david evans evans cs588: cryptology university of virginia computer science lecture 20: cs588...

David Evanshttp://www.cs.virginia.edu/~evans

CS588: CryptologyUniversity of VirginiaComputer Science

Lecture 20:Lecture 20:CS588 JeopardyCS588 Jeopardy

Who wants to be a Who wants to be a quadrillionairequadrillionaire??

5 December 2001 University of Virginia CS 558 2

MenuFinalFinalWhere to go from hereWhere to go from here

Short term, medium term, Short term, medium term, long termlong term

JeopardyJeopardy


Final

Take-homeTake-home Use anything you want except other people, Use anything you want except other people,

cite any sources you usecite any sources you use Pick up at end of class today (or find on Pick up at end of class today (or find on

web if you aren’t here)web if you aren’t here) No time limit, but its No time limit, but its notnot a research project. a research project.

About 5 hours should be plenty. About 5 hours should be plenty. Turn in before 5:00pm on Monday 10 DecTurn in before 5:00pm on Monday 10 Dec


Final Question

Design GovNeT – a secure internetDesign GovNeT – a secure internet To get an “A” convince me I wouldn’t be To get an “A” convince me I wouldn’t be

inclined to move to Canada if you are inclined to move to Canada if you are appointed chief architect of GovNeT. Your appointed chief architect of GovNeT. Your answers are technically sound, well answers are technically sound, well described and clear.described and clear.


What next? Short Term

Avi RubinAvi Rubin Olsson 120, Thursday, 20 Dec at 10:30amOlsson 120, Thursday, 20 Dec at 10:30am ““Publius: A robust, tamper-evident, Publius: A robust, tamper-evident,

censorship-resistant web publishing system”censorship-resistant web publishing system”A bit like the Retspan/Padster system A bit like the Retspan/Padster system

from 7 Nov Manifestfrom 7 Nov Manifest Still time to recruit College students for CS200Still time to recruit College students for CS200


What next?Long Term (Graduating 4th Years)

Get a cool security jobGet a cool security job Companies in Virginia/DC:Companies in Virginia/DC:

Cigital, Ernst & Young, NSACigital, Ernst & Young, NSA Companies further away:Companies further away:

Counterpane, RSA, @Stake,Counterpane, RSA, @Stake,

CheckPoint, VeriSign, CryptographyCheckPoint, VeriSign, Cryptography


What next?Long Term (Non-graduating students)

Do research projectDo research project I will supervise (and possibly fund over I will supervise (and possibly fund over

summer) projects on security, programming summer) projects on security, programming languages, swarm computinglanguages, swarm computing

If you want me as your TCC advisor, you If you want me as your TCC advisor, you need to start working with me before need to start working with me before FebruaryFebruary

Look for course on secure programming in Look for course on secure programming in Fall 2002 Fall 2002


Thanks!


Jeopardy


Jeopardy Rules $1Q, $2Q, $4Q – raise hand to answer, first $1Q, $2Q, $4Q – raise hand to answer, first

team spotted will be asked to answer, whoever team spotted will be asked to answer, whoever is picked must answer right awayis picked must answer right away Lose value for wrong answer.Lose value for wrong answer.

All teams answer $10Q questions, answer value All teams answer $10Q questions, answer value at complete discretion of judgesat complete discretion of judges

After all questions, there will be Final JeopardyAfter all questions, there will be Final Jeopardy Team with the highest total, gets prizes (don’t Team with the highest total, gets prizes (don’t

get cash)get cash)


Prizes: Top Team Simon Singh, “Fermat’s Enigma”Simon Singh, “Fermat’s Enigma”

Author of “The Code Book”Author of “The Code Book” Neal Stephenson, “Cryptonomicon” Neal Stephenson, “Cryptonomicon”

Describes a low-tech card cipherDescribes a low-tech card cipher Stephen Ambrose, “Undaunted Courage”Stephen Ambrose, “Undaunted Courage”

How to manage research projectsHow to manage research projects ““Surely You’re Joking, Mr. Feynman”Surely You’re Joking, Mr. Feynman”

Stories about our favorite quantum Stories about our favorite quantum safecrakersafecraker

CipherCipherss AliasesAliases

Shameless Shameless Self-Self-

PromotionPromotion

CryptograpCryptographic hic

ProtocolProtocolss ProjectsProjects

11

22

44

1010

CS588 JeopardyCS588 Jeopardy

11

22

44

1010

11

22

44

1010

11

22

44

1010

(All values in $Quadrillions)

11

22

44

Final Jeopardy


Ciphers 1

Yjq kpxgpvgf Yjq kpxgpvgf vjku ekrjgt?vjku ekrjgt?


Ciphers 1

Who invented Who invented this cipher?this cipher?

ChoicesJulius Ceasar Return


Buffer


Ciphers 2

Kv xmmv a Kv xmmv a qjuhhgy glpiju?qjuhhgy glpiju?


Ciphers 2

Is this a perfect cipher?Is this a perfect cipher?

Return

Choices

No (because of spaces)Yes (encrypted with random one-time pad)


Buffer


Ciphers 4

Who won this Who won this weird art object weird art object by being named by being named Flemish Flemish personalities of personalities of the year?the year?

Choices


Ciphers 4


A. Alice Rijn and Bob Dael

B. Joan Daemen and Vincent Rijmen

C. Eric Rijnem and Marc Daeren

D. Michaël Goosens and Sven Vermat


Buffer


Ciphers 10

In order, what are the 10 most common letters in typical English?


Ciphers 10In order, what are the 10 most common letters in typical English?

E T A O I N S H R D (L U)David Copperfield etaoinhsrdlmuwycfgpbvkxjqz Pride and Prejudice etaonihsrdlumcyfwgbpvkzxjq Wuthering Heights etaonihsrdlumcyfgwpbvkxjqz Gulliver's Travels etoanisrhdlumcfwygpbvkxjqz Alice in Wonderland etaoihnsrdluwgcymfpbkvqxjz British Corpus etaoinsrhldcumfpgwybvkxjqz

(90M UK English) Brown Corpus etaoinsrhldcumfpgwybvkxjqz

(1M words of US English)

Return


Buffer


Aliases 1

Who didn’t violate the terms of Who didn’t violate the terms of his parole to play a CIA his parole to play a CIA cryptography expert on the cryptography expert on the ABC TV show “Alias”?ABC TV show “Alias”?


Kevin MitnickKevin Mitnick

Aliases 1

The famed computer hacker Kevin Mitniick, who eluded police, U.S. Marshals and FBI agents for over two years before finally being caught makes a guest appearance as a CIA computer specialist. Mitnick was released from prison in January, 2000, and is on supervised release until January, 2003, during which time he is prohibited from using computers without the permission of the U.S. government. “Alias” producers have been working closely with Mitnick’s probation officer to ensure only prop computers are used in the filming of his scenes.

Return


Buffer


Aliases 2

Avi Rubin’s talk on Dec 20Avi Rubin’s talk on Dec 20 thth is is about a censor-resistant about a censor-resistant publishing system called publishing system called “Publius”. Who used “Publius” “Publius”. Who used “Publius” as an alias? (2 out of 3 for correct as an alias? (2 out of 3 for correct answer, 1 to save penalty)answer, 1 to save penalty)


Avi Rubin’s talk on Dec 20Avi Rubin’s talk on Dec 20thth is about a is about a censor-resistant publishing system called censor-resistant publishing system called “Publius”. Who used “Publius” as an “Publius”. Who used “Publius” as an alias?alias?Alexander Hamilton, James Madison, Alexander Hamilton, James Madison, and John Jay to publish the Federalist and John Jay to publish the Federalist papers in New York papers in New York Independent Independent JournalJournal to support ratifying the to support ratifying the ConstitutionConstitution

Aliases 2

Return


Buffer


Aliases 4

Why is the number of this Why is the number of this course 588?course 588?


Aliases 4

Return

500 – higher numbers are better for your resume

88 – number of keys on a standard piano


Buffer


Aliases 10

Explain the following names: (Sometimes a Explain the following names: (Sometimes a creative “incorrect” answer is better than a dull, creative “incorrect” answer is better than a dull, correct one.)correct one.)

CFBCFB

DESDESRSARSARC6RC6SHASHASSLSSL


Aliases 10

CFBCFB Cipher Feedback Mode Cipher Feedback ModeDESDES Data Encryption Standard Data Encryption StandardRSARSA Rivest, Shamir, Adelman Rivest, Shamir, AdelmanRC6RC6 Rivest Cipher (aka Ron’s Code) Rivest Cipher (aka Ron’s Code) 66

SHASHA Secure Hash Algorithm Secure Hash AlgorithmSSLSSL Secure Socket Secure Socketss Layer Layer

Return


Buffer


Shameless Self-Promotion 1

Which of the following have published papers with Dave as an author?

A. USENIX Security Symposium B. IEEE Security and PrivacyC. Hacker’s Digest D. Hawaii International Conference on

System Sciences


Shameless Self-Promotion 1

Which of the following have published papers with Dave as an author?

A. USENIX Security Symposium B. IEEE Security and PrivacyC. Hacker’s Digest D. Hawaii International Conference on

System Sciences

Return


Buffer


SSP 2

The reason you got slips with The reason you got slips with your scores on them is that your scores on them is that Dave’s algorithms teacher Dave’s algorithms teacher misrecorded his 83 on the misrecorded his 83 on the midterm as a 38. Who was midterm as a 38. Who was Dave’s algorithms teacher?Dave’s algorithms teacher?


SSP 2

Return

The reason you got slips with The reason you got slips with your scores on them is that your scores on them is that Dave’s algorithms teacher Dave’s algorithms teacher misrecorded his 83 on the misrecorded his 83 on the midterm as a 38. Who was midterm as a 38. Who was Dave’s algorithms teacher?Dave’s algorithms teacher?

Ron Rivest


Buffer


SSP 4

Dave’s thesis project was called Dave’s thesis project was called “Naccio”. What does the name “Naccio”. What does the name come from? come from?

choiceschoices


SSP 4Dave’s thesis project was called Dave’s thesis project was called “Naccio”. According to “Naccio”. According to http://naccio.cs.virginia.edu/faq.htmlhttp://naccio.cs.virginia.edu/faq.htmlwhat does the name come from? what does the name come from?

A.A. Acronym for “Never Again Can Code Acronym for “Never Again Can Code Inflict Outrage”Inflict Outrage”

B.B. Extracted from Extracted from catenaccio, catenaccio, Italian Italian defensive soccer strategydefensive soccer strategy

C.C. Acronym for “No Acronym Can Acronym for “No Acronym Can Cause Instant Ovations”Cause Instant Ovations”


http://naccio.cs.virginia.edu/faq.html

Naccio is extracted from Naccio is extracted from catenacciocatenaccio, a style of , a style of soccer defense popularized by Inter Milan in the soccer defense popularized by Inter Milan in the 1960s. Catenaccio sought to protect the Inter net 1960s. Catenaccio sought to protect the Inter net from attacks, by wrapping potential threats with from attacks, by wrapping potential threats with a marker and agressively removing potentially a marker and agressively removing potentially dangerous parts (that is, the ball) from attackers dangerous parts (that is, the ball) from attackers as soon as they cross the domain protection as soon as they cross the domain protection boundary (also know as the midfield line). boundary (also know as the midfield line).

Return


Buffer


SSP 10Who of the following (on next slide) had an office on the 5th floor of NE43 while Dave was a grad student there?

Tiebreak: where were others2nd tiebreak: which one was on his D-league hockey team, the “Halting Problems”


SSP 10Who of the following had an office on the 5th floor of NE43 while Dave was a grad student there? (tiebreak: where were others; 2nd tiebreak: which one was on his D-league hockey team)

Stephanie Forrest (computer immunology)Butler Lampson (lead designer of first PC, Xerox Alto)

J. C. R. Licklider (Internet visionary)Barbara Liskov (first language with good type-safe data abstractions)

Robert Morris, Jr. (author of 1988 Internet Worm)

Ron Rivest (RSA)

Jerome Saltzer (Multics security)

5 December 2001 University of Virginia CS 558 51Return

SSP 10Who of the following had an office on the 5th floor of NE43 while Dave was a grad student there? (tiebreak: where were others; 2nd tiebreak: which one was on his D-league hockey team)

Stephanie Forrest (computer immunology)Butler Lampson (leader of first PC, Xerox Alto)

J. C. R. Licklider (Internet visionary)Barbara Liskov (first language with good type-safe data abstractions)

Robert Morris, Jr. (author of 1988 Internet Worm)

Ron Rivest (RSA)

Jerome Saltzer (Multics security; principles paper)

On 6th floor, and in New Mexico.

Died in 1990.

On 3rd floor.


Buffer


Cryptographic Protocols 1

How many messages are How many messages are transmitted in SSL to establish transmitted in SSL to establish a session key?a session key?



33

1 Oct 2001 University of Virginia CS 588 10

SSL (Secure Sockets Layer)Client Server

Hello

KRCA[Server Identity, KUS]

Check Certificate using KUCA

Pick random KKUS[K]

Find K using KRS

Secure channel using K


Bonus Question (+2)What movie is Roger Ebert reviewing below?

“In case you’re wondering, the German sub on display at the Museum of Science and Industry in Chicago is U-505, and it was boarded and captured not by submariners, but by sailors from the USS Pillsbury, part of the escort group of the carrier USS Guadalcanal. No Enigma machine was involved. That was in 1944. An Enigma machine was obtained on May 9, 1941, when HMS Bulldog captured U-110. On Aug. 23, 1941, U-570 was captured by British planes and ships, without Enigma. This fictional movie about a fictional U.S. submarine mission is followed by a mention in the end credits of those actual British missions. Oh, the British deciphered the Enigma code, too. Come to think of it, they pretty much did everything in real life that the Americans do in this movie.”


Bonus Question (+2)“In case you’re wondering, the German sub on display at the Museum of Science and Industry in Chicago is U-505, and it was boarded and captured not by submariners, but by sailors from the USS Pillsbury, part of the escort group of the carrier USS Guadalcanal. No Enigma machine was involved. That was in 1944. An Enigma machine was obtained on May 9, 1941, when HMS Bulldog captured U-110. On Aug. 23, 1941, U-570 was captured by British planes and ships, without Enigma. This fictional movie about a fictional U.S. submarine mission is followed by a mention in the end credits of those actual British missions. Oh, the British deciphered the Enigma code, too. Come to think of it, they pretty much did everything in real life that the Americans do in this movie.”

Roger Ebert’s review of U-571

Return


Buffer



Pick b = b1 b2

… bn

Alice Bob

Guess gg

Bob wins if g = b

b1, b2, …, bn b1, X, X, b4, b5 , …, bn-1 , X

b1, b2, …, bn

Checks the bi she knows matchCalculates b = b1 b2 … bn

Yossarian’s channel (50% pass through)

Oblivious-transfer coin toss from Lecture 15:

How big must n be to make the chance Alice can get away with cheating < 50%?



Pick b = b1 b2

… bn

Alice Bob

Guess gg

Bob wins if g = b

b1, b2, …, bn b1, X, X, b4, b5 , …, bn-1 , X

b1, b2, …, bn

Checks the bi she knows matchCalculates b = b1 b2 … bn

Yossarian’s channel (50% pass through)

Oblivious-transfer coin toss from Lecture 15:

Its impossible! Alice only has to change one bit to cheat, and there is always at 50% chance Bob doesn’t have that bit.

Return


Buffer



What is the world’s most What is the world’s most watched regularly watched regularly occurring event that is not occurring event that is not a soccer game?a soccer game?

Hint



What is the world’s most What is the world’s most watched regularly watched regularly occurring event that is not occurring event that is not a soccer game?a soccer game?

The only US broadcast was called “El Gran Sorteo”~1Billion people worldwide watched it last Saturday.



What is the world’s most What is the world’s most watched regularly occurring watched regularly occurring event that is not a soccer game?event that is not a soccer game?

World Cup Draw(cryptographic protocol involving picking balls out of pots)

Return


Buffer



Put these in order of increasing value:Put these in order of increasing value:

A.A. Damage done by ILoveYou Virus Damage done by ILoveYou Virus

B.B. VeriSign’s valuation (noon today)VeriSign’s valuation (noon today)

C.C. NSA annual budgetNSA annual budget

D.D. Amount Bill Gates’ Foundation is giving awayAmount Bill Gates’ Foundation is giving away

E.E. GDP of Ireland in 1998GDP of Ireland in 1998


Cypherpunks 10

A.A. Damage done by ILoveYou Virus (~$10B)Damage done by ILoveYou Virus (~$10B)B.B. VeriSign’s valuation (~$8.3B)VeriSign’s valuation (~$8.3B)C.C. NSA annual budget (probably $3B-15B, not public)NSA annual budget (probably $3B-15B, not public)D.D. Amount Bill Gates’ Foundation is giving away ($21B)Amount Bill Gates’ Foundation is giving away ($21B)E.E. GDP of Ireland in 1998 ($67B)GDP of Ireland in 1998 ($67B)

Return

Answer: B A D E (C somewhere between 1st and 4th)


Buffer


Projects 1 [Team 3]

In Team 3’s hash-based authentication scheme, how does the Mote check is Command is valid?

Generates XGenerates Xnn; ;

Calculates key Chain: Calculates key Chain:

H(XH(Xnn) = X ) = X n-1n-1 … H(X… H(X11)= X)= X00

M = E(Command || Xi)

Mote decrypts M, Checks ?Then stores Xi in place of Xi-1


Projects 1 [Team 3]

In Team 3’s hash-based authentication scheme, how does the Mote check is Command is valid?

Generates XGenerates Xnn; ;

Calculates key Chain: Calculates key Chain:

H(XH(Xnn) = X ) = X n-1n-1 … H(X… H(X11)= X)= X00

M = E(Command || Xi)

Mote decrypts M,

Checks H(Xi) = Xi-1Then stores Xi in place of Xi-1

Return


Buffer


Projects 2

[Team 2][Team 2]

The next slide shows a The next slide shows a Chess position and key. Chess position and key. What letter is encoded?What letter is encoded?


Key = 101010

Alphabet

A = 000001 = 1

B = 000010 = 2

C = 000011 = 3

…

Z = 011010 = 26

Key = 101010

Alphabet

A = 000001 = 1

B = 000010 = 2

C = 000011 = 3

…

Z = 011010 = 26

1 1 0 0 1 0

XOR 1 0 1 0 1 0 = 011000 = 24 = X

Return


Buffer


Projects 4 (anyone can answer)

Who (according to a literal Who (according to a literal interpretation of the SEAS patent interpretation of the SEAS patent policy) owns all the original ideas policy) owns all the original ideas you developed for your projects, you developed for your projects, problem sets and the take-home problem sets and the take-home final?final?


Projects 4

Who (according to a literal Who (according to a literal interpretation of the new SEAS patent interpretation of the new SEAS patent policy) owns all the original ideas policy) owns all the original ideas you developed for your projects, you developed for your projects, problem sets and the take-home final?problem sets and the take-home final?

UVA Patent FoundationUVA Patent Foundation


New SEAS Patent PolicyThis Policy also applies to and binds all This Policy also applies to and binds all undergraduateundergraduate and graduate studentsand graduate students and others and others engaged in research at UVA as a condition of their engaged in research at UVA as a condition of their participation in such research, participation in such research, irrespective of whether irrespective of whether such participation is full-time or part-time, for class such participation is full-time or part-time, for class credit or not, or whether they are paid for such credit or not, or whether they are paid for such participation.participation.

Inventions that are made in the course of research Inventions that are made in the course of research carried out at UVAcarried out at UVA, made using funds administered by , made using funds administered by UVA, or otherwise made through the use of significant UVA, or otherwise made through the use of significant UVA resources not available to the public UVA resources not available to the public are the are the exclusive property of UVAexclusive property of UVA..


Final Jeopardy:Quantum Key Distribution


Alice transmits a shared key to Bob, Colleen and Doug using Bennet’s QKD scheme, sending identical spinning photons to each person. Eve intercepts all 3 streams. What is the probability Eve can determine a single transmitted bit without getting caught?Good answer must describe what Eve does and the probability she will succeedAssume Alice, Bob, Colleen and Doug have a prefect mechanism for determining if they all have the same key after the transmission.

david evans evans cs588: cryptology university of virginia computer science lecture 20: cs588...

Documents