Cryptography - The Silver Bullet for Data Protection?goran/netsecu/SilverBullet.pdf · 2002-02-07 · 6-Feb-2002 Cryptography - The Silver Bullet for Data Security? 18 How secure

6-Feb-2002 Cryptography - The Silver Bullet for Data Security? 1

Cryptography -Cryptography -The The Silver BulletSilver Bullet for Data Protection for Data Protection??

Klaus KöhlerMunich University of Applied Sciences

Fachhochschule München

E-Mail: [email protected]

Home Page: http://www.cs.fhm.de/~koehler

pgp key fingerprint: 8F 2A 16 D9 6A BF 2B F6 77 C2 39 82 1F D3 69 F4

X.509 Certificate: http://www.trustcenter.de/cgi-bin/Search.cgi


ContentsContents

• Cryptography - why and for what?• What cryptography can

– Overview of Symmetric and Asymmetric Ciphers

• How secure is current cryptography• What cryptography cannot accomplish• Conclusion


Cryptography - why and for what?Cryptography - why and for what?

❏ “ The Age of Access ” (J. Rifkin)❍ Buzzwords:

❍ Digital Revolution❍ Network-based Global Economy❍ Cyberspace❍ ...

❍ Replacement of ownershipwith access to information and cultural experience

❍ Increasing dependence of technical communicationinfrastructure

❍ Digital divide


❏ Privacy - a fundamental right❍ “Volkszählungsurteil” (Census judgement) Germany 1983

(Federal Constitutional Court):... Das Grundrecht gewährleistet insoweit die Befugnis des Einzelnen,grundsätzlich selbst über die Preisgabe und Verwendung seinerpersönlichen Daten zu bestimmen.

Einschränkungen dieses Rechts auf "informationelle Selbst-bestimmung" sind nur im überwiegenden Allgemeininteresse zulässig.

(The fundamental right ensures ... to decide ... over therelinquishment and use of his personal data.

Restrictions of this right to "informational self-determination" arepermissible only in the predominant common interest.)

Cryptography - why and for what? Cryptography - why and for what? ((contcont.).)



❏ Privacy - a human right❍ European Council in Nice in December 2000:

Human Rights in the EU:the Charter of Fundamental RightsArticle 8. Respect for private and family life1. Everyone shall have the right to respect and protection for

their identity.2. Respect for privacy and family life, reputation, the home and the

confidentiality of correspondence, irrespective of the medium,shall be guaranteed.

➨ Goal: Confidentiality and integrity of personal data



❏ Protection of informational self-determination– belief, thinking, preferences, communications behaviour

❏ Protection of business secrets– technical blueprints, offers, customer lists

❏ Liability of leagal transactions– tele-banking, e-government, tele-voting, e-commerce, ...

➨ Goal: Confidentiality and authenticity of data


What Cryptography CanWhat Cryptography Can❏ Terminology• Privacy, Secrecy, Confidentiality

Only intended receiver shall be able to read data.� envelope ➔ encryption (concealment)

• IntegrityReceiver can check if transmitted data have been modified.� untampered envelope

• AuthenticityReceiver can check that data were generated by sender.� known handwriting, style, voice

• Liability (Non-repudiation)The receiver can proof that the data came from the sender.� signature ➔ digital/electronic signature


Symmetric Encryption ModelSymmetric Encryption Model

Opponent XK

Cryptanalysis

X

plaintextEn-cryption

De-cryption

KeyGenerator

Plaintext

Ciphertext

X Y

K KAlice Bob

Key Key

SourceSender

DrainReceiver

• passive cryptanalyst Eve: eavesdropper• active cryptanalyst Mallet: malicious attacker• ciphertext-only attack: determine plaintext or key from ciphertext• known plaintext attack: determine key from plaintext/ciphertext pair• chosen plaintext attack: determine key from chosen plain/ciphertext pairs


X

plaintextEn-cryption

De-cryption

KeyGenerator

Plaintext

Ciphertext

X Y

K KAlice Bob

Key Key

SourceSender

DrainReceiver

K

Symmetric System

Asymmetric Encryption ModelAsymmetric Encryption Model

K’

Asymmetric System

K=PubKey(Bob) K’=PrivKey(Bob)

• K = public key of receiver• K' = private (secret) key of receiver• K' cannot be determined from K (within a limited time span).• K must be authentic, i.e. belong to the receiver.


Authentication in Asymmetric SystemsAuthentication in Asymmetric Systems

With trusted party (authentic public directory),e.g. S/MIME, X.509

Digital Signature:Proof of origin established since only Alice could create sigmsg

public directoryTrent

name pubkeyAlice 4711Bob \8%ö···

� KAlice = 4711 authentic

AliceK'Alice private

Bob�

sigmsg=DK'Alice(msg)�

msg = EKAlice(sigmsg) sensible?


How secure is current cryptographyHow secure is current cryptography❏ Levels of security• Perfect security:

No information at all leaks from the ciphertext which hadnot been known before.� Mathematical proof of security ➔ only one-time pad

secret key is as least as long as the encrypted message

• Cryptographic (practical) security:Impossible to break with currently known algorithms andfinite resources within an acceptable time span⇒ Practical security depends on

• the value of the information to be protected,• the assumed resources of the attacker• and state of technology


How secure is current cryptography How secure is current cryptography ((contcont.).)

❏ Expense of breaking a cipherComplexity measures:

– Time complexity: computing time– Space complexity: amount of memory

� Mathematical measures:– Independent of a real machine

– Count the basic operations / variables– Formula for the effort

• depending on the problem size n, e.g. key length,

• for big n• neglecting constant (problem independent) factors

– Big-O-Notation: O(c(n)): proportional ~c(n)e.g. O(n²) quadratic, O(en) exponential



Examples of complexity functionsx = n = problem size, e.g. key sizey = c(n)= complexity



Complexity classes•• P:P: polynomial: c ~ nk, k = fixed positive number, n = key size

e.g. encryption with RSA: c ~ n3, efficient since exponent ≤ 3

•• NP:NP: non-deterministic polynomialPolynomial on a hypothetical machine with infinite parallelism“It guesses always the right path to follow.”

⇒ Cryptanalysis problems are NP, since the right key can beguessed or all keys can be tried in parallel.

•• NP-hard:NP-hard: the most challenging among the NP-problemsIf a NP-hard problem is P, then all NP-problems are P(Famous open mathematical question NP = P ?)

•• ExpExp:: exponential: c ~ kn, k = fixed positive number, n = key sizee.g. sequential check of all 2n keys



Cryptographer’s dream = NSA’s nightmare• Encryption and decryption (with known key):

Time complexity: polynomial with small exponent: c ~ nk, k ≤ 3Space complexity: linear: c ~ n

• Cryptanalysis: Time complexity or Space complexity: exponential

(at least NP, better NP-hard)



Sobering reality

� Cryptanalysis complexity of almost all crypto-systems unknown

� Real crypto-systems are based on classical hard problems,e.g. prime factoring of big integers, discrete logarithm, elliptic curves

� Classical hard problems scrutinised for other purposes:not necessarily hard with respect to cryptography

� Equivalence of cracking and classical problems only suggested,not proven for most ciphers (e.g. RSA, ElGamal)

� (Smallest) complexity class of classical problems unknown(suggested, not proven)

� Known algorithms for classical problems sub-exponential (not NP)but super-polynomialException: elliptic curves(rather young in cryptography, only old, simple algorithms applicablesuch as Pollard’s Rho method, better algorithms might evolve)


Sobering reality (cont.)

� Cryptanalysis constantly improved


• factorisation 1977, c = 1.92 o(1)→0

( )( ) ( )( )22 lnlnln1 nnoceO ⋅⋅+

• factorisation 1997( )( ) ( )( )

⋅⋅+ 3 23 lnlnln1 nnoceO

• discrete logarithm( )( ) ( )( )

⋅⋅+ 3 23 lnlnln1 nnoceO

• discrete logarithm forelliptic curves (ln n = key length)

( ) ( )( )neOnO ln21=

and will continue to improve• special hardware (quantum computer?)

key size n



➪ Theory: Cryptography is built on sand! (mathematical)➪ Praxis: Cryptography is the strongest link in the chain

of data security measures if strong cryptography is used.

Arjen K. Lenstra, Eric R. Verheul (2001): Selecting Cryptographic Key Sizes

Year Symmetric Key Size

Classical Asymmetric

Key Size

Subgroup Discr. Log. Key Size

Elliptic Curve Key Size progress

no yes 2000 70 952 125 132 132 2005 74 1149 131 139 147 2010 78 1369 138 146 160 2015 82 1613 145 154 173 2020 86 1881 151 161 188 2025 89 2174 158 169 202 2030 93 2493 165 176 215

Example: Advanced Encryption Standard key size 128-256 bit



Real threat❏ Implementation problems

– protocol failures

– “predictable” random generators– integration in applications and operating systems

❏ Organisational and infrastructure problems– authenticity and timeliness of public keys

(key distribution center, trusted third party, certificate revocation)

– incompatible interfaces and standards– license problems (decreasing)– incompatible legal systems, “key escrow”– greedy security agencies

– insufficient knowledge and familarity– missing awareness and carelessness: human factor


What Cryptography Cannot AccomplishWhat Cryptography Cannot Accomplish

❏ Ignorance and carelessness cannot be defeatedthrough technology

❏ but:Technology can andshould make the useof cryptographysimple and ergonomic,i.e. human.


What Cryptography Cannot AccomplishWhat Cryptography Cannot Accomplish

Cryptography cannot protect against❏ erroneous software, hardware failures, bad design❏ viruses, worms, trojan horses, and other vermins

but make their life and spread harder (signatures)(and can be misused to hide them in mail attachments,so that no application firewall can detect them)

❏ misuse of electronic media for commercial purposesbut provides means for self-protection

❏ automatic encryption and signing of e-mails❏ smart-card authentication instead of password authentication❏ ...

❏ measles, flu, and Finnish climate


ConclusionConclusionThe rapid development of communication technology⇒ increases dependency of techno logy and infrastructure⇒ opens new oppo rtun ities for fraud, deceit, and d eception⇒ threatens privacy, right to informational self-determination⇒ widens the gap between haves and h ave-nots,

those who h ave access and those who h aven’t (digital divide),techno logy-addicted and techno logy-victims

⇒ replaces personal relationship with technically mediatedcommunication

⇒⇒ can make life easier, safer, and richercan make life easier, safer, and richeror harder, threatening, and poorer for those who can’t keep up

Cryptography hardly can solve any social problems,Cryptography hardly can solve any social problems,- there is no silver bullet -- there is no silver bullet -

but can help to mitigate problems created by techno logy:but can help to mitigate problems created by techno logy:Currently no solution to data security without cryptographyCurrently no solution to data security without cryptography

Documents

Cryptography - The Silver Bullet for Data Protection?goran/netsecu/SilverBullet.pdf · 2002-02-07 · 6-Feb-2002 Cryptography - The Silver Bullet for Data Security? 18 How secure