Cryptography

The History and Mathematics of Codes and Code Breaking

Month: November 2014 (Page 1 of 3)

Practical Cryptography - Resources

As I mentioned in class, you'll want to use reputable and scholarly resources for your final paper. I've listed several categories of resources below, along with examples of each.

For more scholarly sources, check Google Scholar or the Vanderbilt Library's Database Search. For the latter, I recommend selecting a subject (e.g. Business) and leaving the search field blank. For most subjects, you'll receive a list of key databases for that subject. Open the database to search by keyword for articles relevant to your paper.

Practical Cryptography - Brainstorming Notes

From last week's brainstorming sessions for the Practical Cryptography class project...

What topics might we include in this guide? What do you want to learn about? What might your fellow students be interested in learning? What should they know about cryptography?

  • Deep Web and privacy
  • University censorship
  • Online shopping security
  • Phishing: VUIT, sports
  • School tech policies
  • Take advantage of / not get taken advantage of
  • University data mining
  • Online / cell phone tracking
  • Twitter hacking

What tools might we use to produce this guide? Diigo, WordPress, Twitter, others? Consider both production and distribution phases.

  • Twitter: for publicity, mention @vanderbiltu
  • WordPress: Dedicated site and URL
  • Diigo: topic ideas, shared references

Related: How should we tell Vanderbilt students about the guide? How can we get the word out, either during or after production?

  • Twitter
  • Pyramid scheme
  • Some kind of event re: 1 or more topics
  • Email all students?
  • Tree posters with QR codes
  • Commons email
  • VU Facebook / VU News
  • Hustler

What timetable should we follow to produce this guide? Notable dates: 11/24-28 is Thanksgiving Break. 12/3 is the last day of classes. 12/6 is the date of our “final exam.”

  • Topics by Monday, November 17th
  • Spring: (more) publicity

How might we use class time productively over the next few weeks?

  • Discuss / brainstorm topics
    Writing days (e.g. “Can you read this?”)

You're writing a guide to practical cryptography. Let's hear some possible chapter titles.

A torr way of life
The Cloud is Leaking
Cryptography!
The Darkness of the Deep Web
Protect yourself
How to be nowhere
Is your password strong enough?
How to wear an invisibility cloak online
What does the government know about you?
How secure are your passwords?
Hacking into Emails 101
Rebooting Your iPhone Just Might Save you Jail Time
Navigating the Dark Web
Censorship: What you can and can't say on campus
Hacking Emails 102
RSA: How does it really work?
How To Be Nowhere: Avoiding Government Tracking
Who's watching you?
Leave No Trace: Avoid Being Tracked
Instead of "The Cloud is Leaking," why not say "raining"?
Don't Lose Your Life Savings Trying to Get a Discount: Staying Safe When Shopping Online
Cookies are not to eat
hi
Don't Take the Bait: Preventing Phishing Attacks
Cookies are not all bad.
Cookies are not to eat.
Thinking a cookie is chocolate chip when it's actually oatmeal raisin leads to sadness
Phishing: trying to get any type of personal information about someone over the internet by pretending to be a reliable source
Axciom: The Next Frontier of Privacy Invasion
XKeyscore: The previous frontier of privacy invasion
Canadian Netflix Has Downton Abbey: A Beginner's Guide to Using Proxy Servers
Avoiding Online Price Discrimination: Trash your Cookies
1 Comment

Math Exam Study Guide

Here's a digital copy of the study guide for Friday's math exam: Math Exam Study Guide (PDF). Included is a list of learning objectives addressed by the math exam, along with a dozen practice problems. And here are solutions to those practice problems: Solutions to Practice Problems (PDF).

Update: Hey, look, More Practice Problems!

Another Update: Solutions to More Practice Problems! And a handwritten solution to Question 1.

The Debate: Security vs. Privacy

During class last week, we held a debate on the following proposition:

The US government should be given wide latitude to use electronic surveillance in the interests of national security, even if that means citizens' privacy is not always respected.

We've discussed this proposition several times during the course, notably on the first day of class, when we discussed Edward Snowden's revelations about the NSA, and then a few weeks ago, during our class sessions on Cory Doctorow's novel Little Brother. Last week, we read Simon Singh's treatment of the issue in his book, The Code Book, and so it was time for a proper debate.

Before class, students were asked to make arguments for or against the statement in blog posts. You can read all of those blog posts here.

During class, six students volunteered to debate. Three were randomly assigned to the "PRO" side (security), three to the "CON" side (privacy). Each side had ten minutes to prepare opening arguments, then five minutes each to present opening arguments. Then the jury, consisting of three other students, evaluated the strength of the arguments made and gave each team of debaters feedback. That lead into round two, during which each side responded to the arguments made by the other side during the first round.

How did the debate play out? See this Google Doc capturing the main points of the debate, with notes taken by two of our three notetakers. The third notetaker live-tweeted the debate using the course Twitter account, @practicalcrypto. Below, you'll find a collection of those tweets, which were more entertaining than expected.

As I said at the end of the debate, if we had a bit more class time, we could have brainstormed some compromise solutions that responded to concerns of both sides. We might still come back to that, depending on how the last few weeks of the class go.

 

 

Finding a Balance

The US government should be given some latitude to infringe on citizen's privacy when it comes to national security. The reason I say some latitude is because this should only pertain to national security, not to daily breaking of laws.

Singh identified on page 293 that privacy for ordinary people has never entailed cryptography until recently. That is because exchanges between people have not been in a public space (the internet) until the internet was available to everyone. Singh also said on page 250 that the government weakened the encryption so that the average person cannot hack it and only they can. There has to be a sense of privacy for the citizens while maintaining security for the country.

The government should be able to computer based algorithms to intercept certain keywords on electronic media that may indicate a national threat. This process should be done by a computer with no human interaction, however, once a threat has been flagged it would allow someone to evaluate whether intervention is necessary. The government employees should not be allowed to individually eavesdrop on standard communications without a warrant, but if it is computer automated it should be allowed. If the infraction is anything that is not a national security issue, it should be ignored, no matter how severe the law being broken. This discrepancy should keep a balance between security and privacy.

At the end of the day we all have to trust our government; As long as the government is out to protect our national security and not to prosecute the citizenry, the balance will work.

Photo Credit: "afghanistan" by The U.S. Army via Flickr CC

Photo Credit: "afghanistan" by The U.S. Army via Flickr CC

Protect our Privacy

In my opinion, the U.S. government should not be given a large ability to use electronic surveillance for national security. Surveillance might catch criminals, but it also catches a lot of innocent people in its path. Citizens have a right to their privacy, a right that the government should not intrude upon without good cause. Giving the government a wide latitude to use electronic surveillance seems to me like it would give them the opportunity to surveil people even if they weren’t suspicious, doubtlessly intruding on countless private messages that a completely innocent person is sending. Our government is by no means flawless; some of their actions in the past regarding surveillance have definitely fallen into a moral grey zone. For instance, the U.S. government used unjustified wiretaps on Martin Luther King Jr. for several years, gathering not only information that would help them in debates concerning civil rights but “bawdy stories” and “embarrassing details about King’s life” (Singh, p. 307). Clearly, they have used wiretapping unduly before; allowing them a breadth of access to electronic surveillance would undoubtedly result in them pressing their advantage too far in some cases.

Photo Credit: "Security" by Dave Bleasdale via Flickr CC

Photo Credit: "Security" by Dave Bleasdale via Flickr CC

 

In addition, citizen privacy during transactions is extremely important to the economy of the United States as well as the economy of the globe. Without secure encryption, messages sent using the internet and purchases on the web would be far less trustworthy. Furthermore, as purchases on the internet have increased, there is greater incentive for criminals to try to decode these purchases and reach credit card information (Singh, p.308). Imagine all of the purchases that occur over the internet in this day and age; it would be incredibly destructive if someone could break into the encryption scheme we use to protect them. Millions of people could lose their credit card information, and a break in to this effect would undoubtedly dissuade some people from purchasing much on the internet anymore. Allowing the U.S. government a larger reach in electronic security would surely mean that the encryption we were using for online transactions would have to go down; the U.S. government has been trying to decrease the private citizen’s level of encryption for years in order to allow easier access to the government to their information. They might try to switch us to the American Escrowed Encryption Standard, which would allow them a databank of all private keys, or even try to limit the length that a private key can be (Singh, p.310). Both would decrease the power of our encryption methods, hardly keeping us safe from criminals who might be searching for a way to steal credit card information. Overall, allowing great government power for electronic surveillance hardly seems like a good idea; not only would the security of our internet transactions decrease with a decrease in encryption, the government could invade our privacy much easier.

Surveillence Weakens Security

Giving any entity broad power of surveillance allows for the possibility of said surveillance being used for malicious purposes. We can see that, in many countries with stricter government, citizens are under scrutiny and often, dissenters or overly vocal critics are silenced through arrest or worse. But while this surveillance allows for malicious government action, it also weakens overall security against criminals, making it more possible to compromise financial info, online identity, and other sensitive data.

Cybersecurity relies on a reliable encryption method in order to keep communications, transactions, and documents secure. The encryption must be reversible by the recipient and keep the message inaccessible to interceptors. Allowing the government to read messages would necessitate some sort of backdoor in the encryption. This has two disadvantages: by introducing a backdoor, we create flaws and weaken the cipher. This results in the difficult task of making a backdoor accessible to only the government. The second disadvantage is related, in that the nature of the backdoor and the details of its functioning must be kept secret as well to prevent third parties from gaining the ability to decrypt any encrypted message. If those details were to leak, say in an Edward Snowden-like scenario, the cryptography would become useless.

We saw in Chapter 7 of Singh’s The Code Book that, in the case of Phil Zimmerman and his Pretty Good Privacy program, his packaging of RSA and IDEA encryptions conflicted with a law in a recent anticrime bill requiring electronic communications services to allow government access to any plaintext communication if requested. The danger posed to the government by PGP resulted in Zimmerman being classified as an arms dealer, as powerful encryption was a risk to the security of the country. The mathematics behind RSA does not allow for an easy installation of a backdoor without majorly decreasing the strength of encryption.

Giving the government wide latitude to use electronic surveillance can provide a temporary security; we can’t deny that. However, we are creating flaws in our security; flaws that can be exploited by criminals and governments overreaching their power. Allowing broad electronic surveillance can give more security now, but in the long run will only lead to weaker privacy for everyone.

Iron_Bishop. Wikimedia Commons. Creative Commons.

 

Necessity of Government Surveillance

As the world is currently in an information age and more information is being sent via the world wide web, it is necessary for the U.S. government to be given wide latitude to use electronic surveillance, even if that means citizen's privacy isn't always respected. The potential benefits of the government using electronic surveillance and the possible consequences of the government not utilizing electronic surveillance outweigh the potential loss of privacy of its citizens.

With increases in strength of encryption mechanisms, it is pivotal that the government and law enforcement agencies have wide latitude to use electronic surveillance so that they can stay one step ahead of the "bad guys". In Singh chapter 7, it is noted that "organized crime members are some of the most advanced users of computer systems and strong encryption." Also, there was a group labeled the "four horsemen of the infocalypse", being drug dealers, organized crime, terrorists and pedophiles. According to Singh, these are the four groups which benefit the most from strong encryption. All of these groups are constantly becoming more of a problem in our world today, and without the utilization of electronic surveillance, it can be nearly impossible to gather enough information to deal with these criminals in the best manner. If the government has wide latitude to use electronic surveillance, it would have the ability to catch some of these criminals and even prevent crimes and acts of terror from happening. However, without the use of electronic surveillance there would be many individuals and groups who would get away with criminal acts when they wouldn't otherwise. As seen in Singh chapter 7, the FBI still claims that "court ordered wiretapping is the single most effective investigative technique used by law enforcement to combat illegal drugs, terrorism, violent crime, espionage and organized crime."

It does need to be noted that when the U.S. government has wide latitude to use electronic surveillance, there is a potential invasion of the privacy of individuals. While I believe that the safety of U.S. citizens is more important than their privacy, there are those who disagree with this viewpoint. Even if we give the U.S. government wide latitude to use electronic surveillance, they should still do what they can to protect the privacy of individuals as much as they can at the same time. There are many ways to go about this, from an escrow system, to tighter regulations on the usage of information gained via surveillance. While the privacy of individuals is important, it is their obligation to allow their privacy to potentially be breached if it is for a more secure nation and society.

Camera-IMG_1961

Photo Credit: "Camera-IMG 1961" by Rama via Wikimedia Commons, Creative Commons

9/11 Changed Everything

At the time Singh wrote the novel, there was no blatant reason for the government to use surveillance for the interest of national security. Then September 11, 2001 happened. This day completely changed the interests of both the American citizens and the government. After this terrorist attack, people were willing to give up their privacy in order to achieve more security. I am not saying that the government should have complete control over all communications all the time. What I am saying is that the government should have substantial surveillance over communications in order to prevent other significant threats to the citizens of the United States.

In times of fear, people are willing to give up some of their privacy in order to feel safer. The thing is, cryptography should not disappear. Cryptography will only keep improving, and there is little to nothing that the government can do to slow it down. What the government, mainly the NSA, can do is keep its cryptanalysis above and better than the cryptography present at the time. Then the government can use its cryptanalysis in order to analyze and read encrypted messages. The government used wiretapping in the 1920s, but its new weapon is code breaking. Of course, citizens will always want their information to be private, but with the new information age, the government can use data mining and break through encryptions in order to evaluate certain suspects without any normal computer user ever noticing. The government can give people the illusion of privacy while also providing them with the reality of security.

It’s not so much whether the government can have wide latitude but what it can do with its wide latitude. For all we as normal citizens of the nation know, the government can read any and all of our messages. The government has the technology to break into almost any kind of encryption with its super computers, so as long as the government stays within its boundaries of security and does not blatantly invade its citizens’ privacy, it can continue to successfully use its array of electronic surveillance.

Photo Credit: "tower1-2"  by Damlan Korman via flickr CC.

Photo Credit: "tower1-2" by Damlan Korman via flickr CC.

 

Surveillance protects our children

 

 

All American citizens are entitled to their privacy. It must be remembered, however, that any electronic privacy granted to citizens is also granted to who Singh calls the "Four Horsemen of the Infocalypse - drug dealers, organized crime, terrorists, and pedophiles". Because of this, all citizens should be more than willing to give up a little privacy to protect their families, neighbors, friends, and all citizens.

CC image courtesy of Lunar New Year on Flickr

CC image courtesy of Lunar New Year on Flickr

Imagine you have a child. Imagine they were being targeted by an online pedophile. This pedophile is making disgusting comments to your child and trying to persuade them to meet.If you are like most people, you would probably contact the police or do something similar in an attempt to catch this person that is targeting your child. Now imagine that the police tell you that there is nothing they can do about it at the moment because they are required to protect the electronic privacy of citizens.

Many proponents of electronic privacy are worried about what the government is reading of theirs. This is just evidence of the geocentricism of Americans. As scandalous of a life you think you lead, the government really doesn't care unless you are plotting something that endangers the country. By insisting on your privacy to keep your gossip or your secret online relationship hidden, you're stopping the government from potentially preventing mass shootings or terrorist attacks or even child abductions. 

Page 1 of 3

Powered by WordPress & Theme by Anders Norén