# 6.7. Cryptography Securing the Internet¶

### Time Estimate: 45 minutes

## 6.7.1. Introduction and Goals¶

This lesson focuses on the modern cryptographic systems that are used to secure the Internet. For all of the ciphers discussed in the Cryptography Basics lesson, the same key was used both for encrypting and decrypting messages. Systems that use the same key for both encryption and decryption are called symmetric cipher.

Symmetric ciphers have a serious flaw, known as the key exchange problem: How can Alice and Bob securely exchange the shared key needed to encrypt and decrypt their messages? Hopefully, you can see that sending the shared key across the Internet in an email message would not be a very secure system -- Eve could easily intercept the key without Alice and Bob knowing, and would then be able to read all their messages.

What's needed in order for cryptography to work on the Internet is an asymmetric system, in which the key can be broken into parts so that one key can be used for encrypting and another for decrypting without ever having to share a key. Such systems are examples of public key cryptography and we will look at two important algorithms, the Diffie-Hellman key exchange algorithm and the Rivest-Shamir-Adelman (RSA) public key cryptography algorithm.

The discovery of a solution to the key exchange problem was one of the biggest breakthroughs in modern cryptography -- and without this discovery it would be impossible to have an Internet today that we could use for banking, buying goods on Amazon, and so on.

Public key cryptography is a very technical topic, the mathematical details of which go beyond the scope of this course. However, it's important that you understand the basic ideas around how it works and are able to see that current cryptographic systems can be trusted to secure our private transactions on the Internet.

**Learning Objectives:**I will learn to

- explain the Diffie-Hellman key exchange algorithm using the shared color analogy
- describe how modular arithmetic forms the basis for RSA public key encryption
- describe how encryption and digital certificates work together to secure the Internet

**Language Objectives:**I will be able to

- explain how public key cryptography is not symmetric
- use target vocabulary, such as asymmetric cipher, HTTPS, and certificate authority while describing modern cryptography, with the support of concept definitions and vocabulary notes from this lesson

## 6.7.2. Learning Activities¶

### Exercise

Before you move on with this lesson try this brief exercise independently or with a partner. Record your thought process on paper. How many guesses did it take you?

*Can you guess what two prime numbers can be multiplied to make 161?*

### Doubly Locked Box Analogy

This video shows one helpful model for public key encryption, a ** doubly-locked box**, in which Alice
and Bob each have their own keys, both of which are used to securely transmit information.

### Part 1: Diffie-Hellman Key Exchange Algorithm

This video includes video clips from Brit Cruise's great explanation of the Diffie-Hellman key exchange algorithm. After watching the video, try using the widget below to play with the color-mixing analogy.

### Activity: Diffie-Hellman Exchange Secret Color Demo

This Web app provides an implementation of the *color-mixing analogy*
presented in the Brit Cruise video. You can select a shared public color and then your
own private (secret) color. When you click "Show Shared Secret!" the app will
display the secret color that it shares with you.

Give it a try. Colors are represented by hexadecimal numbers as explained in the sidebar. (Open widget in a separate window)

In the RGB system colors are represented by 6-digit hexadecimal numbers, where the first two digits represent the amount of red, the next two represent amount of green, and the last two represent amount blue. Pure red is FF0000, where FF is the maximum amount of red (equal to 255 in decimal). Pure green would be 00FF00. If you mix lots of blue and green, 00FFFF, you should get aqua. If you mix lots of red with some green, FF8500, you should get orange.

### Part 2: RSA Public Key Encryption

The Rivest-Shamir-Adleman (RSA) algorithm is the most widely used public key encryption algorithm for securing the Internet. Like Diffie-Hellman, it is an asymmetric cipher, in which the key is broken into two related parts using mathematical techniques. And also, like Diffie-Hellman, it depends on the use of a one-way function -- i.e., a mathematical function that is easy to compute in one direction, but intractable to compute in the other.

The following video provides a high-level description of RSA without out going too deeply into the mathematical details.

### Part 3: Securing the Internet

Now that we have some understanding of the algorithms used to encrypt data, we can take a look at how these algorithms work together in the system that secures the Internet. The following video describes the type of communication that takes place behind the scenes when the browser on your phone or tablet or laptop computer makes a secure connection to Amazon or Google or some other Internet service.

## 6.7.3. Summary¶

In this lesson, you learned how to:

## 6.7.4. Still Curious?¶

- Why the Government Shouldn't Break WhatsApp explains more about encryption backdoors including breaking WhatsApp and iMessage's security to let the government stop Bad Things. Do you think it is a good idea to do this? Watch the video and then consider your answer again.
- Brit Cruise has made an entire series of videos explaining encryption. If you're curious about some of the mathematics involved, see his full videos on Diffie-Hellman and RSA.
- You can also read more about how encryption developed in Chapter 5 of
*Blown to Bits*(pg. 178+) - Khan Academy has incorporated the Cruise videos into an excellent interactive course on Cryptography, from the Caesar cipher to public key encryption.
- The history of cryptography is very interesting story of the battle between
*cryptographers*, those who create ciphers, and*cryptanalysts*, those who try to break ciphers. Until the 1990s cryptographic algorithms were the considered armaments by the U.S. government and it was widely believed that the National Security Agency (NSA) could break all existing ciphers. That's no longer believed to be true. Today, strong cryptography is available to us on our smart phones. But we still see the battle playing out between the government and private individuals and corporations over whether the government should have access to the keys that protect the data on our phones. If you're curious about this, see this article on the dispute between Apple and the FBI. - The PBS News Hour video has a guest from the Electronic Frontier Foundation, an organization that defends civil liberties related to the digital world. What other issues from the course do they have positions on or have been involved with?

## 6.7.5. Self-Check¶

Here is a table of some of the technical terms discussed in this lesson. Hover over the terms to review the definitions.

symmetric cipher
asymmetric cipher key exchange problem public key cryptography |
Diffie-Hellman
RSA HTTPS SSL |
certificate authority
digital certificate trust model intractable |

- is exemplified by RSA and Diffie-Hellman.
- Right.
- was first discovered by Euclid 5 B.C.
- Let me add new information to help you solve this; the idea of an asymmetric cipher was first conceived by British cryptographer, James Ellis, in 1970. But his work was classified. Diffie-Hellman independently came up with the idea in 1976.
- Uses different keys for encryption and decryption.
- Right. In RSA Bob would use Alice's
*public key*is used to encrypt messages to her and Alice would use her*private key*to decrypt the message. - Can be used to solve the
*key exchange problem*. - Yes. The Diffie-Hellman algorithm was the first algorithm to be used solve the key exchange problem.

Q-5:

An *asymmetric cipher*________________

- is a mapping from a integers to alphabetic characters.
- This will be a challenging concept to learn, but we can all reach this goal. It is a function that is easy to compute in one direction but hard to compute in the opposite direction. An example would be y = x
^{3}mod 17. Given*x*it is easy to compute y. But given*y*it is difficult to compute*x*. This is an example of the function used (in different form) in both Diffie-Hellman and RSA. - is a mathematical function that converts characters into numbers.
- This will be a challenging concept to learn, but we can all reach this goal. It is a function that is easy to compute in one direction but hard to compute in the opposite direction. An example would be y = x
^{3}mod 17. Given*x*it is easy to compute y. But given*y*it is difficult to compute*x*. This is an example of the function used (in different form) in both Diffie-Hellman and RSA. - is a mathematical function that is easy to compute one time only.
- This will be a challenging concept to learn, but we can all reach this goal. It is a function that is easy to compute in one direction but hard to compute in the opposite direction. An example would be y = x
^{3}mod 17. Given*x*it is easy to compute y. But given*y*it is difficult to compute*x*. This is an example of the function used (in different form) in both Diffie-Hellman and RSA. - is a function that is easy to compute in one direction but hard to compute in the other.
- Right. An example would be y = x
^{3}mod 17. Given*x*it is easy to compute y. But given*y*it is difficult to compute*x*. This is an example of the function used (in different form) in both Diffie-Hellman and RSA.

Q-6:

One *one-way function* ________________

- is an example of an
*open standard*. - This is part of the correct answer. HTTPs is one of many open standards used on the Internet.
- uses
*public key encryption*to exchange a*symmetric key*between a user's browser and a server. - This is part of the correct answer. A public key algorithm, such as RSA, is used to exchange a symmetric key between the browser and the server.
- uses a
*symmetric cipher*to encrypt data between a user's browser and a server. - This is part of the correct answer. During an HTTPs session the actual data transferred between the browser and the server is encrypted using a
*symmetric cipher*such as the*Advanced Encryption Standard*. - uses a
*Certificate Authority*to authenticate the identity of the server during the transaction. - This is part of the correct answer. Certificate Authorities, such as Verisign, serve as
*trusted third parties*to authenticate the identity of the server and its public key.

Q-7:

The *HTTPs* protocol _______________.

## 6.7.6. Sample AP CSP Exam Question¶

- Digital certificates are used to verify the ownership of encrypted keys used in secured communication.
- Digital certificates are used to verify that the connection to a Web site is fault tolerant.
- I
- II
- I and II
- Neither I nor II

Q-8:

Which of the following are true statements about digital certificates in Web browsers?

## 6.7.7. Reflection: For Your Portfolio¶

Answer the following portfolio reflection questions as directed by your instructor. Questions are also available in this Google Doc where you may use File/Make a Copy to make your own editable copy.