Bob’s Padlock Key

Page 17: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 17

Padlocked Boxes

Alice

Hi!

Bob

Bob’s Padlock Key

Hi!

Page 18: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 18

Secret Paint MixingAnalogy due to Simon Singh, The Code Book.

Alice Bob

Yellow paint (public)

Alice’s Secret Color

Bob’s Secret Color

CA = Yellow + PurpleCB = Yellow + Red

K = Yellow + Red + Purple K = Yellow + Purple + Red

Eve

Page 19: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 19

One-Way Functions• Like mixing paint – easy to mix, hard to unmix• Simple example:

– Middle 100 digits of n2, n random 100 digit number– Given n, easy to calculate.– Given 100 digits, hard to find n.

• Trap-door one way function:– D (E (M)) = M– E and D are easy to compute.– Revealing E doesn’t reveal an easy way to compute D

Page 20: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 20

Public-Key Applications: Privacy

• Alice encrypts message to Bob using Bob’s Private Key

• Only Bob knows Bob’s Private Key only Bob can decrypt message

Encrypt DecryptPlaintextCiphertext

Plaintext

Alice Bob

Bob’s Public Key Bob’s Private Key

Page 21: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 21

Signatures

• Bob knows it was from Alice, since only Alice knows Alice’s Private Key

• Non-repudiation: Alice can’t deny signing message (except by claiming her key was stolen!)

• Integrity: Bob can’t change message (doesn’t know Alice’s Private Key)

Encrypt DecryptPlaintext

SignedMessage

Plaintext

AliceBob

Alice’s Private Key Alice’s Public Key

Page 22: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 22

RSA[Rivest, Shamir, Adelman 78]

E(M) = Me mod n Public key (e, n)D(C) = Cd mod n Private key d

e, d and n chosen so Med mod n = MD(E(M)) = E(D(M)) = M

Page 23: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 23

Choosing e, d, nChoose 2 secret primes p and q

n = p * q

e * d 1 mod (p – 1)(q – 1)

Depends on number theory theorems of Euler and Fermat

Page 24: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 24

RSA in Perl

print pack"C*", split/\D+/, `echo "16iII*o\U@{$/=$z; [(pop,pop,unpack"H*",<>)]} \EsMsKsN0[lN*1lK[d2%Sa2/d0 <X+d*lMLa^*lN%0]dsXx++lMlN /dsM0<J]dsJxp"|dc`

Until 1997 – Illegal to show

this slide to non-US citizens!

Page 25: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 25

Security of RSA• n is public, but not p and q where n = p * q • If we can find p and q, easy to find d

(private key)• Sounds easy: just need to factor n

– 4th grade factoring: divide by 2, 3, 4, …

n is ~200 digits – would take quintillions of years

Better algorithms known, but not much better

Page 26: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 26

Key Management

Everyone can know the public key, but to be useful must know it is the owner’s public key.

Alice

Encrypt DecryptPlaintextCiphertext

Plaintext

Bob’s Public Key Bob’s Private Key

Really Eve’s Public Key

Hi!

Alice’s Padlock Key

Really Eve’s Padlock

Page 27: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 27

Approach 1: Meet Secretly

• Alice and Bob meet secretly and swap public keys– If you can do that, might as well agree on a

secret (symmetric key) instead– Doesn’t work for Internet transactions

Page 28: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 28

Approach 2: Public Announcement

• Publish public keys in a public forum– Append to email messages– Post on web site– New York Time classifieds

• Easy for rogue to pretend to be someone else– Forge email, alter web site, lie to New York

Times

Page 29: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 29

Approach 3: Public Directory• Trusted authority maintains directory

mapping names to public keys• Entities register public keys with

authority in some secure way• Authority publishes directory

– Print using watermarked paper, special fonts, etc.

– Allow secure electronic access• Depends on secure distribution of directory’s

key

Page 30: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 30

Approach 4: Certificates

VeriSign

Alice Bob

KUA

CA = EKRVeriSign[“Alice”, KUA]

KUB

CB = EKRVeriSign[“Bob”, KUB]

CB

CA

How do I know “Alice” is “Alice”?

$$$$

Page 31: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 31

Data encrypted using secret key exchanged using some public keyassociated with some certificate.

Page 32: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 32

Page 33: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 33

Page 34: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 34

Page 35: David Evans evans@cs.virginia cs.virginia/evans

19 Sept 2001 Cyberlaw: Encryption 35

Summary• Cryptology can do a lot:

– Keep secrets– Provide signatures– Anonymity, Money, Voting, Zero-Knowledge

Proofs, etc.• But, its not perfect:

– Depends on humans not making mistakes– Tough to associate keys with principals

http://www.cs.virginia.edu/evans/talks/cyberlaw.ppt