How does computer encryption work?

To consider how we keep modern technologies secure today, Chris Smith and Adam Murphy are joined by Cambridge University computer scientist Markus Kuhn... Do they really use a lava lamp to generate random numbers like that?

Markus - Not really! The lava lamp it's a bit of a PR gag. But it does illustrate that there is a problem that computers have. Computers are very deterministic devices: they do each time you ask them something to do exactly the same thing. So it's actually a problem: how do you cause a computer to generate a random number. For example you have devices that come off the end of a production line, there have been problems with things like Internet routers, Internet of Things devices, that had actually quite a lot of similar keys...

Chris - I'm with you. So when you build a security camera that's on a production line, the flaws in whatever the system are that makes it choose its secret number, that flaw is going to make all of them make a similar mistake make choosing similar numbers that make them more crackable?

Markus - There have been studies where people scanned the secret keys used by millions of Internet cameras, and they did find thousands that actually used the same key for that reason: because the manufacturer didn't have a lava lamp, or some other secure mechanism to create the random numbers!

Chris - So how do they then get round this? What are they using?

Markus - So mouse movements are pretty good...

Chris - ...you're telling me, on a production line, there's a bunch of people wiggling a mouse like that! Surely not!

Markus - If it's a microprocessor that goes into one of these routers, Internet of Things things, the most modern ones actually have a special hardware random number generator on the chip, and what they normally use is a noisy amplifier. So they build a deliberately bad amplifier and a microphone input, and then they just sample the noise that comes out of that analog electronic amplifier for a second or so...

Chris - ...and that makes the random noise?

Markus - That's the randomness. Yes.

Chris - In recent years there's been a really big shift towards encrypted connections on the Internet. So when you go onto Facebook, or you go onto your email, nowadays we're looking for "HTTPS" and that little padlock icon. What does that actually mean?

Markus - So there's three things going on that the HTTPS protocol does: it encrypts your connection; it provides you with confidentiality, so if someone taps your phone line they can't actually see what you're doing on the network; it protects the integrity of the connection, so it prevents someone to modify the data, and it protects the authenticity of the connection. So, for example, if you go to the website of your bank you can be assured that this is actually the genuine bank's website and it's not the mafia having copied the bank website and redirected your traffic to it in order to steal your password.

Chris - How would you know, though, or how would you defend against, let's say I set up a Wi-Fi hotspot and Adam comes along and he connects to it, and he connects to his bank and does some online banking. But let's say I actually I take the data he's sending and I fool him into thinking he's got a secure connection - because I make one to him - and, meanwhile, I take what he sends to me and I send this to you the bank. And you both think you're talking to the right person, but actually I'm copying all the information that's flowing between the two of you. How is that defended against?

Markus - This can be done. This is known as a "grand master chess attack" because it's a very similar trick you could play to pretend to beat a grand master in chess where you just have two chess games with two different chess masters and you just pass their moves on to each other. And both of them think they are actually playing with you, whereas you are actually causing them to play against each other. And in cryptography, this is also known as a "middle person attack". So it's quite important that there is some confirmation of the authenticity that both of these communications are actually using the same keys. And this is done using something called a "digital certificate" to digitally sign the host name - the name of the computer - with the key that's being used by your bank for example. And there exists organizations call certification authorities that publish a kind of phone book of which organization is using which keys. Web browser does is it makes essentially this kind of telephone book look up: does the key that's being offered by your bank actually match the official key of that bank?

Chris - But if my web browser can do that, a criminal can do that can't they? What's to stop a criminal just looking up these keys and then emulating or copying them?

Markus - They can look up the public key, but the public key is only useful to verify the authenticity: the public key cannot be used to actually signed the data packets that come across. For that you need the corresponding secret key, but that is being kept by the bank. So there's a piece of information in the bank computer that the criminal does not have access to.

Chris - What are the criminal masterminds doing to try to outwit this?

Markus - So most attacks against these systems on the on the Internet today are not actually breaking the cryptography, because the methods have been become extremely secure, extremely sophisticated. They mostly trick the users into not paying particular attention. They for example will change the name of the computer to sound similar to your bank. But, actually, some of the letters are from a different alphabet. So there have been cases where the name of a well-known bank has been spelled in the Cyrillic alphabet, where some letters look identical and people didn't realise they're actually talking to a slightly misspelled version of your bank. So it's quite important that you are very carefully look at the name of your bank in this bar above the web page.

Chris - And just in finishing, Markus, are there three top tips you could offer our listeners for the best way not to fall prey?

马库斯-使用密码管理器使用独立的password on every website - is probably the top one. The second one is whenever you enter a password, make sure you first check the address that this is exactly the address that you are expecting. The third most important tip is, whenever you receive unsolicited e-mail, be extremely suspicious of any links in that e-mail, because very likely this is a fraudulent e-mail and it's just designed to lure you into a fake version of the company's Web site...