Comment 1:
Security is a “system” concept.
Follow-up:
Yes it is very important for us (the users) to understand this so that we will not have a false sense of security when we are “educated” that our data are encrypted. Now you know that data encryption is just part of the whole process. Anything goes wrong in other parts of the system, security cannot be promised.
Comment 2:
HTTPS protocol?
Follow-up:
This is the so-called “secure” version of the HTTP protocol. Basically, this protocol transports
encrypted data instead of sending data in plaintext. The data is usually encrypted using a symmetric key system for which the shared key has to be agreed using a public key approach. Please refer to Problem 3 of Tutorial 5 for the design of such a key set-up protocol.
Comment 3:
Stealing bank account information from the Internet?
Follow-up:
Yes whether you like it or not, this kind of things are believed to be happening all the time! The thing is it is not very difficult to identify a “weakest” link in the system (e.g., a particular e-commerce Web site). It is widely believed that after such a system is broken, the hacker will not just use the bank account information (e.g., for buying things) but he/she will hold the bank and/or the e-commerce Web site for ransoms.
Comment 4:
What is symmetric key cryptography?
Follow-up:
Symmetric key system has always been the most important way for data confidentiality, despite that public key system is shown to be more versatile and “strong”. The reason is that symmetric key algorithms are usually much much faster than the public key algorithms. In a typical symmetric key system, a shared key has to be agreed upon through some means (see Comment 2 above). Then, the communicating parties will use the shared key for doing encryption/decryption.
Comment 5:
Are there any more sophisticated cryptography techniques?
Follow-up:
One of the most notable sophisticated cryptography techniques is the elliptic curve cryptography,
which is based on yet another branch of mathematics (also related to number theory) to perform
encryption and decryption.
Comment 6:
Public key cryptography. RSA algorithm?
Follow-up:
We have already worked extensively on this in Tutorial 5.
Comment 7:
Difference between public key and symmetric key cryptography.
Follow-up:
The most important difference is, NOT the strength, but the way keys are distributed/shared.
Showing posts with label cryptography. Show all posts
Showing posts with label cryptography. Show all posts
Monday, November 14, 2011
Sunday, July 24, 2011
Cryptography using key
Problem:
(a) Suppose that there are n people who want to communicate with each other securely. How many keys are needed when a symmetric key cryptosystem is used? How about public key cryptosystem? Explain.
(b) Digital signatures cannot be done using symmetric key cryptography. Explain why.
(c) Suppose we produce a “digest” of a message by simply adding up the words (e.g., treating each character as a 8-bit number). What is the problem of this approach?
Follow-up:
(a) Using symmetric keys, the number of keys required for pair-wise communication is nC2 = n (n –1)/2. Using public key cryptosystem, the number 2 of keys require is just 2n (one public key and one private for each user).
(b) One of the most important requirements in digital signatures is non-repudiation—the signer cannot deny that a signature is produced by him/her. Thus, we need a “secret” that is bound to and only to each user. Using symmetric key cryptosystem, a secret key is known to at least two users and, therefore, a digital signature produced with a secret key cannot be bound to a unique user.
(c) The problem is that a message can be easily transformed into an entirely different message with the same digest, by just re-arranging the characters or words. For example, “car” and “arc” have the same digest.
(a) Suppose that there are n people who want to communicate with each other securely. How many keys are needed when a symmetric key cryptosystem is used? How about public key cryptosystem? Explain.
(b) Digital signatures cannot be done using symmetric key cryptography. Explain why.
(c) Suppose we produce a “digest” of a message by simply adding up the words (e.g., treating each character as a 8-bit number). What is the problem of this approach?
Follow-up:
(a) Using symmetric keys, the number of keys required for pair-wise communication is nC2 = n (n –1)/2. Using public key cryptosystem, the number 2 of keys require is just 2n (one public key and one private for each user).
(b) One of the most important requirements in digital signatures is non-repudiation—the signer cannot deny that a signature is produced by him/her. Thus, we need a “secret” that is bound to and only to each user. Using symmetric key cryptosystem, a secret key is known to at least two users and, therefore, a digital signature produced with a secret key cannot be bound to a unique user.
(c) The problem is that a message can be easily transformed into an entirely different message with the same digest, by just re-arranging the characters or words. For example, “car” and “arc” have the same digest.
Friday, July 22, 2011
Digital signature
Comment:
Still confused about “digital signature”. In particular, can a “digital signature” be stolen?
Follow-up:
Digital signature is just an encrypted output of a message (or actually the digest of the message). The encryption is performed by using the private key of the signer. Thus, the signer cannot deny having signed the message because only he/she has the private key. Furthermore, every “signature” is unique in that the encrypted outputs of different messages are different.
Thus, a “digital signature” cannot be stolen.
Cracking using quantum computing
Comment:
What if quantum computing cracks the theory of public key approach?
Follow-up:
Theoretically, based on Peter Shor’s factorization algorithm, a quantum computer can break a public key cryptosystem in very short time. Thus, public key cryptosystem as we are using it now will become completely useless.
The critical problem of the current public key cryptosystem (the “RSA” algorithm) is that it relies on computational intractability. In other words, its security is not mathematically proven.
Security scientists are actively researching on “provable” public key approaches.
Certificate authority
Comment:
What if the certificate authority discloses private information of users? Safe?
Follow-up:
Yes it is definitely possible that a CA could inadvertently discloses some private information. For example, a CA’s database could be compromised by some hackers, just like the credit-card numbers are disclosed in some hacking of e-business Web sites.
So in a sense, one could argue that our Internet security is quite fragile.
Comment:
Who will certify the public key of the certificate authority?
Follow-up:
A CA’s public key is not “certified” but just published in a widely accessible site so that everyone can verify it.
Tuesday, July 19, 2011
Links of Readings
Required Reading
- Adleman, L. M. (1994). Molecular computation of solutions to combinatorial problems. Science, 266(5187), 1021-1024.
- Benenson, Y., Gil, B., Ben-Dor, U., Adar, R., & Shapiro, E. (2004). An autonomous molecular computer for logical control of gene expression. Nature, 429(6990), 423-429.
- Conry-Murray, A. (2007). 5 keys to social networking success. Informationweek.
- Google. (2009). Google Flu Trend
- Google. (2009). Reducing our footprint. Going Green at Google.
- Hölzle, U. (2009). Powering a Google search. Official Google Blog.
- Himanen, P. (2001). The hacker ethic, and the spirit of the information age (1st ed.). New York: Random House.(via HKU Library)
- IBM Research. Carbon nanotubes.
- Kling, R. (1980). Computing people. Society, 17(2), 14.
- Layton, J. (2009). How MapQuest works. How Stuff Works.
- Messmer, E. (2007). Quantum cryptography to secure ballots in Swiss election. Network World.
- NVDIA. (2009). Graphics processing unit (GPU).
- O’Brien, M. (2006). How MapQuest Works.
- Schneier, B. (2009). Crypto-Gram Newsletter.
- United States Department of Energy. (2009). High performance computing.
- Watson, C. (1994). An image processing tutorial.
- Wing, J. (2006). Computational thinking. Communications of the ACM, 49(3), 33-35.
Recommended Reading
- Feynman, R., Hey, A., & Allen, R. (2000). Feynman lectures on computation. Cambridge, MA: Perseus Books.
- Schneier, B. (2004). Secrets and lies: Digital security in a networked world. Indianapolis, Ind.: Wiley.
- Wing, J. M. (2008). Five deep questions in computing. Communications of the ACM, 51(1), 58-60.
Sunday, July 17, 2011
Internet Key: Key generation
Comment:
(I am) Still confused about public key cryptography.
Follow-up:
Simply put, in a public key cryptosystem, each user owns a pair of keys, one made public and the other kept secret. To send a message securely, the public key of the intended recipient is used for the encryption so that only the recipient can decrypt it. On the other hand, for digital signature, the signer uses his/her own private key to encrypt the message (or actually the digest of the message) so that everyone can decrypt it using the signer’s public key to verify it.
For those of you who are interested in the mathematical details, please study the attached lecture notes on public key cryptography (file: module3-PublicKeyCrypto.pdf).
Comment:
How does KDC work?
Follow-up:
The KDC shares secret key (or symmetric key) with every register user. Thus, by using this key, the KDC can send a newly generated key (denoted as R1 in Presentation #5) to a user requesting for a new key to be shared with another register user of the KDC. Once getting this R1, the two users can then transform it further using some agreed-upon protocol to generate the actual shared key which is unknown to the KDC.
Comment:
I want to know if it is possible to combine the use of public and private keys as follows.
Follow-up:
Yes of course your suggestion would work. In fact, it provides not only “confidentiality” but “non-repudiation” as well.
Subscribe to:
Posts (Atom)