cryptography revealed
DESCRIPTION
TRANSCRIPT
AgendaAgenda• Cryptography ?? .• Encryption .
• Symmetric Encryption .• Asymmetric Encryption.• Diffie-hellman.
• Hashing .• Digital signature .• Authentication
Protocols .• PKI .• Cryptosystems .• Cryptanalysis .• Demos .• MISC : Cryptographics .
. Cryptography is a framework of methodologies used to ensure the . Cryptography is a framework of methodologies used to ensure the CIA triad for our information ; C for confidentiality , I for Integrity and CIA triad for our information ; C for confidentiality , I for Integrity and A for authenticity.A for authenticity.
. The need for cryptographic techs was as old as the need to keep . The need for cryptographic techs was as old as the need to keep the critical info secure , safe and authentic . the techs were invented the critical info secure , safe and authentic . the techs were invented in different forms that can be compatible with their current age , in different forms that can be compatible with their current age , while the concept was the same .while the concept was the same .
. Cryptography was known anciently as Encryption which means : . Cryptography was known anciently as Encryption which means : Hiding the information from unauthorized entities . Various methods Hiding the information from unauthorized entities . Various methods were used to adopt this purpose , it could be implemented were used to adopt this purpose , it could be implemented manually , mechanically or even electronically .manually , mechanically or even electronically .
Cryptography ?? Cryptography ??
. . SCYTALESCYTALE , is an example for a really old tech that was used to , is an example for a really old tech that was used to cipher (encrypt) information . The concept of operation is so simple . cipher (encrypt) information . The concept of operation is so simple . Get a long strip of leather and wind it over a rode like the picture , Get a long strip of leather and wind it over a rode like the picture , write the clear data on the leather over the rod and then unwind it . write the clear data on the leather over the rod and then unwind it .
. “ HELP ME I AM UNDER ATTACK “ will be . “ HELP ME I AM UNDER ATTACK “ will be "HENTEIDTLAEAPMRCMUAK“ , and it totally depends on the diameter of the rode , which is the key and it totally depends on the diameter of the rode , which is the key to decipher the message .to decipher the message .
. Nowadays are a bit different , as we are not talking about only . Nowadays are a bit different , as we are not talking about only encryption when dealing with cryptography , hashing shares the place encryption when dealing with cryptography , hashing shares the place with encryption to form the whole framework (cryptographic with encryption to form the whole framework (cryptographic framework) ; hashing role is to ensure the integrity of the message . framework) ; hashing role is to ensure the integrity of the message . So , back to the CIA triad , encryption is used to insure the So , back to the CIA triad , encryption is used to insure the confidentiality, hashing is for ensuring the integrity and a combination confidentiality, hashing is for ensuring the integrity and a combination of encryption & hashing for ensuring the authenticity of the message of encryption & hashing for ensuring the authenticity of the message sender . sender .
. Encryption and Hashing can be . Encryption and Hashing can be considered now as systems that need considered now as systems that need an input to deliver an output , this an input to deliver an output , this system is controlled by a set of system is controlled by a set of mathematical equations which is mathematical equations which is known as an algorithm.known as an algorithm.
Encryption Encryption
. As we stated before , Encryption is considered as a component of . As we stated before , Encryption is considered as a component of the cryptographic framework . It’s role is to offer the confidentiality the cryptographic framework . It’s role is to offer the confidentiality axis of the CIA triad .axis of the CIA triad .
. Recalling the systematic view of . Recalling the systematic view of any cryptographic component , any cryptographic component , Encryption needs an input (Clear Encryption needs an input (Clear message & key) to deliver the message & key) to deliver the cipher form (output) , this cipher cipher form (output) , this cipher form to be decrypted (converted form to be decrypted (converted to the clear form ) we shall need to the clear form ) we shall need a key and the same algorithm .a key and the same algorithm .
. Encryption can be implemented symmetrically or asymmetrically .. Encryption can be implemented symmetrically or asymmetrically .
. If we are using symmetric encryption , then we will encrypt the . If we are using symmetric encryption , then we will encrypt the clear message with one key and decrypt it with the same key ; clear message with one key and decrypt it with the same key ; encryptor and decryptor should have the same key .encryptor and decryptor should have the same key .
. On the other hand , for Asymmetric encryption , the sender will use . On the other hand , for Asymmetric encryption , the sender will use a key to encrypt the message and the receiver will use a different a key to encrypt the message and the receiver will use a different key to decrypt the message , in case we have a bidirectional key to decrypt the message , in case we have a bidirectional communication , each pair will use two keys one of them is public for communication , each pair will use two keys one of them is public for others and a private key for himself. others and a private key for himself.
Symmetric EncryptionSymmetric Encryption. To wrap the concept let us discuss a case for three entities that . To wrap the concept let us discuss a case for three entities that need to communicate securely using symmetric encryption . need to communicate securely using symmetric encryption .
. From the figure , we can . From the figure , we can conclude that we will use 9 conclude that we will use 9 different private keys for different private keys for achieving bidirectional achieving bidirectional communication between xyz and communication between xyz and abc .abc .
. We can conclude also that we . We can conclude also that we need to define a way by which need to define a way by which we can exchange these private we can exchange these private keys in a secure manner keys in a secure manner between distant entities .between distant entities .
. We will recall these two . We will recall these two conclusions a bit later .conclusions a bit later .
. DES , 3DES , Blowfish , IDEA , RC5 , Safer , Serpent and AES are the . DES , 3DES , Blowfish , IDEA , RC5 , Safer , Serpent and AES are the well known symmetric encryption algorithms .well known symmetric encryption algorithms .
. We will go deeply for DES. We will go deeply for DES and AES and AES in the Demos section . in the Demos section .
Asymmetric EncryptionAsymmetric Encryption
. Back to the same case that was assumed when using symmetric . Back to the same case that was assumed when using symmetric encryption. encryption.
. ABC and XYZ have their public . ABC and XYZ have their public keys distributed over each other , keys distributed over each other , anyone needs to talk to the other anyone needs to talk to the other will use the other’s public key to will use the other’s public key to encrypt the traffic and the other encrypt the traffic and the other will use his own private key to will use his own private key to decrypt the traffic , X will use A’s decrypt the traffic , X will use A’s public key to encrypt clear traffic public key to encrypt clear traffic A will receive the cipher to A will receive the cipher to decrypt it using his own private decrypt it using his own private key .key .
. Less number of keys and simple . Less number of keys and simple key distribution . key distribution .
. RSA is the famous asymmetric key encryption algorithm . . RSA is the famous asymmetric key encryption algorithm .
Ron Ron RRivest ## leftivest ## left
Adi Adi SShamir ## Middlehamir ## Middle
Leonard Leonard AAdleman ## Rightdleman ## Right
. RSA operation will be . RSA operation will be discussed in the Demos section discussed in the Demos section ..
. Let us now compare them (symmetric and asymmetric) :. Let us now compare them (symmetric and asymmetric) :
1- Symmetric key encryption suffers from scalability issues ; to achieve a 1- Symmetric key encryption suffers from scalability issues ; to achieve a secure communication between N points , we will need to generate (N(N-1))/2 secure communication between N points , we will need to generate (N(N-1))/2 different keys .different keys .
3- Symmetric key encryption requires “ out of band “ secure exchange of keys , 3- Symmetric key encryption requires “ out of band “ secure exchange of keys , because , both the communicating parties needs to know about the keys before because , both the communicating parties needs to know about the keys before proceeding into the communication .proceeding into the communication .
4- Asymmetric key encryption systems are incredibly complex , and that 4- Asymmetric key encryption systems are incredibly complex , and that complexity will surely impact the performance . Asymmetric key encryption is complexity will surely impact the performance . Asymmetric key encryption is up to 1000 times slower than symmetric key encryption .up to 1000 times slower than symmetric key encryption .
. Now how can we deal with that problem ?!!! , Diffie and Hellman will . Now how can we deal with that problem ?!!! , Diffie and Hellman will answer this question for us .answer this question for us .
Diffie-hellmanDiffie-hellman
•Diffie-Hellman algorithm will use Diffie-Hellman algorithm will use public key encryption to only public key encryption to only distribute symmetric keys for distribute symmetric keys for communicating parties , symmetric communicating parties , symmetric key encryption will be used to deal key encryption will be used to deal with clear data to create the cipher with clear data to create the cipher , so we will have no odds :: high , so we will have no odds :: high performance using symmetric key performance using symmetric key encryption and simple key encryption and simple key distribution process using Diffie-distribution process using Diffie-Hellman algorithm , as we will sure Hellman algorithm , as we will sure see here and the demos section .see here and the demos section .
• Khaled will generate two (public and private ) keys using his own Khaled will generate two (public and private ) keys using his own Diffie-Hellman algorithm , Ali will do the same thing ; both of them Diffie-Hellman algorithm , Ali will do the same thing ; both of them will exchange his own public key , khaled will have his own private will exchange his own public key , khaled will have his own private key and Ali’s public key , he will use his Diffie-Hellman algorithm to key and Ali’s public key , he will use his Diffie-Hellman algorithm to generate a new private key ; Ali will have the same private key if he generate a new private key ; Ali will have the same private key if he executed the same operation.executed the same operation.
Hashing Hashing
•Hashing is the second component of the cryptographic framework , Hashing is the second component of the cryptographic framework , its role is to ensure the integrity of a message . The most important its role is to ensure the integrity of a message . The most important aspect of integrity violation is that the target of the attack is not aspect of integrity violation is that the target of the attack is not aware about the violation occurrence , simply , if he knew he will aware about the violation occurrence , simply , if he knew he will request for a retransmission .request for a retransmission .
•The problem is that I am The problem is that I am communicating with my co-communicating with my co-workers basing on a false workers basing on a false information .information .
•Hashing is an irreversible Hashing is an irreversible process with no keys , the process with no keys , the clear message is the only clear message is the only input for the hashing process input for the hashing process ..
•The message will be delivered as an input to the hashing system , The message will be delivered as an input to the hashing system , hashing system will create message digest (hash) from the clear hashing system will create message digest (hash) from the clear message , it will then append the digest to the message and then message , it will then append the digest to the message and then send them over the media ; The recipient will have the message to send them over the media ; The recipient will have the message to create a new digest and then compare the two digests . create a new digest and then compare the two digests .
•A simple newbie can execute an MITM attack , he will be able to A simple newbie can execute an MITM attack , he will be able to receive the message with the digest from the sender so as to create receive the message with the digest from the sender so as to create a new fake message with a new generated hash from the fake a new fake message with a new generated hash from the fake message (using the same hashing algorithm) to be sent to the poor message (using the same hashing algorithm) to be sent to the poor receiver .receiver .
•HMAC , the solution for this problem .HMAC , the solution for this problem .
•MD5 and SHA are the most used hashing algorithms , SHA is more MD5 and SHA are the most used hashing algorithms , SHA is more secure than MD5 .secure than MD5 .
•We will have a demo for HMAC in the demos section .We will have a demo for HMAC in the demos section .
Digital signature Digital signature
•This is our last step for completing the CIA triad , how can we This is our last step for completing the CIA triad , how can we ensure authenticity using cryptography !!! ensure authenticity using cryptography !!!
•Digital signature is a mechanism by which we can authenticate the Digital signature is a mechanism by which we can authenticate the message sender on a message basis , each message needs to be message sender on a message basis , each message needs to be authenticated , this needs to be clarified , digital signature is not a authenticated , this needs to be clarified , digital signature is not a connection based authentication mechanism like pap , chap , connection based authentication mechanism like pap , chap , kerborse , TACACS ............... kerborse , TACACS ...............
•Digital signature uses a combination Digital signature uses a combination of encryption and hashing .of encryption and hashing .
•The message will be hashed , the digest will be encrypted by the The message will be hashed , the digest will be encrypted by the sender private key and then sent with message to the recipient . sender private key and then sent with message to the recipient .
•We have a demo for Digital signature .We have a demo for Digital signature .
Authentication ProtocolsAuthentication Protocols•As we are taking about connection based authentication As we are taking about connection based authentication mechanism , we will deal with protocols rather than algorithms . mechanism , we will deal with protocols rather than algorithms . This is to briefly list famous authentication protocols :This is to briefly list famous authentication protocols :
1- PAP1- PAP
2- CHAP2- CHAP
3- MS-CHAP3- MS-CHAP
4- NTLM4- NTLM
5- EAP5- EAP
6- PEAP6- PEAP
7- Kerberos7- Kerberos
8- TACACS+8- TACACS+
9- Radius9- Radius
10- Diameter10- Diameter
PKPKII•Public Key Infrastructure is a Public Key Infrastructure is a TrustTrust Connectivity media , I need to Connectivity media , I need to
trust the sender before beginning a new session with him , how can trust the sender before beginning a new session with him , how can I know that this public key is the one owned by the real sender; I I know that this public key is the one owned by the real sender; I need someone between us , someone that I can trust and that can need someone between us , someone that I can trust and that can trust this remote sender .trust this remote sender .
•How can I trust you?How can I trust you?Answer: The CA trusts me.Answer: The CA trusts me.
•How can I know the CA trusts How can I know the CA trusts you?you?Answer: You can see my Answer: You can see my certificate issued by the CA.certificate issued by the CA.
.So , PKI is not for authentication, .So , PKI is not for authentication, but it can be considered as a pre-but it can be considered as a pre-authentication phase .authentication phase .
.We will have a full PKI course . .We will have a full PKI course .
CryptosystemsCryptosystems
•Cryptosystem is an implemented form of the cryptographic Cryptosystem is an implemented form of the cryptographic framework , it consists of three components :framework , it consists of three components :
1- algorithms : cryptographic engines for doing encryption and hashing .1- algorithms : cryptographic engines for doing encryption and hashing .
2- protocols : for establishing connections and negotiating parameters 2- protocols : for establishing connections and negotiating parameters between the communicating parties .between the communicating parties .
3- keys : for encryption algorithms .3- keys : for encryption algorithms .
•IPSEC , SSL , SSH , PPTP , L2TP and WEP all of them are IPSEC , SSL , SSH , PPTP , L2TP and WEP all of them are cryptosystems , some of them provide the full CIA tirade . The only cryptosystems , some of them provide the full CIA tirade . The only factor that differentiate between these cryptosystems is the factor that differentiate between these cryptosystems is the protocol used to establish the connection and negotiate the protocol used to establish the connection and negotiate the parameters .parameters .
•These cryptosystems will be discussed deeply in the VPN course . These cryptosystems will be discussed deeply in the VPN course .
CryptanalysisCryptanalysis
•“ Breaking a cipher doesn't necessarily mean finding a practical way for an eavesdropper to recover the plaintext from just the ciphertext. In academic cryptography, the rules are relaxed considerably. Breaking a cipher simply means finding a weakness in the cipher that can be exploited with a complexity less than brute-force ” Bruce Bruce Schneier Schneier ..
DESDES
AESAES
RSARSA
HMACHMAC
Digital SignatureDigital Signature
