raymond yu web masthead


Monday, December 11, 2017

Privacy on the 'Net
June 1997

The Internet is an open system. The very means and protocols which enable it to interconnect different systems and users transparently become the source of the problem.

Information is bounced around dozens or hundreds of routers and then through numerous computers, organisations and countries before it arrives at your computer. In this journey, the message passes though parties you do not know nor have even heard of.

The message can easily be intercepted, sniffed or scanned - and all without you, the recipient, even knowing about it. Can you trust the message you receive?

How would you feel if you found out that your friendly local Post Office opened and read some or all of your mail and then sealed the letters again so that you never suspected a thing?

The scenario can be much worst on the 'Net. The privacy of the message you send via e-mail is much less than that for a letter sent via snail mail - for those who know how. The ability to intercept e-mail is too easy.

Another problem is that it is just so simple to forge the identity of the sender.

Say you have a fictitious friend, Fred, with whom you communicate regularly. How do you know the person whose e-mail you are reading is, in fact, Fred? Is it merely because the header information of the e-mail said it is from Fred? How do you know it is not me masquerading as Fred? (Not that I know how to do this.) After all, you cannot see or hear him as in real life or on the phone. You can never be sure!

There is a solution to these and many other problems: cryptography. In brief, cryptography can be used for:

Security - whoever wants it

Whereas in the past cryptography was the sacred domain of government spy agencies, with advances in computer technology, it is now economically available to the average computer user.

Gone are the days when only big government had the ability to use cryptography to send top-secret information. With the power of modern computers, especially the Mac, everyone can make use of cryptography. This is why governments are a bit concerned... imagine...Big Brother is no longer able to spy on us - good news for us, but bad news for them!

With governments pushing for the development of the "information superhighway" and with Internet commerce expanding rapidly, it is sad to say that security is still an unresolved online issue. The main limit to the potential of the digital medium is security.

I am of the view that cryptography is so critical that encryption technology should be neither dominated by nor controlled by the Government.

Basic Cryptography

Most people have heard of cryptography and maybe have played around with a simple cipher at some stage.

You start with a message such as "Apple is the best computer" and turn it (ie., "encrypt" it) into something unintelligible like " krratqvbpojtvbedu rsbtc" where a=k, p=r, I=a, etc.

This is a simple cipher where the conversion code is referred to as the "key". The recipient, using the same key, then simply reverses the process to retrieve the original message. This assumes, of course, that the key can be delivered securely to the intended recipient.

More complex single key cryptographic systems use a very long random key, such as the one used in the Data Encryption Standard (DES) of the US. To boost security further, a triple DES can be used where the message is encrypted three times with different DES keys.

Many modern commercial transactions use an approach known as Dynamic Key Exchange that changes the key almost constantly during transaction. This effectively makes any cracking of the code useless because, beore that can be done, the key has changed.

Public key cryptography

Public key cryptography was first developed by Hellman and Diffie in 1975. Unlike previous cryptographic systems or techniques, the key used to encode and decode the message is not the same. The process is illustrated in Figure 1.

In public key cryptography there are two keys the Public key (P) and the Secret (or private) key (S). These keys are generated only once  by the sender. (Of course, you can generate as many key pairs as you want,   provided you can keep track them all.)

The public key is made available to anyone from whom you wish to receive an encrypted message. Either you can distribute the key personally or it can be placed on one of the many public-key repositories or key servers around the world (see later in this article). The person who wants to send encrypted messages to you then uses your public key to encrypt their messages.

Once encrypted, the message can only be decrypted by you, using your secret key. Notice that even the sender cannot decrypt the message again using the original public key.

The strengths of this approach are these:

1. Only your private key can decrypt the message encrypted with your public key; and

2. The chances of the key being cracked are very low, especially when you use a key that is more than 1024 bits long.

One practical variation is that many cryptosystems use the public key to encrypt a random session key, which is similar to the single key cryptography mentioned above. This session key is i used to encrypt the actual message. The technique is often used because public key encryption is a very time-consuming and processor-intensive process.

This random session key method is employed by the popular cryptographic program called Pretty Good Privacy (PGP).

How secure is it?

Modern crypto codes are, to all intents and purposes, not economically breakable - in the sense that the cost of breaking them would probably exceed the value of the information it contained

A crude estimate (based on 1995 technology) is that it would take an attacker up to $25 billion to creak a 1024-bit RSA key. Indeed, nowadays it is arguable that electronic encryption provides better security than the paper environment.

In 1994, an international collaboration of 600 people, involving 1,600 workstations, mainframes, and a supercomputer took eight months to crack 429-bit RSA key. A similar attempt in 1997 took a group of 14, 000 people four months to crack a DES encrypted message. Yes, the code can be cracked, but the time and effort involved mean encrypted messages are very secure in practical terms.

A caveat is that, at the end of the day, security is not just a function of the encryption system - how it is being used also affects the level of security.

A program like PGP requires you to use a password (or passphrase) to access your private key. If you adopt the insecure approach (one that many people follow) of writing down the password (or passphrase) in your diary, the security offered by encryption is that much weaker.

All this talk of technicalities is fascinating, but what can public key cryptography offer you and your fictitious friend, Fred?

Advantage - confidentiality

Because only your private key can decode the message sent to you by Fred (who has previously encoded the message with your public key), you can be pretty sure that the message you receive has not been read by someone out there.

Sure, the code can be cracked (as mentioned above), but, let's face it, who is going to spend at least four months with tens of thousands of computers trying to crack the message between you and Fred? It is not exactly top secret national security stuff!

The availability of privacy for our personal communications is a good thing. Indeed, if this is translated to a business context, confidentiality becomes even more paramount. Where private commercial negotiations are leaked, a competitive advantage could be lost.

Advantage - authentication

Because a message encrypted by Fred, using your public key, can only he decrypted by someone using your private key, you can be assured that the message really did originate from Fred.

Remarkably, the process works both ways. You can encrypt a message to Fred using your private key and, when Fred receives the coded message, he can decode it using your public key.

This is not over the top. People authenticate, even in real life, but the authentication procedure is so simple that it is transparent. For example, in face-to-face communication you authenticate by looking at the person.

In a case where there is a doubt, the person's identity can be verified relatively simply. How often have you been asked to produce your driver's licence, student ID or some password?

The non-physical characteristics of the electronic medium make authentication more complex. While traditional authentication mechanisms work to some extent, they all fail in one important respect: in an electronic arena the unique identification traits can too easily be copied and used by an unauthorised person. Fraud is so easy to commit.

Cryptography comes to the rescue. It is useful to think of it as a "foolproof" (within limits) signature (see below).

Advantage - data Integrity

Now you know that the message is from Fred, how do you know it has not been doctored by some evil character, say Eric (another fictitious person) along the way? This is a less serious problem for personal communication but is a big problem for conducting business on the 'Net.

How can cryptography solve this? It does so by preventing the message from being read (and hence altered).

In addition, cryptography makes possible a technique called digital signature. This is essentially a unique string of characters that bears a mathematical relationship to the data contained within the document (see below).

How does a digital signature work?

In simple terms, the process involves passing the data (the contents of the documents) through a mathematical function (called a hash function) that generates a summary (hash code) of the data.

The hash code is then encrypted, using the sender’s private key. The resulting code is the sender’s digital signature for this particular document.

The recipient, using the same method, generates the hash code from the content or the document that has been received.

This is then compared with the accompanying hash code (which the recipient decrypts using the sender’s public key). If the two codes match, the document is verified.

The end result is that any change in the content of the document - or even a change in the scrambled code that makes up the original message - would prevent verification. This is known as a checksum.

Advantage - non-repudiation Commercial deals depend to a large extent on certainty. In real life, when people enter into a deal (eg., by signing a contract), they are certain that it is binding and that the terms are as written in the document. This certainty is supported by a legal framework.

If business-to-business transactions are to be conducted successfully on the 'Net, a similar assurance is needed. But, because the content of electronic messages can be altered so easily, either party can argue that they did not enter that agreement.

With cryptography the solution is simple and elegant: sign the document using a digital signature. The content of the document cannot then be tampered with unnoticed (data integrity) and the identity of the party is assured (authentication). Together, these prevent the document's originator denying the existence or origin of the document (non repudiation).

In a situation where the timing of business deals is crucial, time stamping techniques can be adopted to complement the digital signature, providing solid evidence that the message was sent at a particular time.


The benefits of cryptography hinge upon one thing: Fred has a copy of your public key. But how did he get it?

Since Fred is your friend, you probably sent him your key directly via e-mail. But the e-mail containing the key could itself be intercepted and someone else's key substituted. Your public key can be tampered with. Remember the evil character, Eric!

Suppose Eric intercepts your email containing your public key. He could replace it with another public key (to which he alone has the private key) but with your user ID attached.

He then redirects the e-mail to Fred, altering the header information to disguise its origin. So far as Fred is concerned, the public key is from you because your user ID is on it and the mail is from you (or appears to be).

If Fred subsequently sends you a message encrypted with your alleged public key (actually Eric's substituted public key), Eric can decrypt the message.

Indeed, Eric could then re-encrypt the message with your original public key and resend it to you. You decrypt the message using you private key as usual. Nothing appears to be wrong to you.

The scary thing is that this can be done without either you or Fred ever knowing about it!

There are two ways to avoid this:

1. Send the public key through snail mail (assuming that snail mail is safer!); or

2. Verify the key your friend receives (a matter dealt with below).

In the above situation, you know Fred. What if you don't? Or what if you receive a public key on the 'Net, allegedly from Sue? How do you know the key really belongs to Sue and not to Eric, for example?

One way is to pass the key through a mutually trusted friend. Suppose Sue also knows Fred. Fred could pass Sue's public key on to you and vouch that it is indeed from Sue. (Of course, this process also hinges on trust. How well do you trust Fred?)

On a larger scale, this trusted person is referred to as the Certifying Authority or Key Server. Basically, a trusted organisation certifies the origin of the key by signing it with the server's signature. An example is AT&T PathServer, which is supposed to take a trusted key, plus a key you want to authenticate, and return to you an active graphical representation of the paths from the trusted key to the key you want to authenticate.

Using cryptography

Here are some practical steps to using cryptography in real life.

Step 1: Get a Cryptography Program. You have two choices:

1. A simple encryption program; or

2. A public key cryptographic program like PGP.

Only the latter can do what is described in this article, although, if your needs are minimal, the former has the advantage of providing a convenient way to encrypt sensitive or confidential files.

Pretty Good Privacy is a complete public-key cryptosystem for electronic messaging. It has been released as public domain software (see box). It was originally designed by Phil Zimmerman and uses IDEA (a 128bit key) for actual data encryption and RSA (with an up to 2047-bit key) for key management and digital signatures. The RSA public key is used to encrypt the IDEA secret key as part of the message.

Because of the infamous US export restriction on cryptography, MPILIB is used instead of RSA in the international version of PGP. I have no idea how much (if at all) this approach weakens security.

MacPGP (or PowerMac PGP) version 2.6.3i is not the most user friendly program. On first sight it is rather easy to get confused, not least by the text that comes streaming across the window when the program starts up (see Figure 2 on page S). This gives the impression that this is text based software - in this day and age! The reason emerges from the accompanying documentation - the program has been ported from a non-GUI operating system!

It should not be surprising then, that the program lacks the refinement we expect from a good Mac program. This is the one thing that stops me using it more frequently than I do. Supposedly, a GUI version is on the way - hopefully soon, but don't bet on it; it has been "on the way" for two years now!

This said, once you get used to the appearance, it is not too bad...at least everything is available from the menu bar.

Step 2: Generate a public and private key pair.

On the Mac versions of PGPthis is simple enough. Choose Generate Key from the Key Menu. In the dialog box, select the number of bits you want and enter a user ID that identifies you as the owner of the key (see Figure 3).

Obviously, the more bits there are (maximum is 2048 bits) the stronger the key. But be warned - the longer the key the slower the key generation process and the subsequent encryption process - and the time it takes increases exponentially.

Step 3: Publish the public key.

On MacPGP you do this by extracting the key from your key-ring (a file where PGP keeps all your keys). From the Key Menu choose Extract Keys and follow the instructions.

To reiterate, be careful how you distribute your public key. And, at the same time, be really conscious of the origins of your friend's public key (is it really their public key?) The fact that a public key can be tampered with is the weakness of this system.

Step 4: You are now ready to send and receive messages.

You can do so in the knowledge that your message contents are secure from prying eyes.




[back to index]