Cryptography 101
Nolan Egly
Code Camp 2013 Sponsors
Gold
Silver
Bronze
Agenda
• Branches and types of cryptography
• Early crypto systems and cryptanalysis
• Mechanization of cryptosystems
Agenda (cont.)
• Security Problems Cryptography Does Not Solve
• What Is Secure?
• Symmetric Encryption and Modes
• Asymme...
Agenda (cont.)
• Quantum Cryptography
• Resources
• Open questions and discussion
Oh dear, this
isn’t going to
be my cup of
tea…
Image credit: http://supercutekittens.blogspot.com/2011_07_01_archive.html
...
Secret Writing
Cryptography
• Greek etymology
– Kryptos: secret
– Graphia: writing
• Scrambling a message in
plain sight
S...
STEGANOGRAPHY
PAST AND PRESENT
Steganography - Ancient
Photo credit: http://en.wikipedia.org/wiki/File:Wachstafel_rem.jpg
Steganography - Historical
Invisible Ink
Steganography - Historical
Microdots
Photo credit: http://www.racq.com.au/__data/assets/image/0006/34908/microdot_cropped....
Steganography - Modern
• Hiding messages in low order bits of media
Tool Demo
Steganography with Hide in Picture
Steganography Usage Today
• Digital watermarking intellectual property
– General copyright infringement detection
– Waterm...
Steganography Usage Today
• Underground communities
– Need to communicate covertly
What questions do you have?
CRYPTOGRAPHY
PRINCIPLES AND PAST HISTORY
Primary Two Methods of Cryptography
Transposition (Diffusion)
• Changing the position of the
characters
Substitution (Conf...
Transposition - Ancient
Photo credit: “The Code Book” by Simon Singh
Transposition – Route Cipher
Write the message in vertical rows in a grid, and
then transcribe according to a pattern
T A ...
Transposition – Columnar Cipher
Write message in rows, and then scramble columns
in alphabetical order of a key
T H E A N
...
Transposition Today
Transposition is used as a component of more
complex ciphers, but is not strong enough to be
used by i...
What questions do you have?
Strategies of Substitution
Codes
• Substitute words or phrases
Ciphers
• Substitute letters
Ace => DFH
Bad => EDG
Caeser S...
Secret Communication
Steganography Cryptography
Codes Ciphers
Transposition Substitution
Interlude: Complete Family Tree
Substitution - Ancient
• Oldest known cipher – Caeser cipher
• Shift characters by 3
Caeser Cipher
Cipher D E F G H I J K ...
Kerckhoff’s Principle
"The security of a crypto-system must
not depend on keeping secret the
crypto-algorithm. The securit...
Cryptography by Secret Key
Image credit: http://i.msdn.microsoft.com/dynimg/IC168364.gif
Shift cipher with key
• Improves the shift cipher by adding a secret key
• Just knowing the algorithm is useless without t...
What questions do you have?
We have secure communications.
Life is good.
Isn’t it?
Photo credit: http://www.flickr.com/photos/lorensztajer/4181632414/
Not quite.
Someone could use cryptanalysis
to break our cipher.
Photo credit: http://www.flickr.com/photos/85941395@N00/21...
Cryptanalysis:
Lexical Frequencies
Image credit: http://en.wikipedia.org/wiki/File:English_letter_frequency_(alphabetic).s...
Lexical Frequency Analysis Example
LIVITCSWPIYVEWHEVSRIQMXLEYVEOIEWHRXEXIPFEM
VEWHKVSTYLXZIXLIKIIXPIJVSZEYPERRGERIMWQLMG
L...
E Freq. D
I 58
E 48
X 41
W 35
M 34
V 31
S 30
R 27
L 22
P 21
G 16
H 16
Y 13
E Freq. D
T 12
Q 12
C 9
K 9
J 9
C 6
F 6
A 5
O 3...
E Freq. D
I 58 E
E 48
X 41 T
W 35
M 34
V 31
S 30
R 27
L 22 H
P 21
G 16
H 16
Y 13
E Freq. D
T 12
Q 12
C 9
K 9
J 9
C 6
F 6
A...
E Freq. D
I 58 E
E 48 A
X 41 T
W 35
M 34
V 31
S 30
R 27
L 22 H
P 21
G 16
H 16
Y 13
E Freq. D
T 12
Q 12
C 9
K 9
J 9
C 6
F 6...
Applying Our Conjectures
heVeTCSWPeYVaWHaVSReQMthaYVaOeaWHRtatePFaM
VaWHKVSTYhtZetheKeetPeJVSZaYPaRRGaReMWQhMG
hMtQaReWGPS...
More Conjecturing
heVeTCSWPeYVaWHaVSReQMthaYVaOeaWHRtatePFaM
VaWHKVSTYhtZetheKeetPeJVSZaYPaRRGaReMWQhMG
hMtQaReWGPSReHMtQa...
Applying i, m, and r
hereTCSWPeYraWHarSReQithaYraOeaWHRtatePFai
raWHKrSTYhtmetheKeetPeJrSmaYPaRRGaReiWQhiG
hitQaReWGPSReHi...
And so on, and so forth
hereuponlegrandarosewithagraveandstatelyai
randbroughtmethebeetlefromaglasscaseinwhic
hitwasenclos...
With Spacing and Punctuation
Hereupon Legrand arose, with a grave and stately air, and
brought me the beetle from a glass ...
What questions do you have?
The Cryptographers Strike Back
• Polyalphabetic ciphers
– Uses many alphabets of substitution instead of 1
– Hides letter ...
Vigenere Square
Plaintext The sun and the man in the moon
Ciphertext DPR YEV NTN BUK WIA OX BUK WWBT
Polyalphabetic Cipher
• This plaintex...
The Return of the Cryptanalysts
• Key cycle detection
• Find repeated sequences and estimate
possible key lengths
• Divide...
Key Cycle Detection
Plaintext The sun and the man in the moon
DPRYEVNTNBUKWIAOXBUKWWBT
Alphabet 1 D E N W X W
Alphabet 2 P...
Mechanization of Ciphers - Enigma
Image credit: http://www.oliverrobinson.net/photos/bletchley/index.html
Enigma Rotors and Plugboard
Image credit: http://www.ilord.com/enigma.html
What questions do you have?
SECURITY PROBLEMS
CRYPTOGRAPHY DOES NOT SOLVE
Cryptography
Infrastructure Vectors
Packet sniffers, key loggers, and malware – oh my!
Image credit:
http://3.bp.blogspot.com/-I0mI7eWk...
User Confusion
Image credit: http://www.d00med.net/uploads/0d832c77559a2070a766f899e7efb783.png
Image credit: http://ctworkingmoms.com/wp-content/uploads/2013/06/bribery.jpg
Image credit: https://xkcd.com/538/
CRYPTOGRAPHY
TODAY
What is “Secure”?
Image credits: http://upload.wikimedia.org/wikipedia/commons/8/87/WinonaSavingsBankVault.JPG
What is “Secure”?
• Unconditionally secure
– Impossible to break, even with infinite resources
• Computationally secure
– ...
Unconditionally Secure
• Theorized to only be possible when the key is
as long as the message
• Every key is equally likel...
One Time Pads
Pros
• Completely unbreakable
Cons
• Must be as long as message
• Must be completely random
• Cannot be reus...
Computationally Secure
• Cipher cannot be broken with limited
computing resources
– E.g. a calculation that will take long...
Things We Ask Crypto To Do
Algorithm Confidentiality Authentication Integrity
Symmetric encryption Yes No No
Asymmetric en...
Symmetric Encryption
• Uses a series of complex transformations with
the secret key to scramble the plaintext
• Let’s look...
F: Feistel function
Crossed circle: XOR
Data is operated on in blocks by
alternating between the left and right
sides goin...
DES algorithm - Feistel function
Crossed circle: XOR
S: Substitution function
P: Permutation function
(transposition)
The ...
What questions do you have?
MAYBE.
This is great and all, but since the
substitutions and permutations are
constant, if I keep using the same key
can ...
Modes
• Modes are types of additional protection
when using a key on multiple messages
• Does not encrypt by itself, but a...
Electronic Codebook Mode (ECB)
• No modification to input process
• Susceptible to frequency analysis with
multiple cipher...
Cipher Block Chaining Mode (CBC)
• Plaintext block is XORed with previous block’s
cipher text
• First block XORed with an ...
Cipher Feedback Mode (CFB)
• Similar to CBC, but operates on streams
instead of blocks
• Very useful for some communicatio...
Output-Feedback Mode (OFB)
• Streamed like CFB but uses the key itself,
encrypted by the algorithm, to XOR the text
• Tran...
And others…
Image credit last 4 slides: http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
Final Thoughts on Modes
• Some standards dictate the mode. If you
don’t use the specified mode, you aren’t using
that encr...
What questions do you have?
Symmetric Disadvantages
• Key distribution must be done secretly
• Keys needed between each party
– Keys required = (n*(n-...
Asymmetric Encryption
• Also called public key encryption
• Conceived by Diffie and Hellman in 1976
• Uses a public key to...
Asymmetric Encryption - Overview
Image credit: http://i.msdn.microsoft.com/dynimg/IC21919.gif
Asymmetric Encryption - RSA
• First usable algorithm, and the most popular
• Uses product of two large prime numbers as
on...
What questions do you have?
CRYPTOGRAPHY
IN THE FUTURE
Quantum Cryptography
• Quantum cracking
– Calculate all states at once with quantum bits
– Schrodinger’s Cat Hypothesis
• ...
RESOURCES
Recommended Books - Heavy
• Bruce Schneier
– “Cryptography Engineering”
• A great critique of some perceived shortcomings ...
Recommended Books - Light
• Simon Singh - “The Code Book”
– Covers history of cryptography
– Very accessible, even to nont...
Online Courses
• (I haven’t taken any of these myself)
• Coursera
– https://www.coursera.org/course/crypto
• Udacity
– htt...
Community
• Schneir on Security
– http://www.schneier.com
• Stack Exchange
– http://crypto.stackexchange.com
Thanks for coming!
• Email: nolan@nolanegly.com
• Twitter: @nolanegly
Cryptography 101
Cryptography 101
Upcoming SlideShare
Loading in...5
×

Cryptography 101

540

Published on

Information sharing may be great for your team, but not so great when it comes to your valuable, sensitive data. This talk is an introduction to cryptography - the art and science of keeping information secret. We'll gently introduce core concepts like steganography, codes, ciphers, and lexical analysis by reviewing the history of making (and breaking) secret writing systems from ancient times to World War 2, and finish with a discussion about modern symmetric and asymmetric (aka public key) encryption.

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
540
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Developers can sign up anytime at ctxgivecamp.org through our EventBrite link. You can follow back or mention the project at @ctxgivecamp on Twitter. There's a Facebook event page too at https://www.facebook.com/CtxGivecamp.The event takes place on October 18-20.Developers, designers and other professionals will team up to complete small applications for non-profits in needYou can sign up at ctxgivecamp.org or get more info at info@ctxgivecamp.org 
  • In 480BC, Persia was about to attack Greece. A Greek exile named Demaratus was living in Persia, and sent wax covered tablets with a warning. He scraped off the wax, carved a message in wood, and resealed the wood tablets.
  • Protein chars or burns. If you write on paper with a protein that dries clear (e.g. lemon juice), the message can be seen when the paper is heated.
  • During World War II, Germany would shrink photos to the size of period and send them through the unsecure message system. The Allies were tipped off to “look for letters with shiny punctuation marks”.
  • Media could be image files, sound files.
  • Do HideInPicture demo here, compare images with hex editor to see altered bytes.
  • Claude Shannon, generally credited as the inventor of Information Theory, used the term diffusion for transposition and confusion for substitution. Just an FYI for anyone who’s read Shannon’s work.
  • Scytale – wooden rod of a certain diameter. A strip of leather or paper would be wound around the wooden rod, and then transcribed. Once the medium was unwound, it would be all scrambled. The message would be carried to its recipient (sometimes as a belt) who also had a scytale with a matching diameter, and would be able to recreate the message.
  • Susceptible to frequency analysis, often leaves words or parts of words exposedRoute ciphers are also sometimes called Rail ciphers and were used by the Union in the American Civil War.
  • Susceptible to frequency analysisCan be attacked by guessing column lengths and looking for word partials
  • During WWII, a two step transposition cipher was considered the most complex scheme a secret agent could memorize and remember while in the field.
  • Code books can be completely random, so there are no substitution patterns to cryptanalyze, but have a number of drawbacks.- Distribution and transportationLimited to vocabulary of the book- Vulnerable to lexical analysis (frequently occurring words, such as ‘the’)Ciphers have a pattern that can be potentially cryptanalyzed, butDon’t require a codebook (although more complex ciphers use a daily key book)Can express any message since the vocabulary isn’t predefinedToday ciphers are overwhelmingly favored over codes
  • This is a concept diagram of families and types of secret communication.(after animation)The remainder of the talk is going to focus on ciphers.
  • One of the primary weaknesses of this kind of cipher is the security depends on keeping the algorithm secret. Once the algorithm is known, the cipher is worthless.This leads us to…
  • Kerckhoff was a Dutch (Netherlands) cryptographer who taught in a Paris university. In 1883 he wrote a paper in the French Journal of Military Science to encourage more secure crypographic practices and outlined six best practices. Number two became known as Kerckhoff’s Principle.
  • The secret key keeps the message secure even if the enemy knows what the encryption method was.
  • This is an improvement to the plain cipher by adding a secret key. Knowing the algorithm is a shift cipher without knowing the key is “XYLOPHONE” doesn’t decrypt the message.
  • Lexical frequency analysis was discovered in the Arabia area in the 900’s. One of the oldest known works describing frequency analysis was written by al-Kindi, nicknamed ‘The philosopher of the Arabs’. It was also either discovered in Europe or introduced from the Arabian peninsula during the Renaissance period.
  • Here’s some cipher text that’s been created with a simple substitution cipher. Could I please have a volunteer to count up the occurrences of each letter please? Anyone?
  • Oh, OK. I used an online tool to perform the counting. http://www.richkni.co.uk/php/crypta/freq.phpE is the most common letter used in English, and “the” is the most common word. So ‘I’ is probably ‘E’, and ‘XLI’ is probably ‘THE’.(animate)
  • E and T are the first and second most used letter, which we believe we’ve identified by way of ‘THE’. So the second most occurring cipher letter E is probably the third most common plaintext letter A.(animate)
  • (next slide applies our conjectures to the text)
  • (ask) Does anyone see any possible patterns or words? Blue lower case letters are plain text, red uppercase are cipher text.
  • “heVe” looks like here“atthattMZe” looks like at that timeLets presume “V” is the letter r, and likewise that “M” is I and “Z” is M.
  • (animate)remarA looks like remark, so we could apply K for A(forward)
  • Here, we are going to see how the same plaintext letter gets encrypted as different letters to help mask its frequency of occurrence. We’ll use the passphrase “KING”.On row 10 (K), an E would be an O.On row 08 (I), an E would be M.On row 13 (N), an E would be R.On row 06 (G), an E would be K.
  • In a nutshell – divide thepolyalphabetics into monoalphabetic strings, and then divide and conquer.
  • It is important to remember that cryptography is USEFUL in enhancing security, but cannot guarantee it because attackers usually have many other vectors to exploit.
  • There are also several social vector approaches that often work very well…
  • In the cryptography literature this is fondly referred to as the rubber hose attack.
  • Ask the audience what “secure” means to them in regards to cryptography.Things to encourage discussion on:Time and cost of attack vs value and timeliness of secretresources of various adversaries (another person vs corporation vs government)
  • Claude Shannon developed the theory of unconditional security.
  • “Need secure distribution” is the deal breaker here. It doesn’t matter how theoretically secure something is if it is painful and dangerous to orchestrate.
  • DES was invented in the 1970s when the need for a national standard to securely communicate became apparent. The NSA helped develop the standard, but was unaware that the standard would be so openly published in a manner that allowed for software implementations.DES is NOT SECURE today. DO NOT USE IT. I’m showing it as a “simple” example of more modern techniques, and how computers help facilitate what was once done manually.
  • IP and FP are not cryptographically significant, and were added to facilitate loading and unloading bytes into 1970’s era hardware.
  • The cipher text of a message encrypted multiple times with the same key will look exactly the same each time.This is great from a hardware perspective (we can parallelize the operations), but horrible from a cryptanalysis perspective.
  • The operation can no longer be done in parallel, but we will no longer get predictable output from the same input.
  • The NSA claims to have invented beforeDiffie and Hellman, but how are we supposed to know?
  • A more recent alternative to using prime numbers is using the mathematical properties of elliptical curves.
  • (If you’re running fast) Talk about digital signatures
  • (If you’re running fast) Talk about digital signatures
  • Developers can sign up anytime at ctxgivecamp.org through our EventBrite link. You can follow back or mention the project at @ctxgivecamp on Twitter. There's a Facebook event page too at https://www.facebook.com/CtxGivecamp.The event takes place on October 18-20.Developers, designers and other professionals will team up to complete small applications for non-profits in needYou can sign up at ctxgivecamp.org or get more info at info@ctxgivecamp.org 
  • Cryptography 101

    1. 1. Cryptography 101 Nolan Egly
    2. 2. Code Camp 2013 Sponsors Gold Silver Bronze
    3. 3. Agenda • Branches and types of cryptography • Early crypto systems and cryptanalysis • Mechanization of cryptosystems
    4. 4. Agenda (cont.) • Security Problems Cryptography Does Not Solve • What Is Secure? • Symmetric Encryption and Modes • Asymmetric Encryption
    5. 5. Agenda (cont.) • Quantum Cryptography • Resources • Open questions and discussion
    6. 6. Oh dear, this isn’t going to be my cup of tea… Image credit: http://supercutekittens.blogspot.com/2011_07_01_archive.html Image credit: http://fanumusic.com/wp-content/uploads/2012/10/Free.jpg
    7. 7. Secret Writing Cryptography • Greek etymology – Kryptos: secret – Graphia: writing • Scrambling a message in plain sight Steganography • Greek etymology – Steganos: covered – Graphia: writing • Hiding a message so it cannot be seen
    8. 8. STEGANOGRAPHY PAST AND PRESENT
    9. 9. Steganography - Ancient Photo credit: http://en.wikipedia.org/wiki/File:Wachstafel_rem.jpg
    10. 10. Steganography - Historical Invisible Ink
    11. 11. Steganography - Historical Microdots Photo credit: http://www.racq.com.au/__data/assets/image/0006/34908/microdot_cropped.jpg
    12. 12. Steganography - Modern • Hiding messages in low order bits of media
    13. 13. Tool Demo Steganography with Hide in Picture
    14. 14. Steganography Usage Today • Digital watermarking intellectual property – General copyright infringement detection – Watermark per digital copy for data leak detection Image source: http://www.amazon.com/Kerosene/dp/B001C79S0S/
    15. 15. Steganography Usage Today • Underground communities – Need to communicate covertly
    16. 16. What questions do you have?
    17. 17. CRYPTOGRAPHY PRINCIPLES AND PAST HISTORY
    18. 18. Primary Two Methods of Cryptography Transposition (Diffusion) • Changing the position of the characters Substitution (Confusion) • Changing the characters from one into another
    19. 19. Transposition - Ancient Photo credit: “The Code Book” by Simon Singh
    20. 20. Transposition – Route Cipher Write the message in vertical rows in a grid, and then transcribe according to a pattern T A W I 2 H N E S X E S R 4 Z The answer is 42 EHT ANS REW IS4 ZX2 Plaintext Ciphertext
    21. 21. Transposition – Columnar Cipher Write message in rows, and then scramble columns in alphabetical order of a key T H E A N S W E R I S 4 2 X Z The answer is 42 HW4 NIZ ARX EE2 TSS P A N I CKey Plaintext Ciphertext
    22. 22. Transposition Today Transposition is used as a component of more complex ciphers, but is not strong enough to be used by itself
    23. 23. What questions do you have?
    24. 24. Strategies of Substitution Codes • Substitute words or phrases Ciphers • Substitute letters Ace => DFH Bad => EDG Caeser Shift Cipher Plain A B C D E Cipher D E F G H TOP SECRET Word Code Word Ace Mushroom Bad Pink Image credit (paper background): http://www.flickr.com/photos/boston_public_library/4460136656
    25. 25. Secret Communication Steganography Cryptography Codes Ciphers Transposition Substitution Interlude: Complete Family Tree
    26. 26. Substitution - Ancient • Oldest known cipher – Caeser cipher • Shift characters by 3 Caeser Cipher Cipher D E F G H I J K L M N O P Q R S T U V W X Y Z A B C Plain A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Plaintext Ciphertext The answer is 42! WKH DQVZHU LV 42!
    27. 27. Kerckhoff’s Principle "The security of a crypto-system must not depend on keeping secret the crypto-algorithm. The security depends only on keeping secret the key."
    28. 28. Cryptography by Secret Key Image credit: http://i.msdn.microsoft.com/dynimg/IC168364.gif
    29. 29. Shift cipher with key • Improves the shift cipher by adding a secret key • Just knowing the algorithm is useless without the key Shift Cipher With Key “Xylophone” Cipher X Y L O P H N E A B C D F G I J K M Q R S T U V W Z Plain A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Plaintext Ciphertext The answer is 42! REP XGQUPM OU 42!
    30. 30. What questions do you have?
    31. 31. We have secure communications. Life is good. Isn’t it? Photo credit: http://www.flickr.com/photos/lorensztajer/4181632414/
    32. 32. Not quite. Someone could use cryptanalysis to break our cipher. Photo credit: http://www.flickr.com/photos/85941395@N00/2190485197/
    33. 33. Cryptanalysis: Lexical Frequencies Image credit: http://en.wikipedia.org/wiki/File:English_letter_frequency_(alphabetic).svg
    34. 34. Lexical Frequency Analysis Example LIVITCSWPIYVEWHEVSRIQMXLEYVEOIEWHRXEXIPFEM VEWHKVSTYLXZIXLIKIIXPIJVSZEYPERRGERIMWQLMG LMXQERIWGPSRIHMXQEREKIETXMJTPRGEVEKEITREWH EXXLEXXMZITWAWSQWXSWEXTVEPMRXRSJGSTVRIEYVI EXCVMUIMWERGMIWXMJMGCSMWXSJOMIQXLIVIQIVIXQ SVSTWHKPEGARCSXRWIEVSWIIBXVIZMXFSJXLIKEGAE WHEPSWYSWIWIEVXLISXLIVXLIRGEPIRQIVIIBGIIHM WYPFLEVHEWHYPSRRFQMXLEPPXLIECCIEVEWGISJKTV WMRLIHYSPHXLIQIMYLXSJXLIMWRIGXQEROIVFVIZEV AEKPIEWHXEAMWYEPPXLMWYRMWXSGSWRMHIVEXMSWMG STPHLEVHPFKPEZINTCMXIVJSVLMRSCMWMSWVIRCIGX MWYMX Monoalphabetic ciphertext
    35. 35. E Freq. D I 58 E 48 X 41 W 35 M 34 V 31 S 30 R 27 L 22 P 21 G 16 H 16 Y 13 E Freq. D T 12 Q 12 C 9 K 9 J 9 C 6 F 6 A 5 O 3 B 2 U 1 N 1 D 0 Trigrams Freq. D XLI 9 EWH 7 MWY 4 IVI 4 Analysis Counts
    36. 36. E Freq. D I 58 E E 48 X 41 T W 35 M 34 V 31 S 30 R 27 L 22 H P 21 G 16 H 16 Y 13 E Freq. D T 12 Q 12 C 9 K 9 J 9 C 6 F 6 A 5 O 3 B 2 U 1 N 1 D 0 Trigrams Freq. D XLI 9 THE EWH 7 MWY 4 IVI 4 Analysis Counts
    37. 37. E Freq. D I 58 E E 48 A X 41 T W 35 M 34 V 31 S 30 R 27 L 22 H P 21 G 16 H 16 Y 13 E Freq. D T 12 Q 12 C 9 K 9 J 9 C 6 F 6 A 5 O 3 B 2 U 1 N 1 D 0 Trigrams Freq. D XLI 9 THE EWH 7 MWY 4 IVI 4 Analysis Counts
    38. 38. Applying Our Conjectures heVeTCSWPeYVaWHaVSReQMthaYVaOeaWHRtatePFaM VaWHKVSTYhtZetheKeetPeJVSZaYPaRRGaReMWQhMG hMtQaReWGPSReHMtQaRaKeaTtMJTPRGaVaKaeTRaWH atthattMZeTWAWSQWtSWatTVaPMRtRSJGSTVReaYVe atCVMUeMWaRGMeWtMJMGCSMWtSJOMeQtheVeQeVetQ SVSTWHKPaGARCStRWeaVSWeeBtVeZMtFSJtheKaGAa WHaPSWYSWeWeaVtheStheVtheRGaPeRQeVeeBGeeHM WYPFhaVHaWHYPSRRFQMthaPPtheaCCeaVaWGeSJKTV WMRheHYSPHtheQeMYhtSJtheMWReGtQaROeVFVeZaV AaKPeaWHtaAMWYaPPthMWYRMWtSGSWRMHeVatMSWMG STPHhaVHPFKPaZeNTCMteVJSVhMRSCMWMSWVeRCeGt MWYMt
    39. 39. More Conjecturing heVeTCSWPeYVaWHaVSReQMthaYVaOeaWHRtatePFaM VaWHKVSTYhtZetheKeetPeJVSZaYPaRRGaReMWQhMG hMtQaReWGPSReHMtQaRaKeaTtMJTPRGaVaKaeTRaWH atthattMZeTWAWSQWtSWatTVaPMRtRSJGSTVReaYVe atCVMUeMWaRGMeWtMJMGCSMWtSJOMeQtheVeQeVetQ SVSTWHKPaGARCStRWeaVSWeeBtVeZMtFSJtheKaGAa WHaPSWYSWeWeaVtheStheVtheRGaPeRQeVeeBGeeHM WYPFhaVHaWHYPSRRFQMthaPPtheaCCeaVaWGeSJKTV WMRheHYSPHtheQeMYhtSJtheMWReGtQaROeVFVeZaV AaKPeaWHtaAMWYaPPthMWYRMWtSGSWRMHeVatMSWMG STPHhaVHPFKPaZeNTCMteVJSVhMRSCMWMSWVeRCeGt MWYMt
    40. 40. Applying i, m, and r hereTCSWPeYraWHarSReQithaYraOeaWHRtatePFai raWHKrSTYhtmetheKeetPeJrSmaYPaRRGaReiWQhiG hitQaReWGPSReHitQaRaKeaTtiJTPRGaraKaeTRaWH atthattimeTWAWSQWtSWatTraPiRtRSJGSTrReaYre atCriUeiWaRGieWtiJiGCSiWtSJOieQthereQeretQ SrSTWHKPaGARCStRWearSWeeBtremitFSJtheKaGAa WHaPSWYSWeWeartheSthertheRGaPeRQereeBGeeHi WYPFharHaWHYPSRRFQithaPPtheaCCearaWGeSJKTr WiRheHYSPHtheQeiYhtSJtheiWReGtQaROerFremar AaKPeaWHtaAiWYaPPthiWYRiWtSGSWRiHeratiSWiG STPHharHPFKPameNTCiterJSrhiRSCiWiSWreRCeGt iWYit
    41. 41. And so on, and so forth hereuponlegrandarosewithagraveandstatelyai randbroughtmethebeetlefromaglasscaseinwhic hitwasencloseditwasabeautifulscarabaeusand atthattimeunknowntonaturalistsofcourseagre atprizeinascientificpointofviewthereweretw oroundblackspotsnearoneextremityofthebacka ndalongoneneartheotherthescaleswereexceedi nglyhardandglossywithalltheappearanceofbur nishedgoldtheweightoftheinsectwasveryremar kableandtakingallthingsintoconsiderationic ouldhardlyblamejupiterforhisopinionrespect ingit
    42. 42. With Spacing and Punctuation Hereupon Legrand arose, with a grave and stately air, and brought me the beetle from a glass case in which it was enclosed. It was a beautiful scarabaeus, and, at that time, unknown to naturalists—of course a great prize in a scientific point of view. There were two round black spots near one extremity of the back, and a long one near the other. The scales were exceedingly hard and glossy, with all the appearance of burnished gold. The weight of the insect was very remarkable, and, taking all things into consideration, I could hardly blame Jupiter for his opinion respecting it. This is an excerpt from the short story “The Gold Bug” by Edgar Allen Poe. Decrypting a simple cipher by frequency analysis is part of the plot.
    43. 43. What questions do you have?
    44. 44. The Cryptographers Strike Back • Polyalphabetic ciphers – Uses many alphabets of substitution instead of 1 – Hides letter frequencies – Credit is generally given to Vigenere
    45. 45. Vigenere Square
    46. 46. Plaintext The sun and the man in the moon Ciphertext DPR YEV NTN BUK WIA OX BUK WWBT Polyalphabetic Cipher • This plaintext is encrypted with Vigenere and a pass phrase “King”
    47. 47. The Return of the Cryptanalysts • Key cycle detection • Find repeated sequences and estimate possible key lengths • Divide ciphertext in to groups by key length • Analyze as a monoalphabetic cipher
    48. 48. Key Cycle Detection Plaintext The sun and the man in the moon DPRYEVNTNBUKWIAOXBUKWWBT Alphabet 1 D E N W X W Alphabet 2 P V B I B W Alphabet 3 R N U A U B Alphabet 4 Y T K O K T
    49. 49. Mechanization of Ciphers - Enigma Image credit: http://www.oliverrobinson.net/photos/bletchley/index.html
    50. 50. Enigma Rotors and Plugboard Image credit: http://www.ilord.com/enigma.html
    51. 51. What questions do you have?
    52. 52. SECURITY PROBLEMS CRYPTOGRAPHY DOES NOT SOLVE
    53. 53. Cryptography
    54. 54. Infrastructure Vectors Packet sniffers, key loggers, and malware – oh my! Image credit: http://3.bp.blogspot.com/-I0mI7eWkiiE/UVZ6KhVUqcI/AAAAAAAANAw/h7PNvdk9zXs/s320/WiresharkDissector.png http://www.keelog.com/images/wifi_hardware_keylogger_03.jpg http://www.thechromesource.com/wp-content/uploads/2011/07/download.jpg
    55. 55. User Confusion Image credit: http://www.d00med.net/uploads/0d832c77559a2070a766f899e7efb783.png
    56. 56. Image credit: http://ctworkingmoms.com/wp-content/uploads/2013/06/bribery.jpg
    57. 57. Image credit: https://xkcd.com/538/
    58. 58. CRYPTOGRAPHY TODAY
    59. 59. What is “Secure”? Image credits: http://upload.wikimedia.org/wikipedia/commons/8/87/WinonaSavingsBankVault.JPG
    60. 60. What is “Secure”? • Unconditionally secure – Impossible to break, even with infinite resources • Computationally secure – Impossible to break without infinite resources
    61. 61. Unconditionally Secure • Theorized to only be possible when the key is as long as the message • Every key is equally likely and denies pattern matching • Only known system is the one time pad
    62. 62. One Time Pads Pros • Completely unbreakable Cons • Must be as long as message • Must be completely random • Cannot be reused • Need secure distribution Image credits: http://www.ranum.com/security/computer_security/papers/otp-faq/otp.jpg http://commons.wikimedia.org/wiki/File:OneTimePadExcerpt.agr.jpg
    63. 63. Computationally Secure • Cipher cannot be broken with limited computing resources – E.g. a calculation that will take longer than the age of the universe – What most practical cryptography strives for
    64. 64. Things We Ask Crypto To Do Algorithm Confidentiality Authentication Integrity Symmetric encryption Yes No No Asymmetric encryption Yes No No Digital Signatures No Yes Yes One-way hash functions No No Yes
    65. 65. Symmetric Encryption • Uses a series of complex transformations with the secret key to scramble the plaintext • Let’s look at DES as an example
    66. 66. F: Feistel function Crossed circle: XOR Data is operated on in blocks by alternating between the left and right sides going through function F and then XORing the function output with the other half of the block. This is done for 16 rounds. Image credit: http://en.wikipedia.org/wiki/File:DES-main-network.png DES algorithm - Overview
    67. 67. DES algorithm - Feistel function Crossed circle: XOR S: Substitution function P: Permutation function (transposition) The half block is XORed with a subset of the encryption key, and then run through a series of fixed substitutions and permutations. Image credit: http://en.wikipedia.org/wiki/File:DES-f-function.png
    68. 68. What questions do you have?
    69. 69. MAYBE. This is great and all, but since the substitutions and permutations are constant, if I keep using the same key can someone cryptanalyze my ciphertexts?
    70. 70. Modes • Modes are types of additional protection when using a key on multiple messages • Does not encrypt by itself, but affects the input into the cryptographic functions
    71. 71. Electronic Codebook Mode (ECB) • No modification to input process • Susceptible to frequency analysis with multiple ciphertexts • Susceptible to replay attacks from malicious sources without timestamps (blocks look the same every time)
    72. 72. Cipher Block Chaining Mode (CBC) • Plaintext block is XORed with previous block’s cipher text • First block XORed with an Initialization Vector (IV) • The IV is not sensitive and can be transmitted as plaintext with the encrypted message
    73. 73. Cipher Feedback Mode (CFB) • Similar to CBC, but operates on streams instead of blocks • Very useful for some communications – Imagine a remote desktop session waiting for 4 to 8 keypresses before sending the text
    74. 74. Output-Feedback Mode (OFB) • Streamed like CFB but uses the key itself, encrypted by the algorithm, to XOR the text • Transmission errors affect only a single byte instead of an entire block since the feedback stream is independent of the cipher block
    75. 75. And others… Image credit last 4 slides: http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
    76. 76. Final Thoughts on Modes • Some standards dictate the mode. If you don’t use the specified mode, you aren’t using that encryption standard.
    77. 77. What questions do you have?
    78. 78. Symmetric Disadvantages • Key distribution must be done secretly • Keys needed between each party – Keys required = (n*(n-1)/2), n is number of users Image credit: http://www.petri.co.il/images/Planning%20a%20DFS%20Architecture%20Part%202%20-2.jpg
    79. 79. Asymmetric Encryption • Also called public key encryption • Conceived by Diffie and Hellman in 1976 • Uses a public key to encrypt and a private key to decrypt • Benefits: solves the secret key distribution problem, enables digital signature protocols • Drawbacks: it’s much slower than symmetric
    80. 80. Asymmetric Encryption - Overview Image credit: http://i.msdn.microsoft.com/dynimg/IC21919.gif
    81. 81. Asymmetric Encryption - RSA • First usable algorithm, and the most popular • Uses product of two large prime numbers as one way function
    82. 82. What questions do you have?
    83. 83. CRYPTOGRAPHY IN THE FUTURE
    84. 84. Quantum Cryptography • Quantum cracking – Calculate all states at once with quantum bits – Schrodinger’s Cat Hypothesis • Quantum encryption – Transmit particles that cannot be measured with affecting the value – Heisenberg Uncertainty Principle
    85. 85. RESOURCES
    86. 86. Recommended Books - Heavy • Bruce Schneier – “Cryptography Engineering” • A great critique of some perceived shortcomings is at http://sockpuppet.org/blog/2013/07/22/applied- practical-cryptography/ – “Applied Cryptography” • dated but very comprehensive and interesting
    87. 87. Recommended Books - Light • Simon Singh - “The Code Book” – Covers history of cryptography – Very accessible, even to nontechnical readers • David Kahn – Several historical books about cryptography • Steven Levy – “Crypto” – Covers discovery of public key cryptography
    88. 88. Online Courses • (I haven’t taken any of these myself) • Coursera – https://www.coursera.org/course/crypto • Udacity – https://www.udacity.com/course/cs387
    89. 89. Community • Schneir on Security – http://www.schneier.com • Stack Exchange – http://crypto.stackexchange.com
    90. 90. Thanks for coming! • Email: nolan@nolanegly.com • Twitter: @nolanegly

    ×