CS 150 – Computing: From Ada to the Web

1. CS 150 – Computing: From Ada to the Web Cryptography

2. Protecting Information • Frame message • Indicates what the message is • Outer message • Tells how to interpret the message • Inner message • The content of the message • How do we protect the message from eavesdropping?

3. At War • The earliest need for encryption came from war. • Sending orders by carrier that could be captured was dangerous at best. • Need to protect the message! • (Another early use: the Kama Sutra describes it as a way to have an affair without “inconvenient discovery.”)

4. The Caesar Cipher • The network: The Roman roads • The message: Orders to Roman troops • Also known as a Rotation Cipher, you simply replace a letter with another letter that is a certain number of letters away. • Technically, a Caesar Cipher is a Rotation Cipher where n = 3. • Popularly, you can find this cipher today as a simple “decoder ring.”

5. Rotation Cipher ABCDEFGHIJKLMNOPQRSTUVWXYZ encrypt decrypt JIDKQACRSHLGWNFEXUZVTPMYOB CS  DZ

6. Worked okay for 44BC, but… • Language is not random! • Random strings: the probability of two letters in the two messages matching is 1/26 (number of letters in alphabet) • Same-encrypted strings: the output letters will match when the input letters match • This happens much more frequently because some letters (e.g., “e” is ~13% of all letters) are more common

7. Vigenere Cipher • Blaise de Vigenère in the 19th century • Used during the Confederacy during the Civil War • Keyword rotational cipher • Plaintext: ATTACKATDAWN • Key: LEMONLEMONLE • Ciphertext: LXFOPVEFRNHR

8. Enigma • Invented commercially, 1923 • German Navy, Army, Air Force • About 50,000 in use (many were captured by Allies) • Modified throughout WWII, Germans believed perfectly secure • Kahn’s Codebreakers (1967) didn’t know it was broken • Turing’s 1940 Treatise on Enigma declassified in 1996 Enigma machine at Bletchley Park

9. Rotor Wheels Simple substitution Latch turns next rotor once per rotation

10. Image from http://en.wikipedia.org/wiki/Image:Enigma-action.png

11. Enigma’s Rotating Substitutions ABCDEFGHIJKLMNOPQRSTUVWXYZ Wheel 1: Rotate one position every letter JIDKQACRSHLGWNFEXUZVTPMYOB ABCDEFGHIJKLMNOPQRSTUVWXYZ Wheel 2: Rotate one position every 26 letters SQHLZNYKXUWVJRDFBETIMOGACP ABCDEFGHIJKLMNOPQRSTUVWXYZ Wheel 3: Rotate one position when wheel 2 cycles UAVGRDCBESYHLZOQKXTIMNJWFP

12. Enigma’s Problems • Each day, a new set of initial settings were used… • …and these were stored in a book that was stolen. • Each network had a different setup for the machine… • …which was also stolen. • For each message, a random set of three characters would be used to decipher the text… • …but people were lazy and used the same letters and also repeated them at the beginning of the message

13. The best thing about bad encryption? • We won WWII. • D-Day would not have happened without the cracking of the Enigma.

14. Modern Ciphers • RSA – popular public key cryptographic algorithm • Found in common products • Not “perfect,” but “good enough” if the key is long enough • Each entity needs a public and private key

15. RSA Key Generation • Choose two distinct large random prime numbers p and q • Compute n = pq • n is used as the modulus for both the public and private keys • Compute the totient: φ(n) = (p − 1)(q − 1). • Choose an integer e such that 1 < e < φ(n), and e and φ(n) share no factors other than 1 (i.e. e and φ(n) are coprime) • e is released as the public key exponent – 2^16 + 1 = 65537 is a popular choice • Compute d such that d*e = 1 + kφ(n) for some integer k. • d is kept as the private key exponent • Public key = (n, e)

16. Encrypting and Decrypting • Encrypt: c = m^e mod n • Decrypt: m = c^d mod n

17. Example • Choose two prime numbers • p = 61 and q = 53 • Compute n = p q • n = 61 * 53 = 3233 • Compute φ (n) = (p-1)(q-1) • φ(n) = (61 - 1)(53 - 1) = 3120 • Choose e > 1 coprime to 3120 • e = 17 • Compute d, such that d*e = 1 + kφ(n) • d = 2753 • 17 * 2753 = 46801 = 1 + 15 * 3120.

18. Example • The public key is (n = 3233, e = 17). For a message m, the encryption function is: • c = m^e mod n= m^{17} mod {3233}. • The private key is (n = 3233, d = 2753). The decryption function is: • m = c^d mod n = c^{2753} mod {3233}. • For example, to encrypt m = 123, we calculate • c = 123^{17} mod {3233} = 855. • To decrypt c = 855, we calculate • m = 855^{2753} mod {3233} = 123.

19. Key Exchange • Alice comes up with a key • She puts the key in a box and locks it with her padlock • Alice sends the box to Bob • Bob can’t get in the box, but he adds his padlock to the box • Bob sends the box back to Alice • Alice removes her padlock • Alice sends the box one more time to Bob • Bob removes his padlock and gets the key

20. Key Exchange • PGP • Pretty Good Privacy • Usually used for email • Uses RSA (sometimes) • X.509 • Server certificate keys • Can generate your own, or get one from a certificate authority

21. Point-to-point security • Using this type of exchange provides point-to-point security for traffic • But what if the other end doesn’t support any encryption? • http://gmail.com vs https://gmail.com • Both are valid – one is encrypted!

22. Tunneling • If you don’t trust the network you’re on (such as open wireless or hotspot) tunneling might be a good option. • Create a secure connection through which all traffic passes through. • SSH and VPN use this concept. • You connect to a computer and network you do trust and then release your traffic.

23. SSH and VPN • SSH is a secure shell connection that can tunnel other traffic. • VPN stands for Virtual Private Network • Hotspotvpn is a good option • Back to my Mac is another