Unit 4 Lab 6: Internet Security, Page 2

Brian raised some concerns with this page that I do not have time to address this year. See below. --MF
GH Feedback 1/3/16: Have you considered the possibility of calling the blocks PUBLIC KEY and PRIVATE KEY instead of ENCODE and DECODE? (The status quo is not bad, I am just thinking about reinforcing the metaphor.)
GH Feedback 1/6/16:
- The last paragraph could use work. It randomly switches to the first person, which doesn't make sense.
- This misses a big discussion point -- I think at this point the DigiNotar, Superfish, and Dell SSL issues are all worth discussing.
- The XKCD is ok, but should we perhaps warn people to never post private keys if they don't get the joke? Instead of linking to the site, the link should be to that particular image.

Cryptography of the process of writing (encryption) and solving (decryption) codes. Just as TCP enables reliable transmission over an unreliable network, cryptography enables verifiable, secure transmission over an insecure network.

Watch this video from code.org:

Symmetric cryptography, uses the same secret key to encode and decrypt a message. Symmetric cryptography has been around for thousands of years. The trouble with symmetric cryptography is: how can we keep the key secret?

Long before computers, riders on horseback could swallow the key to a message if they were captured. Now, messages and keys are sent over the Internet, so symmetric cryptography won't work.

Public key (asymmetric) cryptography was created by mathematicians in the 1970s. It uses two different keys for encryption and decryption, and knowing the encryption key doesn't let you figure out the decryption key.

For example, banks each have a public key, and when users enter their password on the bank web site, the user's browser encrypts the password with the bank's key before sending it over the Internet. Then, only the bank can decrypt that message.

When you make a secure HTTP connection (the URL starts "https://" and a lock icon appears in the browser's URL bar), the browser uses a protocol called Transport Layer Security (TLS) or an older version called Secure Sockets Layer (SSL) based on public key cryptography. The site to which you're connecting sends its public key, and your browser uses it to encrypt whatever information you send (such as your password for that site).

It's also possible to use the private key for encryption and the public key for decryption. That's no good for secret messages (why not?), but it's useful for digital signatures. I use my private key to encrypt a message; you use my public key to decrypt it. If you get a meaningful message as the result, that proves that the message was encrypted with my private key. (If I want both secrecy and digital signing, I encrypt the message with my private key to sign it, then encrypt the encrypted result again with your public key to keep it secret. You decrypt it twice, first with your private key and then with my public key.) This is a nice example of composition of functions: the output from the first encryption is the input to the second encryption.

Build an encryption script encode () with () that accepts a text string (in the first input slot) and a function (in the second input slot) and encodes the text string message using the function provided. (Tips below.) Like this:

Use abstractions to simplifying your coding process:
1. Create a convert message () to unicodelist block that converts a text string (the message) into a unicode list so that you can perform the function on the numbers in the list. Using map and split.
2. Create a convert unicodelist () to message block that converts a unicode list into a text string so that you can convert the output of the function back into encoded text. Use join and map
3. Create the encode () with () block that translates the input message into a unicode list, performs the inputted function on each unicode number in the list, translates the numbers back into letters, and reports the encoded message. Use convert message () to unicodelist, map, and convert unicodelist () to message.
"U4L6-Encode"

Identify the inverse of your function.
The inverse function is the function that undoes your function. For example, if your function is $f(x)=x^2+3$ , then the inverse is $f(x)=\sqrt{x-3}$ .
Create a decode () with () block that uses your inverse function to decode the output of your encode block.

Recall that in real cryptography, the encode function would be very hard to invert. For this example, you probably have an encoding function that was relatively easy to invert. But you get the idea: if the function were hard to invert, the message would be hard to decode.

The Mathematics behind Cryptography

Cryptography uses mathematical ideas. The security in public key encryption relies on choosing an encryption key that is a difficult function to invert (undo). These one-way functions offer security because

Sending a secure message to Alice:

If Alice has function (let's call it f ) that is difficult to invert (undo), then she can post the function, f, online for everyone to see because only she knows the inverse, f ^-1, that decodes the encoding by f.
If anyone (for example, Bob) wants to send Alice a secure message M, then he can run his message though Alice's one-way function and post the result for all the world to see. In function notation, he posts f (M ).
Only Alice can decode f (M ) since only she has the inverse function f ^-1 that undoes f. She calculates f ^-1(f (M )). And since f ^-1 is the inverse of (undoes) f, the result of her calculations is M, the message Bob sent.

To send secure messages back and forth, Bob and Alice will both need to post their public keys and keep their inverse functions (their private keys) to themselves.

Open Standards Help Security

In order to work properly, a cryptographic function has to be easy for the private key holder to invert, but hard for anyone else to invert. How do we know what "hard" means? For example, current cryptographic methods rely on the difficulty of finding prime factors of very large numbers. There's no proof that someone won't come up with a fast way to do that, but people are pretty confident about it because the problem has been well studied by many mathematicians. (On the other hand, when quantum computers become practical, factorization will be easy, and new cryptographic methods will be needed.)

What makes it possible for mathematicians to study the difficulty of breaking Internet cryptography is that the method used—the cryptographic function—is openly published. This may seem strange; if you want to keep secrets, shouldn't you keep the technique secret, too? But secret algorithms can have weaknesses that go undiscovered until some bad guy exploits them. Open standards allow an algorithm to be studied before it is used in practice.

Certificate Authorities

Public key cryptography doesn't solve all the problems, because someone might publish a fake public key pretending to be Alice. Then someone might accidentally encrypt their message for Alice using the faker's key, and then the faker can read the message. In practice this is partly fixed by relying on trusted third parties, called Certificate Authorities, to issue public keys. But it is possible for anyone to set up a Certificate Authority! (In your browser's security options you can see all of the CAs that it trusts. Mine has just over 100 CAs, including governments, companies I've heard of (e.g., Microsoft), and companies I know nothing about (e.g., Thawte). I trust them because Firefox told me to, and I trust the Firefox developers.)