crypto some historical and technical background april 5 2001 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Crypto: Some historical and Technical Background April 5, 2001 PowerPoint Presentation
Download Presentation
Crypto: Some historical and Technical Background April 5, 2001

Crypto: Some historical and Technical Background April 5, 2001

118 Views Download Presentation
Download Presentation

Crypto: Some historical and Technical Background April 5, 2001

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Crypto: Some historical and Technical BackgroundApril 5, 2001

  2. Some Definitions

  3. Plaintext: the unencrypted text • Ciphertext: the encrypted message • Steganography: hiding message in other message (or even in a picture) • one-time pad: a set of keys used at most once • sender/receiver must both have it • unbreakable, unless enemy obtains copy • extremely inconvenient for long messages

  4. Symmetric Algorithms • Decryption key can be calculated from encryption key & vice versa • keys must be kept secret • example: shifting letters in alphabet • stream algorithms: operate on plaintext a single bit or byte at a time • block ciphers: operate on a group of bits from the plaintext

  5. Public-key(asymmetric) Algorithms • Encryption key public; decryption key private - not easily obtainable from encryption key • How to distribute public keys? Spoofing? • Useful for digital signature • You sign using your private key • I decrypt using your public key

  6. Requirements for crypto alg • Confidentiality: infeasible to break • Authentication: receiver is certain of sender • Integrity: receiver know was not modified after being sent • Non-repudiation: can’t be denied by sender

  7. Some Algorithms and Protocols

  8. Distribution of Public Keys • Key Management Facility stores everyone’s public keys • Must be trusted and reachable • Pretty Good Privacy (PGP) uses distributed system based on “web of trust” • One of trusted group verifies that your public key is indeed yours

  9. Data Encryption Standard (DES) • Developed by IBM; modified by NSA • Algorithm public • Symmetric • 56 bit limitation questioned at the time and is now obsolete • Triple DES a stronger version used by financial institutions - has been exportable for a long time • uses 3 keys; encrypts with first, decrypts with second, encrypts with third - thought to be secure

  10. Secure Socket Layer (SSL) • Session key: used for a particular message or communication • If a session key is broken or compromised, only communication sent under that key is vulnerable • Use public key exchange to negotiate session key • Public key time consuming • Communications much faster using session key

  11. A Brief Historical Review

  12. WWI and after • Radio used for first time - msgs enciphered • (US Navy took over almost all rights to airwaves, essentially displacing individuals) • Codes and hand cipher systems - slow and inefficient • After WW1, rotor machines widely used • Mechanical devices for passing each letter through multiple layers of encryption • Patented! (Far cry from later secrecy)

  13. WWII • US crypto systems appear to have been unbroken • US read Japanese and German codes • Sigaly - the first digital secure telephone • 1-time key stored on phonograph records

  14. Alan Turing (1912 - 1954) • Turing Machine - theoretical basis for analyzing computation • Broke the German Enigma cypher • U-boat war against England • Top secret, even from the British • Arrested for homosexuality 1952 - forced to take estrogen • Committed suicide in 1954

  15. Cold War • CIA created in 1947 • Claude Shannon paper on information theory • first mathematically rigorous def of secure crypto • National Security Agency (NSA) in 1952 • Horst Feistel at Air Force Cambridge Research Center • First practical block ciphers

  16. History - the 1970s • Data Encryption Standard (DES) 1975 • Designed by IBM (Horst Feistel) • 56 bit key • Diffie/Hellman public key paper 1976 • RSA paper (Rivest, Shamir, Adelman) published 1978

  17. Efforts to control dissemination • 1977 Rivest received letter warning not to present paper at IEEE meeting because presence of foreigners might violate US International Treaty in Arms Regs (ITAR) • Authors stopped sending copies • Deborah Shapley, journalist at Science, discovered letter writer (J. A. Meyer) worked at NSA • NSA denied involvement • Rivest gave talk & continued distributing copies

  18. Efforts to control dissemination- patents (1978) • Carl Nicolai: telephone scrambler • George Davida: a technical result for cryptosystems (U of Wisc) • Both subject to secrecy orders • even existence of secrecy not to be revealed • Both fought and won • Nicolai - secrecy order was a mistake • Davida - already appeared as a CS dept report

  19. Efforts to control dissemination - research funding (1970s) • Rick Weingarten, program officer at NSF • Told that funding crypto research probably against the law (he hadn’t been funding any) • Len Adelman submitted crypto research proposal to NSF, which forwarded it to NSA • Adelman didn’t want NSA funding • prior review; could be classified as secret • (Could have been classified with NSF funding)

  20. Funding issues (con’t) • Admiral Bobby Inman, NSA Dir: publication of crypto research harmful to national security 1979 • NSF & NSA both fund crypto research • In response to Inman’s concerns, NSA panel established to review crypto papers prior to publication; voluntary submission • Not many requests for modifications; at least two publications withheld; not major impediment; more or less moot now

  21. History - the 1980s • NSA attempted to prevent recertification of DES in 1988 because DES algorithm public • Wanted to substitute equipment based on secret algorithms • Opposed by banking industry, esp since DES was being used internationally by financial institutions • National Bureau of Standards recertified DES

  22. Sensitive, but Unclassified • Nat Security Decision Directive (NSDD-145), Reagan 1984 • FBI tried to learn what scientific info foreign students reading in university libraries • Librarians demanded subpoenas • Hearings on NSDD-145 committee of House of Reps; complaints by industry, academia, and others resulted in withdrawal

  23. The Computer Security Act 1987 • Congress gave National Institute of Standards & Technology (NIST), responsibility for developing civilian crypto standards • Memorandum of Understand (MOU) 1989 between NIST and NSA • Raymond Kammer, acting Dir of NIST, son of two NSA employees • MOU gave NSA significant control

  24. Computer Security Act MOU • Technical Working Group (TWG) with 3 reps from NIST & 3 from NSA would review issues prior to public disclosure • Digital Signature Standard • RSA proposed • TWG delayed agreement on standard • NSA proposed classified algorithm instead

  25. Digital Signature • Requirements • Authentic • Unforgeable • Document cannot be altered • Signature cannot be repudiated • Not reusable • Public key works except for reusable requirement - use timestamp

  26. NSA’s Digital Signature (DSS) 1991 • Patent issues: Claus Schnorr • Not compatible with other dig sig systems • 512 bit key size shown not to be secure (Bell Labs) • About 10 times slower than RSA

  27. NSA and NIST • “It’s increasingly evident that it is difficult, if not impossible, to reconcile the requirements of NSA, NIST and the general public using the approach [of the TWG].” • Jan 1990 memo from NIST members of the TWG, obtained using the Freedom of Information Act (FOIA) • OTA and others concluded that NSA in charge

  28. FBI involvement • NSA had attempted to include FBI in MOU, but NIST refused • FBI had not been involved with crypto • Kammer and Clint Brooks from NSA convinced FBI that they should be • James Kallstrom picked up ball for FBI, which had policy by 1991. [Kallstrom later headed investigation of TWA 800 crash.]

  29. Import/Export of Crypto Products

  30. Import of Crypto products • There has never been any restriction on import or sale of crypto products into the US • Oxley-Manton Amendment 1997 • Amendment to the Security and Freedom through Encryption (SAFE) Act that would have liberalized export of crypto • Would have required that all domestic crypto contain key escrow or recovery - didn’t pass • Pushed by Louis Freeh, head of FBI

  31. Export Controls • Arms Export Control Act (AECA): regulates munitions (1949) • AECA is basis for ITAR (used in ‘77 to try to prevent Rivest from presenting his paper) • Export Administrative Act (EAA): regulates dual-use products • dual-use: both military and commercial applications

  32. Export Controls • Crypto defined to be munitions, requiring licenses • Licensing requirements gradually weakened • In general weak (40 bit) exports allowed, but strong disallowed • Individuals free to use strong crypto domestically • Strong crypto not included in most mass market software

  33. Export Controls • Strong crypto available outside the US and even on Internet • US industry lost business to foreign competitors who could export strong crypto into US

  34. Impact of Open Source Software • Software developed by programmers throughout the world • Source code available to all - free downloads • Linux best known • Distributed under license that guarantees the right to read, redistribute, modify, and use the software freely • Who authorized to apply for license?

  35. Export Controls • Export regs relaxed on open source code Jan 2000 • Export regs significantly liberalized in response to European Union’s creation of “license free zone” for most crypto products Oct 2000

  36. Court Cases

  37. Philip Karn • Applied for export license for “Applied Cryptography” by Bruce Schneier (1994) • licence granted • Then applied for export license for appendix of Schneier’s book on floppy • Contained source code for crypto algorithms • license denied

  38. Karn (con’t) • Filed suit in District Court Sept ‘95 • Case thrown out in ‘96 • Appealed to Court of Appeals • Export regs moved from State dept to Dept of Commerce Dec. 30, 1996 - days before oral arguments scheduled • Remanded back to District Court

  39. Karn (con’t) • Requested permission from DoC • When refused, returned to Dist Court ‘98 • New export regs made lawsuit moot

  40. Daniel Bernstein • CS prof at U. of Ill. • While Ph.D. student at Berkeley developed crypto algorithm called “Snuffle” • Filed request with State Dept to determine if could publish Snuffle source code ‘92 • Needed license to post on Internet and show to non-US citizens (eg some of his students) • Was never granted license

  41. Bernstein (con’t) • Filed action in ‘95 in the District Court • Claimed ITAR restrictions violated 1st Amendment because source code is speech • Court agreed with 1st Amendment argument • Nov ‘96 jurisdiction for crypto export transferred from State Dept to Commerce • Commerce adopted amendments restricting crypto exports essentially identical to ITAR

  42. Bernstein (con’t) • District Court ruled in 1997 in favor of Bernstein (prior restraint on speech) • Ruling upheld by 3 judge panel of 9th Circuit Court of Appeals May, 1999 • Gov’t requested review by full court June 1999 • New export regs issued Jan. 2000 • Gov’t claimed that new regs made case moot • Court agreed

  43. Peter Junger • Prof at Case Western Reserve • Filed suit against State Dept/ITAR ‘96 • Export regs vague and overbroad - unconstitutional • Prevented him from teaching crypto to US college class with foreign students • Sought injunctive relief

  44. Junger (con’t) • Filed amended complaint after regs moved to DoC 1997 • Gov’t won summary judgment July 1998 • Appealed to Appeals Court March 1999 • Appeals Court ruled that source code protected speech April 2000 • [Issue of difference between source code and object code came up in DVD/2600 case]

  45. Key Escrow & Key Recovery

  46. Escrowed Encryption Standard 1993 • Key escrow: third party has copy of key • Clipper was a chip containing classified Skipjack algorithm and key escrow feature • Escrowed key broken into two pieces and stored to be stored in separate locations in gov’t • attempt to increase security by not having all of key in single location

  47. Key Escrow • Goal of enabling law enforcement to obtain key • Was to be exportable • How to work out key escrow with other countries never defined • Could be defeated by prior use of non-escrowed crypto algorithm

  48. Key Recovery • Some mechanism for obtaining access to plaintext of encrypted communication • Gov’t requirements • Access without end-user knowledge or consent • Ubiquitous adoption • Rapid recovery of plaintext • Should work for encrypted communications as well as stored data

  49. Risks of key recovery • Security • Creating secure crypto without additional features already very difficult • Addition of “back door” increases vulnerability to outside attack • Storage location of keys are obvious targets • Requirement of rapid translation to plain text increases risks

  50. Costs of key recovery • Not obvious that a secure system can even be built, let alone built at reasonable cost • Costs of developing infrastructure, including storage and retrieval mechanism for keys • Costs of operating storage mechanism • Vulnerability of employees to bribery • Costs of replacing current technologies