prof. fred piper: professor fred piper -: cryptography - from black art to popular science
DESCRIPTION
A high level view, without using maths of the development in cryptography since World War 2. Professor Piper covers the changing attitudes of governments, the significance of Public key cryptography in modern society and the potential impact on information security professionals. This was a presentation for the Institute of Information Security Professionals NW branch meeting in Manchester on 11th June 2013. The copyright is held by the author - Prof. Fred PiperTRANSCRIPT
![Page 1: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/1.jpg)
Manchester 2013 1
Fred PiperInformation Security Group
![Page 2: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/2.jpg)
CryptographyFrom Black Art
toPopular Science
Fred Piper
Codes & Ciphers Ltd12 Duncan Road, RichmondSurrey, TW9 2JD
Royal Holloway, University of LondonEgham Hill, EghamSurrey TW20 [email protected]
www.isg.rhul.ac.uk
![Page 3: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/3.jpg)
Aims of Lecture
• To enjoy ourselves• To look at some implementation issues for
cryptographic systems• To see how cryptography has changed in the
last 40 years
Manchester 2013 3
![Page 4: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/4.jpg)
Industry’s Problems with Implementing Cryptography
• No real problems with algorithms – it’s the wraparounds • Serious concerns about some recent events – DigiNotar, RSA• Not sure how they should be regarding possibility of quantum
computers • Cryptography needs standards (change slowly), but we need
flexibility • Need for early warning about necessary changes (e.g. key
lengths)• Concerns about timeliness of hardware (cryptographers
recommend changes faster than hardware can be replaced)Manchester 2013 4
![Page 5: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/5.jpg)
A Little History
• Pre-1975: Hush hush!
– Practised mainly by Governments and military
• Early 1980s: Courses start
– Customers start to know what they require
• Early 1990s: Qualifications start
– The role of security manager is no longer a punishment
• Early 2000s: Popular science
– Everyone knows about it
• Today: Fundamental to e-commerce, e-Government etc
Manchester 2013 5
![Page 6: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/6.jpg)
Popular Does Not Mean Easy
• Golf is a popular sport• Anyone can swing a golf club• Occasionally a complete novice will hit a good
tee short• Being a professional is hard work
– Training– practice
Manchester 2013 6
![Page 7: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/7.jpg)
Royal Holloway: Our Most Famous Ex-Student?
Manchester 2013 7
![Page 8: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/8.jpg)
Manchester 2013
Why is the Profile of Encryption Growing?
• Increase in volume of communications over insecure channels
• Increased requirement for remote access to information
• Regulatory requirements for ‘adequate’ protection of data
• Need for electronic ‘equivalent’ to handwritten signatures and other forms of identification
• It can be fun!
8
![Page 9: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/9.jpg)
Bletchley Park
Manchester 2013 9
![Page 10: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/10.jpg)
Some Important Changes since 1945
• Advent of software• Advent of fast computers• Advent of new communications media• Advent of binary codes• Increase in general awareness• Many applications other than provision of
confidentiality• Public key cryptography• Seen as part of a wider discipline: Information
SecurityManchester 2013 10
![Page 11: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/11.jpg)
Manchester 2013 11
What is Information Security?
Information Security includes the following three aspects:
• Confidentiality– Protecting information from unauthorised disclosure, perhaps to
a competitor or to the press
• Integrity– Protecting information from unauthorised modification, and
ensuring that information, such as a customer list, can be relied upon and is accurate and complete
• Availability– Ensuring information is available when you need it
NOTE: Impersonating an authorised user is ofter a more effective form of attack than ‘breaking’ the technology
![Page 12: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/12.jpg)
Authentication
• It is important to authenticate people and devices
• Man-in-the-Middle Attacks• How to beat a Grand Master at chess
Manchester 2013 12
![Page 13: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/13.jpg)
Manchester 2013
Early Definition of a Cipher System
Cryptogramc
Key
EncryptionAlgorithm
Messagem Decryption
Algorithm
Key
Messagem
Interceptor
Key establishment channel(secure)
13
![Page 14: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/14.jpg)
Confidentiality
How do you keep a secret?
• Don’t let anyone have access to the information• Disguise it so that ‘unauthorised’ people cannot
understand it– Shared secrets rely on trust– Trust in people, processes, technology
• If you use cryptography to protect your information then there will be a key to which you must deny access
Manchester 2013 14
![Page 15: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/15.jpg)
Warnings
• If that key is lost and the algorithm is strong then your data is lost ‘forever’
• If someone else gains access to that key then they almost certainly have access to your information
Manchester 2013 15
![Page 16: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/16.jpg)
Breaking an Algorithm
• Being able to determine plaintext from ciphertext without being given key
• Exhaustive key search is always (theoretically) possible
Well Designed (Symmetric) Algorithm• ‘Easiest’ attack is exhaustive key search
Strong Algorithm• Well designed with a large number of keys
Note: History is full of instances where algorithms were assumed to be well designed but ……
Manchester 2013 16
![Page 17: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/17.jpg)
Breaking a Security System
• ‘Broken’ is an emotive term• Attacks often work only in unrealistic conditions
chosen by attacker• Always understand assumptions associated with the
term• For algorithms:
– Ciphertext only– Known plaintext attack– Chosen plaintext attack
Manchester 2013 17
![Page 18: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/18.jpg)
The ‘Secure Channel’ ConceptAIM: To send information securely over an insecure
network
•We achieve this by building a “secure channel” between two end points on the network
•Typically offering:–Data origin authentication
–Data integrity
–Confidentiality
•Cryptography is an important tool
18Manchester 2013
![Page 19: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/19.jpg)
Attacking Cryptographic Systems
•Passive interceptor attempts to break algorithm•Active interceptor has more options•Interception not necessarily the ‘best’ form of attack
– Attack protocols– Attack key management– Attack the hardware– Impersonate genuine users– Espionage
Manchester 2013 19
![Page 20: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/20.jpg)
Manchester 2013
Is PK Cryptography built on a ‘sound’ basis?
“Many cryptographic systems rely on the inability of mathematicians to do mathematics”.
(Donald Davies: LMS Lecture)
Tongue in cheek?
Existence proofs do not provide solutions
Algorithms should be implementable
20
![Page 21: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/21.jpg)
Are Today’s Algorithms ‘Future Proof’?
• Symmetric algorithms– if well designed then key searches are ‘best’ attacks–Main concern is advances in technology–Moore’s Law
• Asymmetric algorithm–Always concerned about mathematical advances–Quantum computing
• Hash functions–Confidence shaken
21Manchester 2013
![Page 22: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/22.jpg)
A Never Ending Debate
• What gives us confidence in an algorithm?–Standards?–Ask the opinions of experts?
• Early debate–Publicly known or proprietary algorithms?–Less of an issue now than in the 1980s
WARNINGThe fact that an algorithm is published and unbroken
says nothing about its strength
Manchester 2013 22
![Page 23: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/23.jpg)
Kerchoff’s Principle
• The security of a cryptographic system should not depend on keeping the encryption algorithm secret
It does not say• The encryption algorithm should be made publicHowever• Anyone assessing the security of a cryptographic system needs
to have confidence that the algorithm is strongSo:• Financial institutions should use public algorithms where
appropriate
Manchester 2013 23
![Page 24: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/24.jpg)
It is NOT just about Algorithms
Early 1980s:• Thorn EMI conference
“Security is People”
Early 1990s:• Ross Anderson’s paper
“Why crypto systems fail”
Manchester 2013 24
![Page 25: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/25.jpg)
A Fact of Life !
• In theory there is no difference between theory and practice. In practice there is.
Manchester 2013 25
![Page 26: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/26.jpg)
RSA: The Theory
• The published modulus is the product of 2 secret primes
• Knowledge of the secret primes makes it easy to find the private key
• In general, determining the private key appears to require knowledge of the primes
• Factorisation is difficult• So, for large moduli, RSA is secure
Manchester 2013 26
![Page 27: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/27.jpg)
Attacks on RSA
The theory assumes that the attacker will need to factor n using a mathematical factorisation algorithm
In practice this may not be so
EARLY ATTACKS
Attack prime generator rather than try to factor n mathematically
(1) Exhaustive prime search
(2) Exploit bias in generation process
Manchester 2013 27
![Page 28: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/28.jpg)
Progress?
• So have we learnt from these early mistakes?
In theory: YES
In practice: NO
Manchester 2013 28
![Page 29: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/29.jpg)
‘Shared’ Primes
• Factoring RSA moduli is very difficult• Finding g.c.d. of two RSA moduli is easy• Factoring two RSA moduli which share a prime
factor is easy• Recent research showed that, for a sample 6.6
million RSA keys, over 4% either have a common modulus or gave moduli sharing a common prime factor
• Suspect prime generators?
Manchester 2013 29
![Page 30: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/30.jpg)
“Ron was wrong, Whit is right”
“When exploited it could affect the expectation that the public key infrastructure is intended to achieve”
(Arjen K Lenstra, James P Hughes et al)
Manchester 2013 30
![Page 31: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/31.jpg)
Cryptographic Systems
• The use of strong algorithms prevents attackers from calculating or guessing keys
• Keys need to be stored and/or distributed throughout the system
• Keys need protection
Manchester 2013 31
![Page 32: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/32.jpg)
Protecting Keys (Storage or Distribution)
• Physical security– Tamper Resistant Security Module (TRSM)– Tokens (Smart Cards)
• Components– Secret Sharing Scheme
• Key hierarchies– Keys encrypted using other keys– Lower level keys derived from higher level ones
Manchester 2013 32
![Page 33: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/33.jpg)
Side Channel Attacks (1)
To find a cryptographic key
• Exhaustive key search attacks try to find the secret key by random trial and error
• Side channel attacks try to use additional information drawn from the physical implementation of the cryptographic algorithm at hand so as to be substantially better than trial and error
Manchester 2013 33
![Page 34: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/34.jpg)
Side Channel Attacks (2)
• Changed the way cryptographers think about security– Properties of digital circuits are far more important for
security than was previously believed• Many previous design approaches recognised as inadequate
Manchester 2013 34
![Page 35: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/35.jpg)
Some Recent ‘Changes’
• More attacks concentrate on the implementation of the algorithm and the accompanying protocols
• Some exploit error messages• Academic research is becoming less ‘blue skies’ and
focussing on real systems/problems• Theory and practice are getting closer to each other
Manchester 2013 35
![Page 36: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/36.jpg)
Error Messages
ATM transaction
• Incorrect PIN• Insufficient funds in account• Exceeded daily limit
Manchester 2013 36
![Page 37: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/37.jpg)
Disclaimer: Cryptography Security
• Crypto is only a tiny piece of the security puzzle– but an important one
• Most systems break elsewhere– incorrect requirements or specifications– implementation errors– application level– social engineering
37Manchester 2013
![Page 38: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/38.jpg)
Security Breaches
Many Reasons:
• Badly designed systems• Inappropriate policies• Human error• Clever, innovative (technical) attacks• Misplaced trust (e.g. In employees or trusted
third party)
Manchester 2013 38
![Page 39: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/39.jpg)
Public Key Infrastructures
• Certification Authorities• Sign certificates to bind user’s ID to their public
key• Hierarchy of CAs• Root CA at top of hierarchy
NOTE: If root CA’s private key is compromised then the entire PKI is affected
Manchester 2013 39
![Page 40: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/40.jpg)
DigiNotar
• Netherlands based CA• Host many other CAs
– SSL certificates– Qualified certificates– Government accredited
• Hackers gained unauthorised access to their CA servers• Issued series of rogue certificates
SERIOUS BREACH: DigiNotar root certificate was trusted by most widely used web browsers and email clients
Hacker set up spoof websites (e.g. Googlemail)
Manchester 2013 40
![Page 41: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/41.jpg)
Problem
• Who, or what, can we trust?
Manchester 2013 41
![Page 42: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/42.jpg)
Protocol Security (1)
In recent work analysing Internet protocols:• A design flaw in SSH leading to a plaintext recovery
attack against OpenSSH– Recovering 32 bits of plaintext with probability 2-14
• Plaintext recovery attacks against all MAC-then-encrypt configurations of IPsec
– Recovering all protected IP traffic • A (minor) flaw in SSL/TLS leading to a distinguishing
attack which breaks the design goals of the protocol– Can tell whether ‘yes’ or ‘no’ is encrypted in the channel!
42Manchester 2013
![Page 43: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/43.jpg)
Protocol Security (2)
• In all cases the cryptographic algorithms are secure but the protocols are insecure
• The attacks illustrate the gap between theory and practice in cryptography and protocol design
• More details at www.isg.rhul.ac.uk/~kp
43Manchester 2013
![Page 44: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/44.jpg)
Some Things Never Change
• The widespread use of encryption for confidentiality has always been a cause of concern for Governments
• Simplified version of Government’s position– They are happy to support the use of strong encryption for
‘good’ purposes– Unhappy about the use of strong encryption for ‘bad’
purposes
Manchester 2013 44
![Page 45: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/45.jpg)
Manchester 2013 45
Saints or Sinners ?
Receiver
Interceptor
Sender
Who are the ‘good’ guys ?
![Page 46: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/46.jpg)
Manchester 2013 46
Law Enforcement’s Dilemmas
• Do not want to intrude into people’s private lives
• Do not want to hinder e-commerce• Want to have their own secure communications• Occasionally use interception to obtain
information • Occasionally need to read confiscated,
encrypted information
![Page 47: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/47.jpg)
Loss of Control of Encryption
•Academic papers–Attacks on DES–New algorithms
•Text books•Need for international systems
47Manchester 2013
![Page 48: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/48.jpg)
Newton Minow, Speech to the Association of American Law Schools, 1985
• After 35 years, I have finished a comprehensive study of European comparative law
• In Germany, under the law, everything is prohibited, except that which is permitted
• In France, under the law, everything is permitted, except that which is prohibited
• In the Soviet Union, under the law, everything is prohibited, including that which is permitted
• And in Italy, under the law, everything is permitted, especially that which is prohibited
48Manchester 2013
![Page 49: Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Popular Science](https://reader034.vdocuments.us/reader034/viewer/2022051313/54827e0a5806b5f2048b4686/html5/thumbnails/49.jpg)
Manchester 2013
Future Developments ?
• Steganography– You hide information rather than distort it– Harder to detect?
• Quantum– Quantum key establishment– Quantum cryptography– Quantum computing
• Provable security– Academic ‘dream’ or reality?
• Default encryption– Who looks after keys? (liability issues)
49