Previous lecture | Table of contents | Next lecture |

Nina Fefferman was my assistant during the fall semester in this course. She has a great interest in cryptography as a mathematical discipline and in the political and social controversies which accompany it. She has worked for Counterpane, a leading crypto/computer security company.

Ms. Fefferman lectured, first discussing her work at Counterpane. This
may have gone a bit over the heads of the students: too technical. She
then discussed a "man in the middle" attack on Diffie-Hellman key
exchange: what if Eve intercepted communication between Alice and Bob,
and substituted her numbers for theirs? That is, Eve intercepts
N^{x} (all mod P) from Alice, sends N^{z} to Bob,
etc. So then she ends up sharing N^{xz} with Alice and
N^{yz} with Bob, and can filter, etc., all of their
communication. Students seemed to have some difficulty following some
of the assumptions, and perhaps seemed suitably naive about
"deception". She tried to actualize it to the e-mail environment at
Rutgers. Again, students had difficulty understanding why people might
want to impair the reliability and security of electronic
communication. I remarked that a malefactor might want to "be" Bell
Atlantic for 15 minutes or an hour from the point of view of the
banking system. There's quite a lot of cash sloshing around
electronically. Other ambitions might involve power or sheer
maliciousness. She then tried to distinguish between "active" and
"passive" attacks.

She moved on to the idea of digital signatures (which had been covered only briefly before) and trust. First she tried to ask how people in the "real" world learned to trust one another. Who issues drivers' licenses and why should we trust drivers' licenses? Why should we trust the state? Then she tried to discuss the whole structure of trust in the electronic world. She talked about the pyramid (tree?) of trust that was used, and how fragile it was. Who do I ask to get public RSA keys? Certificate authorities such as Certco and Entrust and VeriSign -- and they make money, too, of course. But who guarantees the certificate authorities? Perhaps this was too complex for some students. She definitely tried to cover more material than she did when she gave a similar presentation in the first semester. These students may not have gotten as much as the other students learned last semester from a more modest presentation. During the first semester she had extensive contact with the students and I think grew to understand their level of mathematical and intellectual sophistication. Several months later, I believe it became easy to overestimate how much material to cover and how detailed the mathematics should be.

Previous lecture | Table of contents | Next lecture |