230 likes | 383 Views
Future Issues in Computer Security. Information Assurance Fall 2005. Outline. New Cryptographic/Encoding Issues Quantum Computing Chaos Identity Online storage and computation Ubiquitous computing Virtual communities Spam. Quantum Computing: Theory. Does photon go to A or B?
E N D
Future Issues in Computer Security Information Assurance Fall 2005
Outline • New Cryptographic/Encoding Issues • Quantum Computing • Chaos • Identity • Online storage and computation • Ubiquitous computing • Virtual communities • Spam
Quantum Computing: Theory • Does photon go to A or B? • QP says it goes to both • In fig B, photon is always detected at A • Proof that photon takes both paths • Interferes with itself at 2nd splitter
Quantum Computing: The Big Idea • Encode data in Qubits • Unlike regular deterministic bits, qubits use quantum effects to superimpose multiple states • N bits can represent the superposition of 2n states. • Generally use electron spin encode data • Build computer that uses qubits for storage • Computation can follow many paths at once since qubit register can encode many values at once • Like the difference between a deterministic finite state machine and a non-deterministic finite state machine • If you could build one of these, would cause much havoc for today’s cryptography • One-way functions may turn out not to be really one way • E.g., factoring products of large prints and finding discrete logarithms. • Tutorial at http://www.cs.caltech.edu/~westside/quantum-intro.html
Quantum Factoring • Algorithm proposed by Peter Shor in 1994 • http://ieeexplore.ieee.org/iel2/2955/8384/00365700.pdf?tp=&arnumber=365700&isnumber=8384 • In 2001 IBM researchers created a 7 qubit implementation • Can factor 15 • http://cryptome.org/shor-nature.htm
Details from a 7 bit Quantum Computer Logic Diagram for Factoring Program Pulse “program” for first three bits (marked as n)
Why No Quantum Computer’s Yet • Decoherence • Tendency of quantum state to decay as it interacts with the environment • Error Correction • Caused by decoherence • Phase coherence: Use reference values to fix up errors • Spread values over multiple qbits • Hardware Architecture • Direct measurement causes collapse of superposition. Can only measure at the end • Nuclear Magnetic Resonance (NMR)
Security of Quantum Computers • One of the first papers on attacks on and defenses for quantum computers recently published • http://arxiv.org/abs/quant-ph/0505126 • Once quantum computers become real, many basic assumptions change • Much fundamental work will need to be redone • Interesting to see if quantum computers are available to all or only to deep-pocketed elite
Chaos Encryption • Chaos looks random, but it does have some pattern • Can use physical materials to create chaotic signal • Embed your data on that signal • Partner device will go into same chaotic state • Allows you to remove the chaotic carrier signal to retrieve your data
Chaotic Encryption • Recently proved over 120 km of optical fiber • Nov 19 New Scientist article
Chaotic Encryption Pros and Cons • Pros • Very fast • Hard for attacker to catcher high volume data to analyize • Cons • Chaos contains patterns. Can be used to break encryption • Generally agreed this is probably “good enough” for transport encryption, but perhaps not archival encryption
Physical One-Way Functions • Use physical media to create large numbers of seemingly random identifiers • http://web.media.mit.edu/~brecht/papers/02.PapEA.powf.pdf • Create physical token made out of inhomegenous material • Take an image of portion of the 3D token to get a 2D speckle • Pick angles to measure to get 1D key
Changes in Identity Technology • Identification in person • Relatively small, fixed community • Can rely on physical presence • Face recognition • Signature • Personal idiosyncrasies • No longer true in many situations with widespread travel • Not true for online identification
Improvements in Identification • Next generation passports and ID cards will include far more information in smart cards and RFID’s • New Scientist articles Sept 13 and 17 • Biometrics can be more accurate way to verify identity in person • Need multiple biometric measure to reduce error • Need to re-measure person every decade or so • Difficult for uncooperative target
Concerns about identification extensions • What if biometric information is sent across the wire to verify person not physically present? • Identity theft becomes more direct • Radio Frequency ID Systems (RFID) • Proposed use in smart passports (http://www.epic.org/privacy/rfid/) • Will respond when queried • Can be queried discretely at a distance
Online identification • Original internet design assuming trustworthy users • Small university networks • Protocols reflected that assumption • SMTP, Telnet, RSH had only nominal authentication • Additional authentication has evolved • Encryption protocols and SSH • Multiple passwords • Use of personal information like mother’s maiden name • Some smart cards
Online identification • Certification technology exists • Not taken off for individuals • Cost. Complexity. Multiple roots of trust • Different ways of proving identity to different services • Microsoft and yahoo have tried to introduce common identification tokens • MS Passport
Controlling identification • Don’t always want to reveal full identification • Might be sufficient to reveal that you are a student of UIUC • May want to have multiple avatars • Pen names for authors • Fake personality for less savory purposes • Trust negotiation • Active area of research • Working on algorithms and frameworks for determining how to limit revealing personal information • But not practical until there are common or widespread identity schemes
Why will anything change? • Ad hoc online identification schemes have worked well enough so far? Why will this change? • Need to control information that reaches you • Identification or roots of trust could control spam or more easily categorize your mail • More of your life moves online • Need for agents operating on your behalf • Concern for higher security if your financial data is accessible online • IPv6 brings requirement for end-to-end encryption • Automated ID systems would simplify key negotiations • May also control who you are wiling to talk to
Key points • These are guesses at the future • Potential for technological advances to change our assumptions about everything • Many of the issues are not technological • Policy • Design • Societal Acceptance