1. Fred Piper Information Security Group

2. Cyberworld Security: What Price Must We Pay? Fred Piper Codes & Ciphers Ltd 12 Duncan Road, Richmond Surrey, TW9 2JD Royal Holloway, University of London Egham Hill, Egham Surrey TW20 0EX

3. Nottingham 20043 Outline Aim:To enjoy ourselves Content: - Setting the scene - Introducing Cryptography - Privacy - Identification/Authentication

4. Nottingham 20044 London Evening Standard 14 th August 2003

5. Nottingham 20045 What if it had said ? New mobile phone tracker helps paedophiles locate children New mobile phone tracker helps police locate suspects at scene of crime New mobile phone tracker helps burglars identify absent home owners

6. Nottingham 20046 Feature of Service (According to Newspaper) User’s phone registered by someone else who can then track their location from a PC, landline or mobile User reminded they are registered to prevent misuse User unaware location is checked Can set alert in case user leaves specified area Interest from corporates to track employees

7. Nottingham 20047 Consequences Matrix (Products and/or Legislation) Desirable, Undesirable, intentional intentional Desirable, Undesirable, unintentional

8. Nottingham 20048 What is Information Security? Some features include: Confidentiality Protecting information from unauthorised disclosure Integrity Protecting information from unauthorised modification, and ensuring that information can be relied upon and is accurate and complete Availability Ensuring information is available when you need it

9. Nottingham 20049 Impact of Technology Technology has dramatically changed the way in which information is collected, stored, analysed and distributed Changes in ease, speed and scale

10. Nottingham 200410 Cyber world: The Players The same technology is used by: Governments (friendly and hostile) Industry (including organised crime) Individuals (including ‘good guys’ and ‘bad guys’)

11. Nottingham 200411 Some Concerns Individuals SPAM Pornography Industry Patch Management Governments ‘Misuse; Confidentiality

12. Nottingham 200412 Information Security: A Fundamental Challenge Transplant the following basic ‘real world mechanisms’ to cyberspace: Trust Recognition of those you know Introduction to those you don’t know Written signatures Private conversations

13. Nottingham 200413 The Challenge: Some Complications Law enforcement/Government concern about use of encryption for confidentiality Business/Legal need for confidence in the processes Privacy issues

14. Nottingham 200414 The International Dimension Need for international regulation Difficulty in applying sanctions Need for reciprocal laws Need for harmonisation Politicians/regulators have responsibility to cooperate across international boundaries Number of EU directives

15. Nottingham 200415 - Newton Minow, Speech to the Association of American Law Schools, 1985 After 35 years, I have finished a comprehensive study of European comparative law. In Germany, under the law, everything is prohibited, except that which is permitted. In France, under the law, everything is permitted, except that which is prohibited. In the Soviet Union, under the law, everything is prohibited, including that which is permitted. And in Italy, under the law, everything is permitted, especially that which is prohibited.

16. Nottingham 200416 Do You Need Encryption? Do you send and/or receive valuable information over insecure networks ? Do you care if unauthorised people gain access to this information (and change it) ? Similar questions for stored information.

17. Nottingham 200417 Sender Am I happy that the whole world sees this ? What am I prepared to do to stop them ? What am I allowed to do to stop them ? Recipient Do I have confidence in : - the originator - the message contents and message stream - no future repudiation. The Security Issues

18. Nottingham 200418 Cipher System cryptogram c Encryption Algorithm Decryption Algorithm Encryption Key Decryption Key message m message m Interceptor

19. Nottingham 200419 The Attacker’s Perspective Decryption Algorithm Known c Wants m Note: Encryption Key is not needed unless it helps determine Decryption Key Unknown Decryption Key

20. Nottingham 200420 Two Types of Cipher System Conventional or Symmetric Decryption key easily obtained from encryption key Public or Asymmetric Computationally infeasible to determine decryption key from encryption key

21. Nottingham 200421 Mortice Lock. If you can lock it, then you can unlock it. Bevelled Sprung Lock. Anyone can lock it, only keyholder can unlock it.

22. Nottingham 200422 Cryptography involves: Algorithms Establishing Trust Key Management Politics

23. Nottingham 200423 Cryptographic Procedures Include : Designing a cipher algorithm Deciding how it is to be used Incorporating it into the existing communications system Devising a key management scheme

24. Nottingham 200424 Cryptography is used to provide: 1.Confidentiality 2.Data Integrity 3.User Verification 4.Non-Repudiation 5.Privacy/Anonymity NOTE : Digital signatures provide 2, 3 and 4

25. Nottingham 200425 Misuse of Encryption Example NAMERESULTS Good Student AXXXXXX Bad Student BYYYYYY XXXXXX and YYYYYY are encrypted grades for examination results. B can probably improve his grades.

26. Nottingham 200426 Breaking Algorithms Being able to determine plantext from ciphertext without being given key Exhaustive key search is always (theoretically) possible Well Designed Algorithm ‘Easiest’ attack is exhaustive key search Strong Algorithm Difficult to break Needs large number of keys. How many? Readily available

27. Nottingham 200427 Key Searches (Recent History) 56-bit key (DES) 1997Internet search :140 days 1998EFF DES Cracker :10 days, $210,000 1999DES Cracker + Internet :22 hours 64-bit key (RC5) 2002Internet search :4 years (used over 300,000 volunteers ) NOTE: AES has 128-bit keys (and larger) Extrapolate assuming some variant of Moore’s Law

28. Nottingham 200428 Saints or Sinners ? Receiver Interceptor Sender Who are the ‘good’ guys ?

29. Nottingham 200429 Law Enforcement’s Dilemmas Do not want to intrude into people’s private lives Do not want to hinder e-commerce Want to have their own secure communications Occasionally use interception to obtain information Occasionally need to read confiscated, encrypted information

30. Nottingham 200430 Obtaining Plaintext from Ciphertext Options: (Assuming knowledge of algorithm) Be given plaintext Be given key Break algorithm ‘Find’ key in system ‘Find’ plaintext in system

31. Nottingham 200431 RIP Act 2000 Regulations of Investigatory Power Section on lawful interception Moral issues Practical issues: how much of an overhead for companies to conform? Effect of September 11 th ?

32. Nottingham 200432 European Convention on Human Rights 1950 UK Human Rights Act 1998 A Clear Statement ARTICLE 8: RIGHT TO RESPECT FOR PRIVATE AND FAMILY LIFE 1.Everyone has the right to respect for his private and family life, his home and his correspondence.

33. Nottingham 200433 2.There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedom of others. European Convention on Human Rights 1950 UK Human Rights Act 1998 A not so clear caveat

34. Nottingham 200434 Human Rights Statements Some problems What does the caveat mean? Who decides when the exceptions are justified? Finding a balance between rights and responsibilities. The Civil Contingency Bill 2004

35. Nottingham 200435 The price of Privacy? 1. Postage stamp - letters 2. Inconvenience - E-mail 3. Inconvenience - Trash disposal 4.September 11th - Intelligence Failure 5.$36 billion 1 1 Jane Black, Business Week online June 7 2001

36. Nottingham 200436 Sidetrack: Removing the Need to Share Secrets To illustrate how it is possible to overcome the need to share secret information, we show how to deliver a present to someone via adversaries Assumption: Everyone has a padlock with a 20-digit combination chosen by them

37. Nottingham 200437 1I put the present in a briefcase and lock the case using my padlock for which only I have the combination 2I send the briefcase locked by my padlock to the other party 3They lock it with their padlock (for which only they have the combination) and then return the case to me NOTE: The case has two padlocks on it.

38. Nottingham 200438 4I use my knowledge of my combination to remove my padlock and return the case, which is now locked only by their padlock, to the third party 5They use their combination to remove their padlock and open the case.

39. Nottingham 200439 Assumptions No one can guess anyone else’s combination The padlocks are strong enough that they cannot be removed forcibly NOTE: No need for trust between individuals as no secrets have been shared Problem I have no way of being sure the correct person received the present

40. Nottingham 200440 Point of Briefcase Example Each person retains possession of their own key No need for mutual trust

41. Nottingham 200441 Identification/Authentication How is identity properly established for use in the electronic environment? Is it possible?

42. Nottingham 200442 Identity Fraud Someone adopts the name of another person in order to obtain goods or services UK losses estimated at over £1billion a year USA Today claims over 7,000,000 Americans have been the victim of some form of identity theft NB: Not all through ‘electronic identity’

43. Nottingham 200443 Identification Who are you? Prove it! Who vouches for your identity? Who are they? Why should I trust them? What liability will they (you) accept?

44. Nottingham 200444 User Recognition Methods 1.Something known by user (eg PIN, password) 2.Something owned by user (eg smartcard) 3.Biometric property of user NB: At least 2 and often all 3 of these methods are combined

45. Nottingham 200445 Personal Authentication Using Symmetric Cryptography Can only take place between two parties who are prepared to co-operate with each other. Typical scheme: A and B share a secret key K which (they believe) is known only to them. If A receives a message encrypted with key K then A believes that the message originated from B. NOTE 1: Basis of challenge-response authentication protocols NOTE 2:A and B need to protect against replays etc.

46. Nottingham 200446 Digital Signatures A signature on a message is some data that validates a message and verifies its origin a receiver can keep as evidence a third party can use to resolve disputes. It depends on the message a secret parameter only available to the sender. It should be easy to compute (by one person only) easy to verify difficult to forge.

47. Nottingham 200447 Hand-Written Signatures Intrinsic to signer Same on all documents Physically attached to message Beware plastic cards. Digital Signatures Use of secret parameter Message dependent.

48. Nottingham 200448 Principle of Digital Signatures There is a (secret) number which: Only one person can use Is used to identify that person ‘Anyone’ can verify that it has been used NB:Anyone who knows the value of a number can use that number.

49. Nottingham 200449 PK : Attacks (1)Obtain use of Private Key Mathematical Attacks Physical Attacks (2)Impersonation by public key substitution Defence against (2) PKI Identity based PK Others??

50. Nottingham 200450 Dangers of PK Substitution Message from Fred to John “Hi John this is Fred and my public key is 372 please send confidential file” Man-in-the-middle intercepts and changes “Hi John this is Fred and my public key is 591 please send confidential file” John uses 591 as public key to encrypt file and send to Fred

51. Nottingham 200451 Certification Authority AIM : To guarantee the authenticity of public keys. METHOD : The Certification Authority guarantees the authenticity by signing it with its secret key. REQUIREMENT : All users must have an authentic copy of the certification centre’s public key.

52. Nottingham 200452 Certification Process Verifies credentials Creates Certificate Receives (and checks) Certificate Presents Public Key and credentials Generates Key Set Distribution Centre Owner

53. Nottingham 200453 How Does it Work? Anyone with CA’s public key can check the signature and be confident that the CA believes Fred’s public key is 97246 NB: Producing certificate does NOT establish identity. The ‘real’ Fred Piper has access to the private key. Need protocol to establish this The CA certifies that Fred Piper’s public key Is 97246 Electronically signed by the CA

54. Nottingham 200454 Proving Identity Producing certificate does NOT establish identity The genuine owner of the public key has ‘access’ to the corresponding private key Challenge-response protocol

55. Nottingham 200455 WARNING Identity Theft You ‘are’ your private key You ‘are’ the private key corresponding to the public key in a certificate naming you

56. Nottingham 200456 Preventing Substitution of Public Keys Establish PKI CA issues certificates which bind users’ identity to public key value ‘Moves’ problem rather than solving it Creates a few more problems! Revocation

57. Nottingham 200457 Biometrics Still an emerging technology Matsumoto’s gummy fingers: immature product security Traditionally an access control technology New drivers for adoption: immigration control, identity cards

58. Nottingham 200458 User Recognition All three methods require initial identification Process then confirms that person being recognised is person who registered Importance of registration is often overlooked

59. Nottingham 200459 Who am I ? While joined by umbilical cord, there is undeniable proof you are your mother’s offspring Once cord is cut, ‘proof’ of identity relies on (removable) tags plus procedures

60. Nottingham 200460 Proof of Identity? Documentation for: -Birth -Marriage -Death No link between identity and event Alternatives?

61. Nottingham 200461 Fundamental Requirement Infrastructure to support secure technological implementation