# Mathematics and Internet Security

Theme Essays

Mathematics has been tightly interwoven with the development of computer technology from the very beginning: the work by Charles Babbage and others to design and build mechanical devices to perform arithmetic, George Boole's algebraic treatment of logical reasoning, Alan Turing's conceptualization of discrete computation, the construction of the first electronic computers by Turing, John von Neumann, and other mathematicians, and so forth. Computers were initially conceived and built to perform mathematical calculations. Yet, although that remains a hugely important application of the technology, that is not how most people today think of them, nor is it what they are mostly used for. When early attempts (in the late 1960s) to link computers in order to exchange data led - with unanticipated rapidity and a vastly unimagined scope - to the Internet and then soon afterwards the establishment of the World Wide Web, computers became part of everyday life, at home, for business, for commerce, for entertainment, and for communication. A network that had been constructed originally for university researchers to exchange data and papers quickly, easily, and in an essentially open environment, evolved into a worldwide public communications network where privacy and security suddenly became important factors. Mathematics once again found itself playing a central role in computer technology; this time in helping to provide the tools required to ensure that the Internet is a secure framework through which to communicate in privacy and to carry our business and other financial transactions with security.

The collection of short essays presented here, all written by world experts in the field, provides a small snapshot of some of the more prominent current applications (or attempts at application) of mathematics to the highly significant issue of Internet security.

## PUBLIC KEY CRYPTOGRAPHY

To date, the best known of these applications is in *Public Key Cryptography*, introduced by two Stanford University researchers, Whitfield Diffie and Martin Hellman, in 1976, in particular the use of number theory in the most widely used Public Key Cryptographic System, RSA. Accordingly, this topic is the focus of the two lead essays.

The first, ** From Private
to Public Key Ciphers in Three Easy Steps **[Level:
introductory] by

**Jim Sauerberg**, sets the scene in historical terms. Then

**Burt Kaliski**dives in and describes the nitty gritty details of the RSA system in his article

**The Mathematics of the RSA Public-Key Cryptosystem**[Level: introductory].

Sauerberg is Professor and Chair of the Department of Mathematics and Computer Science at Saint Mary's College of California, who has just completed a textbook for use in liberal arts mathematics courses, titled *Cryptography: A Historical Approach.* Kaliski is chief scientist at RSA Laboratories and vice president of research for RSA Security. He was a student of Ronald Rivest at MIT when Rivest, together with Adi Shamir and Leonard Adleman, developed the RSA algorithm, and joined the newly formed RSA Data Security company (as it was then called) immediately after completing his Ph.D.

We then reproduce an article written a few years ago by Stanford
University Computer Science Professor **Dan Boneh**, originally
published in the *Notices of the American Mathematical Society,* Vol
46, 1999, titled ** Twenty
years of attacks on the RSA cryptosystem **[Level:
advanced]. This article is more technical than the first
two. Things move quickly in the Internet security world,
and some of the information in Boneh's article is already
out-of-date. (Boneh tells me he plans to write a revised
version some time in the near future.) Nevertheless,
the article provides a highly instructive overview of
the kinds of issue involved in keeping an Internet security
system secure.

Moving away from the RSA system, a second essay by **Jim
Sauerberg**, titled **
Route Ciphers in the Civil
War **[Level: introductory], draws a historical parallel
between today's Internet cryptographic systems and the methods
adopted in the American Civil War to ensure messages remained
secret in transit.

## INTERNET PASSWORD SECURITY

For a discussion of recent developments
in the related domain of password encryption, see also the
February 2006 "Devlin's Angle" column in * MAA
Online* at
http://www.maa.org/devlin/devlin_02_06.html [Level:
introductory]

For a slightly more in-depth coverage of the same issue, see Find me a Hash,"
by Susan Landau, a mathematician at Sun Microsystems, in *Notices of the
AMS* (March 2006). [Level: intermediate]

## INTERNET VOTING AND SECURE COMPUTATION

With U.S States and countries elsewhere in the world moving
toward the use of the Internet for citizens to vote in elections,
the security of the votes cast and the secrecy of the ballot
process give rise to another host of Internet security questions.
Two essays deal with this important and rapidly growing topic. **Joe
Kilian** writes about ** Secure
Computation ** [Level:
intermediate], a concept introduced in the 1980s, and

**Vincent Rijmen**, in his essay

**[Level: introductory], shows how the idea that underlies the use of the slide rule for performing multiplication (in common use prior to the days of electronic calculators) has been resurrected in a new format to provide a protocol for conducting Internet elections.**

*Slide rules and electronic voting*Kilian is a professor in the department of Computer Science at Rutgers University, who carries out research in cryptology (theory and applied), algorithms, and complexity theory. Rijmen is a professor at the Technical University of Graz in Austria, specializing in computer security. Together with Joan Daemen, Rimjen developed the algorithm Rijndael, which was subsequently selected by the U.S. National Institute for Standards and Technology (NIST) to become the Advanced Encryption Standard (AES).

## COMPUTER VIRUSES AND WORMS

Viruses and worms are our next topic. Not the biological varieties,
but the ones that roam around the Internet, occasionally bringing
network traffic to a crawl, leading to business losses that
can be in the millions of dollars range. Yet as **Zesheng
Chen** and **Chuanyi Ji** show in two essays, the mathematics
developed to study the dispersion of biological agents such
as viruses can be applied successfully to examine how the computer
variety propagates across the Internet. Their articles are ** Intelligent
Worms: Searching for Preys ** [Level:
advanced] and

**[Level: advanced].**

*Worm Propagation Models*Zesheng Chen is an expert on Internet worms, and is currently a Ph.D. Candidate in the Communication Networks and Machine Learning Group at the School of Electrical and Computer Engineering, Georgia Institute of Technology. Chuanyi Ji is an Associate Professor in the same School, who works on networking, machine learning, and network management and security, and is Chen's doctoral advisor.

## SECURE DATA STORAGE

Finally, **Dalit Naor**, in an article titled ** Securing
Data in the Age of Networked Storage **[Level: introductory] explains what is required to keep your data secure when it is stored not on your own PC but at remote locations on the Internet.

Dr. Dalit Naor is a researcher in the Networked Storage Technologies group at IBM Haifa Research Lab. Since joining IBM Research in 1996, She has been working on security technologies for the Internet, content protection and storage systems. Her current interest is in the area of security for storage.

NOTE: Additional essays may be added to this Website in the weeks leading up to Mathematics Awareness Month.

*Enjoy!*