DOCSLIB.ORG

ECE 646 – Lecture 4

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

ECE 646 – Lecture 4 Pretty Good Privacy PGP Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 6/E or 7/E Chapter 19.1 Pretty Good Privacy (PGP) On-line Chapters (available after registration): Appendix O Data Compression Using Zip Appendix P More on PGP Short History of PGP based on the book Crypto by Steven Levy Phil Zimmermann – early years • grew up in Florida, got interested in cryptography in teenage years • studied physics at Florida Atlantic University, 1972-1977 • learned about RSA shortly after its discovery, from the Mathematical Recreational column in Scientific American • became active in the antinuclear political movement of 1970s-1980s Collaboration with Charlie Merritt • in 1984, Zimmermann was contacted by Charlie Merritt, who implemented RSA on a microcomputer based on Z80 8-bit microprocessor • by 1986, Merritt passed to Zimmermann all his knowledge of multiprecision integer arithmetic required to implement RSA • In 1986, Merritt and Zimmermann met with Jim Bidzos, the new CEO of RSA Data Security Inc., who brought with him a copy of Mailsafe, a program written by Rivest and Adleman, implementing RSA. After the meeting: • Zimmermann claimed that Bidzos offered him a free license to RSA • Bidzos strongly denied such claims Early Work (1986-1991) • in 1986, Zimmermann summarized his ideas in the paper published in IEEE Computer • As a secret key cipher he chose a cipher developed by Merritt for navy, with his own security improvements. He called this cipher Bass-O-Matic, see http://www.nbc.com/saturday-night-live/video/bassomatic/n8631?snl=1 • in 1990, he devoted his time completely to finishing the program he called Pretty Good Privacy • In 1990 he called Jim Bidzos to confirm his free RSA license. Bidzos strongly denied ever making such offer. Release of PGP 1.0 - 1991 • In 1991, out of the fear of the government making all encryption illegal (prompted by an antiterrorist Senate bill 266 co-sponsored by Joe Biden) he decided to release PGP as soon as possible, and changed its classification from "shareware" to "freeware" • In May 1991, Zimmermann passed the program to a fellow crypto enthusiast to spread it on the Internet "like dandelion seeds" Release of PGP 1.0 - 1991 • In the first weekend of June 1991, PGP 1.0 was uploaded to multiple servers (all located in the U.S.). Its documentation included a motto: "When crypto is outlawed, only outlaws will have crypto". • The very next day people were encrypting messages with PGP all over the world (in violation of the U.S. crypto export regulations) Legal Problems • RSA Data Security Inc. and Public Key Partners accused Zimmermann of violating their patents • PGP 2.0, released in September 1992 from Amsterdam and Auckland, replaced Bass-O-Matic by a much stronger Swiss cipher called IDEA with the 128-bit key • In February 1993 Zimmermann became the formal target of a criminal investigation by the US Government for "munitions export without a license”. In 1996, the investigation of Zimmermann was closed without filing criminal charges against him or anyone else. • PGP 5 released in 1997 introduced use of the CAST-128 symmetric key algorithm, and the ElGamal asymmetric key algorithm (referred in the documentation as Diffie- Hellman), mitigating patent dispute with RSA Data Security Inc. and PKP. Later Years • In 1997, IETF (Internet Engineering Task Force) started the development of a standard called OpenPGP • The Free Software Foundation has developed its own OpenPGP-compliant program called GNU Privacy Guard (abbreviated GnuPG or GPG) • Most recently, several iOS and Android OpenPGP- compliant applications have been released, such as iPGMail for iOS and APG for Android Internal Operation of PGP: Implementation of Security Services PGP – Authentication Only Notation: M - message H – hash function EP – public key encryption || - concatenation Z - compression using ZIP algorithm KRa – private key of user A KUa – public key of user A Non-repudiation Alice Bob Message Signature Message Signature Hash Hash function function Hash value 1 Hash value yes no Hash value 2 Public key Public key cipher cipher Alice’s private key Alice’s public key PGP – Confidentiality Only Notation: M - message Z - compression using ZIP algorithm EC / DC – classical (secret-key) encryption / decryption EP / DP – public key encryption / decryption || - concatenation Ks - session key KRb – private key of user B KUb – public key of user B Hybrid Systems - Sender’s Side (2) Alice message session key 1 random Secret key cipher 2 Public key cipher Bob’s public 3 key Session key Message encrypted encrypted using using session key Bob’s public key Hybrid Systems - Receiver’s Side (2) Bob message session key 2 random Secret key cipher 1 Public key cipher Bob’s private key Session key Message encrypted encrypted using using session key Bob’s public key PGP – Confidentiality and Authentication Notation: M - message H – hash function Z - compression using ZIP algorithm EP / DP – public key encryption / decryption || - concatenation EC / DC – classical (secret-key) encryption / decryption Ks - session key KRa / KRb – private key of user A / B KUa / KUb – public key of user A / B Transmission and Reception of PGP Messages [Stallings, 2014] PGP Operation – Compression • by default PGP compresses message after signing but before encrypting – so can store uncompressed message & signature for later verification – because compression is non deterministic • uses ZIP compression algorithm Major idea behind ZIP compression [Stallings, 2014] Radix-64 Conversion The '==' sequence indicates that the last group contained only one byte, and '=' indicates that it contained two bytes. [Stallings, 2014] Radix-64 Encoding [Stallings, 2014] Radix-64 Conversion Example General Format of PGP Message [Stallings, 2014] Summary of PGP functions [Stallings, 2010] Private Key Ring [Stallings, 2014] Public Key Ring [Stallings, 2014] PGP Message Generation (without compression or radix-64 conversion) [Stallings, 2014] PGP Message Reception (without compression or radix-64 conversion) [Stallings, 2014] PGP: Flow of trust Manual exchange of public keys: Las Vegas Edinburgh Bob Û David David Û Betty Bob David Betty (Washington) (New York) (London) David, send me Betty’s public key Betty’s public key signed by David message encrypted using Betty’s public key PGP Trust Model [Stallings, 2010].
Recommended publications
  • A History of End-To-End Encryption and the Death of PGP

    A History of End-To-End Encryption and the Death of PGP

    25/05/2020 A history of end-to-end encryption and the death of PGP Hey! I'm David, a security engineer at the Blockchain team of Facebook (https://facebook.com/), previously a security consultant for the Cryptography Services of NCC Group (https://www.nccgroup.com). I'm also the author of the Real World Cryptography book (https://www.manning.com/books/real-world- cryptography?a_aid=Realworldcrypto&a_bid=ad500e09). This is my blog about cryptography and security and other related topics that I Ûnd interesting. A history of end-to-end encryption and If you don't know where to start, you might want to check these popular the death of PGP articles: posted January 2020 - How did length extension attacks made it 1981 - RFC 788 - Simple Mail Transfer Protocol into SHA-2? (/article/417/how-did-length- extension-attacks-made-it-into-sha-2/) (https://tools.ietf.org/html/rfc788) (SMTP) is published, - Speed and Cryptography the standard for email is born. (/article/468/speed-and-cryptography/) - What is the BLS signature scheme? (/article/472/what-is-the-bls-signature- This is were everything starts, we now have an open peer-to-peer scheme/) protocol that everyone on the internet can use to communicate. - Zero'ing memory, compiler optimizations and memset_s (/article/419/zeroing-memory- compiler-optimizations-and-memset_s/) 1991 - The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations The US government introduces the 1991 Senate Bill 266, (/article/461/the-9-lives-of-bleichenbachers- which attempts to allow "the Government to obtain the cat-new-cache-attacks-on-tls- plain text contents of voice, data, and other implementations/) - How to Backdoor Di¸e-Hellman: quick communications when appropriately authorized by law" explanation (/article/360/how-to-backdoor- from "providers of electronic communications services di¸e-hellman-quick-explanation/) and manufacturers of electronic communications - Tamarin Prover Introduction (/article/404/tamarin-prover-introduction/) service equipment".
  • Security + Encryption Standards

    Security + Encryption Standards

    Security + Encryption Standards Author: Joseph Lee Email: joseph@ ripplesoftware.ca Mobile: 778-725-3206 General Concepts Forward secrecy / perfect forward secrecy • Using a key exchange to provide a new key for each session provides improved forward secrecy because if keys are found out by an attacker, past data cannot be compromised with the keys Confusion • Cipher-text is significantly different than the original plaintext data • The property of confusion hides the relationship between the cipher-text and the key Diffusion • Is the principle that small changes in message plaintext results in large changes in the cipher-text • The idea of diffusion is to hide the relationship between the cipher-text and the plaintext Secret-algorithm • A proprietary algorithm that is not publicly disclosed • This is discouraged because it cannot be reviewed Weak / depreciated algorithms • An algorithm that can be easily "cracked" or defeated by an attacker High-resiliency • Refers to the strength of the encryption key if an attacker discovers part of the key Data-in-transit • Data sent over a network Data-at-rest • Data stored on a medium Data-in-use • Data being used by an application / computer system Out-of-band KEX • Using a medium / channel for key-exchange other than the medium the data transfer is taking place (phone, email, snail mail) In-band KEX • Using the same medium / channel for key-exchange that the data transfer is taking place Integrity • Ability to determine the message has not been altered • Hashing algorithms manage Authenticity
  • Battle of the Clipper Chip - the New York Times

    Battle of the Clipper Chip - the New York Times

    Battle of the Clipper Chip - The New York Times https://www.nytimes.com/1994/06/12/magazine/battle-of-the-clipp... https://nyti.ms/298zenN Battle of the Clipper Chip By Steven Levy June 12, 1994 See the article in its original context from June 12, 1994, Section 6, Page 46 Buy Reprints VIEW ON TIMESMACHINE TimesMachine is an exclusive benefit for home delivery and digital subscribers. About the Archive This is a digitized version of an article from The Times’s print archive, before the start of online publication in 1996. To preserve these articles as they originally appeared, The Times does not alter, edit or update them. Occasionally the digitization process introduces transcription errors or other problems; we are continuing to work to improve these archived versions. On a sunny spring day in Mountain View, Calif., 50 angry activists are plotting against the United States Government. They may not look subversive sitting around a conference table dressed in T-shirts and jeans and eating burritos, but they are self-proclaimed saboteurs. They are the Cypherpunks, a loose confederation of computer hackers, hardware engineers and high-tech rabble-rousers. The precise object of their rage is the Clipper chip, offically known as the MYK-78 and not much bigger than a tooth. Just another tiny square of plastic covering a silicon thicket. A computer chip, from the outside indistinguishable from thousands of others. It seems 1 of 19 11/29/20, 6:16 PM Battle of the Clipper Chip - The New York Times https://www.nytimes.com/1994/06/12/magazine/battle-of-the-clipp..
  • Zfone: a New Approach for Securing Voip Communication

    Zfone: a New Approach for Securing Voip Communication

    Zfone: A New Approach for Securing VoIP Communication Samuel Sotillo [email protected] ICTN 4040 Spring 2006 Abstract This paper reviews some security challenges currently faced by VoIP systems as well as their potential solutions. Particularly, it focuses on Zfone, a vendor-neutral security solution developed by PGP’s creator, Phil Zimmermann. Zfone is based on the Z Real-time Transport Protocol (ZRTP), which is an extension of the Real-time Transport Protocol (RTP). ZRTP offers a very simple and robust approach to providing protection against the most common type of VoIP threats. Basically, the protocol offers a mechanism to guarantee high entropy in a Diffie- Hellman key exchange by using a session key that is computed through the hashing several secrets, including a short authentication string that is read aloud by callers. The common shared secret is calculated and used only for one session at a time. However, the protocol allows for a part of the shared secret to be cached for future sessions. The mechanism provides for protection for man-in-the-middle, call hijack, spoofing, and other common types of attacks. Also, this paper explores the fact that VoIP security is a very complicated issue and that the technology is far from being inherently insecure as many people usually claim. Introduction Voice over IP (VoIP) is transforming the telecommunication industry. It offers multiple opportunities such as lower call fees, convergence of voice and data networks, simplification of deployment, and greater integration with multiple applications that offer enhanced multimedia functionality [1]. However, notwithstanding all these technological and economic opportunities, VoIP also brings up new challenges.
  • Transnationality, Morality, and Politics of Computing Expertise

    Transnationality, Morality, and Politics of Computing Expertise

    UNIVERSITY OF CALIFORNIA Los Angeles Transnationality, Morality, and Politics of Co!"#ting Ex"ertise A dissertation s#%!i&ed in partial satis action o t'e re(#ire!ents for t'e degree )octor o P'iloso"'y in Anthro"ology %y L#is Feli"e Rosado M#rillo *+,- . Co"yright by L#is Feli"e Rosado M#rillo 2+,- A/STRACT OF T0E DISSERTATION Transnationality, Morality, and Politics o Co!"#ting E$"ertise %y L#is Feli"e Rosado M#rillo )octor o P'iloso"'y in Anthro"ology Uni1ersity o Cali ornia, Los Angeles, 2+,- Pro essor C'risto"'er M2 Kelty, C'air In this dissertation I e$amine t'e alterglo%alization o co!"#ter e$"ertise 5it' a oc#s on t'e creation o "olitical, econo!ic, !oral, and tec'nical ties among co!"#ter tec'nologists 5'o are identi6ed %y "eers and sel 7identi y as 8co!"#ter 'ac9ers2: ;e goal is to in1estigate 'o5 or!s o collaborati1e 5or9 are created on a local le1el alongside glo%al "ractices and disco#rses on co!"#ter 'ac9ing, linking local sites 5it' an e!ergent transnational do!ain o tec'nical e$c'ange and "olitical action. In order to ad1ance an #nderstanding o the e$"erience and "ractice o 'ac9ing %eyond its !ain axes o acti1ity in <estern Euro"e and the United States, I descri%e and analy4e "ro=ects and career trajectories o program!ers, engineers, and hac9er acti1ists w'o are ii !e!%ers o an international networ9 o co!!#nity s"aces called 8'ac9ers"aces: in the Paci6c region.
  • Pgpfone Pretty Good Privacy Phone Owner’S Manual Version 1.0 Beta 7 -- 8 July 1996

    Pgpfone Pretty Good Privacy Phone Owner’S Manual Version 1.0 Beta 7 -- 8 July 1996

    Phil’s Pretty Good Software Presents... PGPfone Pretty Good Privacy Phone Owner’s Manual Version 1.0 beta 7 -- 8 July 1996 Philip R. Zimmermann PGPfone Owner’s Manual PGPfone Owner’s Manual is written by Philip R. Zimmermann, and is (c) Copyright 1995-1996 Pretty Good Privacy Inc. All rights reserved. Pretty Good Privacy™, PGP®, Pretty Good Privacy Phone™, and PGPfone™ are all trademarks of Pretty Good Privacy Inc. Export of this software may be restricted by the U.S. government. PGPfone software is (c) Copyright 1995-1996 Pretty Good Privacy Inc. All rights reserved. Phil’s Pretty Good engineering team: PGPfone for the Apple Macintosh and Windows written mainly by Will Price. Phil Zimmermann: Overall application design, cryptographic and key management protocols, call setup negotiation, and, of course, the manual. Will Price: Overall application design. He persuaded the rest of the team to abandon the original DOS command-line approach and designed a multithreaded event-driven GUI architecture. Also greatly improved call setup protocols. Chris Hall: Did early work on call setup protocols and cryptographic and key management protocols, and did the first port to Windows. Colin Plumb: Cryptographic and key management protocols, call setup negotiation, and the fast multiprecision integer math package. Jeff Sorensen: Speech compression. Will Kinney: Optimization of GSM speech compression code. Kelly MacInnis: Early debugging of the Win95 version. Patrick Juola: Computational linguistic research for biometric word list. -2- PGPfone Owner’s
  • Considering PGP

    Considering PGP

    Security Now! Transcript of Episode #418 Page 1 of 38 Transcript of Episode #418 Considering PGP Description: This week, Steve and Leo continue covering the consequences of the Snowden leaks and, with that in mind, they examine the Pretty Good Privacy (PGP) system for securely encrypting eMail and attachments. High quality (64 kbps) mp3 audio file URL: http://media.GRC.com/sn/SN-418.mp3 Quarter size (16 kbps) mp3 audio file URL: http://media.GRC.com/sn/sn-418-lq.mp3 SHOW TEASE: It's time for Security Now!. Steve Gibson, our security guru, is here. This is a show everybody has to watch. In fact, share it with your friends, your neighbors, your colleagues: Using PGP to protect your email. Steve talks about it next on Security Now!. Leo Laporte: This is Security Now! with Steve Gibson, Episode 418, recorded August 21st, 2013: Considering PGP. It's time for Security Now!, the show that covers your security, your privacy, your safety online with this man here, the 'Splainer in Chief, Steven Gibson at GRC.com. Hey, Steverino. Steve Gibson: Hey, Leo. Great to be with you for Show No. 1 of Year No. 9. Leo: Wow. Steve: We begin our ninth year. Leo: Wow. Episode 418, and you've only missed one, and that was because we made you. Steve: Yeah. So we're not going to do that again. That was not pretty. There was an uprising among the natives. Security Now! Transcript of Episode #418 Page 2 of 38 Leo: Well, you've got to fight it out with Lisa because I don't - I never had the cojones to stop you, but she does.
  • The People Who Invented the Internet Source: Wikipedia's History of the Internet

    The People Who Invented the Internet Source: Wikipedia's History of the Internet

    The People Who Invented the Internet Source: Wikipedia's History of the Internet PDF generated using the open source mwlib toolkit. See http://code.pediapress.com/ for more information. PDF generated at: Sat, 22 Sep 2012 02:49:54 UTC Contents Articles History of the Internet 1 Barry Appelman 26 Paul Baran 28 Vint Cerf 33 Danny Cohen (engineer) 41 David D. Clark 44 Steve Crocker 45 Donald Davies 47 Douglas Engelbart 49 Charles M. Herzfeld 56 Internet Engineering Task Force 58 Bob Kahn 61 Peter T. Kirstein 65 Leonard Kleinrock 66 John Klensin 70 J. C. R. Licklider 71 Jon Postel 77 Louis Pouzin 80 Lawrence Roberts (scientist) 81 John Romkey 84 Ivan Sutherland 85 Robert Taylor (computer scientist) 89 Ray Tomlinson 92 Oleg Vishnepolsky 94 Phil Zimmermann 96 References Article Sources and Contributors 99 Image Sources, Licenses and Contributors 102 Article Licenses License 103 History of the Internet 1 History of the Internet The history of the Internet began with the development of electronic computers in the 1950s. This began with point-to-point communication between mainframe computers and terminals, expanded to point-to-point connections between computers and then early research into packet switching. Packet switched networks such as ARPANET, Mark I at NPL in the UK, CYCLADES, Merit Network, Tymnet, and Telenet, were developed in the late 1960s and early 1970s using a variety of protocols. The ARPANET in particular led to the development of protocols for internetworking, where multiple separate networks could be joined together into a network of networks. In 1982 the Internet Protocol Suite (TCP/IP) was standardized and the concept of a world-wide network of fully interconnected TCP/IP networks called the Internet was introduced.
  • 0137135599 Sample.Pdf

    0137135599 Sample.Pdf

    Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations have been printed with initial capital letters or in all capitals. The authors and publisher have taken care in the preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein. The publisher offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales, which may include electronic versions and/or custom covers and content particular to your business, training goals, marketing focus, and branding interests. For more information, please contact: U.S. Corporate and Government Sales (800) 382-3419 [email protected] For sales outside the United States, please contact: International Sales [email protected] Visit us on the Web: www.informit.com/aw Library of Congress Cataloging-in-Publication Data: Abelson, Harold. Blown to bits : your life, liberty, and happiness after the digital explosion / Hal Abelson, Ken Ledeen, Harry Lewis. p. cm. ISBN 0-13-713559-9 (hardback : alk. paper) 1. Computers and civilization. 2. Information technology—Technological innovations. 3. Digital media. I. Ledeen, Ken, 1946- II. Lewis, Harry R. III. Title. QA76.9.C66A245 2008 303.48’33—dc22 2008005910 Copyright © 2008 Hal Abelson, Ken Ledeen, and Harry Lewis All rights reserved.
  • A Few Thoughts on Cryptographic Engineering What's the Matter With

    A Few Thoughts on Cryptographic Engineering What's the Matter With

    13/06/2020 What’s the matter with PGP? – A Few Thoughts on Cryptographic Engineering MenuMenu A Few Thoughts on Cryptographic Engineering Some random thoughts about crypto. Notes from a course I teach. Pictures of my dachshunds. Mahew Green in messaging, privacy August 13, 2014July 29, 2016 2,592 Words What’s the matter with PGP? Last Thursday, Yahoo announced their plans to support end-to-end encryption using a fork of Google’s end-to-end email extension (hps://code.google.com/p/end-to-end/). This is a Big Deal. With providers like Google and Yahoo onboard, email encryption is bound to get a big kick in the ass. This is something email badly needs (hp://www.newyorker.com/tech/elements/the-daunting-challenge-of- secure-e-mail). So great work by Google and Yahoo! Which is why following complaint is going to seem awfully ungrateful. I realize this and I couldn’t feel worse about it. As transparent and user-friendly as the new email extensions are, they’re fundamentally just re-implementations of OpenPGP (hp://en.wikipedia.org/wiki/Prey_Good_Privacy) — and non-legacy-compatible ones, too. The problem with this is that, for all the good PGP has done in the past, it’s a model of email encryption that’s fundamentally broken. It’s time for PGP to die. In the remainder of this post I’m going to explain why this is so, what it means for the future of email encryption, and some of the things we should do about it. Nothing I’m going to say here will surprise anyone who’s familiar with the technology — in fact, this will barely be a technical post.
  • Crypto Anarchy, Cyberstates, and Pirate Utopias Edited by Peter Ludlow

    Crypto Anarchy, Cyberstates, and Pirate Utopias Edited by Peter Ludlow

    Ludlow cover 7/7/01 2:08 PM Page 1 Crypto Anarchy, Cyberstates, and Pirate Utopias Crypto Anarchy, Crypto Anarchy, Cyberstates, and Pirate Utopias edited by Peter Ludlow In Crypto Anarchy, Cyberstates, and Pirate Utopias, Peter Ludlow extends the approach he used so successfully in High Noon on the Electronic Frontier, offering a collection of writings that reflect the eclectic nature of the online world, as well as its tremendous energy and creativity. This time the subject is the emergence of governance structures within online communities and the visions of political sovereignty shaping some of those communities. Ludlow views virtual communities as laboratories for conducting experiments in the Peter Ludlow construction of new societies and governance structures. While many online experiments will fail, Ludlow argues that given the synergy of the online world, new and superior governance structures may emerge. Indeed, utopian visions are not out of place, provided that we understand the new utopias to edited by be fleeting localized “islands in the Net” and not permanent institutions. The book is organized in five sections. The first section considers the sovereignty of the Internet. The second section asks how widespread access to resources such as Pretty Good Privacy and anonymous remailers allows the possibility of “Crypto Anarchy”—essentially carving out space for activities that lie outside the purview of nation-states and other traditional powers. The Crypto Anarchy, Cyberstates, third section shows how the growth of e-commerce is raising questions of legal jurisdiction and taxation for which the geographic boundaries of nation- states are obsolete. The fourth section looks at specific experimental governance and Pirate Utopias structures evolved by online communities.
  • Eweek's 2007 Top 100 Most Influential People in IT

    Eweek's 2007 Top 100 Most Influential People in IT

    March 16, 2007 eWeek's 2007 Top 100 Most Influential People in IT 1. Sergey Brin and Larry page – Google 40. Bruce Schneier – BT Counterpane 2. Tim Berners-Lee – W3C 41. Randy Mott – Hewlett-Packard 3. Linus Torvalds – Linux 42. Steve Mills – IBM 4. Larry Ellison – Oracle 43. Dave Barnes – UPS 5. Steve Ballmer – Microsoft 44. Jeff Bezos – Amazon 6. Steve Jobs – Apple 45. Michael Dell – Dell 7. Marc Benioff –Salesforce.com 46. Tom Friedman – New York Times 8. Ray Ozzie – Microsoft 47. Irving Wladawsky-Berger – IBM 9. Nicholas Negroponte – MIT 48. Douglas Merrill – Google 10. Diane Green – VMware 49. John Dingell – U.S. House of 11. Sam Palmisano – IBM Representatives (D-Mich.) 12. Blake Ross – Firefox 50. John Cherry – The Linux Foundation 13. Ralph Szygenda – General Motors 51. Nancy Pelosi – U.S. House of 14. Rollin Ford – Wal-Mart Representatives (D-Calif.) 15. Rick Dalzell – Amazon.com 52. Andy Bechtolsheim – Sun Microsystems 16. Dr. Alan Kay – Viewpoints Research 53. Rob Carter – FedEx Institute 54. Charles Giancarlo – Cisco Systems 17. Tim O’Reilly – O’Reilly Media 55. Vikram Akula – SKS Microfinance 18. Paul Otellini – Intel 56. Robin Li – Baidu 19. Jonathan Schwartz – Sun Microsystems 57. John Halamka M.D. – Beth Israel 20. Vinton Cerf – Google Deaconess Medical Center 21. Rick Rashid – Microsoft 58. Simon Phipps – Sun Microsystems 22. Mark Russinovich – Microsoft 59. Dr. Linton Wells II – U.S. Department of 23. Eric Schmidt – Google Defense 24. Mark Hurd – Hewlett-Packard 60. Kevin Martin – FCC 25. Margaret (Meg) Whitman - eBay 61. Gregor S. Bailar – Capital One 26. Tim Bray – Sun Microsystems 62.