sign in sign up
<<
Home , Key (cryptography), Numbers (season 1)

Big :

The Role Played by Mathematics in Internet Commerce

Dr. David Singer (Dept. of Mathematics, CWRU) and Mr. Ari Singer (NTRU )

Copyright 2008 Ari Singer and David Singer

Public Key

Bob (receiver) Alice (sender)

Eve (eavesdropper) lice and ob have never met before. Yet they are able to carry on a private conversation on an insecure communications channel and not worry about eavesdroppers.

How is this possible? arol and avid are flippin g a coin

over the tel eph one, and each is confident the other is not cheating.

How is this possible?

thel has a secret.

She wants to convince red that she knows the secret, but without revealing anything about the secret to him.

How is this possible? Cryptography

y Cryptography (secret writing), is the art and science of secure transmission of confidential information. y It also allows secure storage of dtdata. y Only someone with the key can get access.

“Classical” Cryptography y Dates back to antiquity y Alice and Bob agree on a method of and a key. y Alice uses the key to encrypt the message she sends. y Bob uses the same key to decrypt the message.. Classical

scar attempts to determine the contents of an encrypted message without the key. He may try all possible keys (Brute force)

Or he may use more subtle techniques, such as analysis of statistical anomalies.

Modern Cryptography

New Directions in Cryptography, by and , 1976. (Also classified publication by James Ellis in 1970,,) declassified in 1997.) Introduced the essential idea: Public Keys and Private Keys. Bob has two keys: a public key, which is available to anyone, and a private key.

Alice uses the public key to lock ((yp);encrypt); Bob uses the private key to unlock (decrypt).

Advantages y Alice can communicate without having previously contacted Bob. y No one but Bob can decrypt the message. y Majjyor reduction in the number of keys required for a large group. Public key vvs.s. Private key y Private key: 20 y Public key: 20 users need 190 users need 21 key pairs key pairs

Disadvantages y Public-Key Cryptography tends to be slower y May be harder to implement in a secure way

Big question: How can it be made To work?? Creating a mathematical secret y It is easy to multiply numbers. y There are usually many ways to get the same product:

But if two primes are multiplied together there is only one way to ‘unmultiply’ (factor) them

Creating a mathematical secret y Multippylying numbers is “easy” y y But factoring numbers is “hard”

Basis for RSA : L.M. Adleman, R.L. Rivest and A. Shamir, 1978 The RSA Cryptosystem y Generate two large prime numbers p and . Multiply them together to get very large number N. y Compute Eul(ler Totient T=(p-1)(q-1) y Choose numbers e and d for which the prodtduct e times d leaves remai idnder 1 when divided by T. y Publish (N, e) (this is the public key). y Keep the rest secret.

The Encryption algorithm y Turn messaggge into a large number m (encoding) y Compute (this is the remainder left when th is divided by N). y The number c is the encryption of the message! The Decryption Algorithm y Compute y Decode m to get the message. y Mathematical principle: If you know the values of m, e, and N, you can compute c. y If you know the values of c, d, and N, you can compute m. y BUT if you know c, e, and N and can’t factor N, you (probably) can’t get m.

A Small Example: N=33 Big Primes

Big Primes Factoring into Big Primes

Factoring into Big Numbers Digital Signatures

RSA can also be used to allow Alice to sign a document. She decrypts the document with her secret key. Anyone else can use her public key to see that she signed it.

Digital Signatures y Onlyyyg Alice can use her key to sign a message: Secure Hash Function y In pp,ractice, Alice does not sig n the message itself; she signs a hash ((pa compressed version ). y This makes electronic forgery much more difficult. Mathematical tools y Number theory –for encryption algorithms. y Computational complexity – to know what is hard and what is easy to compute. y Probability theory – randomness is needed for implementing algorithms securely.

Mathematical Tools y Computational Mathematics – to know how to make calculations qqyuickly and accurately . y Other mathematics: linear algebra, geometry,… Challenge-response y To ppy,yprove identity, you possess a secret (). y But you don’t want to give up the secret! (Remember Ethel and Fred) y So you must give a “proof of knowledge. ”

Ali Baba’s Cave Ali Baba’s Cave

Ali Baba’s Cave Zero-Knowledge Proof y Usinggg challenge-resppqonse techniques, Alice demonstrates she knows the password (with high probability) but does not reveal the password . y She may have to respond to many chllhallenges in or der to convi nce BBbob. y Key idea for solving many problems (e.g., coin-flip over ttleleph one)

Why Use Cryptography? y We are ppgrotecting data and there is a lot of data to protect! What are we protecting against? y Well known stuff like ◦ Laptop loss or theft ◦ Data center compromise ◦ Viruses ◦ Hackers ◦ Snooping of e-mail and personal data y And lesser known stuff like ◦ Electronically modifying sensor data in a factory ◦ My neighbor changing the temperature on my refrigerator

Cryptographic Services y Privacyy( (encryp tion) –You can’t see it y Integrity (signing) – You can’t change it y (validation) – I wrote it y Freshness (challenge-response) – I am doing this now Common Security Goals y Protection of data (access control) ◦ Secrecy of data (read access) ◦ Creation of data (write access) y Authentication required to access resources ◦ NtNetwor ks, idiidlindividual mac hines, e tc. y Proof of authorization of an action ◦ Signature on a contract, authorization of payment, etc.

Security Goals: Authentication y Web sites – Am I at Amazon.com? y Users– Is this Alice trying to access the site? y Network devices – Is this the DNS server that really knows which machines host amazon.com? Example: Web Authentication

Session key

Talking to Amazon.com

Computes session key

Verifies signature

Security Goals: Data Secrecy y Data at rest ◦ Databases (e.g. with credit card numbers), hard drive contents, tape drive contents y Data in transit ◦ Premium cable content, phone conversations, e-mails, internet traffic, industrial sensors Example: Wireless Personal Area NNtketwork (WPAN)

PNC PNC n

o & p o & p q q o & p qq

Device DiDevice Device DiDevice r

Device Device

nDevices determine oEach device requests pThe controller qDevices transmit rTwo devices may which device is best to join the piconet and establishes time slots protected data to optionally establish suited t o b e pi conet perftlforms mutual fhdidfor each device and the oth er d evi ces i n thei r own secure sub - controller (PNC) and authentication with the distributes piconet the piconet during network. agree on it. controller. payload protection their time slots. keys.

Building the Solution

y Complexity of requirements on data management often transl at es to complexity of security models y Many companies must come together to create new and better security solutions to meet these new needs y Solutions must balance three competing forces: ◦ Cost ◦ Ease of use ◦ Secu rity Example: Trusted Computing y Goal is to ensure that the hardware and software on your machine is behavinggp pro perl y y Inclusion of a (TPM) on a platform assists in building trust in your machine y Many pieces must come together to make this work in practice

Example: Trusted Computing Ecosystem

Pre-Boot Do You Use Cryptography? y Do you buy anything online? y Do you pay your bills or bank online? y Do you use SpeedPass? y Do you watch cable TV? y Do yypyou ever pay for Internet access when away from home? y Do you access your employer’s network from outside of your office? y Do you like to buy the latest gadgets?