SECURITY and CRYPTOGRAPHY 15-827 13-SEP-01 Lecture #1 M.B. 4615 Wean cell:510 469-8730 My name: Manuel Blum mblum@cs W:268-3742 /\ office= WEAN 4113 Your TA: Nick Hopper hopper@cs W:268-2993. office = 8303 WEAN WHERE I'M COMING FROM: What can a Human do in his head? What is consciousness? (Why is sleep necessary?) Why does our highly parallel brain have a serial bottleneck? My approach to this is thru... cryptography! I WOULD LIKE THIS CLASS TO PUBLISH AN ORIGINAL RESEARCH PAPER IN A COMPLETELY NEW FIELD OF CRYPTOGRAPHY. FOR THIS, I NEED YOUR HELP. Give me a general rule for selecting a password. Suggestions anyone? 1.The lady at IBM suggests that you take a word from a dictionary and misspell it, eg capture > captcha 2.Make up a sentence and use the first letter of every word. Bizarre sentences, being more memorable than most, are particularly good. Suppose you have to change your password every month. What would be a reasonable choice of passwd? How about: 3.January -> kos May -> nzn September -> tqu February -> gcs June -> kok October -> duc March -> nsd July -> kmz November -> own April -> qsm August -> htu December -> edn Another is: 4.January -> 729 May -> 343 September -> 593 February -> 489 June -> 727 October -> 638 March -> 396 July -> 774 November -> 263 April -> 997 August -> 653 December -> 063 A HARDER PROBLEM: To what would you map January 2001 -> ? January 2002 -> ? January 2003 -> ? For example, January 2001 -> 496 January 2002 -> 274 January 2003 -> 507 The HumanOID Problem: To give a challenge-response protocol that is easy for any reasonably intelligent moderately literate 6 to 60 year old to authenticate himself but hard for an eavesdropper with a powerful computer to crack. The PhonOID Problem: Same as HumanOID, except that challenge-response is done over the phone. It is important to try also to prove that HumanOID/PhonOID protocols are NOT possible. How? 1.Can a person make up a page of questions whose answers they alone are likely to know? I think that YES, but I don't know how to do this yet. Good sources of questions: family relationships. early memories. 2.MUCH HARDER PROBLEM: Can a person use the above info (the page of challenge-response pairs) as a seed to generate a virtually infinite number of challenge-response pairs? As usual: *It must be easy for a person to respond to any challenge, doing all computations in his head. *It must be hard for an eavesdropper to crack the protocol. A fundamental reason this appears to be hard is this: unlike computers, which can give each other their algorithms, the algorithms that humans learn are learned from observation. If a human is to learn a secret protocol for responding to a challenge, what's to keep eavesdroppers from learning, from observation of challenge-response pairs, how to respond to challenges? BIRTHDAY PARADOX QUESTION: In a world with n day per year, how many people should one invite to a party so that there is a roughly 50% chance that at least 2 people have the same birthday? ANSWER: (1.2)*sqrt(n) COUPON COLLECTORS PROBLEM QUESTION: A cereal box contains one of n coupons, each coupon chosen uniformly at random (i.e. each coupon is equally likely to appear in a box). How many cereal boxes should one expect to buy in order to get all n coupons? ANSWER: approximately n*(lg n). QUESTION: What base? n/e empty cells when you throw n balls into n cells. n/e^2 empty cells when you throw 2n balls into n cells. n/e^(ln n) = 1 (ln n)n = 23 n = 10 n/e^(ln 2n) = 1/2 (ln 2n)n = 30 n = 10 ================================================================ HOMEWORK #1: send email to nick.hopper@cs with a cc to mblum@cs. Your email should include 2 challenge-response pairs for authenticating you. Each pair should have the property that you will long remember the correct response to the challenge. You should be able to remember it exactly. For example, Nick HOPPER: CHALLENGE: What is the name of your 1st grade teacher? RESPONSE: "Miss Justin" or "Justin". Abie FLAXMAN: CHALLENGE: What is the first CD you ever purchased? RESPONSE: Pankaj ???: CHALLENGE1: As a child, what cartoon did you most enjoy? RESPONSE1: CHALLENGE2: What was the registration # of your first motorcycle? RESPONSE2: Paul REITSMA: CHALLENGE: What is the name of the first girl/boy that you ever kissed? RESPONSE: