Digital Security for Dentists and Chocolatiers (Pt. 2)

In the last article I covered about 3800 years’ worth of the history of encryption in, to be fair, a very abbreviated form. I highlighted three distinct encryption methods because they informed the basic point of the piece – which was that prior to the invention of the modern computer and the prevalence of wide-scale networks like the internet the only practicable kind of encryption was symmetric encryption – meaning that if you want to secure a piece of information then you do that with a key that you use to encrypt it, and that the other party who wants to read that piece of information has to use that same key to decrypt it. There are countless dozens of other encryption techniques that might be fun to take a deep dive on (e.g,. Null Cipher, Playfair, Rasterschlussel 44, Pigpen, Rail Fence, Four Square, Straddling Checkerboard and on and on and on…), and I’d warmly recommend doing so if you have even a passing interest in the history of how we’ve collectively tried to keep secrets from each other since we collectively crawled out of the primordial ooze.

Still, once we moved into the Age Of The Computer new and intriguing options opened up because we’re no longer chained to models of handling and processing information that have to be understood and accurately processed by the average human being, who – while excelling about things like putting on pants, deciding what to have for lunch and doing laundry – is probably not designed for doing lightning-fast advanced algorithmic calculations with unerring reliability. The advent and widespread use of new technologies meant that in the span of less than a century we went from this:

The venerable and noble One-Time Pad.

to this:

Rawr. Set phasers to fun, amirite?

(Incidentally, I would have loved to be a fly on the wall of that photoshoot. “Okay, Bill, I think we have everything we need, but let’s have you climb up on the desk. Right. Just like that, yes. Okay, now, give me those bedroom eyes…”)

Unsurprisingly, many of the initial notable digital encryption technologies followed the old symmetric model – the one where one single key was used to both lock and unlock the information. I won’t go into massive depth on them, but the big three were DES, 3DES and AES.

DES (“Digital Encryption Standard”) was invented by IBM in the 1970’s; it was a 56-bit algorithm that was considered the gold standard of encryption in its day, but – as I mentioned in the last article – Security is mostly a superstition, and rather than calling something unbreakable it’s wiser to adopt a mindset of it-hasn’t-been-broken-yet; to that point, DES was successfully compromised in 1998. It had a good run, though.

3DES (or “Triple-DES”) was 1998’s successor to DES, and was essentially just comprised of three incidences of DES running on the same piece of information, rather like three six year-olds standing on each others’ shoulders and wearing a long overcoat to sneak into an R-rated movie. Although, frankly, if I ran a movie theater and three six year-olds tried that I’d probably just let them in on the grounds that you have to reward that kind of ingenuity and moxie, and that they’re not my kids and their parents can deal with the therapy bills. 3DES was (and is) slow, but while it’s currently regarded as being secure it’s also being deprecated and retired, which is something a lot of us can identify with right now.

AES (“Advanced Encryption Standard”) is the technology that most people are more familiar with, as it’s used by default in most commercial and residential WiFi routers and networks. It comes in a variety of flavors (128/192/256-bits) and Intel and AMD build AES acceleration directly into their chips to make it faster and easier to implement. That’s good, because AES is everywhere; it’s used in iOS to do device encryption, it’s used in Filevault on macOS, it’s used to encrypt IPSec VPN, WPA WiFi, and SMB 3 for encrypted macOS and Windows networking. There are no guarantees that some bright spark won’t come out with a hack for it tomorrow, but right now cracking it would be a significantly difficult task on the level of major world powers throwing vast resources at a problem and generally burning trillions of dollars in the process. AES is about as good a symmetric encryption product as you could possibly want.

So, there are excellent products available for securing data using symmetric encryption, but there’s a whole other raft of tools and techniques available that use the power and miracle of the Internetâ„¢ to handle more complex and flexible encryption tasks. Behold, ladies and gentlemen, the awesome majesty of…

Public Key Infrastructure (PKI)

You see, we’re already starting with the weird acronyms and non-intuitive naming conventions and models.

Now, this whole section is a bit of bait-and-switch because I’m probably going to go into detail on what PKI is and how it works in the next article, but before we get there I think it’s worth laying some groundwork on the basic mechanic of how computers trust each other and how that works. To do that we’ll go back and revisit our friend Faceless Bob from the last article. Remember Bob? Classic. That scamp.

So, Bob wants to go on vacation, because in his world of weird faceless people you can leave the house without fear of pandemics and the airlines are actually running. I know, it’s crazy! Work with me here.

Anyway, Bob gets off the plane in a distant, non-specific foreign land and walks up to the immigration officer at the airport.

The immigration officer has no idea who Bob is or where he comes from. Bob could be a Nobel Peace Prize winner on his way to do humanitarian outreach among the fjords or a homicidal maniac with a suitcase full of axes and rubber chickens. He might not even be Bob. He could be Faceless Jeff, or (god forbid) Faceless Ted, that noted creep. Fortunately, Bob remembered to pack his passport, so he holds it up and shows it to the immigration officer:

…which is all well and good, and is admittedly a good start. “Of course,” the immigration officer thinks to himself, “this doesn’t tell me much about this Bob character. Who is he? What does he want in life? Is he going to come to my homeland and cavort around committing acts of literal mayhem? Can I trust this character and let him through immigration?”

These are all sensible questions, because while Bob has some identification, the immigration officer can’t just rely on any old piece of paper with Bob’s name on it, so he asks for Bob’s passport and Bob hands it over:

The immigration officer looks at the passport and is satisfied that it is, in fact a legitimate document. But still, just because the passport is real that offers no intrinsic guarantees about Bob’s worthiness to come into the country and walk its rural byways and enjoy the pleasures of the Glorious Democratic Peoples National Clockwork Doll Museum.

Still, the immigration officer doesn’t have to trust Bob and Bob’s intentions, because the passport was issued by the US State Department, who the immigration officer does trust:

And if the US State Department says that Bob is okay, then it’s essentially vouching for Bob and saying that he is who he says he is and that they trust him with a passport. Satisfied, the immigration officer agrees that he trusts Bob because he trusts the State Department, and because the State Department trusts Bob:

“Right,” I can hear you saying. “This is all very diverting, but what do faceless men and passports and green check marks have to do with… what did you call it? PKI?”

Well, I’d tell you, that’s a smart question that deserves a simple answer that I hope I can make as clear as possible because this is conceptually a little goofy, and I’ve yet to see a metaphor or clever little parable that does a neat job of explaining this. So:

In the above example, Bob is a computer program running on, say, your bank’s website. The faceless State Department guy is an entity called a Certificate Authority, which uses complex mathematical algorithms to create and authenticate digital certificates that computers use to prove their identity to each other. That’d be the passport part of the equation – and once it’s created that digital certificate it gives it to Bob’s program. This certificate will only work with Bob’s program.

Your computer is the immigration officer, and when it encounters Bob’s program it doesn’t have any way of knowing for sure that Bob’s program is actually working for, say, your bank and isn’t just pretending to be from your bank. However, Bob’s program has the certificate (that is made of terrifyingly complex and realistically unbreakable math) which your computer can look at, and then your computer can check against a Certificate Authority that it absolutely trusts.

Your computer contacts the Certificate Authority and shows it the certificate that Bob’s program gave you so that the Certificate Authority can verify whether it’s legitimate or not. If it checks out then your computer knows it can trust Bob’s program – because the certificate is uniquely and specifically written to prove that Bob’s program is what it purports to be, and as your computer trusts the Certificate Authority that gave Bob’s program its certificate then therefore it decides in turn that it is safe to trust Bob’s program.

And this, in a nutshell, is how modern encryption works; not just with faceless men and passports and green check marks, but also because we have fast and widespread secure networking in the form of the internet it is possible to set up chains of trust so that you don’t have to directly worry about trusting the information that you’re dealing as long as someone higher in the chain than you does trust it.

This is, of course, a very, very simple way of looking at a pretty complicated subject, and there are loopholes and caveats and details aplenty to dig into next time…

Leave a Reply

Your email address will not be published. Required fields are marked *