1 phd thesis defence memorizable public-key cryptography (mepkc) & its applications © 2010...

1

PhD Thesis Defence

Memorizable Public-Key Cryptography (MePKC) & Its Applications

© 2010 Kok-Wah Lee.

All rights reserved.Created on 07 May 2010. Modified on 13Aug2010.

Expertise: Computer Communications > Data Communications > Cryptography & Info Security > Key/password security.

on Friday 20 August 2010, from 10.00am to 01.00pm

at MMU (Multimedia University), in Melaka & Cyberjaya, Malaysia

2

Copyright Notice

1. This literary work and the drafts of PhD thesis are copyrighted for local protection in Malaysia and overseas protection under international treaties.

2. This file is presently only licensed for the purpose of PhD thesis examination.

3. Upon KWLee’s PhD convocation date for the grant of this PhD degree by research in information engineering, this literary work may then be licensed for non-commercial purposes only without any derivatives allowed inline with the patent quality requirements for novelty and non-obviousness.

4. This copyright license is revocable, perpetual, worldwide, non-exclusive, transferable, and royalty-free.

3

Table of Contents

1. Introduction2. Objectives & Deliverables3. Contribution to Knowledge4. Research Background / Literature Review5. Research Methodology / Analysis & Design6. Implementation / Results & Discussion7. Conclusion & Future Work

4

Introduction

• A research project done by Kok-Wah Lee from November 2004 to October 2008.

• Up to date consumed financial costs: More than MYR$65,000 excluding KWLee’s labour costs.

• Three basic purposes of this research project:– To cultivate stronger competitive strength, possibly

towards entrepreneurship using IP (Intellectual Property).

– To solve imperative research problems/challenges.– To qualify a person for doctorate (aka PhD) degree.

5

Objectives & Deliverables

• To solve the memorizable/mnemonic key size of secret: 2D key (Two-Dimensional Key).

• To solve the limited number of memorizable passwords for multiple accounts: Multihash key.

• To solve the memorizability problem of private key of PKC (Public Key Cryptography): MePKC (Memorizable Public-Key Cryptography), aka MoPKC (Mobile Public-Key Cryptography).

6

Contribution to Knowledge

• Passphrase generation method:– Coinware

• Big memorizable key generation methods:– Chinese-character-encoded passphrase– 2D key (two-dimensional key)

• Multimedia noises for more random secrets– Semantic errors in multimedia communications– Decrypting English text using enhanced frequency

analysis– Passphrase with semantic noises and a proof on its

higher information rate

• Multiple slave keys per master key: Multihash key.

7

Contribution to Knowledge

• Applications of big secret & MePKC:– Memorizable symmetric key to resist quantum

computer attack– MePKC (Memorizable Public-Key Cryptography)– Other cryptographic, information-hiding, and non-

cryptographic applications of secret beyond 128 bits– Multipartite electronic commerce transactions using

MePKC

• MePKC timestamping scheme for evidence of intellectual property (IP) originality:

– Proof of copyright ownership using digital timestamp in Malaysia

– Limited first-to-invent patent filing system

• Hack-proof data storage using innovated DIP (Dual Inline Package) switch.

8

Literature Review: Key/Password

• Authentication methods:– What you know > Secret– What you have > Token– What you are > Biometrics– Whom you refer to > Referee

• Most popular: Secret the key/password.• Overall key size less than 128 bit.• General key size rare to be more than 100 bits.• Average key size = 40.54 bits.• A user has 6.5 different passwords for a total

of 25 accounts.• 8 accounts are used daily.• A user can memorize 4 to 5 unique passwords.

9

Literature Review: Private Key Storage

• Prior arts of private key storage:– Encrypted private key– Split private key– Roaming private key

• All the present private keys are either based on token or partially memorizable secret key.

• Fully memorizable private key is an open problem.

10

Literature Review: BGP

• BGP (Byzantine Generals Problem)– Malicious human communications network

• Human feature type:– Honest human: Trust– Faulty human: Lies

• BAP (Byzantine Agreement Protocol)• ANN (Artificial Neural Network)• ANN based BAP, aka BAP with ANN• Multipartite cryptography• Tripartite ANN based BAP

11

Literature Review: Patent Filing System

• First-to-invent patent filing system• First-to-file patent filing system

12

Literature Review: Hacked Storage

• Factors affecting the networked computer storage security:

– Hacking– Number of networking ports– Firewall software– Computer administrator/specialist– Technical complexity– Operating system settings

• Data line switch: To connect/disconnect a line from communications network like Internet.

• Conventional DIL/DIP (Dual Inline Package) switch.

13

Research Methodology / Analysis & Design

• Model proving techniques in a computing thesis:

– Analytic method using formal manipulations– Stochastic method using statistical measurements– Building a prototype for experimental testing

• Research type:– Scientific research (basic/fundamental research)– Technology development (applied research)– Product/process development (design end

engineering, prototype building from proof of concept)

• This project has basic research outputs and their enablement towards prototype building.

14

Implementation / Results & Discussion

• Implementation / prototype for testing:– 2D key (two-dimensional key)– Chinese-character-encoded passphrase– Semantic noises for higher randomness– 128-, 196-, and 256-bit AES (Advanced Encryption

Standard)– Encryption and signature schemes of MePKC using

ECC (Elliptic Curve Cryptography)– Hack-proof data storage using innovated DIP switch

15

Conclusion

• Expected strong contribution impacts in the following novel knowledge contribution:

– Big memorizable secret key size up to 256 bits and possibly higher

– Multiple slave keys per master key– MePKC using fully memorizable private key– Limited first-to-invent patent filing system– Hack-proof data storage

• Indirect consequent advantages:– More paperless, trip-less, petroleum-less,

environment-friendly human society.– To enable the data security features of multipartite

electronic computer communications in the presence of malicious humans.

16

Future Work

• Potential future research directions:– 512-bit multihash key needs hash function beyond

1024 bits– MePKC extension to other non-conventional

cryptographic schemes– Big secret(s) for information-hiding and non-

cryptographic applications– Safety box using computerized lock– Studies of provable security (better known as

reduction based security)– Statistical surveys for various security schemes

17

Contributed New Concept

• Generality: Knowledge Area = Electrical Engineering• Particularity: Knowledge Field = Data Communications

(Telecommunications Engineering, Computer Engineering)

• Specificity: Knowledge Focus = Cryptography & Information Security

• Uniqueness: Knowledge Strength {– Group-1 = Hack-proof data storage using innovated

DIL/DIP (Dual Inline Package) switch, (m+n)-way DIP switch activated in opposite direction.

– Group-2 = Coinware, Chinese-character-encoded passphrase, 2D key (two-dimensional key), MePKC (Memorizable Public Key Cryptography).

– Group-3 = Multihash key. }• Art Stream: Limited first-to-invent patent filing system.

18

Q & A

Thank you

It is Q & A (Questions and Answers) session now.

Yup, Q&A on my PhD thesis, and shall benot yet Q&A on D.Sc./Habilitation book-like thesis!