Computers in Society
description
Transcript of Computers in Society
![Page 1: Computers in Society](https://reader035.fdocuments.net/reader035/viewer/2022062723/56813df8550346895da7d177/html5/thumbnails/1.jpg)
Computers in Society
Encryption
The Biological Metaphor
![Page 2: Computers in Society](https://reader035.fdocuments.net/reader035/viewer/2022062723/56813df8550346895da7d177/html5/thumbnails/2.jpg)
Homework
Questions on the encryption story?
This is due in class Thursday.
The next homework is up – Google court cases.
![Page 3: Computers in Society](https://reader035.fdocuments.net/reader035/viewer/2022062723/56813df8550346895da7d177/html5/thumbnails/3.jpg)
Quiz Wrapup
Let's check out your answers …
![Page 4: Computers in Society](https://reader035.fdocuments.net/reader035/viewer/2022062723/56813df8550346895da7d177/html5/thumbnails/4.jpg)
The Lockbox
I want to be able to receive something from a friend without worrying about anybody peeking in.
My solution: use an unbreakable lockbox with a lock that can't be picked.
I'll give my friend the lockbox and one key, I'll keep the other key. He can mail me the locked box and only I can open it.
What sort of encryption is this?
![Page 5: Computers in Society](https://reader035.fdocuments.net/reader035/viewer/2022062723/56813df8550346895da7d177/html5/thumbnails/5.jpg)
The Key Problem
I don't want to meet my friend in
private to hand him the key but I can't mail him the key either (why?).
So what if instead I put a diagram of the key on my website so he can build it himself?
Will that work?
![Page 6: Computers in Society](https://reader035.fdocuments.net/reader035/viewer/2022062723/56813df8550346895da7d177/html5/thumbnails/6.jpg)
Locks
Since anyone can build a key, anyone can pick locks on my private message.
Instead of keys, let's talk about locks.Think of a combination lock – if it's open,
you can lock something with it even if you don't know the combination.
You only need the combination to unlock!Now instead of sharing keys, I give an
unlocked lock to my friend.
![Page 7: Computers in Society](https://reader035.fdocuments.net/reader035/viewer/2022062723/56813df8550346895da7d177/html5/thumbnails/7.jpg)
Building Locks
Instead of telling everyone in the world how to build my key, I'll tell everyone how to build an open lock than only I can unlock.
Wouldn't seeing the plans for this lock make it possible for others to deduce the combination?
![Page 8: Computers in Society](https://reader035.fdocuments.net/reader035/viewer/2022062723/56813df8550346895da7d177/html5/thumbnails/8.jpg)
The Unexpected Truth
NO! I can place a "plan" for a lock in public that would allow ANYONE to build a lock without telling them enough to deduce the combination!
Plan = Public Key
Combination = Private Key
![Page 9: Computers in Society](https://reader035.fdocuments.net/reader035/viewer/2022062723/56813df8550346895da7d177/html5/thumbnails/9.jpg)
Hard math problems
Public key encryption is based on operations which are much harder to undo than do. Example: factoring large integers. It is easy to multiply but hard to factor.
Can we prove these algorithms are so tough that they can’t be solved quickly? No! The NSA might have a secret algorithm or mega-computer that cracks encryption but they are not talking! Maybe they have a working quantum computer hiding somewhere.
![Page 10: Computers in Society](https://reader035.fdocuments.net/reader035/viewer/2022062723/56813df8550346895da7d177/html5/thumbnails/10.jpg)
How It Works
Alice runs a program that generates a random key pair – one is public, one is private.
Alice places her public key on her websiteBob downloads the key and uses it to create an
encrypted messageBob sends the message to AliceTrudy knows HOW Bob created the message (that
is, she knows the same secrets that Bob does)Only Alice can decode this message since she has
the private key
![Page 11: Computers in Society](https://reader035.fdocuments.net/reader035/viewer/2022062723/56813df8550346895da7d177/html5/thumbnails/11.jpg)
What Can Go Wrong?
Lots of things can go wrong with this!
* Alice might accidentally disclose her private key – she won’t know if someone else is also decoding the message from Bob
* Bob might be tricked into using the wrong key to encode the message, allowing someone else to understand it
* The software that Bob and Alice trust to do the encryption / decryption might be compromised
![Page 12: Computers in Society](https://reader035.fdocuments.net/reader035/viewer/2022062723/56813df8550346895da7d177/html5/thumbnails/12.jpg)
What Can Go Wrong?
Lots of things can go wrong with this!
* The software Alice uses to generate keys might generate a key someone else knows or generate keys in a predictable way
* Someone with a lot of computing power might break the code with “Brute Force”
* The key could be lost – in this case there is NO realistic way to unlock the message (for big keys the brute force attack just can't work!)
![Page 13: Computers in Society](https://reader035.fdocuments.net/reader035/viewer/2022062723/56813df8550346895da7d177/html5/thumbnails/13.jpg)
Public Key Infrastructure
PKI is needed to link keys to people or institutions.
The crucial trust is the connection between Alice and her key.
This is usually handled by a certificate – a statement by a trusted 3rd party that a particular key belongs to a particular person.
Your web browser knows a lot about these things!
![Page 14: Computers in Society](https://reader035.fdocuments.net/reader035/viewer/2022062723/56813df8550346895da7d177/html5/thumbnails/14.jpg)
Hashing
Hashing is a technique for turning a big piece of information (a document) into a small one (hash code / digest) in a way that ensures small changes in the big thing will result in some change to the hash code.
This verifies the integrity of an object with a small amount of extra information (the “digest”)
![Page 15: Computers in Society](https://reader035.fdocuments.net/reader035/viewer/2022062723/56813df8550346895da7d177/html5/thumbnails/15.jpg)
Digital Signatures
A digital signature is something that produces a publicly verifiable record that you have “approved” or “signed” a document.
Someone with your public key can test whether a particular document has been signed or not by you.
Very similar to hashing except there’s also a “secret” involved.
![Page 16: Computers in Society](https://reader035.fdocuments.net/reader035/viewer/2022062723/56813df8550346895da7d177/html5/thumbnails/16.jpg)
Example
Bob generates a pair of encryption keys, one public and one private
Alice presents a document to Bob for signatureUsing his private key, Bob generates a signature
that indicates he has approved the documentUsing Bobs public key, Alice can verify that Bob
did in fact sign the documentAny third party, when presented with the
document, Bob’s signature, and Bob’s public key and verify the Bob did indeed sign the document
![Page 17: Computers in Society](https://reader035.fdocuments.net/reader035/viewer/2022062723/56813df8550346895da7d177/html5/thumbnails/17.jpg)
Digital vs Real Signatures
How do digital signatures differ from real ones?
![Page 18: Computers in Society](https://reader035.fdocuments.net/reader035/viewer/2022062723/56813df8550346895da7d177/html5/thumbnails/18.jpg)
Digital vs Real Signatures
How do digital signatures differ from real ones?
Digital signatures are affixed to a specific document – you can’t change the document after it has been signed
Anyone with the “secret” (the private key) can sign things as Bob
No real possibility of forgingSmall possibility of document tampering!
![Page 19: Computers in Society](https://reader035.fdocuments.net/reader035/viewer/2022062723/56813df8550346895da7d177/html5/thumbnails/19.jpg)
Usage of Digital Signatures
Commerce: digital signatures are as binding as ordinary ones in the law
Trust: vendors sign their products to prevent tampering (microsoft signs drivers, for example)
Identity: sign emails, postings to message boards, anything you want to guarantee is really being said by you
![Page 20: Computers in Society](https://reader035.fdocuments.net/reader035/viewer/2022062723/56813df8550346895da7d177/html5/thumbnails/20.jpg)
What You Can’t Keep Secret
Crypto doesn’t solve all problems! Just remember:• Somewhere in the system stuff gets decrypted; if someone is able to read your screen or monitor keystrokes then encryption can’t help.• Human issues (you write down a pass phrase in an unsecured place or enter your PIN number into a fake ATM) are very hard to deal with.
![Page 21: Computers in Society](https://reader035.fdocuments.net/reader035/viewer/2022062723/56813df8550346895da7d177/html5/thumbnails/21.jpg)
Computer Programs & Biology
* What is a "zombie"?
* What is a "virus"?
* What is a "worm"?
* What is a "Trojan"?
![Page 22: Computers in Society](https://reader035.fdocuments.net/reader035/viewer/2022062723/56813df8550346895da7d177/html5/thumbnails/22.jpg)
The Internet as an Ecosystem
Let's talk biology:* What is the "goal" of aliving organism?* What is "food"?* How can an organism interact with its environment?* What is evolution?* What is a parasite?* What is the "immune system"? How does it work?* How are living organisms encoded?* What is an ecosystem?* What is a vector?