6.7. Cryptography Securing the Internet¶
Time Estimate: 45 minutes
6.7.1. Introduction and Goals¶
This lesson focuses on the modern cryptographic systems that are used to secure the Internet. For all of the ciphers discussed in the Cryptography Basics lesson, the same key was used both for encrypting and decrypting messages. Systems that use the same key for both encryption and decryption are called symmetric cipher.
Symmetric ciphers have a serious flaw, known as the key exchange problem: How can Alice and Bob securely exchange the shared key needed to encrypt and decrypt their messages? Hopefully, you can see that sending the shared key across the Internet in an email message would not be a very secure system -- Eve could easily intercept the key without Alice and Bob knowing, and would then be able to read all their messages.
What's needed in order for cryptography to work on the Internet is an asymmetric system, in which the key can be broken into parts so that one key can be used for encrypting and another for decrypting without ever having to share a key. Such systems are examples of public key cryptography and we will look at two important algorithms, the Diffie-Hellman key exchange algorithm and the Rivest-Shamir-Adelman (RSA) public key cryptography algorithm.
The discovery of a solution to the key exchange problem was one of the biggest breakthroughs in modern cryptography -- and without this discovery it would be impossible to have an Internet today that we could use for banking, buying goods on Amazon, and so on.
Public key cryptography is a very technical topic, the mathematical details of which go beyond the scope of this course. However, it's important that you understand the basic ideas around how it works and are able to see that current cryptographic systems can be trusted to secure our private transactions on the Internet.
- explain the Diffie-Hellman key exchange algorithm using the shared color analogy
- describe how modular arithmetic forms the basis for RSA public key encryption
- describe how encryption and digital certificates work together to secure the Internet
- explain how public key cryptography is not symmetric
- use target vocabulary, such as asymmetric cipher, HTTPS, and certificate authority while describing modern cryptography, with the support of concept definitions and vocabulary notes from this lesson
6.7.2. Learning Activities¶
Doubly Locked Box Analogy
This video shows one helpful model for public key encryption, a doubly-locked box, in which Alice and Bob each have their own keys, both of which are used to securely transmit information.
Part 1: Diffie-Hellman Key Exchange Algorithm
This video includes video clips from Brit Cruise's great explanation of the Diffie-Hellman key exchange algorithm. After watching the video, try using the widget below to play with the color-mixing analogy.
Activity: Diffie-Hellman Exchange Secret Color Demo
This Web app provides an implementation of the color-mixing analogy presented in the Brit Cruise video. You can select a shared public color and then your own private (secret) color. When you click "Show Shared Secret!" the app will display the secret color that it shares with you.
Give it a try. Colors are represented by hexadecimal numbers as explained in the sidebar. (Open widget in a separate window)
In the RGB system colors are represented by 6-digit hexadecimal numbers, where the first two digits represent the amount of red, the next two represent amount of green, and the last two represent amount blue. Pure red is FF0000, where FF is the maximum amount of red (equal to 255 in decimal). Pure green would be 00FF00. If you mix lots of blue and green, 00FFFF, you should get aqua. If you mix lots of red with some green, FF8500, you should get orange.
Part 2: RSA Public Key Encryption
The Rivest-Shamir-Adleman (RSA) algorithm is the most widely used public key encryption algorithm for securing the Internet. Like Diffie-Hellman, it is an asymmetric cipher, in which the key is broken into two related parts using mathematical techniques. And also, like Diffie-Hellman, it depends on the use of a one-way function -- i.e., a mathematical function that is easy to compute in one direction, but intractable to compute in the other.
The following video provides a high-level description of RSA without out going too deeply into the mathematical details.
Part 3: Securing the Internet
Now that we have some understanding of the algorithms used to encrypt data, we can take a look at how these algorithms work together in the system that secures the Internet. The following video describes the type of communication that takes place behind the scenes when the browser on your phone or tablet or laptop computer makes a secure connection to Amazon or Google or some other Internet service.
In this lesson, you learned how to:
6.7.4. Still Curious?¶
- Brit Cruise has made an entire series of videos explaining encryption. If you're curious about some of the mathematics involved, see his full videos on Diffie-Hellman and RSA.
- You can also read more about how encryption developed in Chapter 5 of Blown to Bits (pg. 178+)
- Khan Academy has incorporated the Cruise videos into an excellent interactive course on Cryptography, from the Caesar cipher to public key encryption.
- The history of cryptography is very interesting story of the battle between cryptographers, those who create ciphers, and cryptanalysts, those who try to break ciphers. Until the 1990s cryptographic algorithms were the considered armaments by the U.S. government and it was widely believed that the National Security Agency (NSA) could break all existing ciphers. That's no longer believed to be true. Today, strong cryptography is available to us on our smart phones. But we still see the battle playing out between the government and private individuals and corporations over whether the government should have access to the keys that protect the data on our phones. If you're curious about this, see this article on the dispute between Apple and the FBI.
- The PBS News Hour video has a guest from the Electronic Frontier Foundation, an organization that defends civil liberties related to the digital world. What other issues from the course do they have positions on or have been involved with?
Here is a table of some of the technical terms discussed in this lesson. Hover over the terms to review the definitions.
key exchange problem
public key cryptography
6.7.6. Sample AP CSP Exam Question¶
- Digital certificates are used to verify the ownership of encrypted keys used in secured communication.
- Digital certificates are used to verify that the connection to a Web site is fault tolerant.