enei 2014 - cryptography
DESCRIPTION
A brief introduction to cryptography and its mechanisms (eg. Ciphers, Smart Cards, etc..) , where it is found and why it is useful. Presented at ENEI 2014 in Aveiro.TRANSCRIPT
![Page 2: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/2.jpg)
Privacy
Restrict information to a limited number of entities
Privacy
State of being free from being observed
Flickr, valpearl/5103209989
![Page 3: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/3.jpg)
Security
• The state of being free from danger or threat
Security
The state of being free from danger or
threat
Flickr, juanktru/3503494338
![Page 4: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/4.jpg)
Cryptography
Write something in a covert way Greek: Kryptós (Hidden),
graphein (Write) !
Similar to Steganography
Cryptography
Flickr, delgrossodotcom/3211643440
![Page 5: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/5.jpg)
Cryptography
key = ‘qwerty’
text = ‘Meet with Alex at 13:05’
Base64( AES-128-ECB(key, text) )
U2FsdGVkX1/Q7MhqgxAWF5YU57uZRzDfCDuJa6k0uQW9CZvB22svyiE/WdxKXid3
![Page 6: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/6.jpg)
Cryptography
key = ‘qwerty’
text = ‘Meet with Alex at 13:05’
Base64( AES-128-ECB(key, text) )
U2FsdGVkX1/Q7MhqgxAWF5YU57uZRzDfCDuJa6k0uQW9CZvB22svyiE/WdxKXid3
Output seems to be random
![Page 7: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/7.jpg)
Steganography!text = ‘Meet with Alex at 13:05’ method = encode Least Significant Bit (00000001)
![Page 8: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/8.jpg)
Steganography!text = ‘Meet with Alex at 13:05’ method = encode Least Significant Bit (00000001)
Covert Channel
![Page 9: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/9.jpg)
Steganography!text = ‘Meet with Alex at 13:05’ method = encode Least Significant Bit (00000001)
Output seems to be unmodified
![Page 10: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/10.jpg)
Cryptography Uses
Increase Security
2 - Assure origin of information (Authentication)
1 - Condition access to information (Privacy)
![Page 11: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/11.jpg)
Ancient Times
• Simple ciphers
• Transposition: change symbol order
• Substitution: replace symbols
• Transmit encoded messages
• Military, Political partners, Private conversations
Flickr, stuckincustoms/189321498
![Page 12: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/12.jpg)
Scytale
Flickr, templar-revenged/12468322164
!
Transposition Cipher !
Used by Greeks and Spartans
![Page 13: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/13.jpg)
Caesar Cipher !
!
E -> B N -> K E -> B I -> F
Substitution Cipher
![Page 14: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/14.jpg)
Stallings, W. Cryptography and Internet Security: Principles and Practices. Upper Saddle River: Prentice, 1999.
![Page 15: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/15.jpg)
XIX, XX centuries
More complex ciphers
Using electro-mechanical devices
Integration with communication lines (telegraph)
Flickr, elsie/3916831047
![Page 16: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/16.jpg)
Enigma Transposition Cipher
Flickr, timg_vancouver/200625463
![Page 17: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/17.jpg)
Flickr, brewbooks/3317243295
![Page 18: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/18.jpg)
Lorenz Vernan Cipher (substitution)
![Page 19: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/19.jpg)
Modern Times: > 1970
• Even more complex ciphers !
• Based on mathematical models • Applied by computers • Impossible to solve by hand!
!
• Mostly use substitution algorithms
![Page 20: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/20.jpg)
Symmetric Crypto• Single key to cipher and decipher
• Key sets state of cipher algorithm
Text CipherAlgorithm Cryptogram
Key
CipherAlgorithm Text
Key
???
![Page 21: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/21.jpg)
Stream Ciphers• Key sets cipher state
• Cipher produces random sequence
• Sequence is XORed with data
![Page 22: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/22.jpg)
Stream Ciphers
Text
CipherAlgorithm
Key
CipherAlgorithm
Key
???
++ Cryptogram Text
Key Stream Key Stream
![Page 23: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/23.jpg)
Stream Ciphers
• 1 byte encoded (XOR) at a time
• Very fast!
• Good for communications!
• Size of input equals size of output
• Typical Key Sizes: >128 bits
![Page 24: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/24.jpg)
Stream Ciphers
• A5 - Mobile Phone Communications
• RC4 - Wifi WEP, Internet HTTPS
![Page 25: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/25.jpg)
• O
Original Text
![Page 26: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/26.jpg)
Cryptogram seems to be random
![Page 27: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/27.jpg)
Block Ciphers
• Input processed in blocks
• Block size related to key size
!
• Output is multiple of block size • Typical sizes: 64bits, 128bits, 192bits, 256bits
![Page 28: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/28.jpg)
Block Ciphers
• Cipher algorithm does substitutions and permutations
• Key defines how
• Typical algorithms: AES, Blowfish, 3DES…
![Page 29: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/29.jpg)
Block Ciphers
CipherKey Decipher Key
???
Cryptogram
Cryptogram
![Page 30: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/30.jpg)
Cryptogram doesn’t seems to be random
![Page 31: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/31.jpg)
Block Ciphers
• Blocks with same content will result in same output
• … because blocks are ciphered individually
• …. no feedback mechanism
![Page 32: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/32.jpg)
Cipher Modes• Aditional Cipher Modes destroy patterns
• eg, Cipher-block chaining (CBC)
CipherKey
Block 1
Cryptogram
CipherKey
Cryptogram
Block 2
+ +IV
![Page 33: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/33.jpg)
Asymmetric Crypto
• Uses a pair of keys:
• Public Key: every one may have it
• Private Key: never should be disclosed
• One key can do the oposite of the other
![Page 34: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/34.jpg)
Confidentiality
CipherPublicKey
Decipher
???
Cryptogram
Cryptogram
PrivateKey
![Page 35: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/35.jpg)
Authentication
CipherPrivateKey
Decipher
???
Cryptogram
Cryptogram
PublicKey
![Page 36: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/36.jpg)
Who uses cryptography?
Should I (You) use?
Flickr, icedsoul/3194511482
![Page 37: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/37.jpg)
Spies
Flickr, dunechaser/2630433944
![Page 38: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/38.jpg)
Military
Flickr, lord_dane/4809995767
![Page 39: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/39.jpg)
… and every one else
![Page 40: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/40.jpg)
Cryptography
It’s a building block of our society
Flickr, nickobec/359440072
![Page 41: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/41.jpg)
Enforces Security
• Cipher: Restricts access to Information
• Only holder of KEY can decipher cryptogram
!
• Authentication: Restricts access to Actions
• KEY asserts identity of its holder
Flickr, adulau/7712545428
![Page 42: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/42.jpg)
In other words…
• You really know with whom you are sharing information
• Entities are Authenticated
• Mechanisms really restrict who accesses information
• Data is private
Flickr, adulau/7712545428
![Page 43: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/43.jpg)
Wifi
• Restrict Access to authorised users
• eg, Your friends
• Make traffic confidential
• Wireless signals travel a long distance
Flickr, _miki/3425273296
![Page 44: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/44.jpg)
Wifi
• Shared key (Password) provided by user is converted into key
• All traffic is ciphered
• Only key holders are authorised to associate
• Prevents eavesdropping and usage
![Page 45: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/45.jpg)
Wifi
• WEP: RC4 (Stream Cipher, weak)
• Uses 24bits IV (‘random’) + 104bit Key
• WPA/WPA2: AES/CCMP (Block Ciphers)
• 128bit, per packet key
• 802.1x: Extensible Authentication Protocol (EAP)
![Page 46: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/46.jpg)
Mobile Phones
Identify user Identify sim card (client) Identify terminal Make all traffic confidencial
Flickr, 26311710@N02/3235380837
![Page 47: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/47.jpg)
Mobile Phones
• SIM card is protected by PIN
• Contains algorithms for authentication
• Contains Keys shared with Service Provider
• Terminal contains identifier (IMEI)
• Traffic is ciphered
![Page 48: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/48.jpg)
Secure Sockets Layer (SSL)
• Protect traffic over communication networks
• Authenticate endpoints
• Make traffic confidential
![Page 49: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/49.jpg)
Secure Sockets Layer (SSL)
• Extensively used in the Internet
• HTTPS, IMAPS, POP3S, XMPP, etc..
• Based on Certificates and Asymmetric Cryptography
• Established tunnel before actual data
![Page 50: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/50.jpg)
Secure Sockets Layer (SSL)
• Server has Certificated issued by Trusted CA
• Client has temporary keys or trusted certificate
• Single (Server) or Mutual authentication
• All traffic is confidential
![Page 51: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/51.jpg)
Identification
• Identify citizen / user
• Stronger method than visual ones
• Enable authentication over the Internet
• eg, web pages, emails, digital documents
![Page 52: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/52.jpg)
![Page 53: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/53.jpg)
Identification
• Smart Card protected by PIN codes
• Certificate issued by State
• Private Key that can be used for signing
• Card is secure against tampering
• Private Key never leaves Smart Card
![Page 54: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/54.jpg)
Identification
I'm Maria
Prove It! Random_number
Sure! Sign(Random_number), CertVerify Certificate
VerifySignature
RequestCard to Sign
Hello Maria!
![Page 55: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/55.jpg)
Information Confidentiality• Most systems provide
Software ciphered storage
• FileVault, BitLocker, TrueCrypt
• Devices also support ciphered storage
• Self Encrypting Drives
Seagate
![Page 56: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/56.jpg)
Attacking Cryptographic
Systems
![Page 57: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/57.jpg)
Direct Attacks• Analyse cryptographic algorithms
• Find weaknesses in its components
• Require serious mathematical skills
!
• Frequent contests to elect the best algorithm
• ex: 3DES, AES, SHA
![Page 58: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/58.jpg)
Direct Attacks
• Brute force
• Try every possible combination
• Example: RSA 2048
• Time required: ~6.4 quadrillion years
• Universe age: 13.2 billion years
http://www.digicert.com/TimeTravel/math.htm ECRYPT II
![Page 59: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/59.jpg)
Direct Attacks
• Brute force
• Try every possible combination
• Example: RSA 2048
• Time required: ~6.4 quadrillion years
• Universe age: 13.2 billion years
http://www.digicert.com/TimeTravel/math.htm
Considering evolution in computer capacity RSA 2048 secure until 2030
!Source, ECRYPT II
![Page 60: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/60.jpg)
Direct Attacks
• Brute force
• Try every possible combination
• Example: RSA 2048
• Time required: ~6.4 quadrillion years
• Universe age: 13.2 billion years
http://www.digicert.com/TimeTravel/math.htm
If aiming at a user created password, results should be ready soon
![Page 61: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/61.jpg)
Indirect Attacks
• Obtain information indirectly
• Algorithm is not broken
• Implementation is broken
• Implementation leaks information
• User is the frequent target
![Page 62: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/62.jpg)
Human Behaviour
![Page 63: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/63.jpg)
Human Behaviour
![Page 64: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/64.jpg)
Power Leakage
Consumption when Key bit is 0
Consumption when Key bit is 1
Wikimedia Foundation
![Page 65: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/65.jpg)
Sound Leakage
Daniel et al
![Page 66: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/66.jpg)
Implementation Errors
• Heartbleed bug in openssl 1.0.1-1.0.1f
• Allows extracting 64Kbytes from server memory
• Affects all systems using SSL
![Page 67: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/67.jpg)
Implementation Errors
... if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) goto fail; goto fail; if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0) goto fail; …
Apple “GOTO” bug, 2014
![Page 68: ENEI 2014 - Cryptography](https://reader038.vdocuments.us/reader038/viewer/2022110118/554c5c54b4c9053e308b5126/html5/thumbnails/68.jpg)
Thanks