Talk:Student Projects:Encryption Use/Project Summary

Project Title

A Survey on the Use of Encryption and Encryption Schemes

Team Members

• Josh Opos
• Andrew Terry
• Steven Huang
• John Naegle

Project Description

A survey of the history of encryption/cryptography shows the progression of encryption techniques. Maybe more importantly, it shows a progression of adversarial attacks and to what lengths adversaries will go to in order to decipher messages. Starting in WWI and leading all the way to today, history has shown that adversaries can and will somehow obtain transmitted cipher text. It is this realization that has lead the modern cryptographic/security community to make the fundamental assumption that adversaries are given cipher texts. Even further, they make the assumption that the encryption schemes which produce the cipher text are possessed by the adversary, leaving the security of the scheme to encryption keys (public, private, or both).

Although most of the cryptographic community is highly skilled and trained to understand these fundamental assumptions which translate into more secure schemes, many of these people are not the ones applying the encryption schemes to cyber security in industry. Even with Room 40, Ultra, etc. in which there were highly skilled personnel coming up with the encryption schemes, the use of these schemes was carried out by military and government officials that used the schemes in such ways that uncovered the underlying keys to the enemies. In modern days, we have a similar situation, however the people participating are different. Industry personnel are mostly unfamiliar with cryptography concepts and may apply encryption schemes in the wrong way, sacrificing security. Even with an encryption scheme that is 100% secure against all attacks (birthday, man in middle, etc.), using it incorrectly can yield it insecure (i.e. ECB mode). We have already seen examples of this in the Diebold DRE voting system, and we will show other examples of such incorrect use.

Further, government policy places many restrictions on encryptions standards and implementations, such that many companies and consumers are unable to use the strongest encryption methods. This causes a heterogeneous pool of encryption schemes used across many applications, which although good for security purposes, disables implementors to learn a common encryption model that would prevent them from using encryption incorrectly.

This project will discuss the history of encryption from Room 40 to RSA, and will point out the key events which led to the formulation of the current structure of encryption and possibly a hypothesis as to how the evolution of this structure will continue in the future.

Paper Outline

1.Intro

4.Encryption Policy (Steven, John)