Transcript PhD Thesis Defence

PhD Thesis Defence
Memorizable Public-Key Cryptography
(MePKC) & Its Applications
on Friday 20 August 2010, from 10.00am to 01.00pm
at MMU (Multimedia University), in Melaka & Cyberjaya, Malaysia
Expertise: Computer Communications > Data Communications >
Cryptography & Info Security > Key/password security.
© 2010 Kok-Wah Lee.
All rights reserved.
Created on 07 May 2010. Modified on 13Aug2010.
1
Copyright Notice
1.
2.
3.
4.
This literary work and the drafts of PhD thesis are
copyrighted for local protection in Malaysia and
overseas protection under international treaties.
This file is presently only licensed for the purpose of
PhD thesis examination.
Upon KWLee’s PhD convocation date for the grant of
this PhD degree by research in information engineering,
this literary work may then be licensed for noncommercial purposes only without any derivatives
allowed inline with the patent quality requirements for
novelty and non-obviousness.
This copyright license is revocable, perpetual,
worldwide, non-exclusive, transferable, and royalty-free.
2
Table of Contents
1.
2.
3.
4.
5.
6.
7.
Introduction
Objectives & Deliverables
Contribution to Knowledge
Research Background / Literature Review
Research Methodology / Analysis & Design
Implementation / Results & Discussion
Conclusion & Future Work
3
Introduction
•
A research project done by Kok-Wah Lee from
November 2004 to October 2008.
Up to date consumed financial costs: More
than MYR$65,000 excluding KWLee’s labour
costs.
Three basic purposes of this research project:
•
•
–
–
–
To cultivate stronger competitive strength, possibly
towards entrepreneurship using IP (Intellectual
Property).
To solve imperative research problems/challenges.
To qualify a person for doctorate (aka PhD) degree.
4
Objectives & Deliverables
•
•
•
To solve the memorizable/mnemonic key size
of secret: 2D key (Two-Dimensional Key).
To solve the limited number of memorizable
passwords for multiple accounts: Multihash
key.
To solve the memorizability problem of private
key of PKC (Public Key Cryptography):
MePKC (Memorizable Public-Key
Cryptography), aka MoPKC (Mobile Public-Key
Cryptography).
5
Contribution to Knowledge
•
Passphrase generation method:
–
•
Big memorizable key generation methods:
–
–
•
Chinese-character-encoded passphrase
2D key (two-dimensional key)
Multimedia noises for more random secrets
–
–
–
•
Coinware
Semantic errors in multimedia communications
Decrypting English text using enhanced frequency
analysis
Passphrase with semantic noises and a proof on its
higher information rate
Multiple slave keys per master key: Multihash
key.
6
Contribution to Knowledge
•
Applications of big secret & MePKC:
–
–
–
–
•
MePKC timestamping scheme for evidence of
intellectual property (IP) originality:
–
–
•
Memorizable symmetric key to resist quantum
computer attack
MePKC (Memorizable Public-Key Cryptography)
Other cryptographic, information-hiding, and noncryptographic applications of secret beyond 128 bits
Multipartite electronic commerce transactions using
MePKC
Proof of copyright ownership using digital timestamp
in Malaysia
Limited first-to-invent patent filing system
Hack-proof data storage using innovated DIP
(Dual Inline Package) switch.
7
Literature Review: Key/Password
•
Authentication methods:
–
–
–
–
•
•
•
•
•
•
•
What you know > Secret
What you have > Token
What you are > Biometrics
Whom you refer to > Referee
Most popular: Secret the key/password.
Overall key size less than 128 bit.
General key size rare to be more than 100 bits.
Average key size = 40.54 bits.
A user has 6.5 different passwords for a total of
25 accounts.
8 accounts are used daily.
A user can memorize 4 to 5 unique passwords.
8
Literature Review: Private Key Storage
•
Prior arts of private key storage:
–
–
–
•
•
Encrypted private key
Split private key
Roaming private key
All the present private keys are either based
on token or partially memorizable secret key.
Fully memorizable private key is an open
problem.
9
Literature Review: BGP
•
BGP (Byzantine Generals Problem)
–
•
Human feature type:
–
–
•
•
•
•
•
Malicious human communications network
Honest human: Trust
Faulty human: Lies
BAP (Byzantine Agreement Protocol)
ANN (Artificial Neural Network)
ANN based BAP, aka BAP with ANN
Multipartite cryptography
Tripartite ANN based BAP
10
Literature Review: Patent Filing System
•
•
First-to-invent patent filing system
First-to-file patent filing system
11
Literature Review: Hacked Storage
•
Factors affecting the networked computer
storage security:
–
–
–
–
–
–
•
•
Hacking
Number of networking ports
Firewall software
Computer administrator/specialist
Technical complexity
Operating system settings
Data line switch: To connect/disconnect a line
from communications network like Internet.
Conventional DIL/DIP (Dual Inline Package)
switch.
12
Research Methodology / Analysis & Design
•
Model proving techniques in a computing
thesis:
–
–
–
•
Research type:
–
–
–
•
Analytic method using formal manipulations
Stochastic method using statistical measurements
Building a prototype for experimental testing
Scientific research (basic/fundamental research)
Technology development (applied research)
Product/process development (design end
engineering, prototype building from proof of
concept)
This project has basic research outputs and
their enablement towards prototype building.
13
Implementation / Results & Discussion
•
Implementation / prototype for testing:
–
–
–
–
–
–
2D key (two-dimensional key)
Chinese-character-encoded passphrase
Semantic noises for higher randomness
128-, 196-, and 256-bit AES (Advanced Encryption
Standard)
Encryption and signature schemes of MePKC using
ECC (Elliptic Curve Cryptography)
Hack-proof data storage using innovated DIP switch
14
Conclusion
•
Expected strong contribution impacts in the
following novel knowledge contribution:
–
–
–
–
–
•
Big memorizable secret key size up to 256 bits and
possibly higher
Multiple slave keys per master key
MePKC using fully memorizable private key
Limited first-to-invent patent filing system
Hack-proof data storage
Indirect consequent advantages:
–
–
More paperless, trip-less, petroleum-less,
environment-friendly human society.
To enable the data security features of multipartite
electronic computer communications in the presence
of malicious humans.
15
Future Work
•
Potential future research directions:
–
–
–
–
–
–
512-bit multihash key needs hash function beyond
1024 bits
MePKC extension to other non-conventional
cryptographic schemes
Big secret(s) for information-hiding and noncryptographic applications
Safety box using computerized lock
Studies of provable security (better known as
reduction based security)
Statistical surveys for various security schemes
16
Contributed New Concept
•
•
•
•
•
Generality: Knowledge Area = Electrical Engineering
Particularity: Knowledge Field = Data Communications
(Telecommunications Engineering, Computer
Engineering)
Specificity: Knowledge Focus = Cryptography &
Information Security
Uniqueness: Knowledge Strength {
–
Group-1 = Hack-proof data storage using innovated
DIL/DIP (Dual Inline Package) switch, (m+n)-way
DIP switch activated in opposite direction.
–
Group-2 = Coinware, Chinese-character-encoded
passphrase, 2D key (two-dimensional key), MePKC
(Memorizable Public Key Cryptography).
–
Group-3 = Multihash key. }
Art Stream: Limited first-to-invent patent filing system.
17
Q&A
Thank you 
It is Q & A (Questions and Answers) session now.
Yup, Q&A on my PhD thesis, and shall be
not yet Q&A on D.Sc./Habilitation book-like thesis!
18