Review - Tech & Science
Winning the crypto-war
10 March 2007
(c) 2007 Singapore Press Holdings Limited
Mathematicians and computer scientists collaborating to outsmart hackers
A SINGAPORE daily carried this recent headline: 'iTunes safe code hacked'.
Such stories - of recurrent security breaches in the digital world - appearing ever more frequently, are a worrisome trend that affects computer and Internet users.
iTunes is the online music store of the Apple computer company. You visit the site to legally download music for your iPod.
To protect its copyrights and guarantee that you cannot play the music downloaded from iTunes on anything else than an iPod, Apple safeguards the tunes with a security code.
For hackers, such codes are there to be broken.
The iTunes' code was broken by a well-known hacker, a young Norwegian who works under the nom de guerre DVD Jon - derived from an earlier exploit in which he cracked the copy-protection technology in DVDs.
In a profit-driven world, companies that own copyrighted material such as music, videos and software are, of course, concerned about such breaches resulting in illicit use of intellectual property.
The digital era has upped the ante.
In the pre-digital age, copyright violation required a certain effort. Just think of the time and patience needed to photocopy a book of several hundred pages.
But in the digital age, downloading and making copies of a video or music file is a matter of only a few mouse clicks.
The music and video industries are not the only ones under incessant intellectual property attacks. Pharmaceutical companies try to protect the chemical composition of their newfangled wonder drugs.
Even a low-technology company like Coca-Cola does not disclose the formula for its concoction. And the list goes on.
You get the idea - it is all about copyright and patent protection.
This war between the protectors of 'the real thing' and stealers and copycats has been going on even before the digital age.
Think of the way banknotes are protected from copycats:
The monetary authorities endow each banknote with a watermark.
We borrow this idea and use it in the digital world by attaching a 'digital watermark' to copyrighted electronic files.
Lines of defence
APART from companies as victims of hackers and intellectual property thieves, individuals too, fall prey to attacks from cyberspace - online banking being a particularly vulnerable area.
The most recent reports of phishing scams here were in November last year, when customers of DBS Bank received e-mail messages redirecting them to a bogus website - apparently set up by Brazilian fraudsters - in order to capture user IDs, passwords and other confidential data.
At home, in December last year, the first Singaporean was charged with hitching a free ride - 'mooching' - on somebody else's wireless local area network (WLan).
A neighbour had not 'secured' his wireless access point, so the freeloader - a teenager - was able to mooch.
Prank or something else, this is an offence calling for a jail term of up to three years and maximum fine of $10,000.
So, if cyberspace threats lurk everywhere, what are our lines of defence?
The Singapore Government has done its homework by passing and periodically updating the Computer Misuse Act under which offences like a free ride on somebody else's WLan can be prosecuted.
The great challenge is, of course, to prevent cybercrime altogether by appropriate technical safeguards.
We expect computer scientists to come up with solutions - and build protective barriers in cyberspace.
There is indeed a large area of computer science that deals with computer and network security, and this area is, for instance, well represented at the National University of Singapore (NUS).
For the Internet, the secure socket layer (SSL) is the primary line of defence against hackers.
The SSL is the foundation for all sensitive Internet transactions such as online banking. It consists of sophisticated software enabling all types of security mechanisms.
Mathematics also plays a crucial role in the fight against cybercrime and hackers. The keyword here is cryptography - the art and science of protecting sensitive information by encryption and related schemes.
Cryptography spans several thousand years. It was a decisive factor in World War II because the Allies - through the efforts of Polish and British mathematicians - managed to break the Enigma cipher of the Germans early on in the war.
Today, the core aspect of ensuring cyber-security is still encryption.
And mathematical concepts and methods are used in all these cryptographic schemes.
CONSIDER, for example, the state-of-the-art encryption schemes or ciphers.
The current international standard for the fast encryption of high-volume data, as they arise, for instance, in banking, is the Advanced Encryption Standard (AES).
The AES cipher was designed around the turn of the millennium by two Belgian cryptographers with a strong mathematical bent.
They devised a highly sophisticated encryption algorithm founded on abstract algebraic concepts.
In order to exchange keys for the AES cipher between the communication partners, another type of cryptographic scheme called a public-key cryptosystem (PKC) is employed.
The current, most widely used PKC is the RSA scheme, named after its designers Rivest, Shamir and Adleman.
The RSA scheme is again based on mathematical concepts, this time coming from Number Theory.
To crack the RSA scheme, one would have to solve a difficult and longstanding problem in Number Theory, namely that of factoring large whole numbers into prime numbers - such as 2, 3, 5, 7 and 11 that cannot be factored into smaller positive numbers.
In the case of RSA, we are talking about factoring numbers that have about 300 decimal digits.
The best that even the most powerful array of supercomputers can achieve, at present, is to factor numbers with about 150 decimal digits in a running time of several months.
So, the RSA scheme is secure in the foreseeable future.
Digital signatures are what you expect them to be - digital analogues of handwritten signatures. They allow you, for instance, to append a legally binding signature to the softcopy of a contract.
This opens up all sorts of new possibilities for online transactions, here and overseas - from your desktop.
An even more challenging task is that of designing digital watermarks.
Several tools of modern cryptography - like hashing, homomorphic encryption and digital signatures - have to be integrated in a sophisticated manner to meet the stringent criteria of a digital watermarking scheme that guarantees full copyright protection for electronic files containing videos, music or software.
Here, mathematicians and computer scientists at the NUS have cooperated in the design of digital watermarking schemes.
Such cooperation is typical for research in cryptography nowadays. If hardware solutions are desired, then electrical engineers will literally chip in by implementing the relevant cryptographic algorithms on a chip.
What will the future of cryptography hold?
Hard to say, but one thing is certain:
The long-running competition between designers of security systems and hackers will become even fiercer because, with the growth of e-commerce and online banking, the potential rewards for the hackers are getting bigger and bigger.
But as long as inventive cryptographers are able to outsmart the hackers, Internet users can rest assured that practically all online transactions will remain secure.
The writer is a professor of mathematics and computer science at the National University of Singapore.
WHAT THE FUTURE HOLDS
'The long-running competition between designers of security systems and hackers will become even fiercer.' PROFESSOR HARALD NIEDERREITER