Why crypto regulation is doomed to fail | Marit Hansen | TEDxKielUniversity

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
okay my my topic today is about crypto Wars The Force awakens and my crypto regulation assumes to fail so what are we talking about I think everybody knows this guy of the right that's Jerry Caesar and he invented a very well very easy encryption scheme by substituting letters from the alphabet by shifting them so the a becomes a D would be an D and so on and he thought that's very secret yes indeed if we see the example here TEDx he'll university becomes WH VA and and so on so well obviously encrypted confidential we don't get what is the meaning of that but also [Music] everybody who knows how to translate the back name he knows the key this is three letters this is the original in Caesar cipher knows how to transfer form it and into the clear text again of course you could also try to break the code and if you have a known text that's very easy because usually the frequency of letters in the alphabet is very different you see here the fifth letter in the alphabet in the English alphabet is Eve and this is the highest frequency because this has not been very secure some people think strong crypto is only for schools of politicians but we see a lot of professions that we lie and have to rely on confidentiality that is encryption for example in the medical files for example lawyers priests for example those who are inventing something and don't want to share the invention early necessary or also the police it can also be for communication for your health and fitness data you decide whether you want to share them or not for your purse drinking behavior or if you feel depressed if you feel ashamed if you feel alone if if you don't don't feel as you want to or if it's simply about surprising somebody so there are very good reasons for confidentiality and crypto can help with that and the reality is and you know the guy on the left top here Snowden we know from the files he reveals that the reality today is that government's secret services analyze emails communication store them in advanced life collection and the same is done by companies if you read the terms and conditions you will very often find that they are looking into your email this would have been forbidden and in other countries but very big companies in the Internet industry are using that if we think not about the cipher from Julius Caesar but about more advanced crypto we see that it's little bit more complicated but still manageable so Ellis has generated with her software in him a key pair that is the public part and the private part offers he tennis pop wants to send her a message he encrypts the message with her peeper public key she can publish the scheme and then everybody can send her a message but the only person who can decrypt this message is the person in possession of the private key the corresponding private key and that's herself that is only Ellis can see what others are sending her as let's assume it's comparable to a kind of headlock I have open padlocks and I will give them to all of you together with boxes and you can pull in the message into the box seal it by the padlock and then give it to me again and I've the keys for this the private keys so everybody can send me messages and it's not that easy as the Caesar cipher to be back on that crypto is available for harpists for your computer files for memory sticks or if you want to access websites if you want to edit enter information that is confidential for example your password you should never enter your password in an unencrypted website the same for credit card information and of course also for exchanging confidential messages the technology behind is different but still it comes down to very secure algorithms and in fact you see here in the in the window in the middle this is part of my public key you can send me emails if you use my public key how secure is today's crypto quite secure but there are three kinds of vulnerabilities the first one is the crypto root fault that is trying out all possible keys and at some point of time you will find the right pieces and yes that's it I can decrypt now or much easier usually it's the brute force where the human world versus more the inhuman root Falls it is about torturing or blackmailing people and getting out the key information the left brute force with a crypto brute force with today's technology takes hundreds of years if all fast computers combine their forces first not if you're working in an in a secret service and if you're trying to make the crypto technique vulnerable and now we come to the last thing that is correct nation the regulation on triple and indeed this is what is meant by crypto Wars I've been working in the fields since more than twenty years and since then there were different waves of the crypto wall that is people demanding regulation for cryptography the one thing to regulate is the export if nobody can get access to the to the strong crypto or only your citizens in a state can get access then of course it's restricted also you maybe have more more possibilities to get the access to the content this was happening in the middle of the 90s when the first infinite process were distributed and one version for the international news with a very weak crypto algorithm and the others with strong keys for the US market so you see here 40 bit was only allowed to be used in the in the German or European market thank you very much I'm not a boy group but still I get something for for my followers here and here's the year this was from the middle of the 19th I bought 20 years ago and cryptography at that time was considered a weapon and here we see the law considering as this munition and it was not allowed to export this information and this was printed in in Europe otherwise we would not have been allowed to buy it so this is the u.s. crypto algorithm as well today is nothing it's ok but it's not very secret of course and everybody got the message you cannot control the exports because it's so easy to import what is necessary if you want strong crypto okay at that time by the way in France crypto was forbidden and right now it's heavily regulated there and the other thing how to influence regulation is well press not really using the law but filling in and demanding vectors in shortcuts to get to the clear text of the messages and we know from the Snowden files that the NSA has set up an own operation target and they want to insert vulnerabilities into a commercial encryption systems and also influenced standards and policies so some experts think that all commercially available cryptography may now be proof abettors you see the journalists here is making the message via NSA thanks for making us all insecure because indeed this is harming our infrastructure the internet the communication everything our information society is based on it's a little bit similar to loss when traveling to the US so the passenger luggage can be lost but yeah they maybe the luggage may be inspected by the Transport Security Administration and if you use the so called is a lock this is what you find on the market if you looking are looking for knots for your bags then they can use their master keys and open them look into your luggage and then pass the security checks otherwise they would have to cut the lock if they want to have a check animosities now if you see a picture of them now it's available in good hands so some pictures were shown I think about three years ago and it took not long and then the 3d printers were used to make your own sense for these keys so my email is public knowledge everybody can get access to those keys and now of course the question is if anybody lost luggage with the TSA look is it's now secure should anybody now do something for example revoke them can you go to the shop and say now you and you sold me crap I want something different so it's very difficult if you rely on master keys and the key escrow the storage of keys and some organizations shares the same problem and this is something which is very often demanded by regulators that everybody who wants to encrypt may do so but please before hand issue all your keys you are using just one organization and they will make sure that access is only granted under specific conditions what you defined by the state but would you hand over your entire hearing of your apartment your workplace or your car probably not because perhaps it's a law that some police investigations may have a look at your apartment but then you are at least aware of that they must not come to you and tampering with the locks and similar is something where there's no key escrow in the beginning but everybody from the stage can ask you you to hand over the key and if you don't comply then there may be imprisonment and this is for example in the UK regulation of Investigatory Powers Act there's no court order so you can be asked and pressed into handing over keys okay but even then there are several possibilities to circumvent these regulations for example can you see here in the picture of me the treasure map it's embedded only if you use the right software you can find this treasure map and a text on that and it's embedded on the picture it's called steganography it's about hiding information and information not necessarily only in pictures but it can also be given in other pharmacy and here is the software used to modify my picture if you don't have the comparison and even by eye to eye comparison they won't get the difference then you don't know that something is embed the other thing is a circumvention by crypto itself the first thing is of course you can hand over the keys but if you do so of course they may be the second layer of encryption so you have two keys one is handed over everybody checks yeah that's all right but then it's decrypted and it's still encrypted okay in this case it will be no certain noticeable that you have encrypted your files in the second way or while some technology went wrong well there four different ways why you may not work the other thing is even more clever that there are two different keys and one piece one key that handed over P shows the innocent text and the other my treasure treasure map you see the example here a very complicated message and the first P you hand over says grandma as well and the right P this one I I want to use says this is the this is the location of the treasure so this can be done unless even the software use is recognized if you only can use crypto software that is regulated and allowed then this can be prevented but everybody with a computer can can make use of other cryptography tools so that's trip to regulation work the Export Control has not worked and strong crypto is publicly available sometimes the informations may not be all right but the algorithms are published and you can make use of them vectors are very high risk and therefore it's not recommended to go into that direction this may harm our infrastructure our society and think of smart cars smart homes and so on if there's no guaranteed confidentiality against criminals and the key escrow thing is also a high risk can be circumvented so what what do we have here now what is my dream and I hope the reality that we get used to crypto and we need more and not less good Krypton because it's the foundation of the information society because this crypto wall comes in waves and all over the place I think now we have the fourth wave I've experienced and always it's proposed by politicians who don't know else what to do but are not aware of the still similar documentation what I'd like you to do try out crypto you can make use of them I'll bet it's available it's available on the internet if you don't know how if there are problems there are crypto parties in many areas probably where you live there's also a crypto party and then I think the force will really awaken thank you very much you [Applause]
Info
Channel: TEDx Talks
Views: 31,763
Rating: undefined out of 5
Keywords: TEDxTalks, English, Germany, Technology, Communication, Computers, Cyber, Data, Internet
Id: Ay5EDAIeaj4
Channel Id: undefined
Length: 15min 32sec (932 seconds)
Published: Wed Jan 04 2017
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.