EncryptionEncryption

Nathan HeltonNathan HeltonUniversity of TulsaUniversity of TulsaTulsa, OklahomaTulsa, Oklahoma

• Process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge or a key.

What Is EncryptionWhat Is Encryption

Why Encryption?Why Encryption?

• Helps protects user’s information from malicious people/processes.

• Can protect confidentiality

• Can protect integrity

How is Encryption UsedHow is Encryption Used

• In the News:

– Barracuda Networks

•MD5 salted

How is Encryption UsedHow is Encryption Used

• In the News:

– iPhone

•HW Encryption

How is Encryption UsedHow is Encryption Used

• In the News:

– Somebody messed with Texas

•Public Server

Simplistic ConceptsSimplistic Concepts

• Steganography – “hiding in plain sight”– History– Images

• Substitution / Replacement– Value Specific– Ex. Newspaper Game

• Given a few characters and able toresolve the msg

• Transposition– Location Specific

Common Encryption Common Encryption AlgorithmsAlgorithms

• SSL / TLS – Symmetric Key

• RSA – Factorization and Asymmetric Key

• AES – Transposition and Symmetric Key

AESAES

• Key Expansion• Initial Round• Rounds• Final Round

– SubBytes– ShiftRows– AddRoundKey

Insecure Encryption Insecure Encryption AlgorithmsAlgorithms

DES•Expansion

•Key Mixing

•Substitution

•Permutation

Encryption ProblemsEncryption Problems

Encryption ProblemsEncryption Problems

• Constantly updating and evolving– Testing, Vulnerability Analysis Cycle

• Not 100% effective

• SSL Certificate Theft Example

• The Human Factor

Encryption and SSACEncryption and SSAC

• Policies

– CIA

– Ex. WiFi

General Encryption General Encryption Policy QuestionsPolicy Questions

• Is it allowable for a employee to encrypt their data?– Can they be forced to reveal the encryption key? Upon

termination?• What type of encryption is to be used?

– The latest encryption? – The most secure? – The most tested?

• Should network traffic be encrypted at all times?

• Should Wi-Fi be encrypted?

Encryption Encryption MisunderstoodMisunderstood

• Outdated

• According to the CSI Survey in 2008

– 71% encrypted traffic during transit

– 53% encrypted stored data.

Not Just ComputersNot Just Computers

Keyless Entry on Cars•Most popular version is the KeeLoq•Non-Linear Feedback Shift Register (NLFSR) algorithm used•Uses a 64 bit key and a 32 bit block.•Most systems are networked inside the car.

– IE. Sound system links to the engine control unit•Serious flaws exist to bypass the encryption.

– Side-channel attack• Works on all keyless entry devices that use keyloq

The Future of EncryptionThe Future of Encryption

• Bluetooth– Is stronger encryption needed?

• Ex. Wireless mouse, hands-free for cell phones

• RFID– Currently being pursued

• Emerging Technologies– Also in conjunction with other methods

(Biometrics)

ReferencesReferences

• Researches say they’ve hacked car door locks– http://redtape.msnbc.com/2007/08/researchers-say.html

• How to steal cars (Keeloq)– http://www.cosic.esat.kuleuven.be/keeloq/keeloq-rump.pdf

• Physical Cryptanalysis of KeeLoq Code Hopping Applications– http://eprint.iacr.org/2008/058.pdf

• Policy Based Email Encryption Best Practices– http://www.securityweek.com/best-practices-policy-based-

email-encryption