Ankh Morpork's Finest Coder
Thursday, January 20, 2005
Last Class of my Masters
Yes! FINALLY! The last class of my MS. I'm gonna cherish this class. Hopefully it will be my last class for a very long time. I'm hoping I don't have to do my PHD just yet. I wanna work for a bit and then come back after some time and then do my PHD or MBA.
Today in CSE 539: Applied Cryptography we learnt the EVILS of biometric security. You see, things like passwords that you use for your ATM or your gmail account are called Shared Secrets, meaning that for the ATM pin, you share that with the bank ATM. Shared secrets are VERY easy for malicious people to get. For instance, I can call you up, pretend to be your bank and ask for your personal info for "verification". Well turns out, the world wants to move to Biometric security. Well, the biometric sensor, converts your thumbprint for example into a unique string. Now lets say that you use those for websites as a security tool so that they can verify that you are who you say you are. HERE IN LIES THE PROBLEM!
1) You just transmitted it over the network so anyone else can get it.
2) You just gave your thumbprint to say Amazon. Now they can use it anywhere they want.
The problem of Shared Secrets does not vanish with Biometrics. So whats the solution? I don't know. Thats why I am taking the class. I'll tell you once I figure it out :-)
So what do we do in the Applied Crypto class you say? Well here it is:
1. Introduction
- · What is Cryptography?
- · Encryption and Cryptoanalysis
- · Steganograpy
- · Basic protocols and techniques
2. Basic Cryptographic Algorithms
- · Encryption schemes
- · Random numbers
- · Security of encryption methods
- · Public Key encryption
3. Basic Cryptographic Protocols
- · Key Exchange
- · Authentication
- · Secret Sharing
- · Digital Signatures
4. Intermediate Protocols
- · Timestamping services
- · Subliminal Channels
- · Undeniable signatures
- · Bit commitment
- · Coin flipping on the telephone
- · All or nothing disclosure of secrets
5. Advanced Protocols
- · Zero Knowledge Proofs
- · Digital Certified Mail
- · Elections
- · Digital Cash
6. Cryptographic Techniques
- · DES
- · RSA
- · DSA
- · Key Management
- · Compromised key handling
7. The Real World
- · Commonly used software
- · The law and Cryptography
- · Politics