Mathematics and Internet Security
Mathematics has been tightly interwoven with the development of computer technology from the very beginning: the work by Charles Babbage and others to design and build mechanical devices to perform arithmetic, George Boole's algebraic treatment of logical reasoning, Alan Turing's conceptualization of discrete computation, the construction of the first electronic computers by Turing, John von Neumann, and other mathematicians, and so forth. Computers were initially conceived and built to perform mathematical calculations. Yet, although that remains a hugely important application of the technology, that is not how most people today think of them, nor is it what they are mostly used for. When early attempts (in the late 1960s) to link computers in order to exchange data led - with unanticipated rapidity and a vastly unimagined scope - to the Internet and then soon afterwards the establishment of the World Wide Web, computers became part of everyday life, at home, for business, for commerce, for entertainment, and for communication. A network that had been constructed originally for university researchers to exchange data and papers quickly, easily, and in an essentially open environment, evolved into a worldwide public communications network where privacy and security suddenly became important factors. Mathematics once again found itself playing a central role in computer technology; this time in helping to provide the tools required to ensure that the Internet is a secure framework through which to communicate in privacy and to carry our business and other financial transactions with security.
The collection of short essays presented here, all written by world experts in the field, provides a small snapshot of some of the more prominent current applications (or attempts at application) of mathematics to the highly significant issue of Internet security.
PUBLIC KEY CRYPTOGRAPHY
To date, the best known of these applications is in Public Key Cryptography, introduced by two Stanford University researchers, Whitfield Diffie and Martin Hellman, in 1976, in particular the use of number theory in the most widely used Public Key Cryptographic System, RSA. Accordingly, this topic is the focus of the two lead essays.
The first, From Private to Public Key Ciphers in Three Easy Steps [Level: introductory] by Jim Sauerberg, sets the scene in historical terms. Then Burt Kaliski dives in and describes the nitty gritty details of the RSA system in his article The Mathematics of the RSA Public-Key Cryptosystem [Level: introductory].
Sauerberg is Professor and Chair of the Department of Mathematics and Computer Science at Saint Mary's College of California, who has just completed a textbook for use in liberal arts mathematics courses, titled Cryptography: A Historical Approach. Kaliski is chief scientist at RSA Laboratories and vice president of research for RSA Security. He was a student of Ronald Rivest at MIT when Rivest, together with Adi Shamir and Leonard Adleman, developed the RSA algorithm, and joined the newly formed RSA Data Security company (as it was then called) immediately after completing his Ph.D.
We then reproduce an article written a few years ago by Stanford University Computer Science Professor Dan Boneh, originally published in the Notices of the American Mathematical Society, Vol 46, 1999, titled Twenty years of attacks on the RSA cryptosystem [Level: advanced]. This article is more technical than the first two. Things move quickly in the Internet security world, and some of the information in Boneh's article is already out-of-date. (Boneh tells me he plans to write a revised version some time in the near future.) Nevertheless, the article provides a highly instructive overview of the kinds of issue involved in keeping an Internet security system secure.
Moving away from the RSA system, a second essay by Jim Sauerberg, titled Route Ciphers in the Civil War [Level: introductory], draws a historical parallel between today's Internet cryptographic systems and the methods adopted in the American Civil War to ensure messages remained secret in transit.
INTERNET PASSWORD SECURITY
For a discussion of recent developments in the related domain of password encryption, see also the February 2006 "Devlin's Angle" column in MAA Online at http://www.maa.org/devlin/devlin_02_06.html [Level: introductory]
For a slightly more in-depth coverage of the same issue, see Find me a Hash," by Susan Landau, a mathematician at Sun Microsystems, in Notices of the AMS (March 2006). [Level: intermediate]
INTERNET VOTING AND SECURE COMPUTATION
With U.S States and countries elsewhere in the world moving toward the use of the Internet for citizens to vote in elections, the security of the votes cast and the secrecy of the ballot process give rise to another host of Internet security questions. Two essays deal with this important and rapidly growing topic. Joe Kilian writes about Secure Computation [Level: intermediate], a concept introduced in the 1980s, and Vincent Rijmen, in his essay Slide rules and electronic voting [Level: introductory], shows how the idea that underlies the use of the slide rule for performing multiplication (in common use prior to the days of electronic calculators) has been resurrected in a new format to provide a protocol for conducting Internet elections.
Kilian is a professor in the department of Computer Science at Rutgers University, who carries out research in cryptology (theory and applied), algorithms, and complexity theory. Rijmen is a professor at the Technical University of Graz in Austria, specializing in computer security. Together with Joan Daemen, Rimjen developed the algorithm Rijndael, which was subsequently selected by the U.S. National Institute for Standards and Technology (NIST) to become the Advanced Encryption Standard (AES).
COMPUTER VIRUSES AND WORMS
Viruses and worms are our next topic. Not the biological varieties, but the ones that roam around the Internet, occasionally bringing network traffic to a crawl, leading to business losses that can be in the millions of dollars range. Yet as Zesheng Chen and Chuanyi Ji show in two essays, the mathematics developed to study the dispersion of biological agents such as viruses can be applied successfully to examine how the computer variety propagates across the Internet. Their articles are Intelligent Worms: Searching for Preys [Level: advanced] and Worm Propagation Models [Level: advanced].
Zesheng Chen is an expert on Internet worms, and is currently a Ph.D. Candidate in the Communication Networks and Machine Learning Group at the School of Electrical and Computer Engineering, Georgia Institute of Technology. Chuanyi Ji is an Associate Professor in the same School, who works on networking, machine learning, and network management and security, and is Chen's doctoral advisor.
SECURE DATA STORAGE
Finally, Dalit Naor, in an article titled Securing Data in the Age of Networked Storage [Level: introductory] explains what is required to keep your data secure when it is stored not on your own PC but at remote locations on the Internet.
Dr. Dalit Naor is a researcher in the Networked Storage Technologies group at IBM Haifa Research Lab. Since joining IBM Research in 1996, She has been working on security technologies for the Internet, content protection and storage systems. Her current interest is in the area of security for storage.
NOTE: Additional essays may be added to this Website in the weeks leading up to Mathematics Awareness Month.