Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
6-Feb-2002 Cryptography - The Silver Bullet for Data Security? 1
Cryptography -Cryptography -The The Silver BulletSilver Bullet for Data Protection for Data Protection??
Klaus KöhlerMunich University of Applied Sciences
Fachhochschule München
E-Mail: [email protected]
Home Page: http://www.cs.fhm.de/~koehler
pgp key fingerprint: 8F 2A 16 D9 6A BF 2B F6 77 C2 39 82 1F D3 69 F4
X.509 Certificate: http://www.trustcenter.de/cgi-bin/Search.cgi
6-Feb-2002 Cryptography - The Silver Bullet for Data Security? 2
ContentsContents
• Cryptography - why and for what?• What cryptography can
– Overview of Symmetric and Asymmetric Ciphers
• How secure is current cryptography• What cryptography cannot accomplish• Conclusion
6-Feb-2002 Cryptography - The Silver Bullet for Data Security? 3
Cryptography - why and for what?Cryptography - why and for what?
❏ “ The Age of Access ” (J. Rifkin)❍ Buzzwords:
❍ Digital Revolution❍ Network-based Global Economy❍ Cyberspace❍ ...
❍ Replacement of ownershipwith access to information and cultural experience
❍ Increasing dependence of technical communicationinfrastructure
❍ Digital divide
6-Feb-2002 Cryptography - The Silver Bullet for Data Security? 4
❏ Privacy - a fundamental right❍ “Volkszählungsurteil” (Census judgement) Germany 1983
(Federal Constitutional Court):... Das Grundrecht gewährleistet insoweit die Befugnis des Einzelnen,grundsätzlich selbst über die Preisgabe und Verwendung seinerpersönlichen Daten zu bestimmen.
Einschränkungen dieses Rechts auf "informationelle Selbst-bestimmung" sind nur im überwiegenden Allgemeininteresse zulässig.
(The fundamental right ensures ... to decide ... over therelinquishment and use of his personal data.
Restrictions of this right to "informational self-determination" arepermissible only in the predominant common interest.)
Cryptography - why and for what? Cryptography - why and for what? ((contcont.).)
6-Feb-2002 Cryptography - The Silver Bullet for Data Security? 5
Cryptography - why and for what? Cryptography - why and for what? ((contcont.).)
❏ Privacy - a human right❍ European Council in Nice in December 2000:
Human Rights in the EU:the Charter of Fundamental RightsArticle 8. Respect for private and family life1. Everyone shall have the right to respect and protection for
their identity.2. Respect for privacy and family life, reputation, the home and the
confidentiality of correspondence, irrespective of the medium,shall be guaranteed.
➨ Goal: Confidentiality and integrity of personal data
6-Feb-2002 Cryptography - The Silver Bullet for Data Security? 6
Cryptography - why and for what? Cryptography - why and for what? ((contcont.).)
❏ Protection of informational self-determination– belief, thinking, preferences, communications behaviour
❏ Protection of business secrets– technical blueprints, offers, customer lists
❏ Liability of leagal transactions– tele-banking, e-government, tele-voting, e-commerce, ...
➨ Goal: Confidentiality and authenticity of data
6-Feb-2002 Cryptography - The Silver Bullet for Data Security? 7
What Cryptography CanWhat Cryptography Can❏ Terminology• Privacy, Secrecy, Confidentiality
Only intended receiver shall be able to read data.� envelope ➔ encryption (concealment)
• IntegrityReceiver can check if transmitted data have been modified.� untampered envelope
• AuthenticityReceiver can check that data were generated by sender.� known handwriting, style, voice
• Liability (Non-repudiation)The receiver can proof that the data came from the sender.� signature ➔ digital/electronic signature
6-Feb-2002 Cryptography - The Silver Bullet for Data Security? 8
Symmetric Encryption ModelSymmetric Encryption Model
Opponent XK
Cryptanalysis
X
plaintextEn-cryption
De-cryption
KeyGenerator
Plaintext
Ciphertext
X Y
K KAlice Bob
Key Key
SourceSender
DrainReceiver
• passive cryptanalyst Eve: eavesdropper• active cryptanalyst Mallet: malicious attacker• ciphertext-only attack: determine plaintext or key from ciphertext• known plaintext attack: determine key from plaintext/ciphertext pair• chosen plaintext attack: determine key from chosen plain/ciphertext pairs
6-Feb-2002 Cryptography - The Silver Bullet for Data Security? 9
X
plaintextEn-cryption
De-cryption
KeyGenerator
Plaintext
Ciphertext
X Y
K KAlice Bob
Key Key
SourceSender
DrainReceiver
K
Symmetric System
Asymmetric Encryption ModelAsymmetric Encryption Model
K’
Asymmetric System
K=PubKey(Bob) K’=PrivKey(Bob)
• K = public key of receiver• K' = private (secret) key of receiver• K' cannot be determined from K (within a limited time span).• K must be authentic, i.e. belong to the receiver.
6-Feb-2002 Cryptography - The Silver Bullet for Data Security? 10
Authentication in Asymmetric SystemsAuthentication in Asymmetric Systems
With trusted party (authentic public directory),e.g. S/MIME, X.509
Digital Signature:Proof of origin established since only Alice could create sigmsg
public directoryTrent
name pubkeyAlice 4711Bob \8%ö···
� KAlice = 4711 authentic
AliceK'Alice private
Bob�
sigmsg=DK'Alice(msg)�
msg = EKAlice(sigmsg) sensible?
6-Feb-2002 Cryptography - The Silver Bullet for Data Security? 11
How secure is current cryptographyHow secure is current cryptography❏ Levels of security• Perfect security:
No information at all leaks from the ciphertext which hadnot been known before.� Mathematical proof of security ➔ only one-time pad
secret key is as least as long as the encrypted message
• Cryptographic (practical) security:Impossible to break with currently known algorithms andfinite resources within an acceptable time span⇒ Practical security depends on
• the value of the information to be protected,• the assumed resources of the attacker• and state of technology
6-Feb-2002 Cryptography - The Silver Bullet for Data Security? 12
How secure is current cryptography How secure is current cryptography ((contcont.).)
❏ Expense of breaking a cipherComplexity measures:
– Time complexity: computing time– Space complexity: amount of memory
� Mathematical measures:– Independent of a real machine
– Count the basic operations / variables– Formula for the effort
• depending on the problem size n, e.g. key length,
• for big n• neglecting constant (problem independent) factors
– Big-O-Notation: O(c(n)): proportional ~c(n)e.g. O(n²) quadratic, O(en) exponential
6-Feb-2002 Cryptography - The Silver Bullet for Data Security? 13
How secure is current cryptography How secure is current cryptography ((contcont.).)
Examples of complexity functionsx = n = problem size, e.g. key sizey = c(n)= complexity
6-Feb-2002 Cryptography - The Silver Bullet for Data Security? 14
How secure is current cryptography How secure is current cryptography ((contcont.).)
Complexity classes•• P:P: polynomial: c ~ nk, k = fixed positive number, n = key size
e.g. encryption with RSA: c ~ n3, efficient since exponent ≤ 3
•• NP:NP: non-deterministic polynomialPolynomial on a hypothetical machine with infinite parallelism“It guesses always the right path to follow.”
⇒ Cryptanalysis problems are NP, since the right key can beguessed or all keys can be tried in parallel.
•• NP-hard:NP-hard: the most challenging among the NP-problemsIf a NP-hard problem is P, then all NP-problems are P(Famous open mathematical question NP = P ?)
•• ExpExp:: exponential: c ~ kn, k = fixed positive number, n = key sizee.g. sequential check of all 2n keys
6-Feb-2002 Cryptography - The Silver Bullet for Data Security? 15
How secure is current cryptography How secure is current cryptography ((contcont.).)
Cryptographer’s dream = NSA’s nightmare• Encryption and decryption (with known key):
Time complexity: polynomial with small exponent: c ~ nk, k ≤ 3Space complexity: linear: c ~ n
• Cryptanalysis: Time complexity or Space complexity: exponential
(at least NP, better NP-hard)
6-Feb-2002 Cryptography - The Silver Bullet for Data Security? 16
How secure is current cryptography How secure is current cryptography ((contcont.).)
Sobering reality
� Cryptanalysis complexity of almost all crypto-systems unknown
� Real crypto-systems are based on classical hard problems,e.g. prime factoring of big integers, discrete logarithm, elliptic curves
� Classical hard problems scrutinised for other purposes:not necessarily hard with respect to cryptography
� Equivalence of cracking and classical problems only suggested,not proven for most ciphers (e.g. RSA, ElGamal)
� (Smallest) complexity class of classical problems unknown(suggested, not proven)
� Known algorithms for classical problems sub-exponential (not NP)but super-polynomialException: elliptic curves(rather young in cryptography, only old, simple algorithms applicablesuch as Pollard’s Rho method, better algorithms might evolve)
6-Feb-2002 Cryptography - The Silver Bullet for Data Security? 17
Sobering reality (cont.)
� Cryptanalysis constantly improved
How secure is current cryptography How secure is current cryptography ((contcont.).)
• factorisation 1977, c = 1.92 o(1)→0
( )( ) ( )( )22 lnlnln1 nnoceO ⋅⋅+
• factorisation 1997( )( ) ( )( )
⋅⋅+ 3 23 lnlnln1 nnoceO
• discrete logarithm( )( ) ( )( )
⋅⋅+ 3 23 lnlnln1 nnoceO
• discrete logarithm forelliptic curves (ln n = key length)
( ) ( )( )neOnO ln21=
and will continue to improve• special hardware (quantum computer?)
key size n
6-Feb-2002 Cryptography - The Silver Bullet for Data Security? 18
How secure is current cryptography How secure is current cryptography ((contcont.).)
➪ Theory: Cryptography is built on sand! (mathematical)➪ Praxis: Cryptography is the strongest link in the chain
of data security measures if strong cryptography is used.
Arjen K. Lenstra, Eric R. Verheul (2001): Selecting Cryptographic Key Sizes
Year Symmetric Key Size
Classical Asymmetric
Key Size
Subgroup Discr. Log. Key Size
Elliptic Curve Key Size progress
no yes 2000 70 952 125 132 132 2005 74 1149 131 139 147 2010 78 1369 138 146 160 2015 82 1613 145 154 173 2020 86 1881 151 161 188 2025 89 2174 158 169 202 2030 93 2493 165 176 215
Example: Advanced Encryption Standard key size 128-256 bit
6-Feb-2002 Cryptography - The Silver Bullet for Data Security? 19
How secure is current cryptography How secure is current cryptography ((contcont.).)
Real threat❏ Implementation problems
– protocol failures
– “predictable” random generators– integration in applications and operating systems
❏ Organisational and infrastructure problems– authenticity and timeliness of public keys
(key distribution center, trusted third party, certificate revocation)
– incompatible interfaces and standards– license problems (decreasing)– incompatible legal systems, “key escrow”– greedy security agencies
– insufficient knowledge and familarity– missing awareness and carelessness: human factor
6-Feb-2002 Cryptography - The Silver Bullet for Data Security? 20
What Cryptography Cannot AccomplishWhat Cryptography Cannot Accomplish
❏ Ignorance and carelessness cannot be defeatedthrough technology
❏ but:Technology can andshould make the useof cryptographysimple and ergonomic,i.e. human.
6-Feb-2002 Cryptography - The Silver Bullet for Data Security? 21
What Cryptography Cannot AccomplishWhat Cryptography Cannot Accomplish
Cryptography cannot protect against❏ erroneous software, hardware failures, bad design❏ viruses, worms, trojan horses, and other vermins
but make their life and spread harder (signatures)(and can be misused to hide them in mail attachments,so that no application firewall can detect them)
❏ misuse of electronic media for commercial purposesbut provides means for self-protection
❏ automatic encryption and signing of e-mails❏ smart-card authentication instead of password authentication❏ ...
❏ measles, flu, and Finnish climate
6-Feb-2002 Cryptography - The Silver Bullet for Data Security? 22
ConclusionConclusionThe rapid development of communication technology⇒ increases dependency of techno logy and infrastructure⇒ opens new oppo rtun ities for fraud, deceit, and d eception⇒ threatens privacy, right to informational self-determination⇒ widens the gap between haves and h ave-nots,
those who h ave access and those who h aven’t (digital divide),techno logy-addicted and techno logy-victims
⇒ replaces personal relationship with technically mediatedcommunication
⇒⇒ can make life easier, safer, and richercan make life easier, safer, and richeror harder, threatening, and poorer for those who can’t keep up
Cryptography hardly can solve any social problems,Cryptography hardly can solve any social problems,- there is no silver bullet -- there is no silver bullet -
but can help to mitigate problems created by techno logy:but can help to mitigate problems created by techno logy:Currently no solution to data security without cryptographyCurrently no solution to data security without cryptography