1 / 20

Issues in Cryptography

Issues in Cryptography. Ronald L. Rivest MIT Laboratory for Computer Science. Outline. “Where’s Alice?” ---The Secure Platform Problem Digital Signatures Repudiation. The “Alice abstraction”. Assumes Alice can generate and use her secret key SK A , while keeping it secret.

jam
Download Presentation

Issues in Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Issues in Cryptography Ronald L. Rivest MIT Laboratory for Computer Science

  2. Outline • “Where’s Alice?” ---The Secure Platform Problem • Digital Signatures • Repudiation

  3. The “Alice abstraction” • Assumes Alice can generate and use her secret key SKA, while keeping it secret. • Alice’s secret key SKA is her “cyber-soul”, her “electronic identity” (or pseudonym), her way of identifying herself. SKA is Alice!

  4. Cryptography in Theory Internet SKA Alice

  5. But Alice is not a computer! • Alice needs a computer (or at least a processor) to store her secret key SKA and perform cryptographic computations on her behalf. • In particular, her processor should produce Alice’s digital signature when appropriately authorized…

  6. Cryptography in Practice Internet SKA Alice? Alice!

  7. But her OS is not secure! • Modern OS’s (Windows, Unix) are too complex to be adequately securefor many applications (viruses, Trojan horses). • Would you base the security of an Internet presidential election on the security of Linux? • Alice’s key SKA may be vulnerable to abuse or theft…

  8. Can SKA go on a smart card? Internet Alice? Alice? SKA Alice?

  9. But her OS is still not secure! • Smart card has no direct I/O to Alice. • When Alice authorizes a digital signature, she must trust OS to present correct message to smart card for signing.

  10. Can SKA go on a phone or PDA? Internet SKA Alice? Alice?

  11. But this looks very familiar! • Same story as for PC, but smaller! • PC smart card  Phone SIM card. • Phones now have complicated OS’s, downloadable apps, the whole can of worms. • Little has changed.

  12. Why can’t we solve problem? • There is a fundamental conflict! • Downloadable apps and complexity are: • Necessaryfor reasonable UI • Incompatiblewith security

  13. The Sad Truth? • The following are incompatible: • A reasonable UI • Security Security Reasonable UI

  14. But Digital Sigs Need Both! • Securityto protect secret key and securely show user what is being signed. • Reasonable UIto support complex and variable transactions.

  15. Are Digital Signatures Dead? • As usually conceived, perhaps… • We should change our mind-set: • A digital signature is not nonrepudiableproofof user’s intent, but merely plausible evidence. • We should build in repudiationmechanisms to handle the damage that can be caused by malicious apps. • Repudiate signatures, not keys.

  16. Use a Co-Signing Registry • Signature not OK until saved and co-signed by user’s co-signing registry(e.g. at home or bank). • User can easily review all messages signed with his key. • Registry can follow user-defined policy on co-signing. • Registry can notify user whenever his key is used to sign something.

  17. Use One-Time Signing Keys • Registry can give user a set of one-time signing keys, so damage from key compromise is limited. Registry won’t co-sign if key was used before. In this case, registry really holds user’s secret signing key, and signs for him when authorized by one-time key.

  18. Repudiation • May not be so hard to live with, once we accept that it is necessary. • Consistent with legal status of handwritten signatures (can be repudiated, need witnesses for higher security).

  19. Conclusions • Cryptography works great, but insecure OS’s make digital signatures problematic, because of conflict between security and reasonable UI’s. • Design systems that are robust in face of some key abuse (Alice may not always know what is being signed by her key!)

  20. (THE END)

More Related