Whitfield Diffie

Authentication and authenticated key exchanges

We discuss two-party mutual authentication protocols providing authenticated key exchange, focusing on those using asymmetric techniques. A simple, efficient protocol referred to as the station-to-station (STS) protocol is introduced, examined in detail, and considered in relation to existing protocols. The definition of a secure protocol is considered, and desirable characteristics of secure protocols are discussed.

Privacy and authentication for wireless local area networks

Wireless networks are being driven by the need for providing network access to mobile or nomadic computing devices. Although the need for wireless access to a network is evident, new problems are inherent in the wireless medium itself. Specifically, the wireless medium introduces new opportunities for eavesdropping on wireless data communications. Anyone with an appropriate wireless receiver can eavesdrop, and this kind of eavesdropping is virtually undetectable. Furthermore, since the wireless medium cannot be contained by the usual physical constraints of walls and doors, active intrusions through the wireless medium are also made easier. In order to prevent this unauthorized access to the network, the authors present the design of a secure communication protocol that provides for both the privacy of wireless data communications and the authenticity of communicating parties. The placement of the protocol in the overall protocol stack and issues relevant to wireless links and mobile computing devices are discussed. They also present proof of the security of the protocol using the logic of authentication formalism developed by Burrows, Abadi, and Needham (1990).<<ETX>>

Information security: 50 years behind, 50 years ahead

Trust among people and organizations will be even more critical in securing communications and commerce in the future networked environment.

E-commerce and security

■ Commerce and security are inseparable. The reason for wanting to buy, sell, trade, and rent goods is that they are valuable, and valuable items, tangible or intangible, always need protection. ot only does commerce require security; it usually requires the best security. Until just over a century ago, merchant ships carried cannon to protect their cargos, and medieval towns often had fortified market squares. Today, the shops on Main Street are watched by video cameras; warehouses boast some of the strongest locks available; and the safes in most grocery stores are stronger than those used to store classified documents. Commercial security may be a constant, but the mechanisms of security change over time. The merchantman’s cannon have gone. Today, radios, aircraft, and the fact that oil-burning ships must come into port for fuel have made big-ship piracy a thing of the past. As new commercial environments develop, new security mechanisms appear to protect them, and inappropriate older ones dissappear. Mechanisms are rarely separable from objectives. The relationship between buyer and seller is not an entirely harmonious one; their aims are different, leading them as much to compete as to cooperate. Under the circumstances, providers of security arrangements are rarely neutral. It is therefore essential in considering the security of a novel commercial medium to take into account the interests of the various participants, and to analyze the impact of proposed security measures on all parties. This is all the more true because security is a word that, in the jargon of diplomacy, stands for legitimacy. It is hard to argue that an organization is not entitled to security, and someone who opposes an action taken in the name of security generally starts from the weaker position. What does security provide to the participants in a transaction? It guarantees to the seller that no one will be able to acquire the goods without paying the price the seller demands. The corresponding expectation on the part of the buyer is that the goods paid for will be delivered in a timely manner and will be as represented. Although this is rarely seen as a security issue and usually goes under the name of consumer protection, a broad analysis of security concerns must take into account the needs of the consumer. There may also be tangential concerns of both parties, particularly the privacy of the transaction and the anonymity or lack thereof of the participants.

Information Assurance Technology Forecast 2008

A virtual roundtable (featuring panelists Steven Bellovin, Terry Benzel, Bob Blakely, Dorothy Denning, Whitfield Diffie, Jeremy Epstein, and Paulo Verissimo) discussing the next 15 years in computer security.

The export of cryptography in the 20th and the 21st centuries

Publisher Summary This chapter examines the evolution of export control in the cryptographic area and considers its impact on the deployment of privacy-protecting technologies within the United States. The shortcomings of the export law in the cryptographic area are typical of the shortcomings of the export laws in general. Cryptography may therefore point the way toward a fairer export-control regime that balances the broad spectrum of interests of the United States rather than focusing on military security, which is not currently a major vulnerability. Such a regime, recognizing the importance of international commerce in the post-Cold War world would shift much of the burden from exporters to the government. Foreign availability tests would be more broadly applied; exporters would be entitled to timely responses; a broader range of export decisions would be appealable to the federal courts; and the effectiveness of export policy would be subject to periodic review.

Ultimate cryptography

WHITFIELD DIFFIE ) Predict the state of cryptography in 1,000 years. The thought is daunting. The very narrowness of the field makes the problem that much more difficult. It is one thing to try to decide whether sentient life on Earth will be made of carbon or silicon, quite another to speculate on whether it will need to keep secrets and how it will go about doing it. We have barely any evidence that cryptography existed 3,000 years ago, just some puzzles on Egyptian tombstones in the Valley of the Kings. About 2,000 years ago, transposition ciphers had made the barest appearance and Julius Caesar carried on correspondence in a very simple substitution cipher. About 1,000 years ago, simple substitution ciphers were familiar enough for their weaknesses to be understood and for people to begin exploring more complex systems intended to counter those weaknesses. Today, cryptography is an elaborate electronic, mathematical, and computational edifice that transforms trillions of bits into or out of cipher text every second. The concepts commonplace in this theory—polyalphabetic systems and the distinction between systems and keys—all arose late in the millennium just ended. What could a prophet in any of those millennial years have predicted about the state of cryptography 1,000 years later. Even to have predicted in 1901 what the state of cryptography would be in 2001 would have required foresight worthy of the Delphic Oracle. The most accessible predictions are tactical, asking: What will happen to the problems we understand and that concern us today? In cryptography, these problems fall into three general areas: mathematics, computational complexity, and computing technology. The mathematical problems lie largely in the area of algebraic geometry, the branch of mathematics that deals with solving sets of algebraic equations over very general arithmetic structures. In many respects, cryptography consists of choosing or designing arithmetic systems meant to make the equations difficult to solve. For cryptography, the problem is spiced up by demanding not necessarily the solutions to sets of equations but rather the most likely solutions, given some assumptions about the unknown elements, keys, and plaintext. If we date modern mathematics from the development of calculus in the late 17th century, it is little more than 300 years old. Noting the field’s steadily increasing rate of growth during this period, we may imagine that mathematics will make at least comparable progress over the next few hundred years. It does not seem rash to suspect the majority of problems now confounding us will seem elementary long before another millennium has passed and we will know with great assurance whether or not the types of cryptographic systems in use today can be made secure. Mathematics generally exhibits a very permissive attitude toward the issue of when a problem can be solved, taking little account of efficiency. The theory of computational complexity concerns how difficult it is to solve mathematical problems. Complexity theory is a far more recent development than the traditional mathematical disciplines vital to cryptography, having arisen in close association with computing, primarily in the latter half of the 20th century. Its many theorems notwithstanding, com-