Software Security Comp Sci 725 Handout 14 Academic

Software Security Comp. Sci 725 Handout 14: Academic Writing; Introduction to Cryptography Clark Thomborson University of Auckland h 14. 15 -Mar-01 1

“Moral Rights” of an Author • In many (but not all!) legal codes, an author has – The “right of integrity”. An author’s words must not be mutilated or distorted (especially if this would damage the author’s honor or reputation). – The “right of attribution”. The true author has the right to have his/her name on the work, and non-authors may not make false claims of authorship. • These rights are commonly observed in academic ethics, and may be enforced by contracts. • As a student at the University of Auckland, you must honour other authors’ rights of integrity and attribution, especially avoiding false claims of authorship. h 14. 15 -Mar-01 2

“Effectively Using Direct Quotations” U of Richmond Writer’s Web • This is a guide to academic style, showing you how to – Make clear attributions to the true author, – Avoid making false claims of authorship for yourself, and – Adjust the author’s words, to suit the context of your writing. • A “direct quotation” is an exact copy of another author’s words. – You must cite the true author. – You may omit words before, after, or in the middle of the quoted passage. All changes must be clearly marked. – You may alter words, by using square brackets: “[Nero] was the maddest of them all. ” (Smith 32) – You must avoid “misrepresenting the … author’s opinion. ” h 14. 15 -Mar-01 3

When to Use Direct Quotes • The U of Richmond Writer’s Web recommends you “Use a Quotation: – – to emphasize a point you’ve made. to provide an example. to show an author’s intention. to show historical figures spoke or thought. ” • Which (if any) of these reasons support my decision to directly quote the Writer’s Web on this slide? • My advice for technical writing: – You may use a direct quotation for definitions and lists. – Don’t quote someone else’s explanation unless you analyze it in your text. – Use paraphrase and summary much more often than direct quotation. h 14. 15 -Mar-01 4

Academic Honesty • Our department recently published guidelines for honesty in our Undergraduate Guide online at http: //www. cs. auckland. ac. nz/handbook/current/UG. H. html • These guidelines will appear in next year’s hardcopy. • Are the following guidelines for honesty an assertion of a “right to integrity” or a “right to attribution”? “[In] assignments and research, you gain credit for your own work. …[so] it is dishonest to present other people’s work as though it were your own. ” “Getting help in understanding from staff and tutors. ” “Plagiarism is the inclusion in your assignment of material copied or closely paraphrased from someone else’s writings … without an explicit indication of the source of the material. It is … cheating. ” h 14. 15 -Mar-01 5

Paraphrasing • A direct quotation: “Simply put, PARAPHRASING is putting an author’s work into your own words. … While not plagiarism if done right, it would show little or no creativity and receive an appropriate grade. ” [M Spears, http: //www. ehhs. cmich. edu/~mspears/plagiarism. html on 14 March 2001] • A paraphrase: You may show a little creativity by rewording (without plagiarizing) part or all of another paper. • You can create an appropriate paraphrase, by considering – what your reader is likely to know already and – what your reader needs to know, in order to understand your argument, or point of view. (So … you must have a point of view!) • You can show quite a bit of creativity by appropriately paraphrasing several authors, to support a novel point of view. h 14. 15 -Mar-01 6

Summarization • A summary is “a brief statement giving the main points” [Thorndike-Barnhard Dictionary, 1955]. • One technique for summarization is to write one sentence for each paragraph (or section) in an article. • An extended form of the “right to integrity” protects the “artistic impression” of a work. So … – You might seek the original author’s consent before publishing a new artistic work that includes a summary, paraphrase or other adaptation of another poem, picture, or other work of art. – Academic writings are not considered to be “artistic”: you don’t need an academic author’s consent to summarise or paraphrase their work! h 14. 15 -Mar-01 7

Other Moral Rights (not mentioned in Berne Convention) • “The right of disclosure: the author has the final decision on when and where to publish… • “the right to withdraw or retract: … the author may purchase at wholesale price all of the remaining copies of the author’s work, then prevent printing of more copies… • “the right to reply to criticism: … a right to reply to a critic and have the reply published in the same place as the critic’s expression. ” [Standler, internet essay, 29 May 1998. Available: http: //www. rbs 2. com/moral. htm, March 2001] • rights to anonymous and pseudonymous publication. [Cotter, 76 N. C. L. Rev. 1, Nov. 1997. Available: http: //cyber. law. harvard. edu/ metaschool/Fisher/integrity/Links/Articles/cotter. html, March 2001] h 14. 15 -Mar-01 8

Applied Cryptography (2 nd Ed. ) Bruce Schneier • “Suppose a sender wants to send a message to a receiver. Moreover, this sender wants to send the message securely: She wants to make sure an eavesdropper cannot read the message. ” • Exercise 1. Draw a picture of this scenario. • Exercise 2. Which of Pfleeger’s four threats is a concern to this sender? h 14. 15 -Mar-01 9

Terminology of Cryptography • Plaintext, ciphertext, encryption, decryption: Sender plaintext Decryption cyphertext Encryption plaintext Receiver • Cryptography: the art (science) of keeping messages secure. • Cryptanalysts seek to “break” cyphertexts (that is, to discover the plaintext, given the cyphertext). h 14. 15 -Mar-01 10

A Simple Encryption Scheme • Rot(k, s) : “rotate” each character in string s by k: • Exercise: write the corresponding decryption routine. Exercise: how many keys must you try, before you can “break” a ciphertext Rot(k, s)? This is a (very weak) “secret-key” encryption scheme, where the secret key is k. • • { for( i=0; i<len(s); i++ ) s[i] = ( s[i] + k ) mod 26; return(s); } h 14. 15 -Mar-01 11

Symmetric and Public-Key Encryption • If the decryption key kd can be computed from the encryption key ke, then the algorithm is called “symmetric”. • Question: is Rot(k, s) a symmetric cipher? • If the decryption key kd cannot be computed (in a reasonable amount of time) from the encryption key ke, then the algorithm is called “asymmetric” or “publickey”. • The subscripts on kd and ke are usually omitted. h 14. 15 -Mar-01 12

Algebraic Notation for Cryptography • The encryption function is E( ) or Ek( ). • The decryption function is D( ) or Dk( ). • The receiver can read the message only if D(E(M)) = M. • In public-key cryptography, – We let “everyone” know our public-key ke. – We let our friends know the corresponding private-key kd. – Only friends can decrypt messages encoded with Eke( ). – Anyone can encrypt messages using Eke ( ). h 14. 15 -Mar-01 13

Authentication in PK Cryptography • We can “sign” messages, using Ekd( ) to encrypt with our secret (private) key kd. • Anyone can verify our signature, by looking up our public key ke and computing Dke ( ). • We want more than one public/private key pair, otherwise friends could forge our kd signature. – Authority-to-sign kd authority-to-read kd’ • A “public key infrastructure” (PKI) will help us discover other people’s public keys ke, ke’, … • Public key cryptography can provide integrity and nonrepudiation, in addition to authentication, for messages. h 14. 15 -Mar-01 14

Types of Cryptographic Attack • A ciphertext may be broken by… – Discovering the “restricted” algorithm (if the algorithm doesn’t require a key). – Discovering the key by non-cryptographic means (bribery, theft, ‘just asking’). – Discovering the key by “brute-force search” (through all possible keys). – Discovering the key by cryptanalysis based on other information, such as known pairs of (plaintext, ciphertext). • The weakest point in the system may not be its cryptography! (See Schneier’s latest book. ) h 14. 15 -Mar-01 15

Steganography • “Steganography serves to hide secret messages in other messages, such that the secret’s very existence is concealed. ” [Schneier] • A cryptanalyst is given a ciphertext, and possibly some additional information such as key frequencies, cipherplaintext pairs, “black-box” encrypters, etc. They are typically asked to discover the corresponding plaintext. • A steganalyst is given a (large) collection of messages. They are typically asked to discover if any of these messages contains a secret message. If the secret message is a ciphertext, cryptanalysis is required to read the secret plaintext. h 14. 15 -Mar-01 16