220 likes | 411 Views
Computers in Society. Encryption The Biological Metaphor. Homework. Questions on the encryption story? This is due in class Thursday. The next homework is up – Google court cases. Quiz Wrapup. Let's check out your answers …. The Lockbox.
E N D
Computers in Society Encryption The Biological Metaphor
Homework Questions on the encryption story? This is due in class Thursday. The next homework is up – Google court cases.
Quiz Wrapup Let's check out your answers …
The Lockbox I want to be able to receive something from a friend without worrying about anybody peeking in. My solution: use an unbreakable lockbox with a lock that can't be picked. I'll give my friend the lockbox and one key, I'll keep the other key. He can mail me the locked box and only I can open it. What sort of encryption is this?
The Key Problem I don't want to meet my friend in private to hand him the key but I can't mail him the key either (why?). So what if instead I put a diagram of the key on my website so he can build it himself? Will that work?
Locks Since anyone can build a key, anyone can pick locks on my private message. Instead of keys, let's talk about locks. Think of a combination lock – if it's open, you can lock something with it even if you don't know the combination. You only need the combination to unlock! Now instead of sharing keys, I give an unlocked lock to my friend.
Building Locks Instead of telling everyone in the world how to build my key, I'll tell everyone how to build an open lock than only I can unlock. Wouldn't seeing the plans for this lock make it possible for others to deduce the combination?
The Unexpected Truth NO! I can place a "plan" for a lock in public that would allow ANYONE to build a lock without telling them enough to deduce the combination! Plan = Public Key Combination = Private Key
Hard math problems Public key encryption is based on operations which are much harder to undo than do. Example: factoring large integers. It is easy to multiply but hard to factor. Can we prove these algorithms are so tough that they can’t be solved quickly? No! The NSA might have a secret algorithm or mega-computer that cracks encryption but they are not talking! Maybe they have a working quantum computer hiding somewhere.
How It Works Alice runs a program that generates a random key pair – one is public, one is private. Alice places her public key on her website Bob downloads the key and uses it to create an encrypted message Bob sends the message to Alice Trudy knows HOW Bob created the message (that is, she knows the same secrets that Bob does) Only Alice can decode this message since she has the private key
What Can Go Wrong? Lots of things can go wrong with this! * Alice might accidentally disclose her private key – she won’t know if someone else is also decoding the message from Bob * Bob might be tricked into using the wrong key to encode the message, allowing someone else to understand it * The software that Bob and Alice trust to do the encryption / decryption might be compromised
What Can Go Wrong? Lots of things can go wrong with this! * The software Alice uses to generate keys might generate a key someone else knows or generate keys in a predictable way * Someone with a lot of computing power might break the code with “Brute Force” * The key could be lost – in this case there is NO realistic way to unlock the message (for big keys the brute force attack just can't work!)
Public Key Infrastructure PKI is needed to link keys to people or institutions. The crucial trust is the connection between Alice and her key. This is usually handled by a certificate – a statement by a trusted 3rd party that a particular key belongs to a particular person. Your web browser knows a lot about these things!
Hashing Hashing is a technique for turning a big piece of information (a document) into a small one (hash code / digest) in a way that ensures small changes in the big thing will result in some change to the hash code. This verifies the integrity of an object with a small amount of extra information (the “digest”)
Digital Signatures A digital signature is something that produces a publicly verifiable record that you have “approved” or “signed” a document. Someone with your public key can test whether a particular document has been signed or not by you. Very similar to hashing except there’s also a “secret” involved.
Example Bob generates a pair of encryption keys, one public and one private Alice presents a document to Bob for signature Using his private key, Bob generates a signature that indicates he has approved the document Using Bobs public key, Alice can verify that Bob did in fact sign the document Any third party, when presented with the document, Bob’s signature, and Bob’s public key and verify the Bob did indeed sign the document
Digital vs Real Signatures How do digital signatures differ from real ones?
Digital vs Real Signatures How do digital signatures differ from real ones? Digital signatures are affixed to a specific document – you can’t change the document after it has been signed Anyone with the “secret” (the private key) can sign things as Bob No real possibility of forging Small possibility of document tampering!
Usage of Digital Signatures Commerce: digital signatures are as binding as ordinary ones in the law Trust: vendors sign their products to prevent tampering (microsoft signs drivers, for example) Identity: sign emails, postings to message boards, anything you want to guarantee is really being said by you
What You Can’t Keep Secret Crypto doesn’t solve all problems! Just remember: • Somewhere in the system stuff gets decrypted; if someone is able to read your screen or monitor keystrokes then encryption can’t help. • Human issues (you write down a pass phrase in an unsecured place or enter your PIN number into a fake ATM) are very hard to deal with.
Computer Programs & Biology * What is a "zombie"? * What is a "virus"? * What is a "worm"? * What is a "Trojan"?
The Internet as an Ecosystem Let's talk biology: * What is the "goal" of a living organism? * What is "food"? * How can an organism interact with its environment? * What is evolution? * What is a parasite? * What is the "immune system"? How does it work? * How are living organisms encoded? * What is an ecosystem? * What is a vector?