dc44131 - crypto wars 2 - · pdf file• export controls eased on products including...
TRANSCRIPT
![Page 1: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/1.jpg)
Crypto Wars 2.0DC44131
Michael Jack
![Page 2: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/2.jpg)
mikey$ whoami
• 2nd Year Ethical Hacking BSc @ Abertay
• Member Abertay Ethical Hacking Society
• Crypto is bae
• @MikeyJck
![Page 3: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/3.jpg)
What’s all this then?• Quick history of modern cryptography
• background on first Crypto Wars circa 1990s
• second crypto wars circa 2012
• wrap up
•🍺
![Page 4: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/4.jpg)
before we begin
“At ever single level we as a community have forgotten that privacy as well as security need to be a goal” - Brendan O’Connor Defcon 21
![Page 5: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/5.jpg)
Modern Cryptography
![Page 6: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/6.jpg)
2015
• Data at Rest = AES or PGP
• Data in Motion = TLS1.2 or IPSEC
• Data in air = WPA2 or SNOW 3G(?)
![Page 7: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/7.jpg)
The Internet• Elliptic Curve
• Diffie-Hellman
• EC Digital Signature Algorithm
• 128-bit AES GCM mode
• Protocol: TLS 1.2
• discrete log modulo prime (DSA)
![Page 8: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/8.jpg)
The (Google’s) Internet• Elliptic Curve
• Diffie-Hellman
• RSA
• 128-bit AES GCM mode
• Protocol: QUIC
• discrete log in elliptic curve groups (ECDH)
• factoring integers into primes (RSA)
![Page 9: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/9.jpg)
What is Modern Crypto?
• Colossus - Newman, Flowers et al @ Bletchley
• post World War II
• more accurately 1970s >
• NSA, GCHQ, IBM & Bell Labs
![Page 10: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/10.jpg)
World War II• Enigma
(electromechanical)
• Broken by Marian Rejewski et al
• Continued decryption by Turning, Welchman et al @ Bletchley Park
![Page 11: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/11.jpg)
Timeline 0x01• 1971 - IBM Lucifer Block Cipher (Watson Lab) Feistel
• 1973 - NBS asks for Data Encryption Standard (DES) designs
• 1973-4 - IBM develop & submit DES candidate
• 1974 - IBM discovers Differential Cryptanalysis, NSA gag order
• 1976 - Diffie & Hellman publish “New Directions in Cryptography”
• 1976 - After alterations by NSA IBMs design chosen as DES
• 1977 - “Method for Obtaining Digital Signatures and Public-Key Cryptosystems" by Rivest, Shamir & Adleman (RSA) @ MIT
![Page 12: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/12.jpg)
Timeline 0x02• 1971 - IBM Lucifer Block Cipher (Watson Lab)
• 1973 - NBS asks for Data Encryption Standard (DES) designs
• 1973-4 - IBM develop & submit DES candidate
• 1973 - RSA invented by GCHQ (Cocks)
• 1974 - DH invented by GCHQ (Williamson)
• 1974 - IBM discovers Differential Cryptanalysis, NSA gag order
• 1976 - Diffie & Hellman publish “New Directions in Cryptography”
• 1976 - After alterations by NSA IBMs design chosen as DES
• 1977 - “Method for Obtaining Digital Signatures and Public-Key Cryptosystems" by Rivest, Shamir & Adleman (RSA) @ MIT
![Page 13: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/13.jpg)
• 1984 - RC4 Stream Cipher RSA Labs (Rivest)
• 1991 - Pretty Good Privacy (PGP) Phil Zimmerman
• 1994 - Secure Sockets Layer (SSL) conceived @ Netscape
• 1999 - SSL Standardised by IETF > Transport Layer Security (TLS)
• 1999 - NIST wants DES successor > public competition for Advanced Encryption Standard (AES)
• 1999 - Wired Equivalent Privacy (WEP) RC4
Timeline 0x03
![Page 14: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/14.jpg)
Timeline 0x04• 2001 - NIST approves Rijndael for use as AES
(FIPS 197)
• 2001 FIPS 180-4 released as SHA2
• 2004 - Wi-fi Protected Access 2 (WPA2)
• 2008 - TLS 1.2 RFC 5246
• 2015 - SHA3 (Keccak) standardised as FIPS 202
![Page 15: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/15.jpg)
The Crypto Wars
![Page 16: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/16.jpg)
– Doomed To Repeat History? Lessons from the Crypto Wars of the 1990s p4
In January
1991, Senator Joe Biden inserted new language into
the draft of an anti-terrorism bill, expressing a Sense
of Congress that electronic communications service
providers and equipment manufacturers “shall ensure
that communications systems permit the government
to obtain the plaintext contents of voice, data, and
other communications when appropriately authorized
by law.”
![Page 17: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/17.jpg)
Clipper ChipNSA under Clinton gov 1993
![Page 18: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/18.jpg)
Clipper Chip• Skipjack Block cipher 32 rounds 80bit key & DH
• Government hold a decryption key (split in two) for each chip
• Export controls eased on products including clipper
• lots of grass roots resistance
• many security/ crypto experts testify to congress
• Professor Matt Blaze
![Page 19: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/19.jpg)
Export Restrictions• strong encryption considered “dual use” technology,
meaning it had both civilian and military applications
• ‘strong encryption’ ≥ 40-bits
• Strong opposition from industry
• Gov reports 1996, 1998 between $35B & $95B losses
• First Amendment issues
![Page 20: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/20.jpg)
Crypto Wars 2.0
![Page 21: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/21.jpg)
Bullrun & EdgehillTOP SECRET/ STRAP1
![Page 22: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/22.jpg)
nsa$ whoamiNational Security Agency
• 2013 Budget: $10.8B
• $2.5B on data collection
• $1.6B on processing/ exploitation
• Upwards of 40k employees
• Created by Truman in secret 1952
• FISA/ National Security Letters/CALEA
![Page 23: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/23.jpg)
gchq$ whoami
Government Communications HQ
• Originally founded 1919 as GC&CS
• Unique access to backbone infrastructure
• Upwards of 6k employees
• RIPA
![Page 24: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/24.jpg)
Cryptanalysis is good
![Page 25: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/25.jpg)
BULLRUN
• Ability to defeat encryption
• BULLRUN sources “extremely sensitive”
• TLS/ SSH/ OTR/ VPN/ VoIP/ etc
https://s3.amazonaws.com/s3.documentcloud.org/documents/784047/bullrun-guide-final.pdf
![Page 26: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/26.jpg)
MUSCULAR
![Page 27: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/27.jpg)
www.spiegel.de/media/media-35532.pdf
![Page 28: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/28.jpg)
www.spiegel.de/media/media-35532.pdf
![Page 29: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/29.jpg)
www.spiegel.de/media/media-35546.pdfCirca September 2005
![Page 30: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/30.jpg)
www.spiegel.de/media/media-35546.pdf
![Page 31: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/31.jpg)
National Intelligence Budget 2013DNI Statement
![Page 32: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/32.jpg)
The Curious Case of the Dual_EC_DRBG
![Page 33: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/33.jpg)
here be backdoors• RSA accepted $10M from NSA to use Dual EC
DRBG as default in BSAFE library (2004/5)
• RSA “relied on guidance from NIST”
• RSA claim they didn’t know it was weakened or contained a backdoor
• Dual_EC_DRBG withdrawn after NIST issues new guidlines Sept 2013
![Page 34: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/34.jpg)
math • Constants that define the EC
• should be random
• NIST doesn't say how or where the constants come from
• If these constants were picked specially there is a ‘skeleton key’
• after recovery of 32bytes of output attacker can predict DRBG output
On the Practical Exploitability of Dual EC in TLS Implementations
Matt Green, DJB, Tanja Lange et al
![Page 35: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/35.jpg)
Politics & Policy
![Page 36: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/36.jpg)
‘Going Dark’
• As early as 2011 FBI talking about the issue to congressional committees
• iOS 8 (2014) Full Disk Encryption by default
• End of 2014 big push by high profile names for crypto backdoors
![Page 37: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/37.jpg)
Correcting Misconceptions“misconception that building a lawful intercept solution… requires a so-called “back door,” one that foreign adversaries and hackers may try to exploit.
But that isn’t true. We aren’t seeking a back-door approach. We want to use the front door, with clarity and transparency, and with clear guidance provided by law.”James Comey Oct 2014
![Page 38: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/38.jpg)
– David Cameron January 2015
“One is communications data, that is not the content of a phone call. It is just who made which call to which
person and when… And what matters, in simple terms is that we can access this data [on all platforms]… I have a very simple principle to apply here… in our country do
we want to allow a means of communication that in extremis we can’t read with a signed warrant…”
![Page 39: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/39.jpg)
Crypto VIPs • FBI Director - James Comey
• GCHQ Director - Robert Hannigan
• MET Commissioner - Bernard Hogan-Howe
• UK Prime Minister - David Cameron
• UK Home Secretary - Theresa May
![Page 40: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/40.jpg)
Here be Backdoors
![Page 41: DC44131 - Crypto Wars 2 - · PDF file• Export controls eased on products including clipper ... • RIPA. Cryptanalysis is ... documents/784047/bullrun-guide-final.pdf](https://reader031.vdocuments.us/reader031/viewer/2022030501/5aada8d27f8b9adb688b5689/html5/thumbnails/41.jpg)
Conclusions &
Questions