1 / 52

Crypto: Some historical and Technical Background April 5, 2001

Crypto: Some historical and Technical Background April 5, 2001. Some Definitions. Plaintext: the unencrypted text Ciphertext: the encrypted message Steganography: hiding message in other message (or even in a picture) one-time pad: a set of keys used at most once

shayla
Download Presentation

Crypto: Some historical and Technical Background April 5, 2001

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Crypto: Some historical and Technical BackgroundApril 5, 2001

  2. Some Definitions

  3. Plaintext: the unencrypted text • Ciphertext: the encrypted message • Steganography: hiding message in other message (or even in a picture) • one-time pad: a set of keys used at most once • sender/receiver must both have it • unbreakable, unless enemy obtains copy • extremely inconvenient for long messages

  4. Symmetric Algorithms • Decryption key can be calculated from encryption key & vice versa • keys must be kept secret • example: shifting letters in alphabet • stream algorithms: operate on plaintext a single bit or byte at a time • block ciphers: operate on a group of bits from the plaintext

  5. Public-key(asymmetric) Algorithms • Encryption key public; decryption key private - not easily obtainable from encryption key • How to distribute public keys? Spoofing? • Useful for digital signature • You sign using your private key • I decrypt using your public key

  6. Requirements for crypto alg • Confidentiality: infeasible to break • Authentication: receiver is certain of sender • Integrity: receiver know was not modified after being sent • Non-repudiation: can’t be denied by sender

  7. Some Algorithms and Protocols

  8. Distribution of Public Keys • Key Management Facility stores everyone’s public keys • Must be trusted and reachable • Pretty Good Privacy (PGP) uses distributed system based on “web of trust” • One of trusted group verifies that your public key is indeed yours

  9. Data Encryption Standard (DES) • Developed by IBM; modified by NSA • Algorithm public • Symmetric • 56 bit limitation questioned at the time and is now obsolete • Triple DES a stronger version used by financial institutions - has been exportable for a long time • uses 3 keys; encrypts with first, decrypts with second, encrypts with third - thought to be secure

  10. Secure Socket Layer (SSL) • Session key: used for a particular message or communication • If a session key is broken or compromised, only communication sent under that key is vulnerable • Use public key exchange to negotiate session key • Public key time consuming • Communications much faster using session key

  11. A Brief Historical Review

  12. WWI and after • Radio used for first time - msgs enciphered • (US Navy took over almost all rights to airwaves, essentially displacing individuals) • Codes and hand cipher systems - slow and inefficient • After WW1, rotor machines widely used • Mechanical devices for passing each letter through multiple layers of encryption • Patented! (Far cry from later secrecy)

  13. WWII • US crypto systems appear to have been unbroken • US read Japanese and German codes • Sigaly - the first digital secure telephone • 1-time key stored on phonograph records

  14. Alan Turing (1912 - 1954) • Turing Machine - theoretical basis for analyzing computation • Broke the German Enigma cypher • U-boat war against England • Top secret, even from the British • Arrested for homosexuality 1952 - forced to take estrogen • Committed suicide in 1954

  15. Cold War • CIA created in 1947 • Claude Shannon paper on information theory • first mathematically rigorous def of secure crypto • National Security Agency (NSA) in 1952 • Horst Feistel at Air Force Cambridge Research Center • First practical block ciphers

  16. History - the 1970s • Data Encryption Standard (DES) 1975 • Designed by IBM (Horst Feistel) • 56 bit key • Diffie/Hellman public key paper 1976 • RSA paper (Rivest, Shamir, Adelman) published 1978

  17. Efforts to control dissemination • 1977 Rivest received letter warning not to present paper at IEEE meeting because presence of foreigners might violate US International Treaty in Arms Regs (ITAR) • Authors stopped sending copies • Deborah Shapley, journalist at Science, discovered letter writer (J. A. Meyer) worked at NSA • NSA denied involvement • Rivest gave talk & continued distributing copies

  18. Efforts to control dissemination- patents (1978) • Carl Nicolai: telephone scrambler • George Davida: a technical result for cryptosystems (U of Wisc) • Both subject to secrecy orders • even existence of secrecy not to be revealed • Both fought and won • Nicolai - secrecy order was a mistake • Davida - already appeared as a CS dept report

  19. Efforts to control dissemination - research funding (1970s) • Rick Weingarten, program officer at NSF • Told that funding crypto research probably against the law (he hadn’t been funding any) • Len Adelman submitted crypto research proposal to NSF, which forwarded it to NSA • Adelman didn’t want NSA funding • prior review; could be classified as secret • (Could have been classified with NSF funding)

  20. Funding issues (con’t) • Admiral Bobby Inman, NSA Dir: publication of crypto research harmful to national security 1979 • NSF & NSA both fund crypto research • In response to Inman’s concerns, NSA panel established to review crypto papers prior to publication; voluntary submission • Not many requests for modifications; at least two publications withheld; not major impediment; more or less moot now

  21. History - the 1980s • NSA attempted to prevent recertification of DES in 1988 because DES algorithm public • Wanted to substitute equipment based on secret algorithms • Opposed by banking industry, esp since DES was being used internationally by financial institutions • National Bureau of Standards recertified DES

  22. Sensitive, but Unclassified • Nat Security Decision Directive (NSDD-145), Reagan 1984 • FBI tried to learn what scientific info foreign students reading in university libraries • Librarians demanded subpoenas • Hearings on NSDD-145 committee of House of Reps; complaints by industry, academia, and others resulted in withdrawal

  23. The Computer Security Act 1987 • Congress gave National Institute of Standards & Technology (NIST), responsibility for developing civilian crypto standards • Memorandum of Understand (MOU) 1989 between NIST and NSA • Raymond Kammer, acting Dir of NIST, son of two NSA employees • MOU gave NSA significant control

  24. Computer Security Act MOU • Technical Working Group (TWG) with 3 reps from NIST & 3 from NSA would review issues prior to public disclosure • Digital Signature Standard • RSA proposed • TWG delayed agreement on standard • NSA proposed classified algorithm instead

  25. Digital Signature • Requirements • Authentic • Unforgeable • Document cannot be altered • Signature cannot be repudiated • Not reusable • Public key works except for reusable requirement - use timestamp

  26. NSA’s Digital Signature (DSS) 1991 • Patent issues: Claus Schnorr • Not compatible with other dig sig systems • 512 bit key size shown not to be secure (Bell Labs) • About 10 times slower than RSA

  27. NSA and NIST • “It’s increasingly evident that it is difficult, if not impossible, to reconcile the requirements of NSA, NIST and the general public using the approach [of the TWG].” • Jan 1990 memo from NIST members of the TWG, obtained using the Freedom of Information Act (FOIA) • OTA and others concluded that NSA in charge

  28. FBI involvement • NSA had attempted to include FBI in MOU, but NIST refused • FBI had not been involved with crypto • Kammer and Clint Brooks from NSA convinced FBI that they should be • James Kallstrom picked up ball for FBI, which had policy by 1991. [Kallstrom later headed investigation of TWA 800 crash.]

  29. Import/Export of Crypto Products

  30. Import of Crypto products • There has never been any restriction on import or sale of crypto products into the US • Oxley-Manton Amendment 1997 • Amendment to the Security and Freedom through Encryption (SAFE) Act that would have liberalized export of crypto • Would have required that all domestic crypto contain key escrow or recovery - didn’t pass • Pushed by Louis Freeh, head of FBI

  31. Export Controls • Arms Export Control Act (AECA): regulates munitions (1949) • AECA is basis for ITAR (used in ‘77 to try to prevent Rivest from presenting his paper) • Export Administrative Act (EAA): regulates dual-use products • dual-use: both military and commercial applications

  32. Export Controls • Crypto defined to be munitions, requiring licenses • Licensing requirements gradually weakened • In general weak (40 bit) exports allowed, but strong disallowed • Individuals free to use strong crypto domestically • Strong crypto not included in most mass market software

  33. Export Controls • Strong crypto available outside the US and even on Internet • US industry lost business to foreign competitors who could export strong crypto into US

  34. Impact of Open Source Software • Software developed by programmers throughout the world • Source code available to all - free downloads • Linux best known • Distributed under license that guarantees the right to read, redistribute, modify, and use the software freely • Who authorized to apply for license?

  35. Export Controls • Export regs relaxed on open source code Jan 2000 • Export regs significantly liberalized in response to European Union’s creation of “license free zone” for most crypto products Oct 2000

  36. Court Cases

  37. Philip Karn • Applied for export license for “Applied Cryptography” by Bruce Schneier (1994) • licence granted • Then applied for export license for appendix of Schneier’s book on floppy • Contained source code for crypto algorithms • license denied

  38. Karn (con’t) • Filed suit in District Court Sept ‘95 • Case thrown out in ‘96 • Appealed to Court of Appeals • Export regs moved from State dept to Dept of Commerce Dec. 30, 1996 - days before oral arguments scheduled • Remanded back to District Court

  39. Karn (con’t) • Requested permission from DoC • When refused, returned to Dist Court ‘98 • New export regs made lawsuit moot

  40. Daniel Bernstein • CS prof at U. of Ill. • While Ph.D. student at Berkeley developed crypto algorithm called “Snuffle” • Filed request with State Dept to determine if could publish Snuffle source code ‘92 • Needed license to post on Internet and show to non-US citizens (eg some of his students) • Was never granted license

  41. Bernstein (con’t) • Filed action in ‘95 in the District Court • Claimed ITAR restrictions violated 1st Amendment because source code is speech • Court agreed with 1st Amendment argument • Nov ‘96 jurisdiction for crypto export transferred from State Dept to Commerce • Commerce adopted amendments restricting crypto exports essentially identical to ITAR

  42. Bernstein (con’t) • District Court ruled in 1997 in favor of Bernstein (prior restraint on speech) • Ruling upheld by 3 judge panel of 9th Circuit Court of Appeals May, 1999 • Gov’t requested review by full court June 1999 • New export regs issued Jan. 2000 • Gov’t claimed that new regs made case moot • Court agreed

  43. Peter Junger • Prof at Case Western Reserve • Filed suit against State Dept/ITAR ‘96 • Export regs vague and overbroad - unconstitutional • Prevented him from teaching crypto to US college class with foreign students • Sought injunctive relief

  44. Junger (con’t) • Filed amended complaint after regs moved to DoC 1997 • Gov’t won summary judgment July 1998 • Appealed to Appeals Court March 1999 • Appeals Court ruled that source code protected speech April 2000 • [Issue of difference between source code and object code came up in DVD/2600 case]

  45. Key Escrow & Key Recovery

  46. Escrowed Encryption Standard 1993 • Key escrow: third party has copy of key • Clipper was a chip containing classified Skipjack algorithm and key escrow feature • Escrowed key broken into two pieces and stored to be stored in separate locations in gov’t • attempt to increase security by not having all of key in single location

  47. Key Escrow • Goal of enabling law enforcement to obtain key • Was to be exportable • How to work out key escrow with other countries never defined • Could be defeated by prior use of non-escrowed crypto algorithm

  48. Key Recovery • Some mechanism for obtaining access to plaintext of encrypted communication • Gov’t requirements • Access without end-user knowledge or consent • Ubiquitous adoption • Rapid recovery of plaintext • Should work for encrypted communications as well as stored data

  49. Risks of key recovery • Security • Creating secure crypto without additional features already very difficult • Addition of “back door” increases vulnerability to outside attack • Storage location of keys are obvious targets • Requirement of rapid translation to plain text increases risks

  50. Costs of key recovery • Not obvious that a secure system can even be built, let alone built at reasonable cost • Costs of developing infrastructure, including storage and retrieval mechanism for keys • Costs of operating storage mechanism • Vulnerability of employees to bribery • Costs of replacing current technologies

More Related