Intelligent EnvironmentsSecurity and PrivacyMotivationTechniquesPhysical SecurityLaw Enforcement and PrivacyU.S. ConstitutionComputer Crime LawsPrivacy and Cyber-UtopiaWiretappingEffectiveness of WiretappingDigital Telephony StandardsDigital Telephony Standards: IssuesEncryptionPrivate-Key EncryptionData Encryption Standard (DES)Public-key EncryptionSlide 18Generating Public/Private Key PairsGovernment Encryption PolicyEscrowed Encryption StandardSlide 22ESS WiretappingEES IssuesAdvanced Encryption StandardCurrent IssuesPoints to RememberPrivacy Law ResourcesFirewallsIntrusion DetectionBiometricsFace RecognitionIris and Retinal BiometricsVein IDFingerprint and HandHandwritingVoiceSoftware SafetySlide 39Degree of AutonomySlide 41Intelligent Environments 1Intelligent EnvironmentsComputer Science and EngineeringUniversity of Texas at ArlingtonIntelligent Environments 2Security and PrivacyMotivationTechniquesIssuesIntelligent Environments 3MotivationPhysical securityData securityProtect sensory dataWireless eavesdroppinge-IntrusionLevels within environmentDegree of autonomyIntelligent Environments 4TechniquesPhysical securityLaw enforcementEncryptionFirewallsIntrusion detectionBiometricsSoftware safetyIntelligent Environments 5Physical SecurityIntrusion detectionVideo surveillanceMetal detectors, X-ray scannersMotion detectors, infrared netsGPS trackingAccess control (key, card, RFbadge, biometrics)Intelligent Environments 6Law Enforcement and PrivacyConflict between an individual’s right to privacy and the government’s need to invade privacy to uphold the lawComplicated by digital data, encryption and wireless communicationsIntelligent Environments 7U.S. ConstitutionFourth Amendment (abridged)The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.Fifth Amendment (abridged)No person shall be compelled in any criminal case to be a witness against himself.Intelligent Environments 8Computer Crime LawsTexas computer crimes lawwww.capitol.state.tx.us/statutes/pe/pe0003300toc.htmlIntelligent Environments 9Privacy and Cyber-UtopiaGlobal, seamless and secure e-commerceNew encryption standard requiredIndividual privacy preservedLaw enforcement surveillance possibleU.S. computer industry globally competitiveAbility of national governments to regulate the nation preservedIntelligent Environments 10WiretappingLaw enforcement eavesdropping on communication without informing the people who are communicatingU.S. Supreme Court Olmstead v. U.S. (1928): wiretaps did not require special authorization if no trespassing necessaryU.S. Supreme Court (1967): wiretaps, even of public phone booths, require prior judicial authorizationIntelligent Environments 11Effectiveness of WiretappingActivity since 1968 (EPIC)Each wiretap actually enabled monitoring many conversationsComputerization complicates wiretappingDigital dataComputer switchingOptical fiber transmissionNeed to know data structures, formats and algorithms used in communication systemsIntelligent Environments 12Digital Telephony Standards1994 mandate that communications systems equipment be designed to allow practical wiretapping by law enforcementIsolate the communications stream of an individual$500M allocated for conversionCommunications Assistance for Law Enforcement Act (CALEA)Intelligent Environments 13Digital Telephony Standards: IssuesMost effective way to fight crime?Increase government’s “big brother” power?Security problems?Hindering technological advance?Who pays for the cost?Effect on U.S. industry competitiveness?Mandated capabilities useful?Intelligent Environments 14EncryptionWiretapping encrypted digital communication of no useSolutionsBreak encryption schemeLegislate encryptionIntelligent Environments 15Private-Key EncryptionAlso called secret key or symmetricAlgorithm public; key privateEasy to break if number of possible keys is smallProblemsHow to securely distribute private keyEnsuring authenticity of messagesIntelligent Environments 16Data Encryption Standard (DES)Developed at IBM in 1977Private-key encryption56-bit key (256 = 72 x 1015 keys)Key chosen randomly for each messageApplies 56-bit key to each 64-bit block of dataMultiple passes for stronger encryptionTriple DES still in use (256+56+56 keys)Intelligent Environments 17Public-key EncryptionAlso called asymmetricEach person generates a public and private keyEverybody knows public keysOnly individual A need know their own private keyprivateA(publicA(M)) = MpublicA(privateA(M)) = MIntelligent Environments 18Public-key EncryptionDigital signaturesPerson A encrypts message M with their private key to get M’Person A encrypts M’ with B’s public key to get M’’, which is sent to BPerson B decrypts M’’ with private key to get M’Person B decrypts M’ with A’s public key to get M, but only if from ApublicA(privateB(publicB(privateA(M))) = MIntelligent Environments 19Generating Public/Private Key PairsRSA algorithm (patented)encryptA(M) = Me modulo ndecryptA(M) = Md modulo nPublic key = (e,n)Private key = (d,n)n = p*q, where p and q are large random primese and d chosen based on p and qSecurity rests on difficulty to factor product n of two large primesIntelligent Environments 20Government Encryption PolicyGovernment’s positionPublic-key encryption too difficult to wiretapLimit export of encryptionDesign own tap-able encryption schemeIndustry’s positionUse widely-accepted, strong encryption standardFreely export standardIntelligent Environments 21Escrowed Encryption StandardEES developed by U.S. government in 1993Skipjack algorithm implemented on the Clipper and Capstone chipsPrivate-key encryptionEach chip has an 80-bit unit key U, which is escrowed in two parts to two different agenciesChip also includes a 30-bit serial number and an 80-bit family key F common to all Clipper chipsIntelligent Environments 22Escrowed Encryption StandardTwo devices agree on an 80-bit session key K to communicateMessage is encrypted with key K and sentLaw-Enforcement Access Field (LEAF) appended to message, includingSession key K encrypted with
View Full Document