Encryption
How does it work? Encryption is based on "one way, trap door
functions." These are functions that are easy to calculate, but hard to
reverse unless you have a "key."
Public key cryptographic system: Users have a public and a private
key. If I want you to send me an encrypted document, I send you my public
key to encrypt it. You send it to me and only I can decrypt it with my
private key.
Escrowed Encryption: government vs commercial key holders
DES: Data Encryption Standard-developed by the NSA and
IBM, 1976. It is used in banking and utilized private key encryption.
This was controversial since many did not trust the NSA. It is based on a
"block" cipher. The same key is used to both encrypt and decrypt, except
that the key is used in reverse order. Data is encrypted in 64 bit
blocks.
AES:
NIST is considering proposals for the
Advanced Encryption Standard which
is to replace DES. It will encrypt data in 128 bit blocks.
Clipper clip: Key escrow system, used the Skipjack
algorithm. Every message would contain a LEAF-Law Enforcement
Access Field, which would tell law enforcement how to decrypt
a message.
RSA: This is an algorithm patented by Rivest, Shamir, and Adleman.
It's used in public key encryption and for digital signatures. RSA is
based on the factoring of large, prime numbers. The security is dependent
on the size of the numbers being factored.
PGP: "Pretty Good Privacy" This is a method of encrypting email
released by Phil Zimmermann in 1991.
Some called it "Pretty Good Piracy" since it was based on the RSA
algorithm.
Zimmermann was the subject of a Federal Investigation
for violating export restrictions, but charges were eventually
dropped.
Applications of Encryption
- Secure email
- e-commerce
SSL: Secure Sockets Layer. This is a means of
ensuring
privacy between client and server over the Internet. It provides a way
for clients and servers to be authenticated and the data transmitted is
encrypted.
- Cybercash (e-cash): A computer scientist named David Chaum
created a
method for performing electronic transactions using the RSA algorithm.
- Digital Signatures: It is possible to use encryption to
digitally
"sign" a document. For example, you write a statement accepting the terms
of a contract and encrypt it using your private key. Others can decrypt
it with your public key. Since it had to have been encrypted with your
personal private key for this to work, the "signature" can thus be
verified.
- Digital Watermarks
Encryption Related Issues
Since encryption has many military uses, it has been classifies as
a "munition." Export has been highly restricted. Only weak encryption is
legal for export.
The SPA Software Publishers of America found that encryption
methods
not legal
for export from the US are readily available world wide.
SAFE:
Security and Freedom through Encryption
CALEA: Communications Assistance for Law Enforcement, 1996.
This legislation ensures that law enforcement will be able to wiretap
digital communications. EFF (Electronic Frontier Foundation) and EPIC
(Electronic Privacy Information Center) have voiced objections to
CALEA.
Questions:
- Should government be able to encrypt goverment messages? If so,
how can we guarantee FOIA (Freedom of Information Act)?
- Should law enforcement be able to decrypt messages? If so,
under what circumstances?
- Should export of encryption be restricted?
For more information see: Bruce Schneier, Applied
Cryptography. Wiley, 1994.
To learn about PGP at Mason, see:
http://www.cs.gmu.edu/~amarchan/cs108/pgp.html
To get started learning about cryptography, see:
The CipherSaber Homepage
by Arnold G. Reinhold and
John Savard's Homepage (includes history of cryptography).
For Digital Watermarking, see: Steganography and
Digital Watermarking by GMU's own Neil Johnson.