ENEI 2014 - Cryptography
-
Upload
joao-paulo-barraca -
Category
Education
-
view
534 -
download
0
description
Transcript of ENEI 2014 - Cryptography
Privacy
Restrict information to a limited number of entities
Privacy
State of being free from being observed
Flickr, valpearl/5103209989
Security
• The state of being free from danger or threat
Security
The state of being free from danger or
threat
Flickr, juanktru/3503494338
Cryptography
Write something in a covert way Greek: Kryptós (Hidden),
graphein (Write) !
Similar to Steganography
Cryptography
Flickr, delgrossodotcom/3211643440
Cryptography
key = ‘qwerty’
text = ‘Meet with Alex at 13:05’
Base64( AES-128-ECB(key, text) )
U2FsdGVkX1/Q7MhqgxAWF5YU57uZRzDfCDuJa6k0uQW9CZvB22svyiE/WdxKXid3
Cryptography
key = ‘qwerty’
text = ‘Meet with Alex at 13:05’
Base64( AES-128-ECB(key, text) )
U2FsdGVkX1/Q7MhqgxAWF5YU57uZRzDfCDuJa6k0uQW9CZvB22svyiE/WdxKXid3
Output seems to be random
Steganography!text = ‘Meet with Alex at 13:05’ method = encode Least Significant Bit (00000001)
Steganography!text = ‘Meet with Alex at 13:05’ method = encode Least Significant Bit (00000001)
Covert Channel
Steganography!text = ‘Meet with Alex at 13:05’ method = encode Least Significant Bit (00000001)
Output seems to be unmodified
Cryptography Uses
Increase Security
2 - Assure origin of information (Authentication)
1 - Condition access to information (Privacy)
Ancient Times
• Simple ciphers
• Transposition: change symbol order
• Substitution: replace symbols
• Transmit encoded messages
• Military, Political partners, Private conversations
Flickr, stuckincustoms/189321498
Scytale
Flickr, templar-revenged/12468322164
!
Transposition Cipher !
Used by Greeks and Spartans
Caesar Cipher !
!
E -> B N -> K E -> B I -> F
Substitution Cipher
Stallings, W. Cryptography and Internet Security: Principles and Practices. Upper Saddle River: Prentice, 1999.
XIX, XX centuries
More complex ciphers
Using electro-mechanical devices
Integration with communication lines (telegraph)
Flickr, elsie/3916831047
Enigma Transposition Cipher
Flickr, timg_vancouver/200625463
Flickr, brewbooks/3317243295
Lorenz Vernan Cipher (substitution)
Modern Times: > 1970
• Even more complex ciphers !
• Based on mathematical models • Applied by computers • Impossible to solve by hand!
!
• Mostly use substitution algorithms
Symmetric Crypto• Single key to cipher and decipher
• Key sets state of cipher algorithm
Text CipherAlgorithm Cryptogram
Key
CipherAlgorithm Text
Key
???
Stream Ciphers• Key sets cipher state
• Cipher produces random sequence
• Sequence is XORed with data
Stream Ciphers
Text
CipherAlgorithm
Key
CipherAlgorithm
Key
???
++ Cryptogram Text
Key Stream Key Stream
Stream Ciphers
• 1 byte encoded (XOR) at a time
• Very fast!
• Good for communications!
• Size of input equals size of output
• Typical Key Sizes: >128 bits
Stream Ciphers
• A5 - Mobile Phone Communications
• RC4 - Wifi WEP, Internet HTTPS
• O
Original Text
Cryptogram seems to be random
Block Ciphers
• Input processed in blocks
• Block size related to key size
!
• Output is multiple of block size • Typical sizes: 64bits, 128bits, 192bits, 256bits
Block Ciphers
• Cipher algorithm does substitutions and permutations
• Key defines how
• Typical algorithms: AES, Blowfish, 3DES…
Block Ciphers
CipherKey Decipher Key
???
Cryptogram
Cryptogram
Cryptogram doesn’t seems to be random
Block Ciphers
• Blocks with same content will result in same output
• … because blocks are ciphered individually
• …. no feedback mechanism
Cipher Modes• Aditional Cipher Modes destroy patterns
• eg, Cipher-block chaining (CBC)
CipherKey
Block 1
Cryptogram
CipherKey
Cryptogram
Block 2
+ +IV
Asymmetric Crypto
• Uses a pair of keys:
• Public Key: every one may have it
• Private Key: never should be disclosed
• One key can do the oposite of the other
Confidentiality
CipherPublicKey
Decipher
???
Cryptogram
Cryptogram
PrivateKey
Authentication
CipherPrivateKey
Decipher
???
Cryptogram
Cryptogram
PublicKey
Who uses cryptography?
Should I (You) use?
Flickr, icedsoul/3194511482
Spies
Flickr, dunechaser/2630433944
Military
Flickr, lord_dane/4809995767
… and every one else
Cryptography
It’s a building block of our society
Flickr, nickobec/359440072
Enforces Security
• Cipher: Restricts access to Information
• Only holder of KEY can decipher cryptogram
!
• Authentication: Restricts access to Actions
• KEY asserts identity of its holder
Flickr, adulau/7712545428
In other words…
• You really know with whom you are sharing information
• Entities are Authenticated
• Mechanisms really restrict who accesses information
• Data is private
Flickr, adulau/7712545428
Wifi
• Restrict Access to authorised users
• eg, Your friends
• Make traffic confidential
• Wireless signals travel a long distance
Flickr, _miki/3425273296
Wifi
• Shared key (Password) provided by user is converted into key
• All traffic is ciphered
• Only key holders are authorised to associate
• Prevents eavesdropping and usage
Wifi
• WEP: RC4 (Stream Cipher, weak)
• Uses 24bits IV (‘random’) + 104bit Key
• WPA/WPA2: AES/CCMP (Block Ciphers)
• 128bit, per packet key
• 802.1x: Extensible Authentication Protocol (EAP)
Mobile Phones
Identify user Identify sim card (client) Identify terminal Make all traffic confidencial
Flickr, 26311710@N02/3235380837
Mobile Phones
• SIM card is protected by PIN
• Contains algorithms for authentication
• Contains Keys shared with Service Provider
• Terminal contains identifier (IMEI)
• Traffic is ciphered
Secure Sockets Layer (SSL)
• Protect traffic over communication networks
• Authenticate endpoints
• Make traffic confidential
Secure Sockets Layer (SSL)
• Extensively used in the Internet
• HTTPS, IMAPS, POP3S, XMPP, etc..
• Based on Certificates and Asymmetric Cryptography
• Established tunnel before actual data
Secure Sockets Layer (SSL)
• Server has Certificated issued by Trusted CA
• Client has temporary keys or trusted certificate
• Single (Server) or Mutual authentication
• All traffic is confidential
Identification
• Identify citizen / user
• Stronger method than visual ones
• Enable authentication over the Internet
• eg, web pages, emails, digital documents
Identification
• Smart Card protected by PIN codes
• Certificate issued by State
• Private Key that can be used for signing
• Card is secure against tampering
• Private Key never leaves Smart Card
Identification
I'm Maria
Prove It! Random_number
Sure! Sign(Random_number), CertVerify Certificate
VerifySignature
RequestCard to Sign
Hello Maria!
Information Confidentiality• Most systems provide
Software ciphered storage
• FileVault, BitLocker, TrueCrypt
• Devices also support ciphered storage
• Self Encrypting Drives
Seagate
Attacking Cryptographic
Systems
Direct Attacks• Analyse cryptographic algorithms
• Find weaknesses in its components
• Require serious mathematical skills
!
• Frequent contests to elect the best algorithm
• ex: 3DES, AES, SHA
Direct Attacks
• Brute force
• Try every possible combination
• Example: RSA 2048
• Time required: ~6.4 quadrillion years
• Universe age: 13.2 billion years
http://www.digicert.com/TimeTravel/math.htm ECRYPT II
Direct Attacks
• Brute force
• Try every possible combination
• Example: RSA 2048
• Time required: ~6.4 quadrillion years
• Universe age: 13.2 billion years
http://www.digicert.com/TimeTravel/math.htm
Considering evolution in computer capacity RSA 2048 secure until 2030
!Source, ECRYPT II
Direct Attacks
• Brute force
• Try every possible combination
• Example: RSA 2048
• Time required: ~6.4 quadrillion years
• Universe age: 13.2 billion years
http://www.digicert.com/TimeTravel/math.htm
If aiming at a user created password, results should be ready soon
Indirect Attacks
• Obtain information indirectly
• Algorithm is not broken
• Implementation is broken
• Implementation leaks information
• User is the frequent target
Human Behaviour
Human Behaviour
Power Leakage
Consumption when Key bit is 0
Consumption when Key bit is 1
Wikimedia Foundation
Sound Leakage
Daniel et al
Implementation Errors
• Heartbleed bug in openssl 1.0.1-1.0.1f
• Allows extracting 64Kbytes from server memory
• Affects all systems using SSL
Implementation Errors
... if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) goto fail; goto fail; if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0) goto fail; …
Apple “GOTO” bug, 2014
Thanks