Previous lecture
Table of contents
Next lecture

Lecture #15:  Attacking Diffie-Hellman; digital signatures & trust


Nina Fefferman was my assistant during the fall semester in this course. She has a great interest in cryptography as a mathematical discipline and in the political and social controversies which accompany it. She has worked for Counterpane, a leading crypto/computer security company.

Ms. Fefferman lectured, first discussing her work at Counterpane. This may have gone a bit over the heads of the students: too technical. She then discussed a "man in the middle" attack on Diffie-Hellman key exchange: what if Eve intercepted communication between Alice and Bob, and substituted her numbers for theirs? That is, Eve intercepts Nx (all mod P) from Alice, sends Nz to Bob, etc. So then she ends up sharing Nxz with Alice and Nyz with Bob, and can filter, etc., all of their communication. Students seemed to have some difficulty following some of the assumptions, and perhaps seemed suitably naive about "deception". She tried to actualize it to the e-mail environment at Rutgers. Again, students had difficulty understanding why people might want to impair the reliability and security of electronic communication. I remarked that a malefactor might want to "be" Bell Atlantic for 15 minutes or an hour from the point of view of the banking system. There's quite a lot of cash sloshing around electronically. Other ambitions might involve power or sheer maliciousness. She then tried to distinguish between "active" and "passive" attacks.

She moved on to the idea of digital signatures (which had been covered only briefly before) and trust. First she tried to ask how people in the "real" world learned to trust one another. Who issues drivers' licenses and why should we trust drivers' licenses? Why should we trust the state? Then she tried to discuss the whole structure of trust in the electronic world. She talked about the pyramid (tree?) of trust that was used, and how fragile it was. Who do I ask to get public RSA keys? Certificate authorities such as Certco and Entrust and VeriSign -- and they make money, too, of course. But who guarantees the certificate authorities? Perhaps this was too complex for some students. She definitely tried to cover more material than she did when she gave a similar presentation in the first semester. These students may not have gotten as much as the other students learned last semester from a more modest presentation. During the first semester she had extensive contact with the students and I think grew to understand their level of mathematical and intellectual sophistication. Several months later, I believe it became easy to overestimate how much material to cover and how detailed the mathematics should be.


Previous lecture
Table of contents
Next lecture