Government and Cryptography Sandy Kutin CSPP 532 8/14/01.
-
Upload
miranda-hampton -
Category
Documents
-
view
215 -
download
0
Transcript of Government and Cryptography Sandy Kutin CSPP 532 8/14/01.
![Page 1: Government and Cryptography Sandy Kutin CSPP 532 8/14/01.](https://reader036.fdocuments.in/reader036/viewer/2022082612/56649e395503460f94b2a99d/html5/thumbnails/1.jpg)
Government and Cryptography
Sandy KutinCSPP 5328/14/01
![Page 2: Government and Cryptography Sandy Kutin CSPP 532 8/14/01.](https://reader036.fdocuments.in/reader036/viewer/2022082612/56649e395503460f94b2a99d/html5/thumbnails/2.jpg)
We, the people, ...
How, and why, does government get involved in cryptography?
Role of government: Establish justice Ensure domestic tranquility Provide for the common defense Promote the general welfare Secure the blessings of liberty to ourselves and
our posterity
![Page 3: Government and Cryptography Sandy Kutin CSPP 532 8/14/01.](https://reader036.fdocuments.in/reader036/viewer/2022082612/56649e395503460f94b2a99d/html5/thumbnails/3.jpg)
in order to form...
Provide for the common defense National Security: Import/export restrictions
Ensure domestic tranquility Law enforcement: Key escrow
Secure the blessings of liberty Encryption does this through confidentiality Government restrictions can be restrictive
![Page 4: Government and Cryptography Sandy Kutin CSPP 532 8/14/01.](https://reader036.fdocuments.in/reader036/viewer/2022082612/56649e395503460f94b2a99d/html5/thumbnails/4.jpg)
a more perfect union
Establish justice Contract law: what is a signature? Digital copyright laws, patent law
Balance rights of software/hardware companies, content providers with rights of consumers
Standard or approved algorithmsLegal standardsAlso affects national security: infrastructurePromote the general welfare
![Page 5: Government and Cryptography Sandy Kutin CSPP 532 8/14/01.](https://reader036.fdocuments.in/reader036/viewer/2022082612/56649e395503460f94b2a99d/html5/thumbnails/5.jpg)
Dan Bernstein vs.the Department of Justice
In 1990, Dan Bernstein wrote a paper Showed how to use one-way hashes for
encryption; included source code
1992: tried to get permission to publish1995: with EFF, sued the governmentCase is still being appealedMay be made irrelevant by changes to the
export laws
![Page 6: Government and Cryptography Sandy Kutin CSPP 532 8/14/01.](https://reader036.fdocuments.in/reader036/viewer/2022082612/56649e395503460f94b2a99d/html5/thumbnails/6.jpg)
Current Export Laws
January, 2000: U.S. eased restrictions: Can’t export cryptanalytic materials Strong products exportable with a license Exports not allowed to Cuba, Iran, Iraq, Libya, North
Korea, Syria, Sudan Posting on web sites could still be a problem
Europe is less restrictiveWassenaar agreement:
DES decontrolled, stronger systems controlled
![Page 7: Government and Cryptography Sandy Kutin CSPP 532 8/14/01.](https://reader036.fdocuments.in/reader036/viewer/2022082612/56649e395503460f94b2a99d/html5/thumbnails/7.jpg)
Pros & Cons
Harder for terrorists to get sensitive material
NSA keeps its edgeNow, U.S. companies
can compete
Approval process complicated
“Bad guys will have crypto anyway”
Infringes on free speech, academics
![Page 8: Government and Cryptography Sandy Kutin CSPP 532 8/14/01.](https://reader036.fdocuments.in/reader036/viewer/2022082612/56649e395503460f94b2a99d/html5/thumbnails/8.jpg)
Key Escrow
Technical issues: secret-sharing schemesClipper (voice), Capstone (data)
Algorithm is Skipjack, designed by NSA Each chip has a unit key, KU, held in escrow
Law Enforcement Access Field (LEAF):session key encrypted with KU
U encrypted with KF (fixed key)
16-bit checksum; invalid LEAFs disallowed
Proposal never really caught on
![Page 9: Government and Cryptography Sandy Kutin CSPP 532 8/14/01.](https://reader036.fdocuments.in/reader036/viewer/2022082612/56649e395503460f94b2a99d/html5/thumbnails/9.jpg)
American Standards
Government standards: AES, SHA, HMAC Helps large companies choose secure
systems, defend national infrastructure Bank doesn’t care whether NSA can break in If you don’t trust government, don’t use them
What key length corresponds to “beyond reasonable doubt”? Expert witnesses, or government standards?
![Page 10: Government and Cryptography Sandy Kutin CSPP 532 8/14/01.](https://reader036.fdocuments.in/reader036/viewer/2022082612/56649e395503460f94b2a99d/html5/thumbnails/10.jpg)
What’s your sign?
What is a signature?Electronic Signatures in Global and
National Commerce Act (E-Sign) Contract can’t be rejected because it’s digital Doesn’t apply to checks, wills, court filings, …
Problem: as we’ve said, there are lots of ways to attack a digital signature scheme
Courts will work this out, eventually
![Page 11: Government and Cryptography Sandy Kutin CSPP 532 8/14/01.](https://reader036.fdocuments.in/reader036/viewer/2022082612/56649e395503460f94b2a99d/html5/thumbnails/11.jpg)
Divorce in Dubai
Divorce in traditional Islamic law: Husband makes declaration to wife Let’s avoid religious argument; assume we live
in a country in which this is the rule
Dubai (in United Arab Emirates): 16 recent divorces by cell phone text message
Singapore, last week: Islamic authorities declared such divorces illegal Issues of authentication
![Page 12: Government and Cryptography Sandy Kutin CSPP 532 8/14/01.](https://reader036.fdocuments.in/reader036/viewer/2022082612/56649e395503460f94b2a99d/html5/thumbnails/12.jpg)
©: All Rights Reserved?
Can someone copyright encryption?Can you reverse-engineer your own hardware
or software?What if encryption, digital watermarks interfere
with fair use?Digital Millenium Copyright Act (DMCA)
1998: Work which could be used for copyright violation is an illegal “circumvention device”
We’ll look at a few cases
![Page 13: Government and Cryptography Sandy Kutin CSPP 532 8/14/01.](https://reader036.fdocuments.in/reader036/viewer/2022082612/56649e395503460f94b2a99d/html5/thumbnails/13.jpg)
DVD encryption: theory
Decryption key stored on DVD Not directly accessible by player But: piracy easy (copy DVD, key included)
2-way authentication with player’s key Each player uses one of 408 keys If one player is compromised, phase it out of future
releases
How secure is it?What if I want a Linux player?
![Page 14: Government and Cryptography Sandy Kutin CSPP 532 8/14/01.](https://reader036.fdocuments.in/reader036/viewer/2022082612/56649e395503460f94b2a99d/html5/thumbnails/14.jpg)
DVD encryption: practice
40-bit keysOne player was weak, key was broken
Weakness just made attack even faster
Scheme published; 216 attack foundCan break encryption in 20 secondsMPAA prosecuting people who write,
distribute tools to break encryptionLast week: Pavlovich (lost jurisdiction battle)
![Page 15: Government and Cryptography Sandy Kutin CSPP 532 8/14/01.](https://reader036.fdocuments.in/reader036/viewer/2022082612/56649e395503460f94b2a99d/html5/thumbnails/15.jpg)
Felten vs. SDMI
1999: Secure Digital Music Initiative Record companies, RIAA, some techs Verance Corp. developed watermarking
9/00: SDMI announces hack challenge11/00: Fentel et al. (Princeton, Rice)Broke the encryption; decided to publishAccepted for April conference, then pulledSlated for tomorrow at USENIX
![Page 16: Government and Cryptography Sandy Kutin CSPP 532 8/14/01.](https://reader036.fdocuments.in/reader036/viewer/2022082612/56649e395503460f94b2a99d/html5/thumbnails/16.jpg)
eBooks
eBooks: convenient, easy to use, but easy to copy; publishers nervous
Adobe provides a solution: locking Pro: can’t make illegal copies Con: fair use: extra copies, excerpts, resale
You can resell or upgrade computers, but you have to contact the publisher
What if the publisher no longer exists?
![Page 17: Government and Cryptography Sandy Kutin CSPP 532 8/14/01.](https://reader036.fdocuments.in/reader036/viewer/2022082612/56649e395503460f94b2a99d/html5/thumbnails/17.jpg)
Adobe vs. Sklyarov
Elcomsoft (Russian) broke encryption Legal in Russia; right to make backup PhD student Dmitry Sklyarov wrote code Elcomsoft sold 7 copies in US
7/17: FBI arrested Sklyarov in Las VegasAdobe has since dropped suit, but Sklyarov
still charged with federal crimeSklyarov released on bail last week
![Page 18: Government and Cryptography Sandy Kutin CSPP 532 8/14/01.](https://reader036.fdocuments.in/reader036/viewer/2022082612/56649e395503460f94b2a99d/html5/thumbnails/18.jpg)
Around the World
European Software Directive (1993) User has right to make back-up Reverse-engineering permitted if it is
“indispensable” for the purpose of achieving interoperability; may not be used to infringe copyright or conflict with the program owner’s “legitimate interests”
Canada working on a DMCA-like law
![Page 19: Government and Cryptography Sandy Kutin CSPP 532 8/14/01.](https://reader036.fdocuments.in/reader036/viewer/2022082612/56649e395503460f94b2a99d/html5/thumbnails/19.jpg)
Recommended Reading
Discrete Logarithms, Diffie-Hellman Stallings, Section 6.4
Elliptic Curves Stallings, Section 6.5
Import/Export Laws http://www.rsa.com/rsalabs/faq/
DMCA cases http://www.eff.org/