Air Force grant to tighten online encryption

December 14, 2009 By Bill Steele

(PhysOrg.com) -- Computer scientist Rafael Pass is seeking new approaches to cryptographic security with a $600,000, five-year grant from the Air Force Office of Scientific Research.

Computers have changed the rules for keeping secrets. Confidential information can now be encrypted with keys so long that it would take a until the end of the universe to break the code. But at the same time, with thousands of secret messages flying across the Internet, breaking actually becomes easier.

To keep cyber secrets secure, Rafael Pass, assistant professor of computer science, is seeking new approaches to cryptographic security with a $600,000, five-year grant from the Young Investigator Program of the Air Force Office of Scientific Research (AFOSR).

When many transactions occur simultaneously, say in a banking system, air traffic control network or online auction, attackers can reap information by comparing one message with another.

"An adversary controlling many computers all over the Internet can get a little information here and there," Pass explained. "Cryptographic protocols -- the rules for encryption -- have traditionally been designed to work when only one thing is happening at a time."

A simple example is the "man in the middle" attack. The attacker sits between two parties, appearing to the sender to be the receiver and vice versa. As each message passes the attacker may learn something about how it is encoded. It's not even necessary to break the entire code, Pass says, if the attacker can learn enough to make subtle changes. Now suppose a hacker can deploy thousands of automated men in the middle reading thousands of messages at once and comparing notes.

One approach to foil this attack, Pass said, is to make messages "non-malleable," giving them a complex structure that is inseparable from its content so they are impossible to open or change without leaving a trace. Imagine a jigsaw puzzle with one word on each piece; change a word and the piece might need to shrink or grow, and the puzzle no longer fits together. Such a message could even be constructed so that the receiver couldn't read all of it -- just the needed information. Two parties could carry out a financial transaction or exchange passwords without meeting face-to-face or using a trusted third party.

"I will encrypt my input, and the other party will have a way to compute an answer," explained Pass, who has already developed ways to do this with simple transactions. The next challenge, he says, is to extend it to multiple concurrent messages.

Another security method is to communicate on an agreed schedule. The man in the middle would reveal his presence by the delay in retransmitting the message, even by a few milliseconds.

New security protocols, Pass said, also must protect against "side-channel attacks," where attackers gain some information by a method other than breaking encryption, such as simply reading a password pasted to a computer monitor or intercepting radio-frequency signals radiated by a computer from outside a building.

Finally, a security system must give users an incentive to be trustworthy, Pass noted. If there is a cost to the computation needed to make communication secure, not everyone will pay it.

The ultimate goal, Pass said, is to create a mathematical proof that a security protocol can't be broken. "There are many systems that we can't break, but we can't prove they are secure," he said. "We don't know what the attacker is going to do, so the only secure way is a mathematical proof."

Pass said this may not be possible with current security models. "We may have to find new models for defining what it means to be secure."

The AFOSR Young Investigator awards support scientists and engineers "who show exceptional ability and promise for conducting basic research." Pass won one of only 38 awards out of 202 proposals.

Provided by Cornell University (news : web)

Explore further: Fighting tomorrow's hackers

Related Stories

Fighting tomorrow's hackers

February 5, 2009

One of the themes of Dan Brown's The Da Vinci Code is the need to keep vital and sensitive information secure. Today, we take it for granted that most of our information is safe because it's encrypted. Every time we use a ...

A new language could improve home computer security

September 18, 2009

Korean computer scientists have developed a security policy specification for home networks that could make us more secure from cyber attack in our homes. They report details in the International Journal of Ad Hoc and Ubiquitous ...

An oblivious transfer protocol for quantum cryptography

July 1, 2008

“It's hard to beat the noise that you have with quantum information,” Barbara Terhal tells PhysOrg.com. “So our security protocol relies on the fact that storing quantum bits noiselessly is hard to do with current technology.”

Recommended for you

A not-quite-random walk demystifies the algorithm

December 15, 2017

The algorithm is having a cultural moment. Originally a math and computer science term, algorithms are now used to account for everything from military drone strikes and financial market forecasts to Google search results.

US faces moment of truth on 'net neutrality'

December 14, 2017

The acrimonious battle over "net neutrality" in America comes to a head Thursday with a US agency set to vote to roll back rules enacted two years earlier aimed at preventing a "two-speed" internet.

FCC votes along party lines to end 'net neutrality' (Update)

December 14, 2017

The Federal Communications Commission repealed the Obama-era "net neutrality" rules Thursday, giving internet service providers like Verizon, Comcast and AT&T a free hand to slow or block websites and apps as they see fit ...

The wet road to fast and stable batteries

December 14, 2017

An international team of scientists—including several researchers from the U.S. Department of Energy's (DOE) Argonne National Laboratory—has discovered an anode battery material with superfast charging and stable operation ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.