I crypt, You crypt Budi Rahardjo Institut Teknologi Bandung [email protected]@paume.itb.ac.id – ://budi.insan.co.id Invited

I crypt, You crypt

Budi RahardjoInstitut Teknologi Bandung

[email protected] – http://budi.insan.co.id

Invited Talk atIndonesian Cryptology and Information Security Conference

Jakarta, 30-31 March 2005

mailto:[email protected]

http://budi.insan.co.id/

2005 Budi Rahardjo - I crypt, you crypt

2

Gur Pelcg Fbat

V pelcg, lbh pelcgJr nyy pelcg, sbe V pelcg

Yn, yn, yn…


3

ROT13A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

n o p q r s t u v w x y z a b c d e f g h i j k l m

• Characters are shifted 13 places• Commonly used during the Usenet

newsgroup era to post puzzles or offensive messages

• There are many tools to perform rot13– Usenet news readers– Text editors: vi, emacs– Now, web-based: http://www.rot13.com


4

The Crypt Song

I crypt, you cryptWe all crypt, for I crypt

La, la, la… Adapted from

“The I scream ice cream” song

I scream, you screamWe all scream for ice creamLa, la, la

Monday, TuesdayWe all scream for sundaeLa, la, la


5

Daily-crypto-live

• Cryptography is part of our (digital?) live– GSM communication (with A5)– Bank ATM (PIN, encrypted communication)– Microsoft Office files can be saved with

password (RC4)– Access control (password, token, smartcard)– SSL in e-commerce– If that’s not enough, roll your own coding

scheme for puzzles, quizzes, … secret SMS messages !

– Many more …

• What does it mean?


6

http://www.randomhouse.com/doubleday/davinci/


7

A5 @ GSM

Source: http://www.issadvisor.com/columns/GSMSecurity/GSMSecurity.htm


8

Microsoft Office Password


9

What does it mean?

• It means that we already dependent on crypto for– Commercial environment– Government– Military– and … personal (home)


10

Impact To Government

• Should the government come up with regulation?

• Over protected/regulated– Privacy on the line– Bad for business

• Under protected– False sense of security– National security issues?

• How to strike balance?• There will be more debates in the future


11

Crypto problems in Indonesia

• The problems– Lack of understanding crypto.

A difficult subject. Not much interest. Don’t care…

– Lack of expertise in Indonesia(?)– How to build and keep talented

human resources in Indonesia?• That is why we need theSociety ofIndonesianCryptology and InformationSecurity


12

Resulting in …

• As a result– Technology dependencies are high– We are at the mercy of vendors and

other governments– We were given a sub-standard products

• (e.g. shorter key length, which results in less secure system)


13

International SurveilanceSource: IEEE Spectrum April 2003


14

Listen, Filter, Store

Source: IEEE Spectrum April 2003


15

Road from Crypto to Security

• Some would think that encryption can solve all security problems. Wrong!

• Crypto alone cannot solve all security problems– e.g. availability problems

• All of this lead to information security


16

Initiatives

• There has to be security initiative(s) to solve this problem, by– Research– Product development– Applications– Standards (for military, commercial, and

personal/home use)– Certification– Education [crypto for kids?]

• Indonesia’s National Strategy to Secure Cyberspace


17

Security Initiative Drivers

• Who is the driver?– Government– Academia– Commercial entities– Special interest groups

(such as our society?)


18


19


20

What to do next?

Let’s hope that this is conference continues (annually?)

Let’s discuss this in this forum…


21

Gunax Lbh

Documents

I crypt, You crypt Budi Rahardjo Institut Teknologi Bandung [email protected]@paume.itb.ac.id – ://budi.insan.co.id Invited