Introduction to encryption
-
Upload
faffyman -
Category
Technology
-
view
2.206 -
download
5
description
Transcript of Introduction to encryption
Introduction to Encryption
6th Feb 2014
Who am I?
PHP Developer
@faffyman@phpbelfast
What’s this talk about?
Mostly the Why and the WhatAnd just a little bit of the How
What this talk is not about
Probability Theory behind encryption
encryption model definitions
Why Encrypt?Secure communications- TLS Email- SSL web
Filesystems-DVD-Memory Cards
Online Voting
WEP
Payment Gateways-Credit Cards-Bitcoins
Cable TV Signals
Skype Calls
DRM
What is Encryption?
It’s all Greek to me
Είναι όλα ελληνικά για μένα
*Encryption is…
“An algorithm that can encode a
message such that it is only readable by
authorized persons”
*Generally speaking.
*Encryption is… a Cipher..
“A pair of algorithms such that the
output ciphertext of the encoding
algorithm can be efficiently transformed
back to the original text by the decoding
algorithm”*not always true
Examples of Encryption through
history
Also known as the shift cipher
Or substitution cipher
The Caesar Cipher
Plain : ABCDEFGHIJKLMNOPQRSTUVWXYZCipher: XYZABCDEFGHIJKLMNOPQRSTUVW
Shift 3 chars left
Ciphertext: QEB NRFZH YOLTK CLU GRJMP LSBO QEB IXWV ALDPlaintext: the quick brown fox jumps over the lazy dog
16th Century Rome
Is a Modulo shift cipher
The Vigener Cipher
Plain : PHP BELFAST ENCRYTION TALKKey : BLI NKSTUDI OSBLINKST UDIO
Cipher: RTY PPEZVWC TEEDHHTHH OEUZ
Create a repeating key the same length as the message
P = 16 + B=2 = 18 = R
H = 8 + L=12 = 20 = T
L = 12 + S=19 = 31 % 26 = 5 = E
Famous WWII message involving JFK
Playfair Mr Kennedy
http://j.mp/pFAIR
P H B E LF A S T CD G I K MN O Q R UV W X Y Z
IN TR OD UC TI ON TO EN CR YP TI ON
DQ KY NG ZM SK QO AR PR TU VE SK QO
Symantically secure, practically useless
The One Time Pad
Very fast encode / decode
1917, Vernam
Stream Cipher
The One Time Pad
Uses A Random Key of equal length to the messageAJDPWNCGS82NCPS03NCBS72HGTWX1EZMBLHPY04YDVS2DSB0
Rotor Machines
Lorenz Cipher (a.k.a. Tunny)
Enigma
“Nothing to report”
There is a lot if it - yes
Encryption is just XOR?
M: 0 1 1 0 1 1 1Ke: 1 0 1 1 0 0 1
C: 1 1 0 1 1 1 0
Kd: 1 0 1 1 0 0 1
M: 0 1 1 0 1 1 1
Symmetric Ciphers
D ( K, E(k, m) ) = M
Decryption of Encrypted Message = Original Message
Symmetric Ciphers
2 Identical Inputs = 2 different outputs
Stream Ciphers
And
Block Ciphers
Making It Practical
In danger of getting complex
now…
Pseudo Randomness
Pseudo Random Key PRF – Pseudo Rand FunctionPRG – Pseudo Rand GeneratorPRP – Pseudo Rand Permutation
Pseudo Random Keys
Short Input => Long Output
Data Encryption StandardDES
1970 – 1976 - IBMs Lucifer cipher approved as Fed. Standard
1997 - DES is broken by exhaustive searchInternet search – took 3 months1998 – Deep Crack does it in 3 days (cost $250K)1999 – combined search 22 hours
2000 – New Fed Standard adopted. Rijndael or AES
Feistel Network
http://j.mp/feistDES
Common Block Cipher Construction
DES is a 16 round Fiestel construction
Advanced Encryption Standard
AESUses block cipher – But NOT a Fiestel Construction
1997: DES Broken NIST requests proposal for new std1999: 5 shortlisted options2000: Rijndael chosen to be new AES
AES
Side Channel Attacks
• Timing Attacks• Power Attacks• Sound Attacks• Replay Attacks
j.mp/1c9v9Vi
ECBElectronic Code Book
j.mp/1kONKMk
Encrypted with ECB Encrypted in other modesshow pseudo randomness
CTRCounter Mode
MICs and MACsMessage Integrity or Authentication
CodeBasically - Hash FunctionsMD5 - weakSHA-1 - weakSHA-256 - better
Anti-Tamper codes
Authenticated Encryption
Encrypt then MAC - always provides A.E.
MAC then Encrypt is open to CCA attacks - it’s ok IF you use rand-CBC or rand-CTR mode - still open to padding attacks
Key Exchange
Public/Private Keys
Public key used to encryptPrivate key used to decrypt
Uses large primes (600+ digits) and modulus of the powers of factors of that prime
Public/Private KeysALICE BOB
Generate array of public & private keys
Bob chooses one public key
Chooses a random secret {0,1}128
encrypts it using Public Key
Alice decrypts with Secret keyTo obtain Bobs random number
They now have a shared secret or key (Bobs number) with which to encrypt future messages
PHP – password storage
j.mp/1nPFttR
• Raw / Plaintext – do people really do this? • Roll your own encryption mechanism• MySQL Encrypt() • MD5() – no collision too common• SHA and store salt• bcrypt – No salt storage required• phpass – no salt storage required
*NEVER*Roll your own
Golden Rule:Libraries, libraries, libraries
Always use a tried & tested library
PHP – MAC
hash_hmac()
hash_hmac ($algo, $data, $key [$raw_output = false])
hash_hmac(’sha256’,’phpbelfast rocks', ’MySecret');
php.net/hash_hmac
PHP – openssl library
j.mp/1dp8OTq
openssl_get_cipher_methods()
openssl_cipher_iv_length()
openssl_encrypt()
openssl_decrypt()
PHP password_hash()v5.5+
php.net/password_hashj.mp/1err98n
password_hash( $password, $algo [, $options] )
password_verify( $password, $hash )
Cover image -Enigma Machine by Skittledoghttp://flic.kr/p/9VjJz5
Creative Commonshttp://creativecommons.org/licenses/by-nc-sa/2.0/
Fiestel Network DiagramDan Boneh, Stanford Unversity (Coursera – Cryptography I course)
Link Bundle j.mp/1iq3xA5
Credits
“Only amateurs attack machines, professionals attack humans”- Bruce Schneier
Final Thought