Encryption
Upcoming SlideShare
Loading in...5
×
 

Encryption

on

  • 4,014 views

Lecture for LIS 644 "Digital Trends, Tools, and Debates." Not my strong point, so I won't swear there are no errors. If you reuse, please respect the CC-BY-NC-SA license on the photo.

Lecture for LIS 644 "Digital Trends, Tools, and Debates." Not my strong point, so I won't swear there are no errors. If you reuse, please respect the CC-BY-NC-SA license on the photo.

Statistics

Views

Total Views
4,014
Views on SlideShare
4,014
Embed Views
0

Actions

Likes
0
Downloads
8
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Encryption Encryption Presentation Transcript

  • Encryption can’t talk about the NSA until you understand what they broke!
  • Alice, Bob, and Eve Eve Maler/Rich Salz, “Eve [Maler] eavesdropping on Alice and Bob [DuCharme]’s conversation.” http://www.flickr.com/photos/xmlgrrl/966601078/ CC-BY-NC-SA
  • Cryptography: why, what? •Guard against threats to communication: •eavesdropping •tampering •impersonation •“I didn’t say that!” or “That isn’t what I said!” •“Cryptographic algorithm” or “cipher” •Way to turn plaintext (or other content) into “ciphertext” that is unreadable without special knowledge (i.e. a key) •“Encrypt” = code the message. “Decrypt” = decode. •This is all math! Remember that a message is 1’s and 0’s, a big number. •“In the clear” “cleartext” “plaintext” = not encrypted •If you hear “passwords stored in the clear,” RUN AWAY.
  • The easy but wrong way •Alice and Bob want to say something secret. •Assume that Eve can watch everything they say to each other. •Alice sends Bob a special key she will use to lock her messages. Bob sends Alice another special key that he will use for his. •They “encrypt” (lock) subsequent messages with those keys and send them. •They have each other’s keys, so they can unlock the messages on arrival. •Where’s the problem here? What can Eve do to eavesdrop further?
  • Problem: key exchange in the clear! •Physical analogy: Alice putting her housekey in the mail to Bob, and vice versa. •Eve can easily steal the mail, go to a locksmith, and copy the keys! So Alice and Bob’s homes are not safe from Eve. •Ugh. But what if a house worked like a bank safety-deposit box? •TWO keys, one at the bank, one with Alice (and a copy with Bob). BOTH keys needed to open the box! •The bank is told only to use its key if Alice or Bob is present (with a valid ID). •Even if Eve copies Alice’s key, or Bob’s, the bank won’t let her in! •Aha. So we need to split the key, and keep half of it safe and secret! (It can’t travel.)
  • Solution: public-key cryptography •Paired keys: “public” and “private” •A message ENCRYPTED (locked) with one of these keys must be DECRYPTED (unlocked) with the OTHER KEY! •Anybody can have your public key. ONLY YOU have your private key, and you never, ever send it anywhere! •Alice and Bob •Each has the other person’s public key. So does Eve. Because it’s public! •Alice sends Bob a message encrypted with Bob’s public key. •Only Bob’s private key can decrypt it! The same works in reverse. •There is no opportunity for Eve to grab a private key in transit. She’ll have to hack Alice’s or Bob’s machine to get their private keys! •Not totally foolproof: if somebody gets your private key, you’re toast. •Or if someone can crack the encryption algorithm. Algorithms evolve over time, as computing power grows.
  • Used on websites and for email connections too •SSL: Secure Socket Layer •TLS: Transport Layer Security •newer and better than SSL •This is what causes the little lock in your browser for https:// sites! •Weak link: “certificate authorities.” •Long and complicated story, but short version: these are how a lot of attacks on encryption happen. •If you hear about “certificate spoofing”... yeah.
  • Digital signature •Uses public-private key pairs to prove that a message comes from you. •Encrypt the message with your PRIVATE key. •Send out the encrypted message. •It can only be decrypted with your PUBLIC key. So if they can figure out how to read it, you must have sent it! •In actual fact, this is cumbersome, with larger messages especially. •So usually a message is “hashed” (put through a computer program) and the result (“hash”) is encrypted and sent along with the message. The recipient rehashes the message, decrypts the sent hash, and compares; if they’re not the same, there’s a problem. •But it’s basically the same idea.
  • “Backdoor” •Alice and Bob have two-key systems on their house’s front door. •What about the back door? If it isn’t protected the same way... •So a “backdoor” is a secret vulnerability in a security system or encryption algorithm that allows those in the know to bypass the usual security.
  • Encrypting email •“Pretty Good Privacy” (PGP) is the best thing out there. •Should integrate with most email services. •Unless you are using encryption, email should NEVER EVER be considered secure communication. NOT EVER. •(And maybe not even if you are. May be stored in the clear, even if it traveled encrypted! And is the other person using encryption too?) •HIPAA, FERPA, etc. NO. NOT EVER. •Yes, your boss CAN and WILL read your email. Do not do personal business from a work email account. EVER.