I crypt, You crypt
Budi RahardjoInstitut Teknologi Bandung
[email protected] – http://budi.insan.co.id
Invited Talk atIndonesian Cryptology and Information Security Conference
Jakarta, 30-31 March 2005
2005 Budi Rahardjo - I crypt, you crypt
2
Gur Pelcg Fbat
V pelcg, lbh pelcgJr nyy pelcg, sbe V pelcg
Yn, yn, yn…
2005 Budi Rahardjo - I crypt, you crypt
3
ROT13A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
n o p q r s t u v w x y z a b c d e f g h i j k l m
• Characters are shifted 13 places• Commonly used during the Usenet
newsgroup era to post puzzles or offensive messages
• There are many tools to perform rot13– Usenet news readers– Text editors: vi, emacs– Now, web-based: http://www.rot13.com
2005 Budi Rahardjo - I crypt, you crypt
4
The Crypt Song
I crypt, you cryptWe all crypt, for I crypt
La, la, la… Adapted from
“The I scream ice cream” song
I scream, you screamWe all scream for ice creamLa, la, la
Monday, TuesdayWe all scream for sundaeLa, la, la
2005 Budi Rahardjo - I crypt, you crypt
5
Daily-crypto-live
• Cryptography is part of our (digital?) live– GSM communication (with A5)– Bank ATM (PIN, encrypted communication)– Microsoft Office files can be saved with
password (RC4)– Access control (password, token, smartcard)– SSL in e-commerce– If that’s not enough, roll your own coding
scheme for puzzles, quizzes, … secret SMS messages !
– Many more …
• What does it mean?
2005 Budi Rahardjo - I crypt, you crypt
6
http://www.randomhouse.com/doubleday/davinci/
2005 Budi Rahardjo - I crypt, you crypt
7
A5 @ GSM
Source: http://www.issadvisor.com/columns/GSMSecurity/GSMSecurity.htm
2005 Budi Rahardjo - I crypt, you crypt
8
Microsoft Office Password
2005 Budi Rahardjo - I crypt, you crypt
9
What does it mean?
• It means that we already dependent on crypto for– Commercial environment– Government– Military– and … personal (home)
2005 Budi Rahardjo - I crypt, you crypt
10
Impact To Government
• Should the government come up with regulation?
• Over protected/regulated– Privacy on the line– Bad for business
• Under protected– False sense of security– National security issues?
• How to strike balance?• There will be more debates in the future
2005 Budi Rahardjo - I crypt, you crypt
11
Crypto problems in Indonesia
• The problems– Lack of understanding crypto.
A difficult subject. Not much interest. Don’t care…
– Lack of expertise in Indonesia(?)– How to build and keep talented
human resources in Indonesia?• That is why we need theSociety ofIndonesianCryptology and InformationSecurity
2005 Budi Rahardjo - I crypt, you crypt
12
Resulting in …
• As a result– Technology dependencies are high– We are at the mercy of vendors and
other governments– We were given a sub-standard products
• (e.g. shorter key length, which results in less secure system)
2005 Budi Rahardjo - I crypt, you crypt
13
International SurveilanceSource: IEEE Spectrum April 2003
2005 Budi Rahardjo - I crypt, you crypt
14
Listen, Filter, Store
Source: IEEE Spectrum April 2003
2005 Budi Rahardjo - I crypt, you crypt
15
Road from Crypto to Security
• Some would think that encryption can solve all security problems. Wrong!
• Crypto alone cannot solve all security problems– e.g. availability problems
• All of this lead to information security
2005 Budi Rahardjo - I crypt, you crypt
16
Initiatives
• There has to be security initiative(s) to solve this problem, by– Research– Product development– Applications– Standards (for military, commercial, and
personal/home use)– Certification– Education [crypto for kids?]
• Indonesia’s National Strategy to Secure Cyberspace
2005 Budi Rahardjo - I crypt, you crypt
17
Security Initiative Drivers
• Who is the driver?– Government– Academia– Commercial entities– Special interest groups
(such as our society?)
2005 Budi Rahardjo - I crypt, you crypt
18
2005 Budi Rahardjo - I crypt, you crypt
19
2005 Budi Rahardjo - I crypt, you crypt
20
What to do next?
Let’s hope that this is conference continues (annually?)
Let’s discuss this in this forum…
2005 Budi Rahardjo - I crypt, you crypt
21
Gunax Lbh