02/14/081/32 An Introduction to Cryptography for Homeland Security Jay Ligatti University of South Florida

02/14/082/32 Outline 1. Communication problems 2. Cryptographic solutions 3. Cryptography and homeland security 4. Limitations of cryptography 5. Research challenges

02/14/083/32 A Common Scenario Members of a team need to communicate Members of a team need to communicate Hello Bob

02/14/084/32 A Common Scenario Messages need to be secure Messages need to be secure Hello Bob Hello Alice, operation X begins in 36 hours

02/14/085/32 A Common Scenario However, communication needs to go through a medium accessible by an adversary (a non-privileged entity) However, communication needs to go through a medium accessible by an adversary (a non-privileged entity) Easy to think of transmission medium as the Internet, but could be, e.g., Easy to think of transmission medium as the Internet, but could be, e.g., –copper phone lines –radio waves –courier on the ground Hello Bob Hello Alice, operation X begins in 36 hours

02/14/086/32Problems Adversary may discover secrets by passively monitoring the communication Adversary may discover secrets by passively monitoring the communication –E.g., operation X begins in 36 hours –E.g., Alice and Bob are communicating, so some operation is likely to begin soon (this is called traffic analysis) Adversary may prevent communication by destroying information en route Adversary may prevent communication by destroying information en route –E.g., convince Internet routers not to forward packets –E.g., destroy courier on the ground Adversary may disrupt knowledge by actively tampering with or forging information en route Adversary may disrupt knowledge by actively tampering with or forging information en route –E.g., overwrite 36 with 72 to desynchronize Alice from Bob –E.g., send a message to Alice impersonating Bob: “Hello again Alice, cancel operation X”

02/14/087/32Problems These are difficult problems! These are difficult problems! We don’t have perfect solutions to any of them! We don’t have perfect solutions to any of them! We do have some very convincing solutions, especially for: We do have some very convincing solutions, especially for: –Preventing passive discovery of secrets  E.g., operation X begins in 36 hours –Detecting active tampering with/forging information  E.g., overwrite 36 with 72 to desynchronize Alice from Bob  E.g., send a message to Alice impersonating Bob: “Hello again Alice, cancel operation X”

02/14/088/32 Outline 1. Communication problems 2. Cryptographic solutions 3. Cryptography and homeland security 4. Limitations of cryptography 5. Research challenges

02/14/089/32 Cryptography Cryptography is used to prevent passive discovery of, and to detect active tampering with, information en route Cryptography is used to prevent passive discovery of, and to detect active tampering with, information en route Definition: Cryptography is the study of hiding information Definition: Cryptography is the study of hiding information –Cryptanalysis is the study of finding hidden information –Cryptology = cryptography + cryptanalysis Basic cryptographic tool is a cipher Basic cryptographic tool is a cipher –Cipher is an algorithm (think recipe) for hiding information in a new message M and retrieving hidden information from M Here’s how it works... Here’s how it works...

02/14/0810/32 Ciphering Step 1: Key Establishment Communicating parties need to share a secret key (think of it as a password with about 40 keyboard characters) Communicating parties need to share a secret key (think of it as a password with about 40 keyboard characters) How do Alice and Bob obtain a shared, secret key? How do Alice and Bob obtain a shared, secret key? –No completely satisfactory answer! –Alice (or Bob) could create the key and then travel (or send a trusted courier) to Bob (or Alice) to share the key –More practically, but generally less securely, Alice and Bob could use a special key-exchange protocol (see Wikipedia entry on Diffie-Hellman) vD)w’45#... key vD)w’45#...

02/14/0811/32 Ciphering Step 2: Encryption Cipher begins with plaintext (original message) and the key Cipher begins with plaintext (original message) and the key Cipher shuffles around the encodings of the plaintext and key in very complicated ways to produce a ciphertext (message with hidden information) Cipher shuffles around the encodings of the plaintext and key in very complicated ways to produce a ciphertext (message with hidden information) –This is called encrypting the plaintext vD)w’45#... Operation X begins in 36 hours cipher plaintext key >W<$%YoPj S s-5eoy5... ciphertext

02/14/0812/32 Ciphering Step 2: Encryption T T – –Mostly, complicated repetitions of substituting some characters for other characters in the plaintext and then rearranging (permuting) the characters –Both the substitutions and the rearrangements are guided by the secret key –For low-level details of one cipher, Google “DES” here is no “magic” in the encryption procedure Fixed sequence of steps, precisely defined

02/14/0813/32 Ciphering Step 3: Message Transmission One party sends ciphertext to another One party sends ciphertext to another Even if ciphertext is intercepted, it would take adversary a very long time to figure out the plaintext (as far as we know) Even if ciphertext is intercepted, it would take adversary a very long time to figure out the plaintext (as far as we know) –Best publicly known techniques for modern ciphers require trying every possible key until one “unlocks” the ciphertext –Typically, there are about as many possible keys as there are elementary particles in the observable universe... >W<$%YoPj S s-5eoy5... ciphertext >W<$%YoPjS s-5eoy5... ????? vD)w’45#... keyvD)w’45#...

02/14/0814/32 Ciphering Step 4: Decryption The key-holding receiver can re-shuffle around the encodings of the ciphertext and key to obtain the original plaintext The key-holding receiver can re-shuffle around the encodings of the ciphertext and key to obtain the original plaintext –This is called decrypting the ciphertext Low-level details very similar to encryption (substitutions and rearrangements of characters) Low-level details very similar to encryption (substitutions and rearrangements of characters) Efficient decryption because key is known Efficient decryption because key is known vD)w’45#... cipher key >W<$%YoPj S s-5eoy5... ciphertext Operation X begins in 36 hours plaintext

02/14/0815/32 Tampering/Forgery Detection If adversary without the shared key attempts to tamper with or forge a ciphertext, she’ll almost certainly send a ciphertext that decrypts to nonsense If adversary without the shared key attempts to tamper with or forge a ciphertext, she’ll almost certainly send a ciphertext that decrypts to nonsense Hello again Alice, cancel operation X ciphertext vD)w’45#... key cipher {P#I% TO\s-... plaintext ????? This must not be from Bob!

02/14/0816/32 Key Properties of Ciphers 1. Inverse relation between encryption and decryption D(E(p,k),k) = p 2. Confusion –Relationship between key and ciphertext should be very complex –Makes it difficult to obtain key from ciphertext 3. Diffusion –Even the most minor changes to the plaintext should cause changes throughout the entire ciphertext –Makes it difficult to infer any part of plaintext from ciphertext alone (even if adversary already knows how other plaintexts get encrypted) –For example...

02/14/0817/32 Example of Diffusion in the Popular AES (Advanced Encryption Standard) Cipher Every ciphertext character depends on every plaintext character Every ciphertext character depends on every plaintext character Diffusion prevents adversary from easily inferring parts of the plaintext from the ciphertext (because every plaintext change may alter the entire ciphertext) Diffusion prevents adversary from easily inferring parts of the plaintext from the ciphertext (because every plaintext change may alter the entire ciphertext) Key Plaintext 1 Plaintext 2 AES cipher dc95c078a ad48a f8afbc74536b9a963b4f1c4cb738b Ciphertext 1 Ciphertext 2

02/14/0818/32 Outline 1. Communication problems 2. Cryptographic solutions 3. Cryptography and homeland security 4. Limitations of cryptography 5. Research challenges

02/14/0819/32 The Dual Role of Defense 1. Members of defense and response teams may need to communicate securely in the presence of adversaries –E.g., groups may want to discuss targets of investigations without adversaries learning of (and tipping off) those targets –E.g., rescue teams controlling remote robots may not want adversaries tampering with the human-robot communications

02/14/0820/32 The Dual Role of Defense 2.To monitor threats, defense teams will also generally want to take on adversarial roles in suspicious, potentially encrypted communications –Hot topic of debate: When, and to what extent, should this occur?  Cryptography can both help and hinder homeland security –Another big debate: Is cryptography a net benefit or net hindrance for homeland security (now and in the future)?

02/14/0821/32 Outline 1. Communication problems 2. Cryptographic solutions 3. Cryptography and homeland security 4. Limitations of cryptography 5. Research challenges

02/14/0822/32 Limitation 1 Adversaries can circumvent cryptography by monitoring plaintext inputs and outputs of communication channels Adversaries can circumvent cryptography by monitoring plaintext inputs and outputs of communication channels encrypt plaintext ciphertext decrypt plaintext ciphertext Intercept Alice’s and/or Bob’s plaintext

02/14/0823/32 Limitation 1 Example: Adversary installs a keystroke logger (keylogger) on Alice/Bob’s computer Example: Adversary installs a keystroke logger (keylogger) on Alice/Bob’s computer Keyloggers capture and transmit all keyboard activity before what’s being typed gets encrypted Keyloggers capture and transmit all keyboard activity before what’s being typed gets encrypted Adversary can install a keylogging program on Alice/Bob’s machine by: Adversary can install a keylogging program on Alice/Bob’s machine by: –CD/disk/download (with direct access to target machine) –Remotely connecting to and exploiting a flaw on target machine (to install keylogger without Alice/Bob’s knowledge) –Packaging keylogger program as something benign and convincing target to execute it  E.g., send keylogger as attachment and entice target to open it

02/14/0824/32 Limitation 1 Alternatively, adversary can quietly install keylogging hardware on Alice/Bob’s machine Alternatively, adversary can quietly install keylogging hardware on Alice/Bob’s machine E.g., small device inserted between a computer’s keyboard port and the keyboard cable E.g., small device inserted between a computer’s keyboard port and the keyboard cable [photo source:

02/14/0825/32 Limitation 1 Alternatively, adversary can acoustically record Alice/Bob’s typing! Alternatively, adversary can acoustically record Alice/Bob’s typing! –Each keyboard key has slightly different acoustic signature –Adversary records typing and analyzes recording Or adversary can videotape Alice/Bob’s screen ! Or adversary can videotape Alice/Bob’s screen ! Or adversary can videotape and analyze the reflections of the screen images on Alice/Bob’s face! Or adversary can videotape and analyze the reflections of the screen images on Alice/Bob’s face! Or adversary can analyze the radiation emanating from Alice/Bob’s monitor to determine what it is showing! Or adversary can analyze the radiation emanating from Alice/Bob’s monitor to determine what it is showing! Point: A powerful adversary has many avenues for monitoring communications of specific targets, even in the presence of strong cryptography Point: A powerful adversary has many avenues for monitoring communications of specific targets, even in the presence of strong cryptography

02/14/0826/32 Limitation 2 Installing and using cryptography software takes some effort and knowledge Installing and using cryptography software takes some effort and knowledge Easier not to worry about it Easier not to worry about it Sensitive unencrypted data does get stolen Sensitive unencrypted data does get stolen –In May 2006, the Department of Veterans Affairs lost a laptop containing plaintext personal data on more than 26 million U.S. military members –Led to a major overhaul in VA security procedures, including encrypting data on laptops [

02/14/0827/32 Limitation 3 Cryptography is a communications technology, with applications in computer security Cryptography is a communications technology, with applications in computer security Cryptography does not “solve” computer security Cryptography does not “solve” computer security Most computer-security problems arise from unrelated issues Most computer-security problems arise from unrelated issues –Programs are shipped with insecure default settings –Programs contain errors that attackers can exploit –Users execute malicious software because it seems benign

02/14/0828/32 Outline 1. Communication problems 2. Cryptographic solutions 3. Cryptography and homeland security 4. Limitations of cryptography 5. Research challenges

02/14/0829/32 Challenge 1 Cryptography is a large research field Cryptography is a large research field Just to mention a few topics of interest... Just to mention a few topics of interest Formal analysis of cryptographic protocols –Adversaries can sometimes gain a surprising amount of information by monitoring and disrupting communications –Can we formally prove that an entire communication session will be secure? –Application: Voting protocols  Team members may vote on best of several alternatives  How to design system to guarantee accurate vote counting with privacy?

02/14/0830/32 Challenges Tractability of cryptanalysis –Can we prove the difficulty of obtaining keys from ciphertexts? –What is the simplest cipher that makes cryptanalysis impractical? 3.Key exchange –Is there a secure way to exchange secret keys in the presence of powerful adversaries? What’s the best we can do? 4.Multiparty communications –In what ways do standard (two-party) cryptographic solutions apply to communications between more than two parties?

02/14/0831/32Summary Cryptography’s goal: make it very difficult for adversaries to access and modify information en route Cryptography’s goal: make it very difficult for adversaries to access and modify information en route Exactly how difficult is an open question Exactly how difficult is an open question In any case, powerful adversaries can sometimes use sophisticated surveillance and computer-attack techniques to circumvent cryptography In any case, powerful adversaries can sometimes use sophisticated surveillance and computer-attack techniques to circumvent cryptography

02/14/0832/32 End Thanks / Questions? Acknowledgment: This educational work was supported by NSF CAREER award CNS Any opinions expressed are those of the author and do not necessarily reflect the views of the NSF.