Академический Документы
Профессиональный Документы
Культура Документы
Editors: Peter Gutmann, pgut001@cs.auckland.ac.nz | David Naccache, david.naccache@ens.fr | Charles C. Palmer, ccpalmer@us.ibm.com
82 September/October 2017 Copublished by the IEEE Computer and Reliability Societies 1540-7993/17/$33.00 2017 IEEE
operations, and she must trust that Alice Bob
all components play by the rules
and behave as specified. Obviously,
many things can go wrong, and
many components can misbehave
and cheat in various ways. Having
Alice (and Bob) follow the protocol
is necessary, but not sufficient, to User interaction
deliver the message from sender to
recipient. Many other components Application software Application software
are involved that must also follow
the protocol rules. Operating system Operating system
Alice and Bob have been cast
to explain cryptographic proto- Network interaction
Hardware Hardware
cols. Using such a protocol, Alice
doesnt typically send a message in
Sending device Receiving device
the clear. Instead, she authenticates
and/or encrypts it. But its very
likely not Alice who does the cryp- Figure 1. Alice and Bob communicate electronically, using devices with multiple layers of hardware
tographic computation but rather and software.
some hardware or software module
that operates on her behalf (it can
be a hardware security module such
as a smartcard, or a cryptographic as active content (for example, mali- The realm of remote Internet
library that runs in software). The cious JavaScript code) to launch voting further clarifies my point.
same is true for the cryptographic a man-in-the-middle attack and By clicking a button, Alice might
keys that control the cryptographic choose ciphertexts that are sent think shes casting a vote for a par-
computation. Very likely, its not to the server. Here, were talking ticular candidatebut this isnt
Alice who provides these keys but about thousands or even millions always true. If the software man-
a software module that either stores of ciphertexts that need to be com- aging the voting process on the
the keys or generates them on the fly piled in a specific way and sent to client side is flawed or somehow
by using an automated key exchange the server in a reasonable amount compromised, anything is pos-
and management protocol. The bot- of time. Adversaries must use highly sible and theres no real way for
tom line is that cryptographic com- specialized software to automate Alice to determine whether her
putations are never done by human such an attack. vote was cast-as-intended and
users but by supporting modules So, Alice sends a message to counted-as-cast. Many voting sys-
implemented in hardware or soft- Bob sounds friendly but is illusive. tems work that way and dont pro-
ware and specialized for these tasks Above all, it misses the point when vide any guarantee. But there are
(note that these modules arent even it comes to a technical discussion, cryptographic techniques that can
illustrated in Figure 1). as is always the case in applied cryp- empower Alice to verify her vote
The same line of argumentation tography. Most of the components end to end (E2E). Technologies
that applies to a messages sender that must be in place and cooperate that provide E2E verifiability are
(Alice) and receiver (Bob) also are inherently nonhuman. In fact, going to be important in the future
applies to the adversary: its almost human users roles in such protocols to mitigate the threats and respec-
never human users who eavesdrop should be as small as possiblethe tive risks in remote Internet voting.
and try to manipulate messages but more things users can do, the more
rather highly specialized attack soft- likely something is to go wrong.
ware. If adversaries try to mount a
pass-the-hash attack, for example,
the attack software extracts users
Therefore, a rule of thumb in crypto-
graphic protocol and system design
is to make the user interface as
S o although it might seem a lit-
tle pedantic (and most people
working in the field likely appreci-
credentials from the local cache. small and intuitive as possible. This ate the difference between a nota-
If they try to mount a BEAST-like contradicts the role human names tion and reality), I still think its
attack against the SSL/TLS proto- play in such protocols description more appropriate to use symbols
cols, the attack software is delivered and specification. like A and B instead of human
www.computer.org/security 83
REAL-WORLD CRYPTO
www.computer.org/jobs