decrypting encryption (for fun and...
TRANSCRIPT
Decrypting Encryption
(for Fun and Profit) Christopher Ward, CISSP, C|CISO
Director of Information Security
Vinson & Elkins, LLP
Just because you’re paranoid
doesn’t mean they’re not out to
get you.
System Centric vs. Data Centric Security
Valuable Data Access Control Lists
Admin Access 2 Factor
Authentication
Firewall
System Centric vs. Data Centric Security
Encryption and Data Centric
Security
Encryption:
o Independent of o operating system
o transmission
o media
o Maintains its own independent ACLs
Protection strength based on algorithms used and key
length
Encryption Types
Hashes
A cryptographic hash function is an algorithm that takes an
arbitrary block of data and returns a fixed-size bit string.
The ideal cryptographic hash function has four main properties:
it is easy to compute the hash value for any given message
it is infeasible to generate a message that has a given hash
it is infeasible to modify a message without changing the hash
it is infeasible to find two different messages with the same
hash.
Common: MD5
SHA1
SHA256
RIPEMD
Encryption Types
Hashes
Password Encryption
Digital Document Fingerprinting
Message Integrity Verification
Encryption Types
Symmetric Encryption
Symmetric-key encryption uses the same cryptographic key (shared key) for both encryption of plaintext and decryption of ciphertext.
Two basic types:
Stream ciphers encrypt the digits/bytes/ characters of a message one at a time.
Block ciphers take a number of bits and encrypt them as a single unit, padding the plaintext so that it is a multiple of the block size.
Encryption Types
Symmetric Encryption
Most common form of encryption
Fast
Control strength by key length and iterations
Common Algorithms: AES
Blowfish
DES / Triple DES
Serpent
Twofish
RC4 (stream)
Encryption Types
Symmetric Encryption
Most common uses:
Local file encryption (MS Word, WinZip, TrueCrypt)
Fixed point-to-point encryption
Device & disk encryption
Asymmetric payload encryption
Symmetric Encryption
Encryption Types
Asymmetric Encryption
Asymmetric-key encryption uses two keys:
1. Public key used for encryption of plaintext
2. Private key used for decryption of ciphertext
Common Algorithms:
RSA
Diffie–Hellman
Digital Signature Standard (DSS)
Elliptic Curve
Encryption Types
Asymmetric Encryption
Secure key distribution
Slower
Associate key with identity
Easier key management
Encryption Types
Asymmetric Encryption
Examples of protocols using asymmetric key algorithms
include:
Internet Key Exchange (X.509 certificates)
Transport Layer Security (TLS)
PGP / OpenPGP / GPG
SSH
Bitcoin
Asymmetric Encryption
Practical Examples
Do you know what I know?
Practical Examples File Sharing with Symmetric Keys
Practical Examples File Sharing with Public Keys
Practical Examples
Digital Signatures
Practical Examples
Cloud “Security”
Perfect Forward Security
Key Length
Asymmetric (RSA) keys
Longer keys = more secure
but longer processing
Key length should be 2048 bits to protect data for about
20 years • 3072 bits for 20+ years
• 4096 bits for lifetime of the universe
• 8192 bits for the uber-paranoid
Key Length
Symmetric Keys
Each bit doubles the key length
256 Bits AES is both fast and secure enough for your lifetime
NSA “Suite B”
http://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml
Function Use Bits Standard
Hash SHA 256 / 384 FIPS 180-2
Symmetric AES 128 / 256 FIPS 197
Signature ECDSA 256 / 384 FIPS 186-2
Key Exchange ECDH 256 / 384 SP 800-56
Questions